[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2016079309A1 - Profile to ensure the same level of security as in the existing 3gpp system for proximity service (prose) epc support for wlan direct discovery and communication - Google Patents

Profile to ensure the same level of security as in the existing 3gpp system for proximity service (prose) epc support for wlan direct discovery and communication Download PDF

Info

Publication number
WO2016079309A1
WO2016079309A1 PCT/EP2015/077241 EP2015077241W WO2016079309A1 WO 2016079309 A1 WO2016079309 A1 WO 2016079309A1 EP 2015077241 W EP2015077241 W EP 2015077241W WO 2016079309 A1 WO2016079309 A1 WO 2016079309A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
security
user equipment
prose
area network
Prior art date
Application number
PCT/EP2015/077241
Other languages
French (fr)
Inventor
Anja Jerichow
Original Assignee
Nokia Solutions And Networks Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Solutions And Networks Oy filed Critical Nokia Solutions And Networks Oy
Publication of WO2016079309A1 publication Critical patent/WO2016079309A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • H04W8/24Transfer of terminal data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • Ensuring security in communications may be beneficial in many communication systems.
  • certain wireless communication systems may benefit from a profile to ensure the same level of security (for example, confidentiality and integrity) as in the existing 3GPP system as required for proximity service (ProSe) Direct Communication and ProSe- assisted EPC support for WLAN direct discovery and communication.
  • certain communication systems may benefit from a profile that can permit the evolved packet system (EPS) to ensure the confidentiality and integrity of both user data and network signaling over the ProSe Communication path and ProSe-assisted WLAN direct communication path to a level comparable with that provided by the existing 3GPP system.
  • EPS evolved packet system
  • Proximity services have been specified to allow users with ProSe-enabled user equipment (UEs) that are in proximity to each other to communicate.
  • Proximity Services are specified in third generation partnership project (3GPP) technical specification (TS) 22.278 (requirements, see Section 7A for general and 9 for security requirements), TS 23.303 (architecture), and TS 33.303 (security).
  • TS 24.334 PC3 interface
  • TS 29.343 PC2
  • TS 29.344 PC4a
  • TS 29.345 PC6/PC7.
  • TS 22.278, TS 23.303, TS 24.334, TS 29.343, TS 29.344, and TS 29.345 is incorporated herein by reference in its entirety.
  • ProSe enabled UEs may need to be authorized to use proximity services such as Direct Discovery and Direct Communication or EPC support for WLAN Direct Discovery and Communication. Furthermore, the communication between ProSe enabled UEs may need to be secured.
  • TS 22.278 Section 9.4 on ProSe security requirements states: "The EPS shall ensure that the confidentiality and integrity of both user data and network signalling over the ProSe Communication path and ProSe-assisted WLAN direct communication path to a level comparable with that provided by the existing 3GPP system.”
  • ProSe discovery identifies that ProSe- enabled UEs are in proximity of each other, using E-UTRA (with or without E-UTRAN) or EPC when permission, authorization, and proximity criteria are fulfilled.
  • ProSe discovery can be ProSe direct discovery and EPC-level ProSe discovery (i.e. core network assisted discovery for roaming).
  • ProSe communication may permit establishment of new communication paths between two or more ProSe-enabled UEs that are in communication range. The ProSe communication path could use E-UTRA or wireless local area network (WLAN).
  • ProSe direct communication can be ProSe direct communication one-to-many or ProSe direct communication one-to-one.
  • a ProSe function is the logical function that is used for network related actions required for ProSe.
  • the ProSe function plays different roles for each of the features of ProSe.
  • WLAN direct communication between 2 UEs is not in the scope of 3GPP, but 3GPP entities may need to provide the necessary information such that the UEs can use WLAN for ProSe communication if the UE has indicated WLAN capability and whether it likes to use WLAN.
  • Figure 1 illustrates a generic architecture of ProSe, for example a non-roaming reference architecture.
  • UE A and UE B each having a ProSe application thereon, can be connected to a ProSe application server via interface PC1 .
  • the ProSe application server can be connected to a ProSe function via interface PC2.
  • the ProSe function can be connected to UE A and UE B by interface PC3.
  • the ProSe function can be connected to a home subscriber server (HSS) and secure user plane location (SUPL) location platform (SLP) respectively by interfaces PC4a and PC4b.
  • Interface PC5 can connect UE A and UE B to one another.
  • the UE When the UE registers at the ProSe function and intends to use EPC support for WLAN direct discovery and communication, it can already provide a permanent WLAN Link Layer ID or obtain a temporary WLAN Link Layer ID (WLLID) from the ProSe Function as part of the Proximity Request procedure later.
  • WLLID WLAN Link Layer ID
  • a proximity request can be used by the UE to tell the ProSe Function to be alerted when it enters proximity with other UEs.
  • the UE can indicate whether the UE has any intention to use WLAN.
  • the network triggers the Proximity Alert procedure and can provide WLAN assisted information to the UE.
  • the assistance information can be designed to expedite WLAN direct discovery and communication.
  • the content of the assistance information may depend on the technology used on the WLAN direct link. All the content in the assistance information may be dynamically generated by ProSe Function A, with the exception of WLAN Link Layer ID in case the other UE supports only permanent WLLID.
  • FIG. 2A illustrates signaling flow for EPC support for WLAN direct communication.
  • Figure 2A is Figure 5.6.2-1 from TS 23.303.
  • the ProSe function can decide to trigger the establishment of a WLAN direct group.
  • the ProSe function can send a WLAN direct group setup request including assistance information to UE-A.
  • UE-A can respond to the ProSe function with a WLAN direct group setup response, at 2b.
  • the same request/response can be performed with respect to UE-B at 3a/3b.
  • FIG. 2B illustrates an overall call flow for EPC-level ProSe Discovery and optional EPC support for WLAN direct discovery and communication.
  • This figure is Figure 5.5.2-1 in TS 23.303.
  • a UE A can perform UE registration with ProSe function A.
  • UE B can similarly perform UE registration with ProSe function B.
  • At 2a UE A can perform application registration with ProSe function A, and at 2b UE B can similarly perform application registration with ProSe function B.
  • FIG. 2C illustrates possible security operations for EPC support for WLAN direct communication.
  • Figure 2C is Figure 6.4.2-1 of S3-142433, a 3GPP change request, dated October 30, 2014.
  • the ProSe Function can authorize UEs that want to establish a WLAN direct group and can generate security parameters for WLAN.
  • the ProSe function can send (to UE-A) a WLAN direct group setup request including assistance information including security parameters.
  • UE-A can reply with a WLAN direct group setup response.
  • the ProSe function can perform setup with UE-B. Then, at 4, UE-A and UE-B can establish a WLAN security association to protect the ProSe communication.
  • the WLAN indication parameter can be used to carry an indication of whether the searching UE wishes to engage in WLAN direct discovery and communication subsequent to successful proximity detection.
  • Section 12.3.2.13 is on the Assistance Information parameter that is used to carry information for expediting WLAN direct discovery and communication.
  • the content of the assistance information parameter may depend on the WLAN technology.
  • Wi-Fi Peer-to-Peer (P2P) specification defines an architecture and set of protocols that facilitate direct discovery and communication using the IEEE 802.1 1 technology.
  • the Assistance Information can include the following parameters: service set identifier (SSID), WLAN secret key, group owner indication, P2P device address of self, P2P device address of peers, operation channel, and validity time. This may not be enough: the protection method to use ⁇ e.g. wired equivalent privacy (WEP), Wi-Fi protected access (WPA) variants, and so on, as can be found in IEEE 802.1 1 ⁇ ) may need to be specified as well.
  • the Wi-Fi direct or any appropriate specification can be used to identify the parameters.
  • the WLAN secret key is a pre-shared key to be used by UEs to secure their Wi-Fi P2P communication.
  • the WLAN secret key can be used by UEs as a pairwise master key (PMK).
  • the ProSe function can provide the WLAN Secret Key for ProSe Direct Communication with WLAN.
  • WLAN direct communication as such is not specified in 3GPP.
  • Commercial products like Wifi direct may be used for this.
  • the ProSe function may need to provide the assistance information as specified in stage 3 TS 24.334 (12.3.2.13) including SSID and the WLAN secret key to be used by the UEs to secure their Wi-Fi P2P communication.
  • UEs can register at the ProSe function and already include WLAN indication (optional if an identifier) if WLAN communication is an option for the UE.
  • the communication between ProSe function and UE is via PC3 interface in the reference architecture.
  • the PC3 interface may need to be secured (for example, authorized, authenticated, and/or confidentiality protected) for sending any information.
  • This need for security may be independent of the usage of assistance information for WLAN or any other information provisioned to the UEs. Thus, the specific security needed for PC3 is not described here.
  • ProSe requirements in 22.278 Section 9.4 states that the EPS is to ensure that the confidentiality and integrity of both the user data and the network signaling over the ProSe communication path and the ProSe-assisted WLAN direct communication path is protected to a level comparable with that provided by the existing 3GPP system.
  • Figure 3 illustrates a subset of a reference architecture.
  • This architecture is described in TS 23.303.
  • the architecture can include interface PC3.
  • PC3 can be described as a reference point between the UE and the ProSe Function.
  • PC3 can rely on the EPC user plane for transport, for example as an "over IP" reference point.
  • PC3 can be used to authorize ProSe direct discovery and EPC-level ProSe discovery requests, and can be used to perform allocation of ProSe application codes corresponding to ProSe application identities used for ProSe direct discovery.
  • PC3 can be used to define the authorization policy per public land mobile network (PLMN) for ProSe direct discovery, both as to public safety and non-public-safety, and for communication for public safety only between UE and ProSe function.
  • PLMN public land mobile network
  • FIG. 3 also shows interface PC4a.
  • PC4a can be described as a reference point between the HSS and ProSe function.
  • PC4a can be used to provide subscription information in order to authorize access for ProSe direct discovery and ProSe direct communication on a per PLMN basis.
  • PC4a can also be used by the ProSe function (such as an EPC-level ProSe discovery function) for retrieval of EPC-level ProSe discovery related subscriber data.
  • ProSe function such as an EPC-level ProSe discovery function
  • UE registration procedure initiation based on pre-configuration, if the UE is authorized to perform EPC-level ProSe discovery in the registered PLMN, the UE can initiate the UE registration procedure when the UE is triggered by upper layers to obtain EPC-level ProSe discovery services and the UE has no corresponding EPC ProSe User ID.
  • the UE may initiate the UE registration procedure by sending a UE REGISTRATION REQUEST message with the UE identity set to the UE's IMSI. If the UE intends to use EPC support for WLAN direct discovery and communication and if the UE uses a permanent WLAN link layer identifier, then the UE can also include the WLAN link layer identifier in the UE REGISTRATION REQUEST message.
  • the purpose of the proximity request procedure may be to allow a UE (UE A) to request to be alerted when the UE enters in proximity with a targeted UE (UE B) as defined in 3GPP TS 23.303.
