Patents by Inventor Dajiang Zhang
Dajiang Zhang has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10785740Abstract: There is provided a device comprising a key request module and a key receive module. The key request module is configured to transmit a key request to a provisioning server, and the key receive module is configured to receive a device root key associated with the device from the provisioning server. The device also comprises an authentication request transmit module configured to transmit an authentication request comprising an international mobile subscriber identity (IMSI) and a device identifier identifying the device to a first home subscriber server (HSS). The device also comprises an authentication under key agreement (AKA) module configured to perform an AKA procedure using the device root key. The key request module, the key receive module, the authentication request transmit module and the AKA module thereby authenticate the device for subscriber identity module (SIM) provisioning of the device.Type: GrantFiled: August 7, 2019Date of Patent: September 22, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Dajiang Zhang, Jussi Tapani Lokasaari, Antti Jouko Iisakki Järvinen, Sami Johannes Kekki
-
Patent number: 10624005Abstract: A method for proxy algorithm identity selection may comprise: selecting, at a first network node, a security algorithm identity for a user equipment which is determined to handover to a second network node, based at least in part on security information of the user equipment and a list of security algorithm identities for the second network node; generating security keys for a communication between the user equipment and the second network node, based at least in part on the selected security algorithm identity; providing the security keys and the selected security algorithm identity to the second network node from the first network node; and sending the selected security algorithm identity to the user equipment from the first network node, in response to a handover acknowledgement from the second network node.Type: GrantFiled: August 8, 2013Date of Patent: April 14, 2020Assignee: Nokia Technologies OyInventors: Yang Liu, Dajiang Zhang
-
Patent number: 10536583Abstract: A method of secure charging for a device-to-device service may comprise: recording charging information of a device-to-device service between a first user equipment and a second user equipment, wherein the charging information is associated at least with the first user equipment; generating a first report comprising the charging information, wherein the first report is protected by a security key of the first user equipment; and sending the first report to a network node by the first user equipment, wherein the first report is used for charging for the device-to-device service together with a second report generated at the second user equipment, and wherein the second report comprises charging information associated at least with the device-to-device service of the second user equipment and is protected by a security key of the second user equipment.Type: GrantFiled: July 23, 2013Date of Patent: January 14, 2020Assignee: Nokia Technologies OyInventors: Yang Liu, Dajiang Zhang
-
Publication number: 20190364531Abstract: There is provided a device comprising a key request module and a key receive module. The key request module is configured to transmit a key request to a provisioning server, and the key receive module is configured to receive a device root key associated with the device from the provisioning server. The device also comprises an authentication request transmit module configured to transmit an authentication request comprising an international mobile subscriber identity (IMSI) and a device identifier identifying the device to a first home subscriber server (HSS). The device also comprises an authentication under key agreement (AKA) module configured to perform an AKA procedure using the device root key. The key request module, the key receive module, the authentication request transmit module and the AKA module thereby authenticate the device for subscriber identity module (SIM) provisioning of the device.Type: ApplicationFiled: August 7, 2019Publication date: November 28, 2019Inventors: Dajiang ZHANG, Jussi Tapani LOKASAARI, Antti Jouko Iisakki JÄRVINEN, Sami Johannes KEKKI
-
Patent number: 10462660Abstract: Method, network element, user equipment (UE) and system are disclosed for securing device-to-device (D2D) communication in a wireless network. The wireless network has a first UE in an idle mode, a second UE in a connected mode, and a network element. The method comprises: encrypting the second UE's identification (ID) by using a first key which is known to the network element and the first UE and which is unknown to the second UE; sending the encrypted second UE's ID from the network element to the first UE via the second UE; and verifying the second UE's ID by using the encrypted second UE's ID.Type: GrantFiled: May 12, 2014Date of Patent: October 29, 2019Assignee: Nokia Technologies OyInventor: Dajiang Zhang
-
Patent number: 10440692Abstract: In accordance with an example embodiment of the present invention, there is provided an apparatus such as for example a mobile or a base station, comprising at least one processing core configured to compile a message comprising information concerning resources used in a communication network, the at least one processing core being configured to perform a first determination, that a second user equipment is engaged in a device-to-device session with a first user equipment, the at least one processing core being configured to, responsive to the first determination, include in the message information concerning the second user equipment, and a transmitter configured to cause the message to be transmitted toward a network node. The message may comprise a resource usage report and/or charging report, for example.Type: GrantFiled: June 13, 2013Date of Patent: October 8, 2019Assignee: Nokia Technologies OyInventors: Yang Liu, Dajiang Zhang
-
