Abstract: A method and a system for generating a key in a handover process, wherein the method comprises the following steps of: according to an evolved Node-B (eNB) (102) of a User Equipment (UE) (101), i.e. a source eNB, a mobility management entity (MME) (103) learning all adjacent eNBs of the source eNB (S130), and generating keys for the source eNB and each of the adjacent eNBs respectively (S140), encrypting the keys with a corresponding eNB public key respectively to obtain cipher texts (S150), and sending all cipher texts, keys and eNB identifiers to the UE (S160); in a handover process of the UE, a target eNB obtaining a cipher text corresponding to the target eNB from the UE and decrypting the cipher text with its own private key to obtain the key (S260).

Abstract: The present invention relates to a subscriber station security-related parameter negotiation method in a wireless portable Internet system. The subscriber station security-related parameter negotiation method includes security-related parameters in transmitting/receiving basic capability negotiation request messages and basic capability negotiation response messages such that the subscriber station and the base station negotiate the subscriber station security-related parameters. The security-related parameters include an authorization policy support subfield used to negotiate an authorization policy between the subscriber station and the base station, and message authentication code mode subfields used to negotiate a message authentication code mode.

Abstract: A number of encryption system types utilized by subscriber terminal devices currently requesting tuning to a particular switched digital video (SDV) content selection is determined in response to each change in a number of the subscriber terminals requesting tuning to the particular SDV content selection. SDV content associated with the particular SDV content selection is encrypted as either encrypted SDV content or multiply partially encrypted SDV content based upon the determined number of encryption system types beginning from a current play location indicated for the SDV content selection within an electronic program guide (EPG). Either the encrypted SDV content or the multiply partially encrypted SDV content is distributed as part of an outgoing SDV content stream to the subscriber terminals currently requesting tuning to the particular SDV content selection.

Abstract: Methods and apparatus to secure communications in a mobile network are disclosed. An example method disclosed herein comprises randomizing a first set of bits associated with information to be communicated over a slow associated control channel by applying a scrambling factor to generate a set of scrambled bits equal in length to the first set of bits. Another example method disclosed herein comprises concatenating a set of error detection bits with a set of information bits associated with information to be transmitted over a slow associated control channel to generate a set of coded bits, and shuffling the set of coded bits to generate a set of shuffled bits.

Abstract: A mobile communications system is proposed in which a two stage procedure is used for setting up Radio Bearers within a mobile communications device and UTRAN. In the first stage, both the mobile device and UTRAN perform ciphering based on an old Start value. In the second stage, the mobile device and UTRAN perform ciphering based on a new Start value. In this way, data communication using the Radio Bearers can start without waiting for the mobile device to confirm completion of the setup procedure.

Abstract: The present invention relates to methods for sending and receiving security related information during handover on a wireless access system and methods for managing a traffic encoding key (TEK). In one example of the present invention, a security performance negotiation method for supporting the hand-over of mobile handsets comprises the steps of: carrying out, in advance, a security performance negotiation procedure with a first base station (T-ABS), prior to registration on the first base station; generating a traffic encoding key (TEK) by using security related information acquired by means of the security performance negotiation procedure; and carrying out a general performance exchange procedure encoded by means of the TEK and a zone switch with the first base station.

Abstract: Methods and systems are provided for trusted key distribution. A key distribution or an identity service acts as an intermediary between participants to a secure network. The service provisions and manages the distribution of keys. The keys are used for encrypting communications occurring within the secure network.

Abstract: A method and apparatus for re-synchronizing a stream cipher during soft handoff. Transmitted quasi-secret keying information is used with a secret key to reinitialize a stream cipher generator located in a base station and a stream cipher generator located in a travelling mobile station. Since the quasi-secret keying information is uniquely determined according to each base station in the wireless telephone system, a base station's quasi-secret keying information and a shared secret key can also be used to create a new key. Thus, as the mobile station travels from one base station to another base station, a unique new key is generated for each base station.