  • UE A can perform the proximity request procedure with the ProSe Function residing in the home PLMN (HPLMN).
  • HPLMN home PLMN
  • the purpose of the proximity alert procedure may be to inform the UE (UE A) that it has been determined to be in proximity with the targeted UE (UE B) as defined in 3GPP TS 23.303. If UE A has indicated in the proximity request procedure that UE A wishes to engage in WLAN direct discovery and communication with UE B.
  • the proximity alert procedure can also be used to provide assistance information that may expedite the WLAN direct discovery and communication to both UE A and UE B.
  • the proximity alert procedure can be initiated by the ProSe Function residing in the HPLMN.
  • a method can include preparing a security capability registration message.
  • the message can be configured to identify security capabilities with respect to an alternative radio access technology.
  • the method can also include using the message to register security capabilities of a user equipment with a proximity services function.
  • the alternative radio access technology can be wireless local area network.
  • the message can be configured to describe at least one of wireless local area network technology supported, supported protection method, supported cipher, key length, or any combination thereof.
  • the using the message can involve including a wireless local area network security capability registration message along with, or embedded in, a wireless local area network indication parameter to the proximity services function.
  • the method can also include receiving from the proximity services function a set of parameters common to the user equipment and another device.
  • the method can further include communicating with another nearby user equipment based on the set of parameters.
  • a method can include receiving a security capability registration message.
  • the message can be configured to identify security capabilities of a user equipment with respect to an alternative radio access technology.
  • the method can also include comparing the security capabilities to other security capabilities.
  • the method can further include providing a response to the message based on the comparing.
  • the alternative radio access technology can be wireless local area network.
  • the comparing can include comparing content of the security capability registration message against a wireless local area network security profile and determining whether a logical intersection of the content and the profile is a non-empty group.
  • the method can further include selecting an acceptable set of parameters among those that the user equipment and the proximity services function have in common.
  • the method can additionally include identifying the acceptable set to the user equipment.
  • the method can also include generating an assistance information based on the acceptable set of parameters.
  • the method can further include sending the assistance information to the user equipment.
  • an apparatus can include means for performing the method according to the first and second embodiments respectively, in any of their variants.
  • an apparatus can include at least one processor and at least one memory and computer program code.
  • the at least one memory and the computer program code can be configured to, with the at least one processor, cause the apparatus at least to perform the method according to the first and second embodiments respectively, in any of their variants.
  • a computer program product may encode instructions for performing a process including the method according to the first and second embodiments respectively, in any of their variants.
  • a non-transitory computer readable medium may encode instructions that, when executed in hardware, perform a process including the method according to the first and second embodiments respectively, in any of their variants.
  • a system may include at least one apparatus according to the third or fifth embodiments in communication with at least one apparatus according to the fourth or sixth embodiments, respectively in any of their variants.
  • Figure 1 illustrates a generic architecture of ProSe, for example a non-roaming reference architecture.
  • Figure 2A illustrates signaling flow for EPC support for WLAN direct communication.
  • Figure 2B illustrates an overall call flow for EPC-level ProSe Discovery and optional EPC support for WLAN direct discovery and communication.
  • Figure 2C illustrates possible security operations for EPC support for WLAN direct communication.
  • Figure 3 illustrates a subset of a reference architecture.
  • Figure 4 illustrates a first alternative of providing user equipment capabilities, according to certain embodiments.
  • Figure 5 illustrates a second alternative of providing user equipment capabilities, according to certain embodiments.
  • Figure 6 illustrates a third alternative of providing user equipment capabilities, according to certain embodiments.
  • Figure 7 illustrates an alternative of obtaining user equipment capabilities, according to certain embodiments.
  • Figure 8 illustrates ProSe function handling of received security capabilities, according to certain embodiments.
  • Figure 9 illustrates a table of keys and values or meanings, according to certain embodiments.
  • Figure 10 illustrates a method according to certain embodiments.
  • Figure 1 1 illustrates a system according to certain embodiments.
  • Certain embodiments are related to ProSe direct discovery and communication using WLAN.
  • UE and ProSe function may communicate via PC3 to discover, configure and to provide the WLAN assistance information.
  • certain embodiments may relate to security for EPC support for WLAN direct discovery and communication and how to ensure that the ProSe-assisted WLAN direct communication path is at a security level comparable with that provided by the existing 3GPP system as may be mandated by the set of requirements defined and described above.
  • Certain embodiments define a WLAN security capability registration message that the UE shall use to register its WLAN security capabilities with the ProSe function.
  • This message can contain relevant information regarding the UE, for example: WLAN technology supported, supported protection method, supported ciphers, key length, or any combination thereof.
  • the support protection method may, for example, be WPA, WPA-enterprise, or the like.
  • the message can extend the WLAN indication parameter sent from the UE to the ProSe function.
  • a WLAN security capability profile can be defined.
  • the profile can contain the same type of information as the WLAN security capability registration message.
  • the profile can represent one or more set of WLAN security capabilities a UE is to have, from the point of view of the ProSe function, in order for the UE to be allowed to conduct ProSe communication using WLAN.
  • This profile can, for example, be configured by the party responsible of the ProSe function, such as the mobile network operator, depending on issues such as public safety requirements or legal constraints relative to privacy of communications.
  • the UE in a first step, can include a WLAN security capability registration message along with, or embedded in, a WLAN indication parameter that the UE sends to the ProSe function.
  • the ProSe function can compare the content of the WLAN security capability registration message against the WLAN security profile, for example by determining whether the logical intersection of the two is a non-empty group.
  • the ProSe function can select an acceptable set of parameters, for example the protection method and/or cipher and key length that would provide the highest level of security, among those that the UE and ProSe function have in common. Otherwise, for example if there is no such common acceptable set of parameters, the ProSe function may refuse to configure the UE for ProSe direct communication via WLAN.
  • an acceptable set of parameters for example the protection method and/or cipher and key length that would provide the highest level of security, among those that the UE and ProSe function have in common. Otherwise, for example if there is no such common acceptable set of parameters, the ProSe function may refuse to configure the UE for ProSe direct communication via WLAN.
  • the ProSe function can generate assistance information based on the parameters that have been selected in the third step, and can send the assistance information back to the terminal.
  • certain embodiments can be implemented by adding another information element to the assistance information when alerting the UE of another device in proximity that also would like to use WLAN as described in 24.334.
  • the UE Before using the alerting procedure, the UE may need to provide the UE's own security capabilities either to the ProSe Function or to the HSS, such that the ProSe Function can decide which WLAN security profile to use, for example by either comparing the profiles of 2 UEs directly or by requesting such information from the HSS or by requesting the profiles from the HSS.
  • Figure 4 illustrates a first alternative of providing user equipment capabilities, according to certain embodiments.
  • the WLAN security capability registration message can be a standalone message or can be integrated as part of the UE registration procedure as described in 24.334, 7.2.2.
  • the UE can send a ⁇ UE REGISTRATION REQUEST> to the ProSe function. Then, the ProSe function can respond with a ⁇ UE REGISTRATION RESPONSE/REJECT> message.
  • a ⁇ WLAN SECURITY CAPABILITY PROVISIONING REQUEST> message can be an additional step following the ⁇ UE
  • CAPABILITY PROVISIONING REQUEST > can contain at least the ⁇ transaction-ID>.
  • the transaction ID can be a parameter that is used to uniquely identify a PC3 Control Protocol for EPC-level ProSe discovery transaction when it is combined with other PC3 Control Protocol for EPC-level ProSe discovery transactions in the same transport message.
  • This new message may also include parameters that are described in the following examples.
  • FIG. 5 illustrates a second alternative of providing user equipment capabilities, according to certain embodiments.
  • WLAN security capabilities can be sent as part of the ⁇ UE_REGISTRATION_REQUEST>.
  • a new element such as ⁇ WLAN security capabilities> containing at least some of the parameters as described below can be used.
  • the ⁇ UE_REGISTRATION_REQUEST> element can include one or more ⁇ UE-register-request> element that contains transactions sent from the UE to the ProSe function to register the UE.
  • Each ⁇ UE-register-request > can include a ⁇ transaction-ID> element containing the parameter defined in subclause 12.3.2.1 ; a ⁇ UE-identity> element containing the parameter defined in subclause 12.3.2.2; and a ⁇ WLAN-link-layer-ID> element containing the parameter defined in subclause 12.3.2.6.
  • the ProSe function can either provide a registration response with an acknowledgment or a registration rejection.
  • Figure 6 illustrates a third alternative of providing user equipment capabilities, according to certain embodiments.
  • the ProSe function may request the UE to provide the user equipment capabilities.
  • the ⁇ WLAN SECURITY CAPABILITY REQUEST> message may include the transaction id, previously provided to the UE.
  • the response from the UE may include the transaction id and the WLAN security capabilities.
  • Figure 7 illustrates an alternative of obtaining user equipment capabilities, according to certain embodiments. As shown in Figure 7, instead of the approaches on PC3 (see Figures 4-6), different variants with or without PC4a exist. For example, HSS may be used to store WLAN security capabilities, having obtained them through integration with another protocol. In such cases, the ProSe function may request the information.
  • Figure 7 illustrates two alternatives for PC4a additions.
  • the ProSe function may request the WLAN security capabilities together with EPC-level ProSe discovery related subscriber data. Otherwise, as shown in the second alternative, the ProSe function may send the requests separately (the order of the requests does not have to be as shown).
  • the HSS does not have to be used, but the ProSe can store the ProSe related security.
  • the HSS is provided as one possible network element that may have the relevant information, although other network elements are also possible.
  • Figure 8 illustrates ProSe function handling of received security capabilities, according to certain embodiments.
