US9271200B2ActiveUtilityA1

Method and system for managing security in mobile communication system

61
Assignee: SAMSUNG ELECTRONICS CO LTDPriority: Oct 27, 2009Filed: Sep 3, 2015Granted: Feb 23, 2016
Est. expiryOct 27, 2029(~3.3 yrs left)· nominal 20-yr term from priority
H04W 60/00H04W 36/0038H04W 36/0016H04W 84/042H04W 76/11H04W 36/0005H04W 12/06H04W 12/062H04W 12/04H04W 36/12
61
PatentIndex Score
0
Cited by
12
References
31
Claims

Abstract

A method, an apparatus, and a system for solving and managing security problems, which may occur during a handover of a User Equipment (UE) between PLMNs in a mobile communication network, by using a Non-Access Stratum (NAS) protocol are provided. By the method, a UE can perform a security mode command and an authentication with a network. Further, the method can prevent interruption of communication due to authentication or security during a handover of a UE between Public Land Mobile Networks (PLMNs).

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method for performing a security procedure by a mobility management entity (MME) in a mobile communication system, the method comprising:
 receiving, from a terminal, a tracking area update (TAU) request message including a public land mobile network identity (PLMN ID) after a handover of the terminal; 
 comparing the PLMN ID included in the TAU request message with a PLMN ID of a cell; and 
 transmitting, to the terminal, an authentication request message if the PLMN ID included in the TAU request message is different from the PLMN ID of the cell and a TAU procedure is complete, 
 wherein the PLMN ID is included in a globally unique temporary identifier (GUTI) included in the TAU request message. 
 
     
     
       2. The method of  claim 1 , wherein the cell is the terminal is camped on. 
     
     
       3. The method of  claim 1 , further comprising:
 transmitting a TAU response message in response to the TAU request message to the terminal. 
 
     
     
       4. The method of  claim 1 , further comprising:
 receiving an authentication response message from the terminal if an authentication vector is verified. 
 
     
     
       5. The method of  claim 1 , further comprising:
 transmitting a security mode command (SMC) message to the terminal if the PLMN ID included in the TAU request message is different from the PLMN ID of the cell and the TAU procedure is complete. 
 
     
     
       6. The method of  claim 1 , wherein the PLMN ID of the cell is one of a plurality of PLMN IDs managed by the MME. 
     
     
       7. The method of  claim 1 , further comprising:
 transmitting, by a source MME/SGSN, a relocation command message to a source evolved Node B/radio network controller (eNB/RNC); 
 transmitting, by the source eNB/RNC, a handover command message to the terminal; and 
 transmitting, by a target eNB, to a target serving GPRS support node (SGSN) a handover notification message if the terminal completes the handover to the target eNB. 
 
     
     
       8. The method of  claim 1 , if the PLMN ID included in the TAU request message is different from the PLMN ID of the cell, further comprising:
 generating a request for an identity of the terminal to the terminal; 
 receiving the identity of the terminal from the terminal; 
 transmitting the received identity of the terminal and the PLMN ID of the cell to a home subscriber server (HSS); 
 receiving an authentication key (K ASME ) and an authentication vector from the HSS; 
 transmitting an authentication request message including the authentication key, the authentication vector, and the PLMN ID of the cell to the terminal; and 
 receiving a response message to the authentication request message from the terminal. 
 
     
     
       9. The method of  claim 8 , further comprising:
 verifying if the response message is an authentication response message received from the terminal, to which the MME has sent the authentication request message, by comparing an authentication key included in the response message with an expected authentication key. 
 
     
     
       10. A mobility management entity (MME) apparatus for performing a security procedure in a mobile communication system, the apparatus comprising:
 a transceiver configured to transmit and receive messages; and 
 a controller configured to:
 receive, from a terminal, a tracking area update (TAU) request message including a public land mobile network identity (PLMN ID), 
 after a handover of the terminal, compare the PLMN ID included in the TAU request message with a PLMN ID of a cell, and 
 transmit, to the terminal, an authentication request message if the PLMN ID included in the TAU request message is different from the PLMN ID of the cell and a TAU procedure is complete, 
 
 wherein the PLMN ID is included in a globally unique temporary identifier (GUTI) included in the TAU request message. 
 
     
     
       11. The apparatus of  claim 10 , wherein the cell is the terminal is camped on. 
     
     
       12. The apparatus of  claim 10 , further comprising:
 a transmitter configured to transmit a TAU response message in response to the TAU request message to the terminal. 
 
     
     
       13. The apparatus of  claim 10 , further comprising:
 a receiver configured to receive an authentication response message from the terminal if an authentication vector is verified. 
 
     
     
       14. The apparatus of  claim 10 , wherein the controller is further configured to transmit a security mode command (SMC) message to the terminal if the PLMN ID included in the TAU request message is different from the PLMN ID of the cell and the TAU procedure is complete. 
     