Abstract: A method for pre-authenticating a wireless local area network terminal and a wireless local area network system. The pre-authentication method includes after a current access point (AP) which has set up security association with a station (STA) receiving a pre-authentication start packet sent by the STA, the current AP interacting with a destination AP to verify certificates of the current AP and the destination AP for each other. If a certificate of the destination AP is verified to be valid, the current AP sending key information of the security association set up with the STA by the current AP to the destination AP, and the destination AP saving the key information, the key information including a basic key generated by negotiation between the STA and the current AP.

Abstract: The present intention permits a user to conduct remote transactions without a network while using an untrusted computing device, such as a hand held personal digital assistant or a laptop computer. The computing device is augmented with a smartcard reader, and the user obtains a smartcard and connects it to the device. This design can be used by an untrusted user to perform financial transactions, such as placing bets on the outcome of a probabilistic computation. Protocols are presented for adding (purchasing) or removing (selling) value on the smartcard, again without requiring a network connection. Using the instant protocols, neither the user nor the entity issuing the smartcards can benefit from cheating.

Abstract: A method and apparatus that enables secure communications from a wireless communication device is disclosed. The method may include receiving a signal to transmit data, wherein the data is at least one of voice, text, image, and video, applying a first layer of encryption to the data, applying a second layer of encryption to the data, applying a third layer of encryption to the data, and sending the encrypted data over a communications network.

Abstract: A method of handling security key change for a user equipment in a wireless communication system includes applying a radio resource control procedure to activate key change, where the radio resource control procedure covers two conditions where the key change is accompanied with an authentication and key agreement run and without an authentication and key agreement run.

Abstract: The invention discloses a method for authenticating in end-to-end communications based on a mobile network, applied to a system including a first service entity requesting a service, a second service entity providing the service and an entity authentication center, EAC; respectively performing a mutual authentication between the first service entity and the EAC and that between the second service entity and the EAC according to the negotiated authentication mode; if the first service entity requests the second service entity to provide the service, the EAC providing authentication inquiring for the first service entity and the second service entity according to the negotiated authentication mode, and generating a shared derived key according to the negotiated authentication mode; and the first service entity and the second service entity authenticating each other according to the shared derived key and the negotiated authentication mode, and generating a session key for protecting the service.

Abstract: The present invention relates to a solution for handling encryption of control messages in a wireless telecommunications network. Key generation is based on sequence numbers and the present invention reduces access to core network devices for updating sequence numbers relating to network events by separating sequence number generation to different parts of the network and different types of network events. This is done by providing a solution where sequence number rollover events and handover events are separated from each other in providing input to radio resource control message encryption. Three different counters may be used for different types of events and all three may be used as input to an encryption algorithm.

Abstract: A method is provided for Authenticator Relocation in a communication system applying an Extensible Authentication Protocol, or the like, which provides replay protection and mitigates the rogue ASN-GW problem during relocation of the Anchor Authentication, and without conducting re-authentication of the MS. The method of the invention optionally allows secure refresh of the MSK.

Abstract: Pre-registration security support in a multiple access technology environment is disclosed. For example, a method is disclosed for use in a computing device of a communication system. The communication system supports two or more access technologies for permitting a communication device to access the communication system, and at least part of a first security context is generated at the computing device for a given communication device permitting the given communication device to access the communication system via a first access technology.

Abstract: A method is provided for use in a Mobile IP network in which it is determined whether a Mobile Node (10) in a visited network is reachable on a new claimed Care-of Address for the Mobile Node (10) using information relating to a pre-established cryptographic relationship between the Mobile Node (10) and an Access Router (20) of the visited network. It may be determined, through communication between a Home Agent (30) for the Mobile Node (10) in the Mobile Node 10's home network and the Access Router (20), whether such a pre-established cryptographic relationship exists. The existence of such a pre-established relationship would indicate that the Mobile Node (10) is reachable on the claimed Care-of Address.

Abstract: A communication system, a network handover processing method and a network handover processing apparatus are disclosed. The method includes the following steps: receiving, by a target evolution NodeB (T-eNB), identity information sent from a user equipment (UE), the identity information being allocated to the UE by a source evolution NodeB (S-eNB); and sending, by the T-eNB, parameters to the UE if identity information, matching the received identity information sent from the UE, is available in the T-eNB, wherein the parameters are allocated to the UE. The apparatus includes a receiving module and a sending module. The communication system, network handover processing method and network handover processing apparatus can reduce the state change times of the UE in the network handover process and save the system resources.

