Abstract: We disclose various embodiments that enable a mobile terminal to confirm authenticity of a base station before the mobile terminal proceeds to camp on the corresponding cell. In an example embodiment, the authentication processing includes the mobile terminal tuning to a selected control channel of the base station to monitor RF signals transmitted thereon. The base station is deemed to be authentic if the monitored RF signals indicate the presence of live traffic between the base station and one or more other mobile terminals. The control channel can be selected from a fixed set of uplink and/or downlink control channels that are typically used by a legitimate base station. The presence of live traffic on the selected control channel can be detected by detecting certain control messages that are typically transmitted on that control channel between the base station and one or more mobile terminals served by that base station.

Abstract: We disclose various embodiments that enable a mobile terminal to authenticate a base station before the mobile terminal proceeds to attach to the corresponding network and/or camp on the corresponding cell, e.g., during the initial network selection and attachment or during an idle mode. In an example embodiment, the authentication processing includes the mobile terminal generating and sending to a candidate base station a system query with a nonce. The candidate base station is deemed to be authentic only if the acknowledgement generated and transmitted in response to the system query includes a copy of the nonce properly signed by a digital signature generated using one or more security keys. In some embodiments, the system query may also include a request for GPS coordinates and/or selected system information signed using a digital signature, which the mobile terminal may beneficially use to further strengthen the protection against a spoofing attack.

Abstract: An identifier of a mobile session is generated for a mobile device accessing a network operating in an unlicensed radio band (e.g., Neutral Host Network). Generation of at least one part of the identifier comprises generating a random binary value, converting the random binary value into a decimal value, and truncating the decimal value to a number of decimal digits consistent with an identifier recognizable by a network operating in a licensed radio band (e.g., 3GPP Evolved Packet Core).

Abstract: A first identifier of a mobile session is generated for a mobile device accessing a network operating in an unlicensed radio band, wherein at least one part of the first mobile session identifier comprises a decimal format consistent with an identifier recognizable by a network operating in a licensed radio band. The first mobile session identifier is compared to one or more previously generated mobile session identifiers currently allocated in the unlicensed radio band network to prevent collision there between.

Abstract: A neutral host network is configured to provide services supported by any one or more of multiple Participating Service Providers (PSPs) to user equipment in an unlicensed frequency band. The neutral host network includes a neutral host gateway configured for communication with at least one external network, a mobility management entity (MME), and a local authentication, authorization, and accounting (AAA) server configured to determine that a session involving the user equipment is to be detached from the neutral host network. The local AAA server is also configured to transmit, to the neutral host gateway, a first message to initiate session detach of the session involving the user equipment. The neutral host gateway can be configured to transmit a second message to the MME in response to receiving the first message. The MME is configured to perform session detach for the session in response to receiving the second message.

Abstract: An example method includes receiving at a User Equipment (UE) a value for an Access Mode identifier and a value for a Closed Subscriber Group (CSG) identifier in one or more cell advertisements, selecting a cell based on the or more cell advertisements, and reporting in a message the value of the Access Mode identifier and the value CSG identifier for the cell advertisement of the cell selected. A core network element receives a first Access Mode identifier value and a first CSG identifier value, these first values associated with a cell advertisement of a cell selected by a UE; receives a second Access Mode identifier value and a second CSG identifier value, these second values reported by the cell selected by the UE; performs a comparison of first and second Access Mode identifier value and/or first and second CSG identifier values; and takes action based on the comparison.

Abstract: We disclose various embodiments that enable a mobile terminal to authenticate a base station before the mobile terminal proceeds to attach to the corresponding network and/or camp on the corresponding cell, e.g., during the initial network selection and attachment or during an idle mode. In an example embodiment, the authentication processing includes the mobile terminal generating and sending to a candidate base station a system query with a nonce. The candidate base station is deemed to be authentic only if the acknowledgement generated and transmitted in response to the system query includes a copy of the nonce properly signed by a digital signature generated using one or more security keys. In some embodiments, the system query may also include a request for GPS coordinates and/or selected system information signed using a digital signature, which the mobile terminal may beneficially use to further strengthen the protection against a spoofing attack.