  • the ProSe function may receive the WLAN security capabilities from the user equipment, for example according to any of the ways shown in Figures 4-6.
  • the ProSe function may store the capabilities itself and/or send them to a home subscriber server. If the ProSe function sends them to a home subscriber server without storing, them, the ProSe function may retrieve the capabilities from the home subscriber server for example, as shown in Figure 7, or as shown as optional steps in Figure 8.
  • the ProSe server may retrieve (from itself or from another entity) the capabilities of each member of the group of user equipment that may want to talk to one another.
  • the ProSe function can compare the results of such retrieval and add appropriate WLAN security capability information to assistance information provided with a proximity alert.
  • the UE may decide later to engage into WLAN direct discovery and communication and therefore start communication subsequent to successful proximity detection with another UE.
  • the UE may have registered but not sent yet the capabilities to the ProSe function.
  • the UE may include the UE's WLAN security capabilities in the PROXIMITY REQUEST message together with the WLAN indication.
  • Format of the WLAN security capability registration message and WLAN security profile can vary. Both or each may be made of one or more group of key/value elements. Each group may represent a capability of the UE or a requirement from the ProSe function.
  • the key/values elements for each group are shown in Figure 9. More particularly, Figure 9 illustrates a table of keys and values or meanings, according to certain embodiments.
  • FIG 9 illustrates that the keys can include protection mode, key length, EAP, EAP method, VPN, and VPN method.
  • the values and/or meanings of the keys can be as follows.
  • the protection mode key can indicate WEP, WPA Personal (aka WPA-PSK), WPA-Enterprise, WPA2-PSK, and/or WPA2-Enterprise.
  • the key length may be an optional item. It can be used whenever applicable, such as for WEP.
  • EAP can be a Boolean indicating whether EAP is supported.
  • EAP method can indicate EAP-PSK, EAP-TLS, EAP-SIM, EAP-MD5, LEAP, PEAP, the like, or any combination thereof.
  • VPN can be a Boolean indicating whether any VPN can be automatically established over a Wi-Fi connection. This may be particularly relevant for IPsec.
  • VPN method can indicate PPTP, L2TP, IPsec, or the like.
  • WEP and WPA are given for exemplary purpose. WEP or WPA version 1 may be unsuitable for ProSe direct communication. Further key/values elements may be provided as each technology is further analyzed. Analyzed technologies can include EAP methods or VPN.
  • ProSe function Another method that can be used is for the ProSe function to assume that ProSe- capable UEs have a standardized set of WLAN security capabilities. These may be provided by, for example, device provisioning at manufacture time.
  • the ProSe function may keep this data or the ProSe function may send the data to be stored as profile in the HSS separately of within an already existing HSS profile.
  • the ProSe function can either evaluates itself which WLAN security the UEs should use, or the ProSe function may request the HSS to evaluate. In the former case, the ProSe Function may still need to request the stored capabilities from the HSS.
  • the table in Figure 9 can be variously implemented.
  • the table in Figure 9 could be translated, for example, as follows:
  • Figure 10 illustrates a method according to certain embodiments.
  • a method can include, at 1010, preparing a security capability registration message, for example by a user equipment.
  • the message can be configured to identify security capabilities with respect to an alternative radio access technology.
  • the alternative radio access technology can be wireless local area network. This radio access technology may differ from a radio access technology over which the message is to be sent.
  • the method can also include, at 1020, using the message to register security capabilities of a user equipment with a proximity services function.
  • the message can be configured to describe at least one of wireless local area network technology supported, supported protection method, supported cipher, key length, or any combination thereof.
  • the information described in Figure 9 may be provided in the message.
  • Using the message can involve including a wireless local area network security capability registration message along with, or embedded in, a wireless local area network indication parameter to the proximity services function.
  • the method can further include, at 1030, receiving from the proximity services function a set of parameters common to the user equipment and another device.
  • the another device can be the proximity services function or another user equipment.
  • the method can additionally include, at 1040, communicating with another nearby user equipment based on the set of parameters.
  • the method can also include, at 1050, receiving a security capability registration message configured to identify security capabilities of a user equipment with respect to an alternative radio access technology. This message can be received at a proximity services function.
  • the method can also include, at 1060, comparing the security capabilities to other security capabilities. These other security capabilities may be a set of compatible security capabilities or a set of security capabilities of at least one user equipment near the user equipment.
  • the method can further include, at 1070, providing a response to the message based on the comparing.
  • the alternative radio access technology comprises wireless local area network.
  • the message received at 1050 can be the same message sent at 1020.
  • the comparing can include comparing content of the security capability registration message against a wireless local area network security profile and determining whether a logical intersection of the content and the profile is a non-empty group.
  • the method can additionally include, at 1080, selecting an acceptable set of parameters among those that the user equipment and the proximity services function have in common.
  • the method can also include, at 1085, identifying the acceptable set to the user equipment.
  • the method can further include, at 1090, generating an assistance information based on the acceptable set of parameters.
  • the method can additionally include, at 1095, sending the assistance information to the user equipment.
  • Figure 1 1 illustrates a system according to certain embodiments of the invention.
  • a system may include multiple devices, such as, for example, at least one UE 1 1 10, at least one ProSe function 1 120, and at least one HSS 1 130.
  • Each of these devices may include at least one processor, respectively indicated as 1 1 14, 1 124, and 1 134.
  • At least one memory can be provided in each device, and indicated as 1 1 15, 1 125, and 1 135, respectively.
  • the memory may include computer program instructions or computer code contained therein.
  • the processors 1 1 14, 1 124, and 1 134 and memories 1 1 15, 1 125, and 1 135, or a subset thereof, can be configured to provide means corresponding to the various blocks of Figure 10.
  • transceivers 1 1 16, 1 126, and 1 136 can be provided, and each device may also include an antenna, respectively illustrated as 1 1 17, 1 127, and 1 137.
  • antenna 1 137 can illustrate any form of communication hardware, without requiring a conventional antenna.
  • Transceivers 1 1 16, 1 126, and 1 136 can each, independently, be a transmitter, a receiver, or both a transmitter and a receiver, or a unit or device that is configured both for transmission and reception.
  • Processors 1 1 14, 1 124, and 1 134 can be embodied by any computational or data processing device, such as a central processing unit (CPU), application specific integrated circuit (ASIC), or comparable device.
  • the processors can be implemented as a single controller, or a plurality of controllers or processors.
  • Memories 1 1 15, 1 125, and 1 135 can independently be any suitable storage device, such as a non-transitory computer-readable medium.
  • a hard disk drive (HDD), random access memory (RAM), flash memory, or other suitable memory can be used.
  • the memories can be combined on a single integrated circuit as the processor, or may be separate from the one or more processors.
  • the computer program instructions stored in the memory and which may be processed by the processors can be any suitable form of computer program code, for example, a compiled or interpreted computer program written in any suitable programming language.
  • the memory and the computer program instructions can be configured, with the processor for the particular device, to cause a hardware apparatus such as UE 1 1 10, ProSe function 1 120, and HSS 1 130, to perform any of the processes described herein (see, for example, Figure 10). Therefore, in certain embodiments, a non-transitory computer-readable medium can be encoded with computer instructions that, when executed in hardware, perform a process such as one of the processes described herein. Alternatively, certain embodiments of the invention can be performed entirely in hardware.
  • Figure 1 1 illustrates a system including a UE, ProSe function, and HSS
  • embodiments of the invention may be applicable to other configurations, and configurations involving additional elements.
  • additional UEs may be present, and additional core network elements may be present, as illustrated in Figure 1 .
  • Certain embodiments may have various benefits and/or advantages.
  • the same level of confidentiality and integrity can be provided as for communication in 3GPP.
  • confidentiality and integrity can be maintained if the only WLAN configurations that are allowed are those that meet such a requirement.
  • WLAN Direct Discovery and WLAN Direct Communication can be restricted only to happen within EPC level ProSe Discovery (TS 24.334 section 7). Furthermore, the UE Registration Request may be made to be mandatory to perform before doing any proximity request and receiving any proximity alert.
  • the system may be restricted such that the only way for the UE to receive assistance information is via the proximity alert message.
  • An XML schema is already defined for this, see TS 24.334 section 1 1 .2.3:
  • the UE can be told which SSI D, key and channel to use, but not the 802.1 1 technology nor protection method to use, in certain embodiments.
  • the "WLAN Assistance-info" complexType can be extended according to the XML schemes above.
  • Extending the UE Registration Request may lead to a proximity alert being given with appropriate assistance information.
  • the other options such as separate Registration Request and Response initiated from the UE and separate Capability Information Request/Response initiated from the ProSe function, may be made optional.
  • An Update ProSe Subscriber Data Request is a procedure that, as explained in TS 29.344, can be used by an HSS to update the relevant subscriber related data in the ProSe Function to replace a specific part of the user data stored in the ProSe Function with the data sent.
  • the information elements of an update ProSe Subscriber Data Request are described in more detail at TS 29.344, table 5.3.1 -1 .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Ensuring security in communications may be beneficial in many communication systems. For example, certain wireless communication systems may benefit from a profile to ensure the same level of security (for example, confidentiality and integrity) as in the existing 3GPP system as required for proximity service (ProSe) Direct Communication and ProSe- assisted EPC support for WLAN direct discovery and communication. In other words, certain communication systems may benefit from a profile that can permit the evolved packet system (EPS) to ensure the confidentiality and integrity of both user data and network signaling over the ProSe Communication path and ProSe-assisted WLAN direct communication path to a level comparable with that provided by the existing 3GPP system. A method can include preparing a security capability registration message. The method can be configured to identify security capabilities with respect to an alternative radio access technology. The method can also include using the message to register security capabilities of a user equipment with a proximity services function.