Abstract: A mail system having high security is realized by mounting TCP2 for mail communication between client apparatuses. The present invention relates to a mail communication system which is connected to a network and exchanges mails between client apparatuses provided with the existing mailers, and each client apparatus is mounted with a TCP2 driver. A TCP2 driver 34 includes a TCP2 core 36 and a mail system core 37 and an e-mail received via the network is processed in this TCP2 driver 34 and thereafter, is supplied to an existing mailer 31 of the client apparatus. In the mail system core 37 of the TCP2 driver 34, control of mail encryption and decryption, deletion of an unnecessary mail and the like is carried out.

Abstract: In a procedure for a mobile station (UE) to perform handover from a cell under the control of a radio base station (NB) of an UTRAN scheme to a cell under the control of a radio base station (eNB) of an E-UTRA scheme, a switching center (MME) of the E-UTRA scheme receives, from and the radio base station (eNB) of the E-UTRA scheme, a handover request acknowledge message including a transparent container including a security algorithm of an AS used in a communication between the mobile station (UE) and the radio base station (eNB) of the E-UTRA scheme; and the switching center (MME) of the E-UTRA scheme transmits, to a switching center (SGSN) of the UTRA scheme, a NAS PDU including the transparent container, a security algorithm of a NAS and a security processing parameter of the NAS.

Abstract: It is disclosed a method comprising receiving, prior to a handover operation, first key indication information, creating, prior to the handover operation, key information based on the received first key indication information, retaining the created key information, sending, after the handover operation, the received first key indication information associated with the key information created prior to the handover operation, and retrieving, after the handover operation, the retained key information based on the first key indication information; and a method comprising generating, prior to the handover operation, the first key indication information associated with key information intended to be created, sending, prior to the handover operation, the generated first key indication information, and receiving, after the handover operation, second key indication information corresponding to the generated first key indication information.

Abstract: In one embodiment, a method for processing encrypted wireless station data at a network device includes receiving from an access point, one or more frames comprising wireless station data fragmented into a plurality of encrypted protocol data units. The frames are configured to identify the encrypted protocol units associated with the wireless station data. The method further includes decrypting the encrypted protocol data units and forwarding the wireless station data. An apparatus for processing encrypted wireless station data, a method for transmitting encrypted multicast data for a wireless client, and a method for processing encrypted wireless station data at an access point are also disclosed.

Abstract: A method, an apparatus and a system for key derivation are disclosed. The method includes the following steps: a target base station) receives multiple keys derived by a source base station, where the keys correspond to cells under control of the target base station; the target base station selects a key corresponding to the target cell after knowing a target cell that a user equipment (UE) wants to access. An apparatus for key derivation and a communications system are also provided.

Abstract: A method is provided for providing secured mobile IP services to a mobile terminal which is currently associated with an access network different from its own home access network. The method is characterized by creating a virtual mobile node at an access network server of the current access network, which communicates with a Home Agent associated with the terminal's home mobile network and with one or more access points associated with the current access network, at which the mobile terminal is currently located.

Abstract: An approach is provided that allows an administrator to set a new password at a wireless access point, such as a traditional WAP or a wireless router. The wireless access point creates a message that includes the new password. The message is encrypted using the old password that was previously set for the wireless network. The encrypted message is wirelessly transmitted from the wireless access point to the active client devices (those clients currently accessing the wireless network). The clients decrypt the message using the old password that was previously provided to the clients. The clients retrieve the new password from the message. The clients construct a new message that is encrypted using the new password. The new message is wirelessly transmitted from the clients to the wireless access device and serves as an acknowledgement.

Abstract: The invention allows changing a Radio Access Network security algorithm during handover in a manner that is efficient and secure. A security message is received at a mobile station previously using a first security algorithm in communication with a first access point, which message instructs to use a second security algorithm required by a second access point. In response, the mobile station is changed to use the second security algorithm.

