Patent application number | Description | Published |
20090055899 | METHOD AND APPARATUS FOR OPTIMIZATION OF SIGCOMP UDVM PERFORMANCE - A mobile communication system that utilizes multiple access technologies achieves multiple session registrations by deriving a plurality of extended unique device identifications from a specific unique device identification (e.g., private user identification (PIID) stored on a subscriber identity module (SIM)) assigned to a user equipment. Each of the plurality of extended unique device identifications have the benefit of allowing multiple registrations with one or more access networks while allowing a home subscriber system to detect the one unique device identification embedded in the extended unique device identifications for authentication purposes. Thereby, a large population of deployed UEs and access network infrastructure may benefit without replacement by allowing a UE to maintain session continuity when transitioning between access networks, to select a preferred access technology when in overlapping coverage areas without session interruption, or to maintain multiple sessions (e.g., simultaneous Voice over IP (VoIP) and media streaming) with different access networks. | 02-26-2009 |
20100169496 | Method and Apparatus for Optimization of SIGCOMP UDVM Performance - A mobile communication system that utilizes multiple access technologies achieves multiple session registrations by deriving a plurality of extended unique device identifications from a specific unique device identification (e.g., private user identification (PIID) stored on a subscriber identity module (SIM)) assigned to a user equipment. Each of the plurality of extended unique device identifications have the benefit of allowing multiple registrations with one or more access networks while allowing a home subscriber system to detect the one unique device identification embedded in the extended unique device identifications for authentication purposes. Thereby, a large population of deployed UEs and access network infrastructure may benefit without replacement by allowing a UE to maintain session continuity when transitioning between access networks, to select a preferred access technology when in overlapping coverage areas without session interruption, or to maintain multiple sessions (e.g., simultaneous Voice over IP (VoIP) and media streaming) with different access networks. | 07-01-2010 |
20130281060 | METHOD AND APPARATUS FOR NETWORK PERSONALIZATION OF SUBSCRIBER DEVICES - A method and apparatus are provided for a subsidizing service provider entity to personalize a subscriber device to ensure the subscriber device cannot be used in a network of a different service provider entity. As the service provider entity subsidizes the subscriber device, it desires to ensure that subscriber device is personalized such that the subscriber device may operate only in its network and not a network of a different service provider entity. The subscriber device is pre-configured with a plurality of provider-specific and/or unassociated root certificates by the manufacturer of the subscriber device. A communication service is established between the service provider entity and the subscriber device allowing for the mutual authentication of the subscriber device and the service provider entity. After mutual authentication, the service provider entity sends a command to the subscriber device to disable/delete some/all root certificates that are unassociated with the service provider entity. | 10-24-2013 |
20150043734 | APPARATUS AND METHOD FOR TRANSITIONING FROM A SERVING NETWORK NODE THAT SUPPORTS AN ENHANCED SECURITY CONTEXT TO A LEGACY SERVING NETWORK NODE - Disclosed is a method for transitioning a remote station from a current serving network node having an enhanced security context to a new serving network node. In the method, the remote station provides at least one legacy key, and generates at least one session key based on a calculation using a root key and using an information element associated with the enhanced security context. The remote station forwards a first message having the information element to the new serving network node. The remote station receives a second message, from the new serving network node, having a response based on either the legacy key or the session key. The remote station determines that the new serving network node does not support the enhanced security context if the response of the second message is based on the legacy key. Accordingly, the remote station protects communications based on the legacy key upon determining that the enhanced security context is not supported. | 02-12-2015 |
Patent application number | Description | Published |
20110159841 | SYSTEMS, APPARATUS AND METHODS TO FACILITATE HANDOVER SECURITY - Systems, methods and apparatus for facilitating handover security are provided. In some embodiments, the method can include deriving a key value for handover from a GERAN/UTRAN system to an E-UTRAN system using a first input value. The method can also include deriving a key value for a connection establishment using a second input value, wherein the first input value is different from the second input value and is different from input values derived subsequent to the second input value, and wherein the first input value, the second input value and the input values derived subsequent to the second input value are configured to be input to a same key derivation function configured to output a key for use between a network entity and user equipment. | 06-30-2011 |
