Abstract: The present invention relates to a method and an apparatus for single sign-on in a mobile communication system. A method in which a browsing agent performs single sign-on in a mobile communication system according to the present invention comprises: a step of transmitting user-supplied identifier to a relay party (RP); a step of receiving, from said RP, a message indicating that a browser should be re-directed to said RP; a step of transmitting an identifier of an authentication agent to an open ID provider (OP)/network application function (NAF); and a step of transmitting, to the authentication agent, the identifier of the authentication agent or a message that triggers to make an inquiry into the identifier of the authentication agent. According to the present invention, a single sign-on procedure may be performed in a safer manner.

Abstract: Provided is a method for managing a group key in a key distribution center. The method includes: receiving a key request from a mobile device; generating a private key for the mobile device using information about a withdrawal time included in the key request; generating a public key and a verification key for the mobile device; and transmitting at least one key including the generated key to the mobile device.

Abstract: The present invention pertains to a method and apparatus for setting a mobile communication terminal. A method for setting a mobile communication terminal according to one embodiment of the present invention may comprise the steps of: transmitting, by the mobile communication terminal, an information provision request message to an information provision entity; and receiving, by the mobile communication terminal, information for access to the mobile communication terminal, which is generated by the information provision entity, from the information provision entity. According to one embodiment of the present invention, a user can directly set a service provider during initial use of a terminal or efficiently change the service provider.

Abstract: The present invention relates to a method and apparatus for updating a key for encrypting multicast data in a wireless communication system. The method of the present invention is characterized by comprising: an information receiving step of receiving information on a group entry time and a group exit time from users who have newly entered an arbitrary group including at least one subgroup; a grouping step of grouping the users using the information on the group entry time and the group exit time; and a key transmission step of either transmitting, to the newly-entered users, keys related to the group and the subgroups, or updating, for the remaining users of the subgroups, both the key related to the subgroup to which the user exiting the group belongs and the key of the group and then transmitting the updated keys to the users of the subgroups.

Abstract: A method for managing mobility of an Access Terminal (AT) using a Proxy Mobile Internet Protocol in a mobile communication system. Access authentication is performed between the AT and an Authentication, Authorization and Accounting server. The AT sends a Dynamic Host Configuration Protocol (DHCP) Server Discover message including information for authentication check to an Access Gateway (AG) while performing the access authentication. The AG sends a Proxy Registration Request message including information for mobility management for the AT to a Home Agent (HA). The AG receives from the HA a Proxy Registration Response message indicating a successful reception of the Proxy Registration Request message. The AG sends a DHCP Offer message including a Home Address (HoA) of a corresponding AT and sends a DHCP Acknowledgement message for accepting use of the HoA, to the AT, when the AT notifies the AG of its intention to use the HoA.

Abstract: The present invention relates to a method and system for the management of the mobility, the management of an idle mode, the registration management (management of attachment and detachment), and the location management (management of tracking area) of a terminal by using a non-access stratum (i.e., network stratum, hereinafter referred to as “NAS”) in a mobile telecommunication network. To this end, the method for the management of mobility, the management of an idle mode, the registration management, and the location management of a terminal by using a NAS protocol, i.e., messages, according to an embodiment of the present invention, includes a terminal (hereinafter, referred to as “UE”) and a mobility management entity (hereinafter, referred to as “MME”), and addresses to a method for efficiently processing security protected NAS messages if received messages are security protected NAS messages, in a case of sending or receiving messages serving as EMM (EPS Mobility Management) messages, i.e.

Abstract: The present invention relates to a method and an apparatus for transmitting contents in a mobile communication network. According to one embodiment of the present invention, the method for receiving the contents of user equipment (UE) in a mobile communication system equipped with a local server which is connected to a base station (eNB) and copies partial contents of an external content server and maintains the copied contents, can include: a content determination step of determining whether the selected contents are the contents provided from the local server when a content selection input is received; a request transmission step of transmitting a content transmission request message to the base station (eNB) when the contents are the contents provided from the local server; and a content reception step of receiving the contents from the base station.