Abstract: A method for secure and reliable authentication in a communication system. In an embodiment, the authentication method includes performing authentication of a user utilizing Extensible Authentication Protocol (EAP), and transmitting a result indication message to the user. The result indication message can include additional information for security and reliability. The method also includes receiving an acknowledgement message from the user. The acknowledgement message is sent by the user for confirming the reception of the result indication. In an embodiment, the method also includes retransmitting the result indication message if the acknowledgement message is not received within a predetermined time. The additional information for security and reliability can include Message Authentication Code (MAC) and time interval information. The additional information for security and reliability can also include a security/reliability flag.

Abstract: When a network pages the temporary user mobile identifier of a mobile station, the mobile station sends a response to the network. Next, the network checks the authenticity of the user using a ciphering key, corresponding to the temporary user mobile identifier and a random number. If the temporary user mobile identifier is authenticated, a normal incoming call acceptance procedure is executed. If the mobile station is authenticated although the temporary user mobile identifier is wrong, the network reassigns a new temporary user mobile identifier to the mobile station and stops the current communication. In communication, the network and the mobile station mutually notify encipherment-onset time and negotiate about encipherment manner with each other. In addition, diversity handover is commenced upon a call attempt. Furthermore, if a branch replacement is necessary, the current branch is replaced by new branches capable of executing the diversity handover.

Abstract: Disclosed is a method for providing fast secure handoff in a wireless mesh network. The method comprises configuring multiple first level key holders (R0KHs) within a radio access network to which supplicants within the multi-hop wireless mesh network are capable of establishing a security association, configuring a common mobility domain identifier within the first level key holders of a mobility domain, and propagating identity of a first level key holder and the mobility domain identifier through the wireless mesh network to enable the supplicants within the mobility domain to perform fast secure handoff.

Abstract: The present invention relates to a method and system for providing access from a first network (30) to a service of a second network, wherein an authentication signaling is used to transfer a service selection information to the second network (70). Based on the service selection information, a connection can be established to access the desired service. Thereby, cellular packet-switched services can be accessed over networks which do not provide a context activation procedure or corresponding control plane signaling function.

Abstract: A mobile communication method according to the present invention comprising the relay node RN configured to the method comprising a step in which the relay node RN transmits the “X2-AP (UE): Handover Request” to the radio base station DeNB #2, a step in which the radio base station DeNB #2 acquires the K_eNB* and the MAC from the radio base station DeNB #1, a step in which the radio base station DeNB #2 generates the KeNB based on the acquired K_eNB* and the MAC, and a step in which the radio base station DeNB #2 generates the K_RRCint, the K_RRCenc, and the K_UPenc based on the generated KeNB.

Abstract: An encrypted communication system is provided, in which an encryption key for use in encrypted communication and settings information for the encrypted communication are distributed to each of a plurality of communication devices performing encrypted communication within a group, and in which traffic generated by distributing the encryption key and the like can be reduced. In the encrypted communication system according to the present invention, information including a key for use in the intra-group encrypted communication or a seed which generates the key is distributed to the communication devices belonging to the group that are participating (e.g., logged in) in the intra-group encrypted communication.

Abstract: A method is performed by one or more network elements for voice-over-IP (VoIP) communications. The method includes receiving a request from a first mobile device to invite a second mobile device to participate in a VoIP session. The second device may be identified in the request by a network identifier. The network identifier is related to a mobile IP (MIP) address of the second device and a second IP address. An invitation is sent to the MIP address of the second device which may include a MIP address of the first device and a first IP address. A response to the invitation may be received from the second device. The response may be modified to include a first IP header that includes the MIP address of the second device and a second IP header to include the second IP address. The modified response is forwarded to the first device. After receipt of the modified response, the first device is configured to establish an IP connection for VoIP communication with the second device.

Abstract: A handover control method and apparatus are provided to efficiently buffer packets in a Mobile Worldwide Interoperability for Microwave Access (WIMAX) network. A serving radio access station (S-RAS) and an access control router (ACR) divide and buffer packets to be sent to a mobile station before and after a predetermined message exchange process. The Access control router (ACR) sequentially tunnels a packet buffered in the serving radio access station (S-RAS) and a packet buffered in the Access control router (ACR) into a target radio access station (T-RAS) when a handover for the mobile station is completed. Since an unnecessary buffering operation is not performed in the Access control router (ACR) and the radio access station (RAS), a resource waste may be avoided.