Abstract: We disclose various embodiments that enable a mobile terminal to confirm authenticity of a base station before the mobile terminal proceeds to camp on the corresponding cell. In an example embodiment, the authentication processing includes the mobile terminal tuning to a selected control channel of the base station to monitor RF signals transmitted thereon. The base station is deemed to be authentic if the monitored RF signals indicate the presence of live traffic between the base station and one or more other mobile terminals. The control channel can be selected from a fixed set of uplink and/or downlink control channels that are typically used by a legitimate base station. The presence of live traffic on the selected control channel can be detected by detecting certain control messages that are typically transmitted on that control channel between the base station and one or more mobile terminals served by that base station.

Abstract: We disclose various embodiments that enable a mobile terminal to confirm authenticity of a base station before the mobile terminal proceeds to camp on the corresponding cell, e.g., during an idle mode. In an example embodiment, the authentication processing includes the mobile terminal validating a digital signature included in an information block received from a candidate base station, the digital signature having been generated by the base station using an extended time stamp that indicates the calendar year, month, and/or day in addition to the UTC time-counter value. The information block typically includes a truncated time stamp, which the mobile terminal uses to reconstruct the extended time stamp, the reconstruction being performed using a system time stamp that was previously broadcast by the base station. The reconstructed time stamp is then fed, together with other relevant data, into a security algorithm that can confirm the validity of the digital signature.

Abstract: A first identifier of a mobile session is generated for a mobile device accessing a network operating in an unlicensed radio band, wherein at least one part of the first mobile session identifier comprises a decimal format consistent with an identifier recognizable by a network operating in a licensed radio band. The first mobile session identifier is compared to one or more previously generated mobile session identifiers currently allocated in the unlicensed radio band network to prevent collision there between.

Abstract: An identifier of a mobile session is generated for a mobile device accessing a network operating in an unlicensed radio band (e.g., Neutral Host Network). Generation of at least one part of the identifier comprises generating a random binary value, converting the random binary value into a decimal value, and truncating the decimal value to a number of decimal digits consistent with an identifier recognizable by a network operating in a licensed radio band (e.g., 3GPP Evolved Packet Core).

Abstract: A challenge manipulation and restoration capability is provided for use during network authentication. A mobile device (MD) and a subscriber server (SS) each have provisioned therein a binding key (B-KEY) that is associated with a subscriber identity of a network authentication module (NAM) of the MD. The SS obtains an authentication vector (AV) in response to a request from a Radio Access Network (RAN) when the MD attempts to attach to the RAN. The AV includes an original authentication challenge parameter (ACP). The SS encrypts the original ACP based on its B-KEY, and updates the AV by replacing the original ACP with the encrypted ACP. The MD receives the encrypted ACP, and decrypts the encrypted ACP based on its B-KEY to recover the original ACP. The MD provides the original ACP to the NAM for use in computing an authentication response for validation by the RAN.

Abstract: In one embodiment, multiple keys are generated in user equipment of a communication system based at least in part on a designated key expansion multiplier. A key identifier is received in the user equipment from a base station of the communication system. The user equipment selects a particular one of the keys as a function of the received key identifier, and utilizes the selected one of the keys to secure data sent from the user equipment to the base station. For example, the keys may comprise respective portions of a key stream generated by the user equipment responsive to a message received from the base station, with the keys being shared by the user equipment and the base station through independent generation of the key stream in the base station. The base station may illustratively comprise an evolved Node B (eNB) of an Evolved Universal Terrestrial Radio Access Network (E-UTRAN).

Abstract: A challenge manipulation and restoration capability is provided for use during network authentication. A mobile device (MD) and a subscriber server (SS) each have provisioned therein a binding key (B-KEY) that is associated with a subscriber identity of a network authentication module (NAM) of the MD. The SS obtains an authentication vector (AV) in response to a request from a Radio Access Network (RAN) when the MD attempts to attach to the RAN. The AV includes an original authentication challenge parameter (ACP). The SS encrypts the original ACP based on its B-KEY, and updates the AV by replacing the original ACP with the encrypted ACP. The MD receives the encrypted ACP, and decrypts the encrypted ACP based on its B-KEY to recover the original ACP. The MD provides the original ACP to the NAM for use in computing an authentication response for validation by the RAN.