20110185397 | Method And Apparatus For Securing Wireless Relay Nodes - In order to mitigate the security risk posed by the insertion of a relay node within a communication network, both device authentication and subscriber authentication are performed on the relay node. Device and subscriber authentication may be bound together so that a relay node is granted access to operate within the network only if both device and subscriber authentication are successful. Additionally, a communication network (or authentication node) may further verify that a subscriber identifier (received as part of subscriber authentication) is associated with the corresponding device type (identified by the device identifier in the corresponding device authentication) as part of the subscriber authentication process. | 07-28-2011 |
20110255691 | APPARATUS AND METHOD FOR TRANSITIONING ENHANCED SECURITY CONTEXT FROM A UTRAN-BASED SERVING NETWORK TO A GERAN-BASED SERVING NETWORK - Disclosed is a method for transitioning an enhanced security context from a UTRAN-based serving network to a GERAN-based serving network. In the method, the remote station the remote station generates first and second session keys, in accordance with the enhanced security context, using an enhanced security context root key and a first information element. The remote station receives a first message from the UTRAN-based serving network. The first message includes a second information element signaling to the remote station to generate third and fourth session keys for use with the GERAN-based serving network. The remote station generates, in response to the first message, the third and fourth session keys using the second information element and the first and second session keys. The remote station protects wireless communications, on the GERAN-based serving network, based on the third and fourth session keys. | 10-20-2011 |
20110255693 | Apparatus and method for transitioning from a serving network node that supports an enhanced security context to a legacy serving network node - Disclosed is a method for transitioning a remote station from a current serving network node having an enhanced security context to a new serving network node. In the method, the remote station provides at least one legacy key, and generates at least one session key based on an information element associated with the enhanced security context. The remote station forwards a first message having the information element to the new serving network node. The remote station receives a second message, from the new serving network node, having a response based on either the legacy key or the session key. The remote station determines that the new serving network node does not support the enhanced security context if the response of the second message is based on the legacy key. Accordingly, the remote station protects communications based on the legacy key upon determining that the enhanced security context is not supported. | 10-20-2011 |
20110258445 | Apparatus and method for signaling enhanced security context for session encryption and integrity keys - Disclosed is a method for establishing an enhanced security context between a remote station and a serving network. In the method, the remote station forwards a first message to the serving network, wherein the first message includes an information element signaling that the remote station supports an enhanced security context. The remote station generates at least one session key, in accordance with the enhanced security context, using the information element. The remote station receives, in response to the first message, a second message having an indication that the serving network supports the enhanced security context. The remote station, in response to the second message, has wireless communications protected by the at least one session key. | 10-20-2011 |
20110261961 | REDUCTION IN BEARER SETUP TIME - A method and apparatus are provided for reducing latency and/or delays in performing a security activation exchange between a communication device and a network entity. The communication device may pre-compute a plurality of possible keys using a base key and a plurality of possible inputs in anticipation of receiving an indicator from the network entity that identifies a selected input to be used in generating a corresponding selected key. An indicator is then received from the network entity, where the indicator identifies the selected input from among the plurality of possible inputs. The communication device then selects a first key among the pre-computed plurality of possible keys as the selected key upon receipt of the indicator, wherein the first key is selected because it was pre-computed using the selected input. Because the first key is pre-computed, delays in responding to the network entity are reduced. | 10-27-2011 |
