Abstract: Embodiments provide a user equipment (UE) device that includes a memory and a processor configured to execute instructions stored in said memory. The processor is configured by the instructions to receive a first evolved packet system (EPS) mobility management (EMM) attach reject message in response to an attempt to attach to a first eNode B (eNB) of a radio access network (RAN). If the attach reject message includes an Evolved Packet System mobility management (EMM) error code, the processor directs an attach request to a second, confirming eNB. The processor may be further configured by the instructions to receive a second attach reject message from the second eNB and enter a lock state only the condition that the second attach reject message also includes an EMM error code, optionally the same EMM error code received in the first attach reject message.

Abstract: A method is provided for interworking of mobility key management among access networks operating under different access technologies. The method is carried out by performing mobility key management by a core-network authentication server based on the access technology that a mobile terminal accessing a wireless network has selected for operation. The method of the invention defines authentication server behavior based on different access technologies and therefore solves the technology interworking issue seamlessly. The method of the invention also facilitates coexistence of more than two different access technologies without any need for each access technology to be modified in order to interwork with core network that is specified by another technology.

Abstract: Embodiments provide a user equipment (UE) device that includes a memory and a processor configured to execute instructions stored in said memory. The processor is configured by the instructions to receive a first evolved packet system (EPS) mobility management (EMM) attach reject message in response to an attempt to attach to a first eNode B (eNB) of a radio access network (RAN). If the attach reject message includes an Evolved Packet System mobility management (EMM) error code, the processor directs an attach request to a second, confirming eNB. The processor may be further configured by the instructions to receive a second attach reject message from the second eNB and enter a lock state only the condition that the second attach reject message also includes an EMM error code, optionally the same EMM error code received in the first attach reject message.

Abstract: The present invention provides a method of operating a mobile unit in a wireless communication system. Embodiments of the method may include providing access request message(s) including information indicative of a first counter and a message authentication code formed using a first key. The first key is derived from a second key and the first counter. The second key is derived from a third key established for a security session between the mobile unit and an authenticator. The first counter is incremented in response to each access request provided by the mobile unit.

Abstract: A mobility management entity (MME) receives a request for a key to establish a security context for communication between a base station and a user equipment in response to the user equipment requesting connectionless service with the base station. In response to receiving the request, the MME transmits a cookie to identify the security context stored by the base station.

Abstract: A first security context is established between a given user computing device and a first network computing device to enable a secure data connection between the given user computing device and the first network computing device. A second security context is established between the given user computing device and a second network computing device to enable a secure data connection between the given user computing device and the second network computing device simultaneous with the secure data connection between the given user computing device and the first network computing device. Establishment of the second security context includes the first network computing device sending the given user computing device a simultaneous secure data connection parameter useable by the given user computing device to establish the second security context with the second network computing device.

Abstract: A first security context is established between a given user computing device and a first network computing device to enable a secure data connection between the given user computing device and the first network computing device. A second security context is established between the given user computing device and a second network computing device to enable a secure data connection between the given user computing device and the second network computing device simultaneous with the secure data connection between the given user computing device and the first network computing device. Establishment of the second security context includes the first network computing device sending the given user computing device a simultaneous secure data connection parameter useable by the given user computing device to establish the second security context with the second network computing device.

Abstract: The present invention provides a method of operating a mobile unit in a wireless communication system. Embodiments of the method may include providing access request message(s) including information indicative of a first counter and a message authentication code formed using a first key. The first key is derived from a second key and the first counter. The second key is derived from a third key established for a security session between the mobile unit and an authenticator. The first counter is incremented in response to each access request provided by the mobile unit.

Abstract: A first security context is established between a given user computing device and a first network computing device associated with a first network cell of a communications network to enable a secure data connection between the given user computing device and the first network computing device. A second security context is established between the given user computing device and a second network computing device associated with a second network cell of the communications network to enable a secure data connection between the given user computing device and the second network computing device simultaneous with the secure data connection between the given user computing device and the first network computing device. Establishment of the second security context includes the first network computing device sending the given user computing device a simultaneous secure data connection parameter useable by the given user computing device to establish the second security context with the second network computing device.