Abstract: In one embodiment, multiple keys are generated in user equipment of a communication system based at least in part on a designated key expansion multiplier. A key identifier is received in the user equipment from a base station of the communication system. The user equipment selects a particular one of the keys as a function of the received key identifier, and utilizes the selected one of the keys to secure data sent from the user equipment to the base station. For example, the keys may comprise respective portions of a key stream generated by the user equipment responsive to a message received from the base station, with the keys being shared by the user equipment and the base station through independent generation of the key stream in the base station. The base station may illustratively comprise an evolved Node B (eNB) of an Evolved Universal Terrestrial Radio Access Network (E-UTRAN).

Abstract: An example method includes receiving at a User Equipment (UE) a value for an Access Mode identifier and a value for a Closed Subscriber Group (CSG) identifier in one or more cell advertisements, selecting a cell based on the or more cell advertisements, and reporting in a message the value of the Access Mode identifier and the value CSG identifier for the cell advertisement of the cell selected. A core network element receives a first Access Mode identifier value and a first CSG identifier value, these first values associated with a cell advertisement of a cell selected by a UE; receives a second Access Mode identifier value and a second CSG identifier value, these second values reported by the cell selected by the UE; performs a comparison of first and second Access Mode identifier value and/or first and second CSG identifier values; and takes action based on the comparison.

Abstract: An authentication capability is depicted and described. A user device (UD) attempts to attach to a network. The UD includes a mobile equipment (ME) portion and a network authentication module (NAM) having a mobile subscription associated therewith. The network has a network device associated therewith. Cryptographic processing of an authentication challenge parameter is performed on both the network device and the ME of the UD in order to generate a modified authentication challenge parameter. The network device uses the modified authentication challenge parameter to compute one or more parameters related to authentication. The ME of the UD provides the modified authentication challenge parameter to the NAM of the UD, which uses the modified authentication challenge parameter to compute one or more parameters related to authentication. The authentication capability supports authentication of the mobile subscription of the NAM of the UD when the UD attempts to attach to the network.

Abstract: In one embodiment, a traffic encryption key is generated based on a count value associated with a mobile. The count value is indicative of network accesses by a mobile, and the traffic encryption key is for encrypting communication traffic between the mobile and a base station. Generation of the traffic encryption key at a base station may be triggered by receipt of a message indicating that the mobile may handoff to the base station. In this embodiment, the message includes the count value. In another embodiment, the traffic encryption key is generated based on the count value and a key count. The mobile may trigger updating the traffic encryption key by changing the key count, and sending the new key count to the base station in a traffic encryption key update request message.

Abstract: A challenge manipulation and restoration capability is provided for use during network authentication. A mobile device (MD) and a subscriber server (SS) each have provisioned therein a binding key (B-KEY) that is associated with a subscriber identity of a network authentication module (NAM) of the MD. The SS obtains an authentication vector (AV) in response to a request from a Radio Access Network (RAN) when the MD attempts to attach to the RAN. The AV includes an original authentication challenge parameter (ACP). The SS encrypts the original ACP based on its B-KEY, and updates the AV by replacing the original ACP with the encrypted ACP. The MD receives the encrypted ACP, and decrypts the encrypted ACP based on its B-KEY to recover the original ACP. The MD provides the original ACP to the NAM for use in computing an authentication response for validation by the RAN.

Abstract: At least one example embodiment discloses a method of controlling communications between first and second user equipments (UEs) by a base station in a network. The method includes obtaining an indication, the indication indicating if the first and second UEs are within a communication range of each other and controlling a direct communication link between the first and second UEs if the first and second UEs are within a communication range of each other. The controlling includes allocating at least a first portion of an uplink channel of the network to the direct communication link.