Description

DESCRIPTION TITLE
Profile to ensure t e same level of security as in the existing 3GPP system for proximity service (ProSe) EPC support for WLAN direct discovery and communication
CROSS-REFERENCE TO RELATED APPLICATION:
[0001 ] This application is related to and claims the benefit and priority of U.S. Provisional Patent Application No. 62/082,449, filed November 20, 2014, the entirety of which is hereby incorporated herein by reference.
BACKGROUND: Field:
[0002] Ensuring security in communications may be beneficial in many communication systems. For example, certain wireless communication systems may benefit from a profile to ensure the same level of security (for example, confidentiality and integrity) as in the existing 3GPP system as required for proximity service (ProSe) Direct Communication and ProSe- assisted EPC support for WLAN direct discovery and communication. In other words, certain communication systems may benefit from a profile that can permit the evolved packet system (EPS) to ensure the confidentiality and integrity of both user data and network signaling over the ProSe Communication path and ProSe-assisted WLAN direct communication path to a level comparable with that provided by the existing 3GPP system.
Description of the Related Art:
[0003] Proximity services (ProSe) have been specified to allow users with ProSe-enabled user equipment (UEs) that are in proximity to each other to communicate. Proximity Services are specified in third generation partnership project (3GPP) technical specification (TS) 22.278 (requirements, see Section 7A for general and 9 for security requirements), TS 23.303 (architecture), and TS 33.303 (security). Work on stage 3 is done in TS 24.334 (PC3 interface), TS 29.343 (PC2), TS 29.344 (PC4a), and TS 29.345 (PC6/PC7). Each of TS 22.278, TS 23.303, TS 24.334, TS 29.343, TS 29.344, and TS 29.345 is incorporated herein by reference in its entirety.
[0004] ProSe enabled UEs may need to be authorized to use proximity services such as Direct Discovery and Direct Communication or EPC support for WLAN Direct Discovery and Communication. Furthermore, the communication between ProSe enabled UEs may need to be secured.
[0005] For example, TS 22.278 Section 9.4 on ProSe security requirements states: "The EPS shall ensure that the confidentiality and integrity of both user data and network signalling over the ProSe Communication path and ProSe-assisted WLAN direct communication path to a level comparable with that provided by the existing 3GPP system."
[0006] Several functions are specified for ProSe. ProSe discovery identifies that ProSe- enabled UEs are in proximity of each other, using E-UTRA (with or without E-UTRAN) or EPC when permission, authorization, and proximity criteria are fulfilled. ProSe discovery can be ProSe direct discovery and EPC-level ProSe discovery (i.e. core network assisted discovery for roaming). ProSe communication may permit establishment of new communication paths between two or more ProSe-enabled UEs that are in communication range. The ProSe communication path could use E-UTRA or wireless local area network (WLAN). ProSe direct communication can be ProSe direct communication one-to-many or ProSe direct communication one-to-one.
[0007] A ProSe function is the logical function that is used for network related actions required for ProSe. The ProSe function plays different roles for each of the features of ProSe.
[0008] WLAN direct communication between 2 UEs is not in the scope of 3GPP, but 3GPP entities may need to provide the necessary information such that the UEs can use WLAN for ProSe communication if the UE has indicated WLAN capability and whether it likes to use WLAN.
[0009] Figure 1 illustrates a generic architecture of ProSe, for example a non-roaming reference architecture. As shown in Figure 1 , UE A and UE B, each having a ProSe application thereon, can be connected to a ProSe application server via interface PC1 . The ProSe application server can be connected to a ProSe function via interface PC2. The ProSe function can be connected to UE A and UE B by interface PC3. Furthermore, the ProSe function can be connected to a home subscriber server (HSS) and secure user plane location (SUPL) location platform (SLP) respectively by interfaces PC4a and PC4b. Interface PC5 can connect UE A and UE B to one another.
[0010] When the UE registers at the ProSe function and intends to use EPC support for WLAN direct discovery and communication, it can already provide a permanent WLAN Link Layer ID or obtain a temporary WLAN Link Layer ID (WLLID) from the ProSe Function as part of the Proximity Request procedure later.
[0011 ] A proximity request can be used by the UE to tell the ProSe Function to be alerted when it enters proximity with other UEs. Here again the UE can indicate whether the UE has any intention to use WLAN. When the UEs enter into proximity, the network triggers the Proximity Alert procedure and can provide WLAN assisted information to the UE.
[0012] As stated in TS 23.303 5.5.7, the assistance information can be designed to expedite WLAN direct discovery and communication. The content of the assistance information may depend on the technology used on the WLAN direct link. All the content in the assistance information may be dynamically generated by ProSe Function A, with the exception of WLAN Link Layer ID in case the other UE supports only permanent WLLID.
[0013] Figure 2A illustrates signaling flow for EPC support for WLAN direct communication. Figure 2A is Figure 5.6.2-1 from TS 23.303. As shown in Figure 2A, at 1 the ProSe function can decide to trigger the establishment of a WLAN direct group. Accordingly, at 2a the ProSe function can send a WLAN direct group setup request including assistance information to UE-A. UE-A can respond to the ProSe function with a WLAN direct group setup response, at 2b. The same request/response can be performed with respect to UE-B at 3a/3b. Then, at 4, there can be WLAN direct group establishment and WLAN direct communication.
[0014] Figure 2B illustrates an overall call flow for EPC-level ProSe Discovery and optional EPC support for WLAN direct discovery and communication. This figure is Figure 5.5.2-1 in TS 23.303. As shown in Figure 2B, at 1 a UE A can perform UE registration with ProSe function A. Then, at 1 b UE B can similarly perform UE registration with ProSe function B. At 2a UE A can perform application registration with ProSe function A, and at 2b UE B can similarly perform application registration with ProSe function B. At 3, there can be proximity request applicable to A and B.
[0015] At 4a and 4b, there can respectively be location reporting for UE A and UE B. Then, at 6, there can be a proximity alert and, optionally, WLAN direct discovery and communication.
[0016] Figure 2C illustrates possible security operations for EPC support for WLAN direct communication. Figure 2C is Figure 6.4.2-1 of S3-142433, a 3GPP change request, dated October 30, 2014. As shown Figure 2C, at 1 the ProSe Function can authorize UEs that want to establish a WLAN direct group and can generate security parameters for WLAN. At 2A the ProSe function can send (to UE-A) a WLAN direct group setup request including assistance information including security parameters. At 2b, UE-A can reply with a WLAN direct group setup response. Similarly, at 3a and 3b, the ProSe function can perform setup with UE-B. Then, at 4, UE-A and UE-B can establish a WLAN security association to protect the ProSe communication.
[0017] As explained at TS 24.334, Section 12.3.2.12, the WLAN indication parameter can be used to carry an indication of whether the searching UE wishes to engage in WLAN direct discovery and communication subsequent to successful proximity detection. Section 12.3.2.13 is on the Assistance Information parameter that is used to carry information for expediting WLAN direct discovery and communication.
[0018] The content of the assistance information parameter may depend on the WLAN technology. Wi-Fi Peer-to-Peer (P2P) specification defines an architecture and set of protocols that facilitate direct discovery and communication using the IEEE 802.1 1 technology. To assist WLAN direct discovery and communication as required by the Wi-Fi P2P technology, the Assistance Information can include the following parameters: service set identifier (SSID), WLAN secret key, group owner indication, P2P device address of self, P2P device address of peers, operation channel, and validity time. This may not be enough: the protection method to use {e.g. wired equivalent privacy (WEP), Wi-Fi protected access (WPA) variants, and so on, as can be found in IEEE 802.1 1 η) may need to be specified as well. The Wi-Fi direct or any appropriate specification can be used to identify the parameters.
[0019] The WLAN secret key is a pre-shared key to be used by UEs to secure their Wi-Fi P2P communication. The WLAN secret key can be used by UEs as a pairwise master key (PMK). The ProSe function can provide the WLAN Secret Key for ProSe Direct Communication with WLAN.
[0020] Nevertheless, no security has been specified in 3GPP SA WG3 working group for EPC support for WLAN direct discovery and communication so far. WLAN direct communication as such is not specified in 3GPP. Commercial products like Wifi direct may be used for this. Nevertheless, the ProSe function may need to provide the assistance information as specified in stage 3 TS 24.334 (12.3.2.13) including SSID and the WLAN secret key to be used by the UEs to secure their Wi-Fi P2P communication. UEs can register at the ProSe function and already include WLAN indication (optional if an identifier) if WLAN communication is an option for the UE.
[0021 ] The communication between ProSe function and UE is via PC3 interface in the reference architecture. The PC3 interface may need to be secured (for example, authorized, authenticated, and/or confidentiality protected) for sending any information. This need for security may be independent of the usage of assistance information for WLAN or any other information provisioned to the UEs. Thus, the specific security needed for PC3 is not described here.
[0022] ProSe requirements in 22.278 Section 9.4 states that the EPS is to ensure that the confidentiality and integrity of both the user data and the network signaling over the ProSe communication path and the ProSe-assisted WLAN direct communication path is protected to a level comparable with that provided by the existing 3GPP system.
[0023] Thus, if the ProSe-assisted WLAN direct communication path should have the same level of confidentiality, not all available WLAN security options can be used. But how to fulfil this requirement has not been specified.