Abstract: Disclosed is an apparatus and method for generating a security key in a mobile communication system that performs security key generation. An Authentication, Authorization and Accounting (AAA) server generates a Master Session Key (MSK) and an Enhanced MSK (EMSK) from a Long Term Credential key, and a Device-MSK (D-MSK), a User-MSK (U-MSK) and a Device and User-MSK (DU-MSK) from the MSK and the EMSK. An Access Gateway (AG) generates a Root-MSK (R-MSK) from the MSK and EMSK received from the AAA server. A Signaling Radio Network Controller (SRNC) generates a Pairwise Master Key (PMK) from the R-MSK received from the AG, and a Traffic Session Key (TSK) from the PMK. A Base Station (BS) sets up a radio connection to a Mobile Station (MS) using the TSK received from the SRNC, and performs radio communication using the set radio connection. The MS generates an MSK and an EMSK, and generates there from a D-MSK, a U-MSK, a DU-MSK, an R-MSK, a PMK, an SRK and a TSK, to perform radio communication with the BS.

Abstract: A security system processing method of a User Equipment (UE) and a security system for a wireless communication system are provided. The security processing method of the UE includes transmitting a Layer 3 message including a UE security capability to a Mobility Management Entity (MME) and the eNB, receiving a Access Stratum Security Mode Command (AS SMC) including a AS security algorithm selected by the eNB, as a result of verification of the UE security capability and information received from the MME, and a AS Message Authentication Code (MAC), transmitting a AS security mode complete message including the AS SMC to the eNB after verification of integrity of the AS SMC using the AS MAC, and transmitting, when receiving a Non Access Stratum (NAS) SMC including the UE security capability, a NAS security mode complete message to the MME after verification of integrity of the NAS SMC.

Abstract: A network system using Mobile Internet Protocol (IP). The network system includes a correspondent node for transmitting a packet in which information passing a packet filter rule is included, and a packet filtering apparatus for determining whether an address included in information of the packet received from the correspondent node is identical to a destination address stored in the packet filter rule, and determining whether to pass the packet according to the determination result.

Abstract: A method and apparatus for performing device authentication and user authentication in a mobile communication network are provided. A connection is established between an MS and an SRNC that controls communications of the MS through a BS. The SRNC receives a D-MSK for device authentication of the MS from an AAA server that has completed an EAP negotiation with the MS and stores the D-MSK by the SRNC, when the BS triggers an EAP authentication after the connection establishment. The SRNC receives an R-MSK from an AG and stores the R-MSK after the connection establishment. The R-MSK is generated using a U-MSK for user authentication of the MS received from the AAA server by the AG. The SRNC generates a PMK for use during a session using at least one of the D-MSK and the R-MSK, and one of the BS and the SRNC generate a key set using the PMK, for use in at least one of data encryption, data integrity check, and session management during the session.

Abstract: The present invention relates to a security control method and device for emergency calls in a mobile communication system, and the security control method in a mobile communication system supporting emergency calls according to an embodiment of the present invention comprises: a step in which a terminal transmits a message containing terminal security capabilities to a source network during handover in an emergency call; a step in which a mobility manager of the source network transmits, to a mobility manager of a target network, the message containing terminal security capabilities; a step in which the mobility manager of the target network transmits, to a base station of the target network, a hand-over request message containing the terminal security capabilities; and a step in which, after the hand-over preparation procedure has been completed, a base station of the source network transmits, to the terminal, a hand-over command message containing the terminal security capabilities.

Abstract: A method and an apparatus for effective data sharing between users in a cloud computing system are provided. The cloud computing system includes a first cloud hub and a User Equipment (UE). The first cloud hub provides a cloud service to a UE connected by a public cloud access and provides a cloud service to a UE connected to a public personal cloud system installed by a service provider, and is installed by a user. The UE subscribes to the first cloud hub as a main cloud and inquires as to data stored in the first cloud hub.