Abstract: A mobility management entity (MME) receives a request for a key to establish a security context for communication between a base station and a user equipment in response to the user equipment requesting connectionless service with the base station. In response to receiving the request, the MME transmits a cookie to identify the security context stored by the base station.

Abstract: The present invention provides a method of operating a mobile unit in a wireless communication system. Embodiments of the method may include providing access request message(s) including information indicative of a first counter and a message authentication code formed using a first key. The first key is derived from a second key and the first counter. The second key is derived from a third key established for a security session between the mobile unit and an authenticator. The first counter is incremented in response to each access request provided by the mobile unit.

Abstract: Structures and methods are disclosed for verifying integrity of peer-supplied content in a peer-to-peer content distribution system, for example, to verify that content supplied from a sending peer node to a receiving peer node corresponds to the content that was requested by the receiving node.

Abstract: A technique to extend location-based (e.g. GPS) mobile device battery lifetime by reducing the location-based (e.g. GPS) circuitry power consumption is provided. The technique defines and controls when to start power and when to stop power to the device in the context of a mobile terminating (MT) location request and/or a mobile originated (MO) location request that is either on-demand or periodic.

Abstract: A first security context is established between a given user computing device and a first network computing device associated with a first network cell of a communications network to enable a secure data connection between the given user computing device and the first network computing device. A second security context is established between the given user computing device and a second network computing device associated with a second network cell of the communications network to enable a secure data connection between the given user computing device and the second network computing device simultaneous with the secure data connection between the given user computing device and the first network computing device. Establishment of the second security context includes the first network computing device sending the given user computing device a simultaneous secure data connection parameter useable by the given user computing device to establish the second security context with the second network computing device.

Abstract: Techniques include, in response to a first communication network of a hybrid communication system being aware of a potential for a mismatch of reported authentication parameters associated with a second communication network of the hybrid communication system, wherein the first communication network is used to transport the reported authentication parameters to the second communication network, the first communication network preventing the mismatch of the reported authentication parameters. In one example, the first communication network is an LTE network and the second communication network is a CDMA2000 network.

Abstract: A binding verification scheme based on a proof of possession of the device-specific secret key associated with the reported IMEI is provided. The IMEI reported by user equipment (UE) is checked to make sure that it matches the IMEI configured into the UE by the manufacturer and has therefore not been modified by an attacker.

Abstract: Methods for dynamic management of security associations in a network are provided. According to one method, a security key management entity determines whether to apply a new security key as an active security key based on an existing active security key. Each of the new security key and the existing active security key are associated with a same home agent, and the existing active security key serves as a basis for an existing security association between the home agent and at least one other network element.

Abstract: A single instance of a session key generation protocol is executed in a manner that generates a plurality of security associations between user equipment and a first network element of a communication system. In one aspect, a first one of the security associations is utilized to secure data sent between the user equipment and the first network element in an ongoing communication. In conjunction with a handoff of the ongoing communication from the first network element to a second network element of the communication system, another one of the security associations is selected, and the other selected security association is utilized to secure data sent between the user equipment and the second network element in the ongoing communication. The security associations may comprise respective sets of session keys derived from a single pairwise master key.

Abstract: A method of providing peer to peer discovery for a plurality of mobiles on a communications network, the plurality of mobiles including at least a first mobile and a second mobile, includes detecting, at a network element, that the first and second mobiles are in proximity with respect to one another; generating a determination result at the network element after the detecting, the determination result indicating whether the first and second mobiles are capable of establishing a direct device to device (D2D) link with one another based on signal reception qualities of the first and second mobiles; and generating a D2D capability message at the network element based on the determination result, the D2D capability message indicating that the first and second mobiles are capable of establishing a D2D link with one another.

Abstract: A first security context is established between a given user computing device and a first network computing device to enable a secure data connection between the given user computing device and the first network computing device. A second security context is established between the given user computing device and a second network computing device to enable a secure data connection between the given user computing device and the second network computing device simultaneous with the secure data connection between the given user computing device and the first network computing device. Establishment of the second security context includes the first network computing device sending the given user computing device a simultaneous secure data connection parameter useable by the given user computing device to establish the second security context with the second network computing device.