Patent number: 10420055Abstract: There is provided a device comprising a key request module and a key receive module. The key request module is configured to transmit a key request to a provisioning server, and the key receive module is configured to receive a device root key associated with the device from the provisioning server. The device also comprises an authentication request transmit module configured to transmit an authentication request comprising an international mobile subscriber identity (IMSI) and a device identifier identifying the device to a first home subscriber server (HSS). The device also comprises an authentication under key agreement (AKA) module configured to perform an AKA procedure using the device root key. The key request module, the key receive module, the authentication request transmit module and the AKA module thereby authenticate the device for subscriber identity module (SIM) provisioning of the device.Type: GrantFiled: October 9, 2015Date of Patent: September 17, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Dajiang Zhang, Jussi Tapani Lokasaari, Antti Jouko Iisakki Jarvinen, Sami Johannes Kekki
-
Patent number: 10187370Abstract: A fast-accessing method may comprise: establishing a first security connection between a first network node and a user equipment; obtaining first information from a second network node, wherein the first information comprises at least one of system information of the second network node and an identifier of a security algorithm selected by the second network node for the user equipment; providing second information to the second network node, in response to an indication of the second network node from the user equipment, wherein the second information comprises security information related to the user equipment; and sending the first information to the user equipment for establishing a second security connection between the user equipment and the second network node.Type: GrantFiled: September 21, 2017Date of Patent: January 22, 2019Assignee: Nokia Technologies OyInventors: Yang Liu, Haitao Li, Yixue Lei, Dajiang Zhang
-
Patent number: 10158625Abstract: Methods and apparatus are provided for key pairing between peer D2D UEs in different eNBs or D2D areas. A method may comprise: receiving at a first access network node serving a first D2D area from a first user equipment in the first D2D area, a request for keys for a D2D communication between the first user equipment and a second user equipment, wherein the request comprises an identification of a second D2D area where the second user equipment is located and being different from the first D2D area; identifying a second access network node serving the second D2D area based on the identification; sending to the second access network node, a request for a security context of the second user equipment; and receiving from the second access network node the security context for obtaining the keys for the D2D communication.Type: GrantFiled: September 27, 2013Date of Patent: December 18, 2018Assignee: Nokia Technologies OyInventors: Yang Liu, Dajiang Zhang
-
Publication number: 20180270777Abstract: There is provided a device comprising a key request module and a key receive module. The key request module is configured to transmit a key request to a provisioning server, and the key receive module is configured to receive a device root key associated with the device from the provisioning server. The device also comprises an authentication request transmit module configured to transmit an authentication request comprising an international mobile subscriber identity (IMSI) and a device identifier identifying the device to a first home subscriber server (HSS). The device also comprises an authentication under key agreement (AKA) module configured to perform an AKA procedure using the device root key. The key request module, the key receive module, the authentication request transmit module and the AKA module thereby authenticate the device for subscriber identity module (SIM) provisioning of the device.Type: ApplicationFiled: October 9, 2015Publication date: September 20, 2018Inventors: Dajiang ZHANG, Jussi Tapani LOKASAARI, Antti Jouko Iisakki JARVINEN, Sami Johannes KEKKI
-
Patent number: 9942210Abstract: A method for key derivation may comprise: generating a second key based at least in part on a first key for a first connection between a user equipment and a first network node, in response to a decision to enter an idle mode; releasing the first connection to enter the idle mode; providing an identity of the user equipment to the first network node via a second network node, in response to initiating a setup procedure for a second connection between the user equipment and a second network node; and using the second key for the second connection, in response to receiving from the second network node an indication that the identity of the user equipment is successfully verified at the first network node.Type: GrantFiled: May 23, 2012Date of Patent: April 10, 2018Assignee: Nokia Technologies OyInventors: Yang Liu, Dajiang Zhang
-
Patent number: 9924416Abstract: Provided are methods, corresponding apparatuses, and computer program products for a fast handover. A method comprises generating, at a source base station serving a user equipment, a first message and a second message including security information for security communication between a target base station and the user equipment after a fast handover. The method also comprises transmitting simultaneously, from the source base station, the first and second messages respectively to the target base station and the user equipment. With the claimed inventions, a fast X2 handover procedure is complemented and becomes more feasible with proposed security handlings, making it possible to decrease the service interruption during X2 handover for users and hence improve the user experiences.Type: GrantFiled: August 1, 2013Date of Patent: March 20, 2018Assignee: NOKIA TECHNOLOGIES OYInventors: Yang Liu, Dajiang Zhang, Haitao Li, Claudio Rosa
-
Patent number: 9883422Abstract: An enhanced connection control including maintaining a first connection between a first network node and a user equipment which has a second connection with a second network node, determining a third network node for re-establishing a third connection between the third network node and the user equipment, in response to a link failure of the second connection, and transferring context information of the user equipment from the first network node to the third network node.Type: GrantFiled: February 10, 2012Date of Patent: January 30, 2018Assignee: Nokia Technologies OyInventors: Yang Liu, Haitao Li, Dajiang Zhang