20110263225 | METHOD AND APPARATUS FOR NETWORK PERSONALIZATION OF SUBSCRIBER DEVICES - A method and apparatus are provided for a subsidizing service provider entity to personalize a subscriber device to ensure the subscriber device cannot be used in a network of a different service provider entity. As the service provider entity subsidizes the subscriber device, it desires to ensure that subscriber device is personalized such that the subscriber device may operate only in its network and not a network of a different service provider entity. The subscriber device is pre-configured with a plurality of provider-specific and/or unassociated root certificates by the manufacturer of the subscriber device. A communication service is established between the service provider entity and the subscriber device allowing for the mutual authentication of the subscriber device and the service provider entity. After mutual authentication, the service provider entity sends a command to the subscriber device to disable/delete some/all root certificates that are unassociated with the service provider entity. | 10-27-2011 |
20110311053 | Apparatus and method for transitioning enhanced security context from a UTRAN/GERAN-based serving network to an E-UTRAN-based serving network - Disclosed is a method for transitioning an enhanced security context from a UTRAN/GERAN-based serving network to an E-UTRAN-based serving network. In the method, the remote station the remote station generates first and second session keys, in accordance with the enhanced security context, using a first enhanced security context root key associated with a UTRAN/GERAN-based serving network and a first information element. The remote station receives a first message from the E-UTRAN-based serving network. The first message signals to the remote station to generate a second enhanced security context root key for use with the E-UTRAN-based serving network. The remote station generates, in response to the first message, the second enhanced security context root key from the first enhanced security context root key using the s first and second session keys as inputs. The remote station protects wireless communications, on the E-UTRAN-based serving network, based on the second enhanced security context root key. | 12-22-2011 |
20110314287 | Method and apparatus for binding subscriber authentication and device authentication in communication systems - An authentication method is provided between a device (e.g., a client device or access terminal) and a network entity. A removable storage device may be coupled to the device and stores a subscriber-specific key that may be used for subscriber authentication. A secure storage device may be coupled to the device and stores a device-specific key used for device authentication. Subscriber authentication may be performed between the device and a network entity. Device authentication may also be performed of the device with the network entity. A security key may then be generated that binds the subscriber authentication and the device authentication. The security key may be used to secure communications between the device and a serving network. | 12-22-2011 |
20110314522 | Method and apparatus for relay node management and authorization - Methods and apparatuses are provided for deploying relay nodes in a communication network. A relay node can initially be wirelessly authenticated to a network entity using initial security credentials. In response to a successful authentication, the relay node is authorized to wirelessly communicate with the communication network for a limited purpose of configuring the relay node for relay device operations. The relay node can receive new security credentials from the communication network, and is subsequently re-authenticated to the network entity using the new security credentials. In response to a successful re-authentication, the relay node is authorized by the network to operate as a relay device for conveying traffic between one or more access terminals and the communication network. | 12-22-2011 |
20120140731 | DETERMINING A NON-ACCESS STRATUM MESSAGE COUNT IN HANDOVER - Techniques for deriving message counts based at least in part on a locally stored message count and at least a portion of a message count received from a remote network node are disclosed. The message counts can relate to downlink (DL) non-access stratum (NAS) counts. In one aspect, a device can receive a number of least significant bits of the DL NAS count in a handover message. The device can derive a DL NAS count by utilizing a remaining portion of most significant bits of a locally stored DL NAS count, and can determine whether to increment or decrement the most significant bits based at least in part on a parameter to handle cases where the least significant bits of the locally stored DL NAS count have wrapped due to overflow and/or underflow. | 06-07-2012 |
20130067552 | AUTHENTICATION IN SECURE USER PLANE LOCATION (SUPL) SYSTEMS - A particular method includes storing, at a mobile device, at least one security credential that is specific to the mobile device. The method also includes transmitting the at least one security credential to a secure user plane location (SUPL) location platform (SLP) to authenticate the mobile device as associated with a SUPL user based on a comparison of the device identifier to a stored device identifier. | 03-14-2013 |