[0024] Figure 3 illustrates a subset of a reference architecture. This architecture is described in TS 23.303. As shown in Figure 3, the architecture can include interface PC3. PC3 can be described as a reference point between the UE and the ProSe Function. PC3 can rely on the EPC user plane for transport, for example as an "over IP" reference point. PC3 can be used to authorize ProSe direct discovery and EPC-level ProSe discovery requests, and can be used to perform allocation of ProSe application codes corresponding to ProSe application identities used for ProSe direct discovery. Also, PC3 can be used to define the authorization policy per public land mobile network (PLMN) for ProSe direct discovery, both as to public safety and non-public-safety, and for communication for public safety only between UE and ProSe function.
[0025] Figure 3 also shows interface PC4a. PC4a can be described as a reference point between the HSS and ProSe function. PC4a can be used to provide subscription information in order to authorize access for ProSe direct discovery and ProSe direct communication on a per PLMN basis. PC4a can also be used by the ProSe function (such as an EPC-level ProSe discovery function) for retrieval of EPC-level ProSe discovery related subscriber data.
[0026] As described in 3GPP TS 24.334, section 7.2.2.2, "UE registration procedure initiation," based on pre-configuration, if the UE is authorized to perform EPC-level ProSe discovery in the registered PLMN, the UE can initiate the UE registration procedure when the UE is triggered by upper layers to obtain EPC-level ProSe discovery services and the UE has no corresponding EPC ProSe User ID.
[0027] The UE may initiate the UE registration procedure by sending a UE REGISTRATION REQUEST message with the UE identity set to the UE's IMSI. If the UE intends to use EPC support for WLAN direct discovery and communication and if the UE uses a permanent WLAN link layer identifier, then the UE can also include the WLAN link layer identifier in the UE REGISTRATION REQUEST message.
[0028] The purpose of the proximity request procedure may be to allow a UE (UE A) to request to be alerted when the UE enters in proximity with a targeted UE (UE B) as defined in 3GPP TS 23.303. UE A can perform the proximity request procedure with the ProSe Function residing in the home PLMN (HPLMN).
[0029] Similarly, the purpose of the proximity alert procedure may be to inform the UE (UE A) that it has been determined to be in proximity with the targeted UE (UE B) as defined in 3GPP TS 23.303. If UE A has indicated in the proximity request procedure that UE A wishes to engage in WLAN direct discovery and communication with UE B. The proximity alert procedure can also be used to provide assistance information that may expedite the WLAN direct discovery and communication to both UE A and UE B. The proximity alert procedure can be initiated by the ProSe Function residing in the HPLMN.
[0030] As specified in 3GPP TS 22.278, Section 9, it may be necessary to ensure that confidentiality and integrity of the ProSe-assisted WLAN direct communication path is to a level comparable with that provided by the existing 3GPP system. Thus, it may need to be ensured by the ProSe function that the ProSe-enabled UEs use only those WLAN security capabilities that meet this requirement. The supported WLAN security capabilities can be provided by the UE to the ProSe function.
SUMMARY: [0031 ] According to a first embodiment, a method can include preparing a security capability registration message. The message can be configured to identify security capabilities with respect to an alternative radio access technology. The method can also include using the message to register security capabilities of a user equipment with a proximity services function.
[0032] In a variant, the alternative radio access technology can be wireless local area network.
[0033] In a variant, the message can be configured to describe at least one of wireless local area network technology supported, supported protection method, supported cipher, key length, or any combination thereof.
[0034] In a variant, the using the message can involve including a wireless local area network security capability registration message along with, or embedded in, a wireless local area network indication parameter to the proximity services function.
[0035] In a variant, the method can also include receiving from the proximity services function a set of parameters common to the user equipment and another device. The method can further include communicating with another nearby user equipment based on the set of parameters.
[0036] According to a second embodiment, a method can include receiving a security capability registration message. The message can be configured to identify security capabilities of a user equipment with respect to an alternative radio access technology. The method can also include comparing the security capabilities to other security capabilities. The method can further include providing a response to the message based on the comparing.
[0037] In a variant, the alternative radio access technology can be wireless local area network.
[0038] In a variant, the comparing can include comparing content of the security capability registration message against a wireless local area network security profile and determining whether a logical intersection of the content and the profile is a non-empty group.
[0039] In a variant, the method can further include selecting an acceptable set of parameters among those that the user equipment and the proximity services function have in common. The method can additionally include identifying the acceptable set to the user equipment.
[0040] In a variant, the method can also include generating an assistance information based on the acceptable set of parameters. The method can further include sending the assistance information to the user equipment.
[0041 ] According to third and fourth embodiments, an apparatus can include means for performing the method according to the first and second embodiments respectively, in any of their variants.
[0042] According to fifth and sixth embodiments, an apparatus can include at least one processor and at least one memory and computer program code. The at least one memory and the computer program code can be configured to, with the at least one processor, cause the apparatus at least to perform the method according to the first and second embodiments respectively, in any of their variants.
[0043] According to seventh and eighth embodiments, a computer program product may encode instructions for performing a process including the method according to the first and second embodiments respectively, in any of their variants.
[0044] According to ninth and tenth embodiments, a non-transitory computer readable medium may encode instructions that, when executed in hardware, perform a process including the method according to the first and second embodiments respectively, in any of their variants.
[0045] According to tenth and eleventh embodiments, a system may include at least one apparatus according to the third or fifth embodiments in communication with at least one apparatus according to the fourth or sixth embodiments, respectively in any of their variants. BRIEF DESCRIPTION OF THE DRAWINGS:
[0046] For proper understanding of the invention, reference should be made to the accompanying drawings, wherein:
[0047] Figure 1 illustrates a generic architecture of ProSe, for example a non-roaming reference architecture.
[0048] Figure 2A illustrates signaling flow for EPC support for WLAN direct communication. [0049] Figure 2B illustrates an overall call flow for EPC-level ProSe Discovery and optional EPC support for WLAN direct discovery and communication.
[0050] Figure 2C illustrates possible security operations for EPC support for WLAN direct communication.
[0051 ] Figure 3 illustrates a subset of a reference architecture.
[0052] Figure 4 illustrates a first alternative of providing user equipment capabilities, according to certain embodiments.
[0053] Figure 5 illustrates a second alternative of providing user equipment capabilities, according to certain embodiments.
[0054] Figure 6 illustrates a third alternative of providing user equipment capabilities, according to certain embodiments.
[0055] Figure 7 illustrates an alternative of obtaining user equipment capabilities, according to certain embodiments.
[0056] Figure 8 illustrates ProSe function handling of received security capabilities, according to certain embodiments.
[0057] Figure 9 illustrates a table of keys and values or meanings, according to certain embodiments.
[0058] Figure 10 illustrates a method according to certain embodiments.
[0059] Figure 1 1 illustrates a system according to certain embodiments.
DETAILED DESCRIPTION:
[0060] Certain embodiments are related to ProSe direct discovery and communication using WLAN. For such direct discovery and communication, UE and ProSe function may communicate via PC3 to discover, configure and to provide the WLAN assistance information.
[0061 ] More specifically, certain embodiments may relate to security for EPC support for WLAN direct discovery and communication and how to ensure that the ProSe-assisted WLAN direct communication path is at a security level comparable with that provided by the existing 3GPP system as may be mandated by the set of requirements defined and described above.
[0062] Certain embodiments define a WLAN security capability registration message that the UE shall use to register its WLAN security capabilities with the ProSe function. This message can contain relevant information regarding the UE, for example: WLAN technology supported, supported protection method, supported ciphers, key length, or any combination thereof. The support protection method may, for example, be WPA, WPA-enterprise, or the like. The message can extend the WLAN indication parameter sent from the UE to the ProSe function.
[0063] In the ProSe function, a WLAN security capability profile can be defined. The profile can contain the same type of information as the WLAN security capability registration message. The profile can represent one or more set of WLAN security capabilities a UE is to have, from the point of view of the ProSe function, in order for the UE to be allowed to conduct ProSe communication using WLAN. This profile can, for example, be configured by the party responsible of the ProSe function, such as the mobile network operator, depending on issues such as public safety requirements or legal constraints relative to privacy of communications.
[0064] In various embodiments, a variety of different operational flows can be present. For example, in certain embodiments in a first step, the UE can include a WLAN security capability registration message along with, or embedded in, a WLAN indication parameter that the UE sends to the ProSe function.
[0065] In a second step, the ProSe function can compare the content of the WLAN security capability registration message against the WLAN security profile, for example by determining whether the logical intersection of the two is a non-empty group.