Abstract: The present invention provides a method and system for secured remote provisioning of a universal integrated circuit card of a user equipment. A system includes a user equipment for initiating a request for remote provisioning of an universal integrated circuit card (UICC) in the user equipment, where the request for remote provisioning includes a machine identifier (MID) associated with the user equipment and a public land mobile network (PLMN) identifier (ID) associated with an network operator. The system also includes at least one shared key management server for dynamically generating security keys and an operator shared key using the security keys, the MID. Moreover, the system includes an operator network for generating a subscription key using the operator shared key and an international mobile subscriber identity (IMSI), and provisioning the IMSI in a secured manner to the UICC of the user equipment using the security keys.

Abstract: A method is provided for managing mobility of an Access Terminal (AT) in a mobile communication system using a Mobile Internet Protocol (MIP). The method includes generating, by an AT that has entered a new network, a Security Parameter Index (SPI) and a security key for mutual authentication with a Home Agent (HA) of the new network, sending, by the AT, a registration request message including authentication information including the SPI, the authentication information being generated using the security key, upon receipt of the registration request message, searching, by the HA, a database for the SPI included in the authentication information, verifying the authentication information according to the search result, upon successful verification of the authentication information, generating, by the HA, mobility binding information of the AT, and sending, by the HA, a registration response message including the HA's IP address.

Abstract: The present invention relates to a mobile communication system, and more particularly, to a method and system for efficiently supporting security in a mobile communication system. The method for supporting the security of a terminal in a mobile communication system according to the present invention comprises: a process of transmitting an information provision request message to a network; a process of performing a verification for the network and security; a process of receiving an information provision response message, comprising an index of an encrypted security key, an International Mobile Subscriber Identity (IMSI), and a security-related profile from the network when the verification is completed; and a process of selecting a security key on the basis of the index of an encrypted security key, and then storing the selected security key, the IMSI, and the profile.

Abstract: The present disclosure relates to a communication method between a terminal and a network during an inter PLMN (public land mobile network) handover in a mobile communication network that shares an E-UTRAN (evolved universal terrestrial radio access network), and a mobile communication system thereof According to the present invention, the terminal performs E-UTRAN registration through a base station (eNB) and an MME (MME), updates a routing area, activates ISR (idle state signaling reduction), receives a handover command to the previous PLMN or another PLMN and transmits a location update request message to the MME while the handover is being executed. As such, a communication disconnect or any authentication or security failure during the inter PLMN handover of the terminal can be avoided.

Abstract: A method, an apparatus, and a system for solving and managing security problems, which may occur during a handover of a User Equipment (UE) between PLMNs in a mobile communication network, by using a Non-Access Stratum (NAS) protocol are provided. By the method, a UE can perform a security mode command and an authentication with a network. Further, the method can prevent interruption of communication due to authentication or security during a handover of a UE between Public Land Mobile Networks (PLMNs).

Abstract: Disclosed is a way to solve a problem of an operation error, which may occur in transmitting a Binding Update (BU) or Registration ReQuest (RRQ) message for a mobile node to a home agent due to the fact that a PDSN supports a Proxy Mobile Internet Protocol (PMIP) for the mobile terminal and the corresponding mobile node supports a client mobile IP when there is the mobile node using the client mobile IP in a 3GPP2 mobile communication system supporting the PMIP, thereby enabling efficient communication.

Abstract: A system is provided for managing mobility of an Access Terminal (AT) in a Proxy Mobile Internet Protocol (PMIP) communication system. As the AT performs a handoff, a target Signaling Radio Network Controller (SRNC) delivers session information of the AT, acquired from a source SRNC of a source network, to a target Access Network (AN). An Authentication, Authorization and Accounting server (AAA) performs an AT access authentication process. Then, a target Access Gateway (AGW) performs a proxy registration procedure, with the target AN, and receives, from the AT, a message indicating a need to establish an interface with the HA. A Home Agent (HA) performs mobility management for the AT, receives a message for requesting proxy registration for mobility management for the AT, sends an access request message to the AAA, receives an access accept message, and sends a response message for proxy registration to the target AGW.