-
Publication number: 20180026958Abstract: A fast-accessing method may comprise: establishing a first security connection between a first network node and a user equipment; obtaining first information from a second network node, wherein the first information comprises at least one of system information of the second network node and an identifier of a security algorithm selected by the second network node for the user equipment; providing second information to the second network node, in response to an indication of the second network node from the user equipment, wherein the second information comprises security information related to the user equipment; and sending the first information to the user equipment for establishing a second security connection between the user equipment and the second network node.Type: ApplicationFiled: September 21, 2017Publication date: January 25, 2018Inventors: Yang Liu, Haitao Li, Yixue Lei, Dajiang Zhang
-
Publication number: 20170142162Abstract: Method, network element, mobile terminal, system and computer program product are disclosed for negotiating cryptographic algorithm. The method comprises: receiving a first candidate list from the mobile terminal by the network element, wherein the first candidate list includes at least one candidate cryptographic algorithm supported by the mobile terminal and excludes at least one undesirable cryptographic algorithm even though it is supported by the mobile terminal; and selecting, from the first candidate list, a cryptographic algorithm supported by both the network element and the mobile terminal. As the undesirable cryptographic algorithm(s) is excluded from the first candidate list, the network element will be forced to choose more secure algorithms for communications with the mobile terminal.Type: ApplicationFiled: May 20, 2014Publication date: May 18, 2017Inventors: Dajiang Zhang, Silke Holtmanns
-
Publication number: 20170055152Abstract: Method, network element, user equipment (UE) and system are disclosed for securing device-to-device (D2D) communication in a wireless network. The wireless network has a first UE in an idle mode, a second UE in a connected mode, and a network element. The method comprises: encrypting the second UE's identification (ID) by using a first key which is known to the network element and the first UE and which is unknown to the second UE; sending the encrypted second UE's ID from the network element to the first UE via the second UE; and verifying the second UE's ID by using the encrypted second UE's ID.Type: ApplicationFiled: May 12, 2014Publication date: February 23, 2017Inventor: Dajiang ZHANG
-
Patent number: 9554271Abstract: A set of associated keys for an authentication process to be performed in a second network is calculated based on a random value used in an authentication process of a first network.Type: GrantFiled: October 19, 2007Date of Patent: January 24, 2017Assignee: Nokia Technologies OyInventors: Changhong Li, Dajiang Zhang, Mika P. Hietala, Valtteri Niemi
-
Publication number: 20160226857Abstract: Methods and apparatus are provided for key pairing between peer D2D UEs in different eNBs or D2D areas. A method may comprise: receiving at a first access network node serving a first D2D area from a first user equipment in the first D2D area, a request for keys for a D2D communication between the first user equipment and a second user equipment, wherein the request comprises an identification of a second D2D area where the second user equipment is located and being different from the first D2D area; identifying a second access network node serving the second D2D area based on the identification; sending to the second access network node, a request for a security context of the second user equipment; and receiving from the second access network node the security context for obtaining the keys for the D2D communication.Type: ApplicationFiled: September 27, 2013Publication date: August 4, 2016Applicant: NOKIA TECHNOLOGIES OYInventors: Yang Liu, Dajiang Zhang
-
Publication number: 20160174112Abstract: Provided are methods, corresponding apparatuses, and computer program products for a fast handover. A method comprises generating, at a source base station serving a user equipment, a first message and a second message including security information for security communication between a target base station and the user equipment after a fast handover. The method also comprises transmitting simultaneously, from the source base station, the first and second messages respectively to the target base station and the user equipment. With the claimed inventions, a fast X2 handover procedure is complemented and becomes more feasible with proposed security handlings, making it possible to decrease the service interruption during X2 handover for users and hence improve the user experiences.Type: ApplicationFiled: August 1, 2013Publication date: June 16, 2016Applicant: Nokia Technologies OyInventors: Yang Liu, Dajiang Zhang, Haitao Li, Claudio Rosa
-
Publication number: 20160165491Abstract: A method for proxy algorithm identity selection may comprise: selecting, at a first network node, a security algorithm identity for a user equipment which is determined to handover to a second network node, based at least in part on security information of the user equipment and a list of security algorithm identities for the second network node; generating security keys for a communication between the user equipment and the second network node, based at least in part on the selected security algorithm identity; providing the security keys and the selected security algorithm identity to the second network node from the first network node; and sending the selected security algorithm identity to the user equipment from the first network node, in response to a handover acknowledgement from the second network node.Type: ApplicationFiled: August 8, 2013Publication date: June 9, 2016Inventors: Yang Liu, Dajiang Zhang