[0066] In a third step, if the result of the second step shows that the UE WLAN security capabilities are at least partly compatible with the WLAN security profile, the ProSe function can select an acceptable set of parameters, for example the protection method and/or cipher and key length that would provide the highest level of security, among those that the UE and ProSe function have in common. Otherwise, for example if there is no such common acceptable set of parameters, the ProSe function may refuse to configure the UE for ProSe direct communication via WLAN.
[0067] In a fourth step, the ProSe function can generate assistance information based on the parameters that have been selected in the third step, and can send the assistance information back to the terminal.
[0068] Thus, certain embodiments can be implemented by adding another information element to the assistance information when alerting the UE of another device in proximity that also would like to use WLAN as described in 24.334.
[0069] Before using the alerting procedure, the UE may need to provide the UE's own security capabilities either to the ProSe Function or to the HSS, such that the ProSe Function can decide which WLAN security profile to use, for example by either comparing the profiles of 2 UEs directly or by requesting such information from the HSS or by requesting the profiles from the HSS.
[0070] There are at least three alternatives for providing the capabilities from the user equipment to t e ProSE function, HSS, or both.
[0071 ] Figure 4 illustrates a first alternative of providing user equipment capabilities, according to certain embodiments. In this alternative, the WLAN security capability registration message can be a standalone message or can be integrated as part of the UE registration procedure as described in 24.334, 7.2.2.
[0072] As shown in Figure 4, the UE can send a <UE REGISTRATION REQUEST> to the ProSe function. Then, the ProSe function can respond with a <UE REGISTRATION RESPONSE/REJECT> message.
[0073] In certain standalone embodiments, a <WLAN SECURITY CAPABILITY PROVISIONING REQUEST> message can be an additional step following the <UE
REGISTRATION REQUEST / RESPONSE>, in which case the < WLAN SECURITY
CAPABILITY PROVISIONING REQUEST > can contain at least the <transaction-ID>.
According to TS 24.334 Section 12.3.2.1 , the transaction ID can be a parameter that is used to uniquely identify a PC3 Control Protocol for EPC-level ProSe discovery transaction when it is combined with other PC3 Control Protocol for EPC-level ProSe discovery transactions in the same transport message. This new message may also include parameters that are described in the following examples.
[0074] Figure 5 illustrates a second alternative of providing user equipment capabilities, according to certain embodiments. As shown in Figure 5, WLAN security capabilities can be sent as part of the <UE_REGISTRATION_REQUEST>. In this case, a new element such as <WLAN security capabilities> containing at least some of the parameters as described below can be used.
[0075] According to TS 23.334 the <UE_REGISTRATION_REQUEST> element can include one or more <UE-register-request> element that contains transactions sent from the UE to the ProSe function to register the UE. Each <UE-register-request > can include a <transaction-ID> element containing the parameter defined in subclause 12.3.2.1 ; a <UE-identity> element containing the parameter defined in subclause 12.3.2.2; and a <WLAN-link-layer-ID> element containing the parameter defined in subclause 12.3.2.6.
[0076] In response to the registration request, the ProSe function can either provide a registration response with an acknowledgment or a registration rejection.
[0077] Figure 6 illustrates a third alternative of providing user equipment capabilities, according to certain embodiments. As shown in Figure 6, in certain embodiments the ProSe function may request the UE to provide the user equipment capabilities. The <WLAN SECURITY CAPABILITY REQUEST> message may include the transaction id, previously provided to the UE. The response from the UE may include the transaction id and the WLAN security capabilities. [0078] Figure 7 illustrates an alternative of obtaining user equipment capabilities, according to certain embodiments. As shown in Figure 7, instead of the approaches on PC3 (see Figures 4-6), different variants with or without PC4a exist. For example, HSS may be used to store WLAN security capabilities, having obtained them through integration with another protocol. In such cases, the ProSe function may request the information. Figure 7 illustrates two alternatives for PC4a additions.
[0079] As shown in a first alternative, the ProSe function may request the WLAN security capabilities together with EPC-level ProSe discovery related subscriber data. Otherwise, as shown in the second alternative, the ProSe function may send the requests separately (the order of the requests does not have to be as shown).
[0080] In a further alternative, the HSS does not have to be used, but the ProSe can store the ProSe related security. The HSS is provided as one possible network element that may have the relevant information, although other network elements are also possible.
[0081 ] Figure 8 illustrates ProSe function handling of received security capabilities, according to certain embodiments. As shown in Figure 8, the ProSe function may receive the WLAN security capabilities from the user equipment, for example according to any of the ways shown in Figures 4-6.
[0082] Furthermore, as shown Figure 8 the ProSe function may store the capabilities itself and/or send them to a home subscriber server. If the ProSe function sends them to a home subscriber server without storing, them, the ProSe function may retrieve the capabilities from the home subscriber server for example, as shown in Figure 7, or as shown as optional steps in Figure 8.
[0083] Before doing a proximity alert, the ProSe server may retrieve (from itself or from another entity) the capabilities of each member of the group of user equipment that may want to talk to one another. The ProSe function can compare the results of such retrieval and add appropriate WLAN security capability information to assistance information provided with a proximity alert.
[0084] In a further alternative, the UE may decide later to engage into WLAN direct discovery and communication and therefore start communication subsequent to successful proximity detection with another UE. Thus the UE may have registered but not sent yet the capabilities to the ProSe function. In this case, the UE may include the UE's WLAN security capabilities in the PROXIMITY REQUEST message together with the WLAN indication.
[0085] Format of the WLAN security capability registration message and WLAN security profile can vary. Both or each may be made of one or more group of key/value elements. Each group may represent a capability of the UE or a requirement from the ProSe function. The key/values elements for each group are shown in Figure 9. More particularly, Figure 9 illustrates a table of keys and values or meanings, according to certain embodiments.
[0086] Figure 9 illustrates that the keys can include protection mode, key length, EAP, EAP method, VPN, and VPN method. The values and/or meanings of the keys can be as follows. The protection mode key can indicate WEP, WPA Personal (aka WPA-PSK), WPA-Enterprise, WPA2-PSK, and/or WPA2-Enterprise.
[0087] The key length may be an optional item. It can be used whenever applicable, such as for WEP. EAP can be a Boolean indicating whether EAP is supported. EAP method can indicate EAP-PSK, EAP-TLS, EAP-SIM, EAP-MD5, LEAP, PEAP, the like, or any combination thereof.
[0088] Similarly, VPN can be a Boolean indicating whether any VPN can be automatically established over a Wi-Fi connection. This may be particularly relevant for IPsec. VPN method can indicate PPTP, L2TP, IPsec, or the like.
[0089] WEP and WPA are given for exemplary purpose. WEP or WPA version 1 may be unsuitable for ProSe direct communication. Further key/values elements may be provided as each technology is further analyzed. Analyzed technologies can include EAP methods or VPN.
[0090] Another method that can be used is for the ProSe function to assume that ProSe- capable UEs have a standardized set of WLAN security capabilities. These may be provided by, for example, device provisioning at manufacture time.
[0091 ] As noted above, after the UE has provided the WLAN security capabilities to the ProSe function, either the ProSe function may keep this data or the ProSe function may send the data to be stored as profile in the HSS separately of within an already existing HSS profile.
[0092] In case of an alert for discovery of UEs that would like to use WLAN, the ProSe function can either evaluates itself which WLAN security the UEs should use, or the ProSe function may request the HSS to evaluate. In the former case, the ProSe Function may still need to request the stored capabilities from the HSS.
[0093] For some of the alternatives, for example, if the HSS is the storage place and the data either gets separately requested or evaluation takes place in the HSS. Then PC4a protocol (see TS 29.344) would need adjustments.
[0094] The table in Figure 9 can be variously implemented. For example, the table in Figure 9 could be translated, for example, as follows:
[0095] <xs:complexType name="WLANSecCap">
[0096] <xs:sequence> [0097] <xs:element name="protection-mode" type="xs:string"/>
[0098] <xs:element name="WLAN-secret-key-length" type="xs:integer"/>
[0099] <xs:element name="EAP" type="xs:boolean"/>
[0100] <xs:element name="EAP-method" type="xs:string" minOccurs="0"/>
[0101 ] <xs:element name="VPN" type="xs:boolean"/>
[0102] <xs:element name="VPN-method" type="xs:string" minOccurs="0"/>
[0103] <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
[0104] </xs:sequence>
[0105] </xs:complexType>
[0106] <xs:complexType name="WLAN-security-capabilities">
[0107] <xs:sequence>
[0108] <xs:element name="WLAN-security-capability" type="WLANSecCap" maxOccurs="unbounded"/>
[0109] </xs:sequence>
[0110] </xs:complexType>
[0111 ] The complexType "WLANSecCap" can then be added to the "UeRegReq-info" complexType, for example like this:
[0112] <xs:complexType name="UeRegReq-info">
[0113] <xs:sequence>
[0114] <xs:element name="transaction-I D" type="xs:integer"/>
[0115] <xs:element name="UE-identity" type="xs:hexBinary" />
[0116] <xs:element name="WLAN-Link-Layer-ID" type="xs:hexBinary" minOccurs="0"/>
[0117] <xs:element name="WLAN-security-capability" type="WLANSecCap" minOccurs="1 " maxOccurs="unbounded"/>
[0118] <xs:element name="anyExt" type="anyExtType" minOccurs="0"/>
[0119] <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
[0120] </xs:sequence>
[0121 ] <xs:anyAttribute namespace="##any" processContents="lax"/>
[0122] </xs:complexType>
