Some content of this application is unavailable at the moment.
If this situation persists, please contact us atFeedback&Contact
1. (WO2015097223) METHOD AND SYSTEM FOR PROVIDING SECURITY FROM A RADIO ACCESS NETWORK
Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

CLAIMS

1. A security method in a telecommunications network comprising a radio access network system and a core network system, wherein the radio access network system is configured to provide a wireless radio interface for at least one user device, wherein a shared secret key is stored in both the user device and the core network system, the method comprising the steps in the radio access network system of:

receiving from the core network system, at least one vector comprising one or more values derived from the shared secret key;

performing at least one of an authentication procedure and a key agreement procedure for the user device over the wireless radio interface using the one or more values of the received vector for establishing a connection between the user device and the radio access network system.

2. The method according to claim 1 , further comprising the step of detecting an ina-bility to handle the at least one of the authentication procedure and the key agreement procedure from the core network system, wherein the step of receiving the vector is performed prior to detecting the inability and the step of performing the authentication procedure and/or key agreement procedure using the one or more values of the received vector is performed after detecting the inability.

3. The method according to claim 1 or 2, further comprising the step of storing at least one communication identifier in the radio access network system, the communication identifier enabling a communication service to be established for the user device.

4. The method according to one or more of the preceding claims, wherein the core network system pre-stores a RAN only indication associated with the user device to transmit the vector to the radio access network system, further comprising the step of only receiving the at least one vector in the radio access network system from the core network system for a user device for which the RAN only indication has been pre-stored.

5. The method according to one or more of the preceding claims, further comprising one or more of the following steps in the radio access network system:

periodically receiving the vector from the core network system;

transmitting a RAN-only indication to the user device that the radio access network system performs the at least one of the authentication procedure and the key agreement procedure for obtaining one or more services from the radio access network system.

6. The method according to one or more of the preceding claims, wherein the radio access network system comprises at least a first node and a second node, communicatively connected to the first node, the method comprising the steps of:

receiving a request for establishing a connection at the first node in the radio access network system; and

performing the at least one of the authentication procedure and the key agreement procedure at the second node in the radio access network system.

7. The method according to claim 6, further comprising at least one of the following steps:

receiving a location indication at the first node in the request for establishing a connection, the location indication indicating that the vector is available at the second node;

- recording in a third node of the radio access network system that the vector is available at the second node and informing the first node by the third node that the vector is available at the second node;

broadcasting a request from the first node in the radio access network system, the request identifying the user device for which the vector is sought; and

- transmitting a location indication from the second node to the first node and further to the user device, the location indication indicating that the vector is available at the second node.

8. The method according to one or more of the preceding claims, performing one or more of the following steps:

receiving the vector in a trusted node in the radio access network system;

transmitting a signalling message to the user device indicating that one or more values of the vector are non-operable for performing the authentication procedure and/or the key agreement procedure when the core network system is able to perform the authentication procedure and the key agreement procedure.

9. The method according to one or more of the preceding claims, comprising the step of refreshing one or more vectors in the radio access network system for performing the at least one of the authentication procedure and the key agreement procedure.

10. A computer program, or a suite of computer programs, comprising a set of instructions arranged to cause a computer, or a suite of computers, to perform the method according to one or more of the preceding claims.

1 1. A computer readable medium comprising the computer program of claim 10.

12. A radio access network system comprising one or more network nodes providing a wireless radio interface for at least one user device and configured to connect to a core network system, wherein, in operation, a shared secret is stored in both the user device and the core network system, wherein the radio access network system comprises:

a receiver configured for receiving from the core network system at least one vector comprising one or more values derived from the shared secret key;

a processor configured for performing at least one of an authentication procedure and a key agreement procedure for the user device over the wireless radio interface using the one or more val-ues of the received vector for establishing a connection between the user device and the radio access network system.

13. The radio access network system according to claim 12, wherein the radio access network system is further configured for performing the method according to one or more of the claims 2-9.

14. A core network system configured for operating with the radio access network system according to claim 12 or 13, wherein the core network system comprises:

a register configured for storing a RAN only subscription indication associated with the user device indicating that the vector should be transmitted to the radio access network system;

a processor, configured for controlling transmission of the vector for the user device only if the register has a pre-stored RAN only subscription indication;

a transmitter, controlled by the processor, for transmitting the vector to the radio access network system.

15. A user device configured for participating in one or more of the claims 5, 7 and 8, configured for processing, respectively, a RAN-only indication indicating that the at least one of the authentication procedure and key agreement procedure is performed by the radio access network system for accessing services from the radio access network system, a location indication indicating that the vector is available at a second node and a signalling message indicating that one or more values of the vector are non-operable when the core network system performs the at least one of the authentication and the key agreement procedure.