     
       15. The apparatus of  claim 10 , wherein the PLMN ID of the cell is one of a plurality of PLMN IDs managed by the MME. 
     
     
       16. The apparatus of  claim 10 , wherein, if the PLMN ID included in the TAU request message is different from the PLMN ID of the cell, the controller is further configured to:
 generate a request for an identity of the terminal to the terminal, to receive the identity of the terminal from the terminal, 
 transmit the received identity of the terminal and the PLMN ID of the cell to a home subscriber server (HSS), 
 receive an authentication key (K ASME ) and an authentication vector from the HSS, 
 transmit an authentication request message including the authentication key, the authentication vector, and the PLMN ID of the cell to the terminal, and 
 receive a response message to the authentication request message from the terminal. 
 
     
     
       17. The apparatus of  claim 16 , wherein the controller is further configured to verify if the response message is an authentication response message received from the terminal, to which the MME has sent the authentication request message, by comparing an authentication key included in the response message with an expected authentication key. 
     
     
       18. A method for performing a security procedure by a terminal in a mobile communication system, the method comprising:
 transmitting, to a mobility management entity (MME), a tracking area update (TAU) request message including a public land mobile network identity (PLMN ID) after a handover of the terminal; and 
 receiving, from the MME, an authentication request message if the PLMN ID included in the TAU request message is different from a PLMN ID of a cell and a TAU procedure is complete, 
 wherein the PLMN ID is included in a globally unique temporary identifier (GUTI) included in the TAU request message. 
 
     
     
       19. The method of  claim 18 , wherein the cell is the terminal is camped on. 
     
     
       20. The method of  claim 18 , further comprising:
 receiving, by the terminal, a TAU response message in response to the TAU request message from the MME. 
 
     
     
       21. The method of  claim 18 , further comprising:
 transmitting an authentication response message to the MME if an authentication vector is verified. 
 
     
     
       22. The method of  claim 18 , further comprising:
 receiving a security mode command (SMC) message from the MME if the PLMN ID included in the TAU request message is different from the PLMN ID of the cell and the TAU procedure is complete. 
 
     
     
       23. The method of  claim 18 , wherein the PLMN ID of the cell is one of a plurality of PLMN IDs managed by the MME. 
     
     
       24. The method of  claim 18 , if the PLMN ID included in the TAU request message is different from the PLMN ID of the cell, further comprising:
 transmitting an identity response message including an identity of the terminal to the MME as a response to a request for the identity of the terminal from the terminal; 
 receiving an authentication request message including an authentication key, an authentication vector, and the PLMN ID of the cell from the MME; 
 verifying the authentication vector and calculating the authentication key by using a new PLMN ID; and 
 transmitting an authentication response message including the calculated authentication key to the MME as a response to the authentication request message. 
 
     
     
       25. A terminal apparatus for performing a security procedure by a terminal in a mobile communication system, the apparatus comprising:
 a transceiver configured to transmit and receive messages; and 
 a controller configured to:
 transmit, to a mobility management entity (MME), a tracking area update (TAU) request message including a public land mobile network identity (PLMN ID) after a handover of the terminal, and 
 receive, from the MME, an authentication request message if the PLMN ID included in the TAU request message is different from a PLMN ID of a cell and a TAU procedure is complete, 
 
 wherein the PLMN ID is included in a globally unique temporary identifier (GUTI) included in the TAU request message. 
 
     
     
       26. The apparatus of  claim 25 , wherein the cell is the terminal is camped on. 
     
     
       27. The apparatus of  claim 25 , further comprising:
 a receiver configured to receive a TAU response message in response to the TAU request message from the MME. 
 
     
     
       28. The apparatus of  claim 25 , further comprising:
 a transmitter configured to transmit an authentication response message to the MME if an authentication vector is verified. 
 
     
     
       29. The apparatus of  claim 25 , wherein the controller is further configured to receive a security mode command (SMC) message from the MME if the PLMN ID included in the TAU request message is different from the PLMN ID of the cell and the TAU procedure is complete. 
     
     
       30. The apparatus of  claim 25 , wherein the PLMN ID of the cell is one of a plurality of PLMN IDs managed by the MME. 
     
     
       31. The apparatus of  claim 25 , wherein, if the PLMN ID included in the TAU request message is different from the PLMN ID of the cell, the controller is further configured to:
 transmit an identity response message including an identity of the terminal to the MME as a response to a request for the identity of the terminal from the terminal, 
 receive an authentication request message including an authentication key, an authentication vector, and the PLMN ID of the cell from the MME, 
 verify the authentication vector and to calculate the authentication key by using a new PLMN ID, and 
 transmit an authentication response message including the calculated authentication key to the MME as a response to the authentication request message.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.