[0123] Figure 10 illustrates a method according to certain embodiments. As shown in Figure 10, a method can include, at 1010, preparing a security capability registration message, for example by a user equipment. The message can be configured to identify security capabilities with respect to an alternative radio access technology. The alternative radio access technology can be wireless local area network. This radio access technology may differ from a radio access technology over which the message is to be sent.
[0124] The method can also include, at 1020, using the message to register security capabilities of a user equipment with a proximity services function. The message can be configured to describe at least one of wireless local area network technology supported, supported protection method, supported cipher, key length, or any combination thereof. Thus, for example, the information described in Figure 9 may be provided in the message. Using the message can involve including a wireless local area network security capability registration message along with, or embedded in, a wireless local area network indication parameter to the proximity services function.
[0125] The method can further include, at 1030, receiving from the proximity services function a set of parameters common to the user equipment and another device. The another device can be the proximity services function or another user equipment. The method can additionally include, at 1040, communicating with another nearby user equipment based on the set of parameters.
[0126] The method can also include, at 1050, receiving a security capability registration message configured to identify security capabilities of a user equipment with respect to an alternative radio access technology. This message can be received at a proximity services function.
[0127] The method can also include, at 1060, comparing the security capabilities to other security capabilities. These other security capabilities may be a set of compatible security capabilities or a set of security capabilities of at least one user equipment near the user equipment. The method can further include, at 1070, providing a response to the message based on the comparing.
[0128] As noted above, the alternative radio access technology comprises wireless local area network. Moreover, the message received at 1050 can be the same message sent at 1020. The comparing can include comparing content of the security capability registration message against a wireless local area network security profile and determining whether a logical intersection of the content and the profile is a non-empty group.
[0129] The method can additionally include, at 1080, selecting an acceptable set of parameters among those that the user equipment and the proximity services function have in common. The method can also include, at 1085, identifying the acceptable set to the user equipment.
[0130] The method can further include, at 1090, generating an assistance information based on the acceptable set of parameters. The method can additionally include, at 1095, sending the assistance information to the user equipment.
[0131 ] Figure 1 1 illustrates a system according to certain embodiments of the invention. In one embodiment, a system may include multiple devices, such as, for example, at least one UE 1 1 10, at least one ProSe function 1 120, and at least one HSS 1 130.
[0132] Each of these devices may include at least one processor, respectively indicated as 1 1 14, 1 124, and 1 134. At least one memory can be provided in each device, and indicated as 1 1 15, 1 125, and 1 135, respectively. The memory may include computer program instructions or computer code contained therein. The processors 1 1 14, 1 124, and 1 134 and memories 1 1 15, 1 125, and 1 135, or a subset thereof, can be configured to provide means corresponding to the various blocks of Figure 10.
[0133] As shown in Figure 1 1 , transceivers 1 1 16, 1 126, and 1 136 can be provided, and each device may also include an antenna, respectively illustrated as 1 1 17, 1 127, and 1 137. Other configurations of these devices, for example, may be provided. For example, HSS 1 130 may be configured for wired communication, in addition to wireless communication, and in such a case antenna 1 137 can illustrate any form of communication hardware, without requiring a conventional antenna.
[0134] Transceivers 1 1 16, 1 126, and 1 136 can each, independently, be a transmitter, a receiver, or both a transmitter and a receiver, or a unit or device that is configured both for transmission and reception.
[0135] Processors 1 1 14, 1 124, and 1 134 can be embodied by any computational or data processing device, such as a central processing unit (CPU), application specific integrated circuit (ASIC), or comparable device. The processors can be implemented as a single controller, or a plurality of controllers or processors.
[0136] Memories 1 1 15, 1 125, and 1 135 can independently be any suitable storage device, such as a non-transitory computer-readable medium. A hard disk drive (HDD), random access memory (RAM), flash memory, or other suitable memory can be used. The memories can be combined on a single integrated circuit as the processor, or may be separate from the one or more processors. Furthermore, the computer program instructions stored in the memory and which may be processed by the processors can be any suitable form of computer program code, for example, a compiled or interpreted computer program written in any suitable programming language.
[0137] The memory and the computer program instructions can be configured, with the processor for the particular device, to cause a hardware apparatus such as UE 1 1 10, ProSe function 1 120, and HSS 1 130, to perform any of the processes described herein (see, for example, Figure 10). Therefore, in certain embodiments, a non-transitory computer-readable medium can be encoded with computer instructions that, when executed in hardware, perform a process such as one of the processes described herein. Alternatively, certain embodiments of the invention can be performed entirely in hardware.
[0138] Furthermore, although Figure 1 1 illustrates a system including a UE, ProSe function, and HSS, embodiments of the invention may be applicable to other configurations, and configurations involving additional elements. For example, not shown, additional UEs may be present, and additional core network elements may be present, as illustrated in Figure 1 .
[0139] Certain embodiments may have various benefits and/or advantages. For example, the same level of confidentiality and integrity can be provided as for communication in 3GPP. For example, such confidentiality and integrity can be maintained if the only WLAN configurations that are allowed are those that meet such a requirement.
[0140] Currently public safety community seems to be not so interested in WLAN due to the fact of the possibility of weak security, while for commercial purposes it may be even sufficient that no key is needed. By adding a profile, which WLAN protocols are acceptable in the 3GPP ProSe context, the EPC support for WLAN direct discovery and communication may even become interesting for public safety use case on a long run.
[0141 ] Various implementations may be possible, as noted above. For example, functional changes may be made to the specifications TS 23.303, TS 29.344, and TS 24.334 as follows:
[0142] First, regarding the PC3 interface, declaration of WLAN security capabilities by the UE may be restricted only to happen at UE Registration Request time. Other procedures may be related to ProSe Direct Discovery or ProSe Direct Communications, which deal with E-UTRA.
[0143] WLAN Direct Discovery and WLAN Direct Communication can be restricted only to happen within EPC level ProSe Discovery (TS 24.334 section 7). Furthermore, the UE Registration Request may be made to be mandatory to perform before doing any proximity request and receiving any proximity alert.
[0144] There can be an extension of the XML schema (TS 24.334 section 1 1 .2.3) with a "complexType" representing the WLAN Security Capability extension extension to TS 23.334 section 1 1 .2.4.6 to include this complexType and provide its semantics.
[0145] Second, regarding the PC4a interface between ProSe and the HSS (TS 29.344), two sections can be updated to include the WLAN security profile: ProSe Subscriber Information Retrieval Answer (direction: from HSS to Prose) in section 5.2 and Update ProSe Subscriber Data Request (direction: from HSS to ProSe) in section 5.3.
[0146] Third, the system may be restricted such that the only way for the UE to receive assistance information is via the proximity alert message. An XML schema is already defined for this, see TS 24.334 section 1 1 .2.3:
[0147] <xs:complexType name="WLANAssistance-info">
[0148] <xs:sequence>
[0149] <xs:element name="ssid" type="xs:string"/>
[0150] <xs:element name="WLAN-secret-key" type="xs:string"/>
[0151 ] <xs:element name="group-owner-indication" type="xs:boolean"/>
[0152] <xs:element name="P2P-device-address-self" type="xs:hexBinary" minOccurs="0"/>
[0153] <xs:element name="P2P-device-address-peer" type="xs:hexBinary" minOccurs="0"/>
[0154] <xs:element name="operation-channel" type="xs:integer"/>
[0155] <xs:element name="validity-time" type="xs:integer"/>
[0156] <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
[0157] </xs:sequence>
[0158] </xs:complexType>
[0159] Thus, the UE can be told which SSI D, key and channel to use, but not the 802.1 1 technology nor protection method to use, in certain embodiments.
[0160] Furthermore, the "WLAN Assistance-info" complexType can be extended according to the XML schemes above.
[0161 ] Extending the UE Registration Request may lead to a proximity alert being given with appropriate assistance information. Furthermore, the other options, such as separate Registration Request and Response initiated from the UE and separate Capability Information Request/Response initiated from the ProSe function, may be made optional.
[0162] An Update ProSe Subscriber Data Request is a procedure that, as explained in TS 29.344, can be used by an HSS to update the relevant subscriber related data in the ProSe Function to replace a specific part of the user data stored in the ProSe Function with the data sent. The information elements of an update ProSe Subscriber Data Request are described in more detail at TS 29.344, table 5.3.1 -1 .
[0163] One having ordinary skill in the art will readily understand that the invention as discussed above may be practiced with steps in a different order, and/or with hardware elements in configurations which are different than those which are disclosed. Therefore, although the invention has been described based upon these preferred embodiments, it would be apparent to those of skill in the art that certain modifications, variations, and alternative constructions would be apparent, while remaining within the spirit and scope of the invention.

