What technology area does this patent fall under?

Primary CPC classification H04W12/106. Mapped technology areas include Electricity.

When was this patent published?

Publication date Thu Apr 28 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Evolved packed core (epc) solution for restricted local operator services (rlost) access using device authentication

US2022132315A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2022132315-A1
Application number	US-202017423362-A
Country	US
Kind code	A1
Filing date	Jan 18, 2020
Priority date	Jan 18, 2019
Publication date	Apr 28, 2022
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Embodiments disclosed herein relate to allowing unauthenticated UEs to gain restricted access to an operator network to access network access subscription service. Once the unauthenticated UE successfully downloads a subscription profile for accessing the operator network, the unauthenticated UE can disconnect and can, thereafter, authenticate to the operator network using the subscription profile. Embodiments disclosed herein can perform one-way authentication to the operator network for obtaining a limited connectivity to reduce DoS attacks on the operator network. More specifically, these embodiments can support unauthenticated UEs to allow unauthenticated UEs to access the operator network for RLOS while minimizing DoS attack.

First claim

Opening claim text (preview).

1 . A method for starting a session establishment procedure for Restricted Local Operator Services (RLOS), the method comprising: sending, by a mobile equipment (ME) to a Mobility Management Entity (MME) via an access node (AN), an authorization request message for the RLOS having certificate information of the ME; receiving, by the ME from the MME via the AN, a security message identifying an integrity protection algorithm and a ciphering algorithm and having a temporary anchor encryption key in response to sending the authorization request message; generating, by the ME, a plurality of integrity protection keys associated with the integrity protection algorithm using the temporary anchor encryption key; verifying, by the ME, an integrity of the security message in accordance with the integrity protection algorithm; generating, by the ME, a plurality of encryption keys associated with the ciphering algorithm in response to verifying the integrity of the security message; protecting, by the ME, an integrity of a security response message using an integrity protection key from among the plurality of integrity protection keys and the integrity protection algorithm; and sending by the ME to the MME via the AN, the security response message to trigger initiation of the session establishment procedure for the RLOS. 2 . The method of claim 1 , wherein the certificate information of the ME comprises: an international mobile subscriber identity (IMSI), an International Mobile Equipment Identity (IMEI), or a universally unique identifier (UUID) of the ME; a ME Certificate (Uniform Resource Locator); and a signature of the ME. 3 . The method of claim 1 , wherein the authorization request message comprises: an Attach Authorization request message. 4 . The method of claim 1 , wherein the security message comprises: a NAS Security Mode Command message, and wherein the security response message comprises: a NAS Security Mode Complete message. 5 . The method of claim 1 , further comprising: encrypting, by the ME, messages subsequent to the security response message using an encryption key from among the plurality of encryption keys and the ciphering algorithm. 6 . The method of claim 1 , further comprising: sending, by the ME to the MME via the AN, a second authorization request message for the RLOS; and receiving, by the ME from the ME via the AN, an Attach Reject message with a random number (RAND) in response to sending the second authorization request message, and wherein the sending the first authorization request message comprises: sending the first authorization request message having the RAND to the MME. 7 . The method of claim 1 , further comprising: establishing, by the ME, a connection to the AN. 8 . A mobile equipment (ME), comprising: radio front end circuitry configured to: send an authorization request message for Restricted Local Operator Services (RLOS) having certificate information of the ME to a Mobility Management Entity (MME) via an access node (AN), and receive a security message identifying an integrity protection algorithm and a ciphering algorithm and having a temporary anchor encryption key from the MME via the AN in response to sending the authorization request message; and processor circuitry configured to: generate a plurality of integrity protection keys associated with the integrity protection algorithm using the temporary anchor encryption key, verify an integrity of the security message in accordance with the integrity protection algorithm, generate a plurality of encryption keys associated with the ciphering algorithm in response to verifying the integrity of the security message, and protect an integrity of a security response message using an integrity protection key from among the plurality of integrity protection keys and the integrity protection algorithm, wherein the radio front end circuitry is further configured to: send the security response message to the MME via the AN to trigger initiation of a session establishment procedure for the RLOS. 9 . The ME of claim 8 , wherein the certificate information of the ME comprises: an international mobile subscriber identity (IMSI), an International Mobile Equipment Identity (IMEI), or a universally unique identifier (UUID) of the ME; a ME Certificate (Uniform Resource Locator); and a signature of the ME. 10 . The ME of claim 8 , wherein the authorization request message comprises: an Attach Authorization request message. 11 . The ME of claim 8 , wherein the security message comprises: a NAS Security Mode Command message, and wherein the security response message comprises: a NAS Security Mode Complete message. 12 . The ME of claim 8 , wherein the processor circuitry is further configured to encrypt messages subsequent to the security response message using an encryption key from among the plurality of encryption keys and the ciphering algorithm. 13 . The ME of claim 8 , wherein the radio front end circuitry is further configured to: send a second authorization request message for the RLOS to the MME via the AN, and receive a reject message with a random number (RAND) from the MME via the AN in response to sending the second authorization request message, and wherein the radio front end circuitry is configured to send the first authorization request message having the RAND to the MME. 14 . The ME of claim 8 , wherein the processor circuitry is further configured to establish a connection to the AN. 15 . A system, comprising: a mobile equipment (ME) configured to send an authorization request message for Restricted Local Operator Services (RLOS) having certificate information of the ME; and a Mobility Management Entity (MME) configured to send a security message identifying an integrity protection algorithm and a ciphering algorithm and having a temporary anchor encryption key in response to receiving the authorization request message, wherein the ME is further configured to: generate a plurality of integrity protection keys associated with the integrity protection algorithm using the temporary anchor encryption key, verify an integrity of the security message in accordance with the integrity protection algorithm, generate a plurality of encryption keys associated with the ciphering algorithm in response to verifying the integrity of the security message, protect an integrity of a security response message using an integrity protection key from among the plurality of integrity protection keys and the integrity protection algorithm, and send the security response message to the MME to trigger initiation of a session establishment procedure for the RLOS. 16 . The system of claim 15 , wherein the certificate information of the ME comprises: an international mobile subscriber identity (IMSI), an International Mobile Equipment Identity (IMEI), or a universally unique identifier (UUID) of the ME; a ME Certificate (Uniform Resource Locator); and a signature of the ME. 17 . The system of claim 15 , wherein the authorization request message comprises: an Attach Authorization request message. 18 . The system of claim 15 , wherein the security message comprises: a NAS Security Mode Command message, and wherein the security response message comprises: a NAS Security Mode Complete message. 19 . The system of claim 15 , wherein the ME is further configured to encrypt messages subsequent to the security response message using an encryption key from among the p