Abstract: A method and a system for generating a key in a handover process, wherein the method comprises the following steps of: according to an evolved Node-B (eNB) (102) of a User Equipment (UE) (101), i.e. a source eNB, a mobility management entity (MME) (103) learning all adjacent eNBs of the source eNB (S130), and generating keys for the source eNB and each of the adjacent eNBs respectively (S140), encrypting the keys with a corresponding eNB public key respectively to obtain cipher texts (S150), and sending all cipher texts, keys and eNB identifiers to the UE (S160); in a handover process of the UE, a target eNB obtaining a cipher text corresponding to the target eNB from the UE and decrypting the cipher text with its own private key to obtain the key (S260).

Abstract: A method and system for establishing security association mechanism between a Mobile Node (MN) and a plurality of Point of Services (PoS) are provided. The method includes sending a first request from primary PoS to secondary PoS. The primary PoS then receives a first response along with a derived first key. The first key is derived at the secondary PoS. The method further includes receiving a second request from the MN at the primary PoS. The method then derives a second key based on a MN identity and the derived first key. Thereafter, the method sends a second response along with a second key from the primary PoS to the MN. Further, the method establishes communication between the MN and secondary PoS based on the second key received by the MN and the second key generated at the secondary PoS.

Abstract: During connection setup with a first radio access network, a multimode mobile station sends an unprotected initial signaling message that includes information about those encryption algorithms that the multimode mobile station supports when it communications in a second radio access network. The first radio access network saves some or all the information. Then it composes and sends an integrity-protected message that includes information about the encryption algorithms supported by the multimode mobile station in the second radio access network.

Abstract: The present invention performs a Binding Update or a Location Update message authentication independently and terminal-specifically in a home SAE gateway. A key, which is derived in a home AAA server from an initially set long term key, is given to a visited network for encrypting the update messages in Proxy Mobile IP. In Client Mobile IP, the key is transmitted to a mobile node for update message encryption. When the update message is received in the home SAE gateway, the key can be derived independently in the home SAE gateway without any key requests between the gateway and the home AAA server. Thus, it is possible to authenticate the binding or location update messages by verifying the two signatures. The present invention can also be implemented on a lower hierarchy of the system. The invention can be implemented in 3GPP standard releases enhanced with LTE technology, for instance.

Abstract: A method of handling security key change for a user equipment in a wireless communication system includes applying a radio resource control procedure to activate key change, where the radio resource control procedure covers two conditions where the key change is accompanied with an authentication and key agreement run and without an authentication and key agreement run.

Abstract: A method of providing security of a relay station is disclosed, by which the security can he provided for the relay station in a broadband wireless access system having the relay station. In a mobile communication system to relay a signal transfer between a base station and a mobile station, the present invention includes the steps of performing a relay station authentication from an authentication server using an authentication protocol, receiving a master key from the authentication server, deriving an authentication key from the received master key, deriving a message authentication code (MAC) key using the derived authentication key, and relaying a signal exchanged between the mobile station and the base station using the derived message authentication code key.

Abstract: Cryptographic provider failover is performed. Upon receipt of a first security request, an integrated cryptographic provider constructs a table including a list of underlying cryptographic providers for service type algorithm pairs. The integrated cryptographic provider is one of the underlying cryptographic providers in the list. The underlying cryptographic providers are registered as hardware and software cryptographic providers in the list. The integrated cryptographic provider is registered as a routing cryptographic provider in the list. The list is arranged so that the integrated cryptographic provider has the highest priority. The integrated cryptographic provider specifies fai lover support for all registered service type algorithm pairs using one or more of the underlying cryptogaphic providers.

Abstract: A method of performing a swap operation. Communication is established between a first UE and a server. Communication is established between the first UE and a second UE. Permission is received at the first UE from the server to perform the swap operation. A swap application is executed to facilitate transfer of an archive file from the first UE to the second UE.