20140093081 | AUTHENTICATION IN SECURE USER PLANE LOCATION (SUPL) SYSTEMS - A particular method includes receiving, at a secure user plane location (SUPL) server, an indication from a mobile device of one or more transport layer security (TLS) cipher suites supported by the mobile device; determining whether the one or more TLS cipher suites include a TLS pre-shared key (TLS-PSK) cipher suite that is supported by the SUPL server; in response to determining whether the one or more TLS cipher suites include the TLS-PSK cipher suite that is supported by the SUPL server, performing a generic bootstrapping architecture (GBA)-based authentication process to authenticate the mobile device, or determining whether the SUPL server supports a certificate-based authentication method; and in response to determining that the SUPL server supports the certificate-based authentication method, performing the certificate-based authentication method that includes sending a server certificate to the mobile device and receiving a device certificate from the mobile device. | 04-03-2014 |
20140094147 | AUTHENTICATION IN SECURE USER PLANE LOCATION (SUPL) SYSTEMS - A particular method includes generating, at a secure user plane location (SUPL) server, a message to be sent to a mobile device, the message including: a server certificate including an identifier of the SUPL server and a public key of the SUPL server; and a request for a device certificate of the mobile device. The method also includes receiving a reply from the mobile device that includes a device certificate of the mobile device; and authenticating the mobile device as associated with a SUPL user based on the device certificate. | 04-03-2014 |
20140112474 | METHODS AND APPARATUS FOR PROVIDING NETWORK-ASSISTED KEY AGREEMENT FOR D2D COMMUNICATIONS - A method, an apparatus, and a computer program product for wireless communication are provided in connection with facilitating secure D2D communications in a LTE based WWAN. In one example, a UE is equipped to send a shared key request using a first non-access stratum (NAS) message to a MME, calculate a first UE key based on a MME-first UE key, an uplink count value, and at least a portion of contextual information, receive a second NAS message from the MME, and calculate a final UE key based at least on the first UE key. In another example, a MME is equipped to receive a NAS message such as the message send by the first UE, calculate a first UE key, receive a message at least indicating successful contact with the second UE, and send a second NAS message to the first UE indicating the successful contact. | 04-24-2014 |
20140112475 | METHODS AND APPARATUS FOR PROVIDING ADDITIONAL SECURITY FOR COMMUNICATION OF SENSITIVE INFORMATION - A method, an apparatus, and a computer program product for wireless communication are provided in connection with providing additional security for communication of sensitive information within a LTE based WWAN. In one example, a communications device is equipped to generate a keystream based on a mobility management entity-user equipment (MME-UE) key, a non-access stratum (NAS) message count value, and a contextual string associated with an informational element, and the contextual information, and cryptographically process the informational element using the generated keystream. In such an example, the communications device may be a UE, a MME, etc. | 04-24-2014 |
Patent application number | Description | Published |
20090040289 | VIDEO PHONE SYSTEM - A system allocates channel bandwidth based on the data received from a plurality of remote sources. A de-multiplexer/priority circuit separates two or more different data streams into their components parts. A stream modification driver modifies one or more characteristics of the data received from the de-multiplexer/priority circuit based on a priority assigned to the data by the de-multiplexer/priority circuit. The de-multiplexer/priority circuit determines the data transfer rates for each of the different data streams based on the assigned priority. | 02-12-2009 |
20110029196 | VEHICLE-STATE BASED PARAMETER ADJUSTMENT SYSTEM - The operation of a vehicle electronic module is influenced by vehicle-state received on a vehicle communication bus. The electronic module analyzes vehicle-state data that includes information about the vehicle's environment. The electronic module improves or maintains electronic module performance by adjusting communication processing parameters to improve driver or passenger communication. | 02-03-2011 |
20120218375 | VIDEO PHONE SYSTEM - A system allocates channel bandwidth based on the data received from a plurality of remote sources. A de-multiplexer/priority circuit separates two or more different data streams into their components parts. A stream modification driver modifies one or more characteristics of the data received from the de-multiplexer/priority circuit based on a priority assigned to the data by the de-multiplexer/priority circuit. The de-multiplexer/priority circuit determines the data transfer rates for each of the different data streams based on the assigned priority. | 08-30-2012 |