Assignees

Apple Inc

Inventors

Classifications

H04W48/02
Access restriction performed under specific conditions · CPC title
H04W12/106Primary
Packet or message integrity · CPC title
H04W12/40
Security arrangements using identity modules · CPC title
H04W12/069
using certificates or pre-shared keys · CPC title
H04W8/02
Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks · CPC title

Patent family

Related publications grouped by family.

View patent family 69726712

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2022132315A1 cover?: Embodiments disclosed herein relate to allowing unauthenticated UEs to gain restricted access to an operator network to access network access subscription service. Once the unauthenticated UE successfully downloads a subscription profile for accessing the operator network, the unauthenticated UE can disconnect and can, thereafter, authenticate to the operator network using the subscription prof…
Who is the assignee on this patent?: Apple Inc
What technology area does this patent fall under?: Primary CPC classification H04W12/106. Mapped technology areas include Electricity.
When was this patent published?: Publication date Thu Apr 28 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).

How to read this patent

Abstract

First claim

Assignees

Inventors

Classifications

Patent family

External sources

Related patents

Method and apparatus for discovery and access of restricted local services for unauthenticated UEs

Reporting Integrity Protection Failure during Connection Resume or Re-Establishment

Support for manual roaming for volte

Method and apparatus for short code dialing for restricted services for unauthenticated user equipment

Network slice for restricted local operator services in a wireless network

Session management authorization token

User-plane security for next generation cellular networks

Frequently asked questions