Abstract: Disclosed is a method for transitioning an enhanced security context from a UTRAN/GERAN-based serving network to an E-UTRAN-based serving network. In the method, the remote station the remote station generates first and second session keys, in accordance with the enhanced security context, using a first enhanced security context root key associated with a UTRAN/GERAN-based serving network and a first information element. The remote station receives a first message from the E-UTRAN-based serving network. The first message signals to the remote station to generate a second enhanced security context root key for use with the E-UTRAN-based serving network. The remote station generates, in response to the first message, the second enhanced security context root key from the first enhanced security context root key using the s first and second session keys as inputs. The remote station protects wireless communications, on the E-UTRAN-based serving network, based on the second enhanced security context root key.

Abstract: The present invention relates to methods for sending and receiving security related information during handover on a wireless access system and methods for managing a traffic encoding key (TEK). In one example of the present invention, a security performance negotiation method for supporting the hand-over of mobile handsets comprises the steps of: carrying out, in advance, a security performance negotiation procedure with a first base station (T-ABS), prior to registration on the first base station; generating a traffic encoding key (TEK) by using security related information acquired by means of the security performance negotiation procedure; and carrying out a general performance exchange procedure encoded by means of the TEK and a zone switch with the first base station.

Abstract: The present invention relates to a wireless communication technology field. A method for determining a mobile IP key of a mobile terminal is provided, which includes: receiving a mobile IP registration request message of a mobile terminal, in which the mobile IP registration request message includes a key material field; and reporting material information for determining a key according to the key material field. A method for determining a mobile IP key of a mobile terminal, a mobile IP agent device, a system for obtaining a mobile IP type, and a mobile terminal are also provided. With the technical solutions provided in the present invention, the mobile IP keys and/or the mobile IP type of the mobile terminal can be correctly determined, thus achieving a fast and correct access of the mobile terminal.

Abstract: A method for obtaining a secure key is provided. The method includes sending an Access Safety Management Entity Key (KASME) to a gateway after finishing authentication and security process by a Mobility Management Entity (MME) in a core network; and computing, by the gateway, a Next Hop (NH) according to the KASME. The method provides a method for ensuring a working of a secure key chain when a handover process is terminated at a Hybrid Evolved NodeB Gateway (HeNB GW). Thus, key information cannot be lost when the handover process is terminated at the HeNB GW, and an impact of the handover process on a core network is reduced, and the efficiency of a User Equipment (UE) handover is improved.

Abstract: Apparatus and a method for ciphering messages in mobile telecommunications system user equipment and network are disclosed. The apparatus is arranged to store a plurality of current ciphering configurations and/or a plurality of old (previously applied) ciphering configurations and/or a plurality of new (future) ciphering configurations. Thus different ciphering configuration may be applied at different times and for different radio bearers.

Abstract: Handoffs must be fast for wireless mobile nodes without sacrificing the security between a mobile node and wireless access points in an access network. A secure session keys context approach is shown having all the good features, like mobility and security optimization, of the currently existing proposals of key-request, pre-authentication, and pre-distribution but also providing improved scalability for the access network and for the mobile node. The new approach is compared to the existing proposals including memory requirements and especially how to reduce memory usage using a “just-in-time” transfer of security information between access points and a mobile node during a handover.

Abstract: A method for deriving keys is disclosed. When Handover or Routing Area Update of User Equipment (UE) from an Evolved Universal Terrestrial Radio Access Network (E-UTRAN) to a Universal Terrestrial Radio Access Network (UTRAN) or Global System for Mobile Communication/Enhanced Data Rate for GSM Evolution Radio Access Network (GERAN) occurs, the keys for the UTRAN or the GERAN are derived by a Mobility Management Entity (MME) and/or the UE by using predefined parameters. The predefined parameters include a root key of the E-UTEAN and a value of a Non Access Stratum (NAS) Count. A keys derivation system for deriving the keys is also disclosed.

Abstract: A method, an apparatus and a system for key derivation are disclosed. The method includes the following steps: a target base station) receives multiple keys derived by a source base station, where the keys correspond to cells under control of the target base station; the target base station selects a key corresponding to the target cell after knowing a target cell that a user equipment (UE) wants to access. An apparatus for key derivation and a communications system are also provided.