20120221414 | VIDEO PHONE SYSTEM - A system allocates channel bandwidth based on the data received from a plurality of remote sources. A de-multiplexer/priority circuit separates two or more different data streams into their components parts. A stream modification driver modifies one or more characteristics of the data received from the de-multiplexer/priority circuit based on a priority assigned to the data by the de-multiplexer/priority circuit. The de-multiplexer/priority circuit determines the data transfer rates for each of the different data streams based on the assigned priority. | 08-30-2012 |
20120265530 | Speech End-Pointer - A rule-based end-pointer isolates spoken utterances contained within an audio stream from background noise and non-speech transients. The rule-based end-pointer includes a plurality of rules to determine the beginning and/or end of a spoken utterance based on various speech characteristics. The rules may analyze an audio stream or a portion of an audio stream based upon an event, a combination of events, the duration of an event, or a duration relative to an event. The rules may be manually or dynamically customized depending upon factors that may include characteristics of the audio stream itself, an expected response contained within the audio stream, or environmental conditions. | 10-18-2012 |
20140258868 | VIDEO PHONE SYSTEM - A system allocates channel bandwidth based on the data received from a plurality of remote sources. A de-multiplexer/priority circuit separates two or more different data streams into their components parts. A stream modification driver modifies one or more characteristics of the data received from the de-multiplexer/priority circuit based on a priority assigned to the data by the de-multiplexer/priority circuit. The de-multiplexer/priority circuit determines the data transfer rates for each of the different data streams based on the assigned priority. | 09-11-2014 |
Patent application number | Description | Published |
20130231923 | Voice Signal Enhancement - Implementations include systems, methods and/or devices operable to enhance the intelligibility of a target speech signal by targeted voice model based processing of a noisy audible signal. In some implementations, an amplitude-independent voice proximity function voice model is used to attenuate signal components of a noisy audible signal that are unlikely to be associated with the target speech signal and/or accentuate the target speech signal. In some implementations, the target speech signal is identified as a near-field signal, which is detected by identifying a prominent train of glottal pulses in the noisy audible signal. Subsequently, in some implementations systems, methods and/or devices perform a form of computational auditory scene analysis by converting the noisy audible signal into a set of narrowband time-frequency units, and selectively accentuating the time-frequency units associated with the target speech signal and deemphasizing others using information derived from the identification of the glottal pulse train. | 09-05-2013 |
20130231924 | Format Based Speech Reconstruction from Noisy Signals - Implementations of systems, method and devices described herein enable enhancing the intelligibility of a target voice signal included in a noisy audible signal received by a hearing aid device or the like. In particular, in some implementations, systems, methods and devices are operable to generate a machine readable formant based codebook. In some implementations, the method includes determining whether or not a candidate codebook tuple includes a sufficient amount of new information to warrant either adding the candidate codebook tuple to the codebook or using at least a portion of the candidate codebook tuple to update an existing codebook tuple. Additionally and/or alternatively, in some implementations systems, methods and devices are operable to reconstruct a target voice signal by detecting formants in an audible signal, using the detected formants to select codebook tuples, and using the formant information in the selected codebook tuples to reconstruct the target voice signal. | 09-05-2013 |
20130231932 | Voice Activity Detection and Pitch Estimation - Implementations include systems, methods and/or devices operable to detect voice activity in an audible signal by detecting glottal pulses. The dominant frequency of a series of glottal pulses is perceived as the intonation pattern or melody of natural speech, which is also referred to as the pitch. However, as noted above, spoken communication typically occurs in the presence of noise and/or other interference. In turn, the undulation of voiced speech is masked in some portions of the frequency spectrum associated with human speech by the noise and/or other interference. In some implementations, detection of voice activity is facilitated by dividing the frequency spectrum associated with human speech into multiple sub-bands in order to identify glottal pulses that dominate the noise and/or other inference in particular sub-bands. Additionally and/or alternatively, in some implementations the analysis is furthered to provide a pitch estimate of the detected voice activity. | 09-05-2013 |