Claims

WE CLAIM:
1. A method, comprising: preparing a security capability registration message, wherein the message is configured to identify security capabilities with respect to an alternative radio access technology; and using the message to register security capabilities of a user equipment with a proximity services function.
2. The method of claim 1 , wherein the alternative radio access technology comprises wireless local area network.
3. The method of claim 1 or claim 2, wherein the message is configured to describe at least one of wireless local area network technology supported, supported protection method, supported cipher, key length, or any combination thereof.
4. The method of any of claims 1 -3, wherein the using the message comprises including a wireless local area network security capability registration message along with, or embedded in, a wireless local area network indication parameter to the proximity services function.
5. The method of any of claims 1 -4, further comprising: receiving from the proximity services function a set of parameters common to the user equipment and another device; and communicating with another nearby user equipment based on the set of parameters.
6. A method, comprising: receiving a security capability registration message, wherein the message is configured to identify security capabilities of a user equipment with respect to an alternative radio access technology; comparing the security capabilities to other security capabilities; and providing a response to the message based on the comparing.
7. The method of claim 6, wherein the alternative radio access technology comprises wireless local area network.
8. The method of claim 6 or claim 7, wherein the comparing comprises comparing content of the security capability registration message against a wireless local area network security profile and determining whether a logical intersection of the content and the profile is a non-empty group.
9. The method of any of claims 6-8, further comprising: selecting an acceptable set of parameters among those that the user equipment and the proximity services function have in common; and identifying the acceptable set to the user equipment.
10. The method of claim 9, further comprising: generating an assistance information based on the acceptable set of parameters; and sending the assistance information to the user equipment.
1 1 . An apparatus, comprising: means for preparing a security capability registration message, wherein the message is configured to identify security capabilities with respect to an alternative radio access technology; and means for using the message to register security capabilities of a user equipment with a proximity services function.
12. The apparatus of claim 1 1 , wherein the alternative radio access technology comprises wireless local area network.
13. The apparatus of claim 1 1 or claim 12, wherein the message is configured to describe at least one of wireless local area network technology supported, supported protection apparatus, supported cipher, key length, or any combination thereof.
14. The apparatus of any of claims 1 1 -13, wherein the using the message comprises including a wireless local area network security capability registration message along with, or embedded in, a wireless local area network indication parameter to the proximity services function.
15. The apparatus of any of claims 1 1 -14, further comprising: means for receiving from the proximity services function a set of parameters common to the user equipment and another device; and means for communicating with another nearby user equipment based on the set of parameters.
16. An apparatus, comprising: means for receiving a security capability registration message, wherein the message is configured to identify security capabilities of a user equipment with respect to an alternative rad io access tech no logy ; means for comparing the security capabilities to other security capabilities; and means for providing a response to the message based on the comparing.
17. The apparatus of claim 16, wherein the alternative radio access technology comprises wireless local area network.
18. The apparatus of claim 16 or claim 17, wherein the comparing comprises comparing content of the security capability registration message against a wireless local area network security profile and determining whether a logical intersection of the content and the profile is a non-empty group.
19. The apparatus of any of claims 16-18, further comprising: means for selecting an acceptable set of parameters among those that the user equipment and the proximity services function have in common; and means for identifying the acceptable set to the user equipment.
20. The apparatus of claim 19, further comprising: means for generating an assistance information based on the acceptable set of parameters; and means for sending the assistance information to the user equipment.
21 . An apparatus, comprising : at least one processor; and at least one memory including computer program code, wherein the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus at least to prepare a security capability registration message, wherein the message is configured to identify security capabilities with respect to an alternative radio access technology; and use t e message to register security capabilities of a user equipment with a proximity services function.
22. The apparatus of claim 21 , wherein the alternative radio access technology comprises wireless local area network.
23. The apparatus of claim 21 or claim 22, wherein the message is configured to describe at least one of wireless local area network technology supported, supported protection apparatus, supported cipher, key length, or any combination thereof.
24. The apparatus of any of claims 21 -23, wherein the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus at least to include a wireless local area network security capability registration message along with, or embedded in, a wireless local area network indication parameter to the proximity services function.
25. The apparatus of any of claims 21 -24, wherein the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus at least to: receive from the proximity services function a set of parameters common to the user equipment and another device; and communicate with another nearby user equipment based on the set of parameters.
26. An apparatus, comprising: at least one processor; and at least one memory including computer program code, wherein the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus at least to receive a security capability registration message, wherein the message is configured to identify security capabilities of a user equipment with respect to an alternative radio access technology; compare the security capabilities to other security capabilities; and provide a response to the message based on the comparing.
27. The apparatus of claim 26, wherein the alternative radio access technology comprises wireless local area network.
28. The apparatus of claim 26 or claim 27, wherein the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus at least to compare content of the security capability registration message against a wireless local area network security profile and determining whether a logical intersection of the content and the profile is a non-empty group.
29. The apparatus of any of claims 26-28, wherein the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus at least to: select an acceptable set of parameters among those that the user equipment and the proximity services function have in common; and identify the acceptable set to the user equipment.
30. The apparatus of claim 29, wherein the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus at least to: generate an assistance information based on the acceptable set of parameters; and send the assistance information to the user equipment.
31 . A computer program product encoding instructions for performing a process, t e process comprising the method according to any of claims 1 -10.
32. A non-transitory computer-readable medium encoded with instructions that, when executed in hardware, perform a process, the process comprising the method according to any of claims 1 -10.
PCT/EP2015/077241 2014-11-20 2015-11-20 Profile to ensure the same level of security as in the existing 3gpp system for proximity service (prose) epc support for wlan direct discovery and communication WO2016079309A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201462082449P 2014-11-20 2014-11-20
US62/082,449 2014-11-20

Publications (1)

Publication Number Publication Date
WO2016079309A1 true WO2016079309A1 (en) 2016-05-26

Family

ID=54608537

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2015/077241 WO2016079309A1 (en) 2014-11-20 2015-11-20 Profile to ensure the same level of security as in the existing 3gpp system for proximity service (prose) epc support for wlan direct discovery and communication

Country Status (1)

Country Link
WO (1) WO2016079309A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018165548A1 (en) * 2017-03-10 2018-09-13 Stojanovski Alexandre Saso Technology coordination for device-to-device discovery
WO2018199597A1 (en) 2017-04-28 2018-11-01 Samsung Electronics Co., Ltd. Electronic device and proximity discovery method thereof

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Proximity-based Services (ProSe); Security aspects (Release 12)", 3GPP STANDARD; 3GPP TS 33.303, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG3, no. V12.1.0, 26 September 2014 (2014-09-26), pages 1 - 48, XP050926105 *
HUAWEI ET AL: "Considerations on security for EPC supported WLAN direct discovery and communication", vol. SA WG3, no. San Francisco, US; 20141117 - 20141121, 7 December 2014 (2014-12-07), XP050925324, Retrieved from the Internet <URL:http://www.3gpp.org/ftp/Meetings_3GPP_SYNC/SA/Docs/> [retrieved on 20141207] *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018165548A1 (en) * 2017-03-10 2018-09-13 Stojanovski Alexandre Saso Technology coordination for device-to-device discovery
US11812497B2 (en) 2017-03-10 2023-11-07 Apple Inc. Technology coordination for device-to-device discovery
WO2018199597A1 (en) 2017-04-28 2018-11-01 Samsung Electronics Co., Ltd. Electronic device and proximity discovery method thereof
CN110521192A (en) * 2017-04-28 2019-11-29 三星电子株式会社 Electronic equipment and its close to discovery method
EP3616424A4 (en) * 2017-04-28 2020-03-04 Samsung Electronics Co., Ltd. Electronic device and proximity discovery method thereof
US10904737B2 (en) 2017-04-28 2021-01-26 Samsung Electronics Co., Ltd. Electronic device and proximity discovery method thereof

Similar Documents

Publication Publication Date Title
US9253811B2 (en) Network-assisted device-to-device communication
JP6266807B2 (en) Separating service and network provider identification information in wireless communications
JP6538070B2 (en) Provision of proofs in wireless communication
KR102046159B1 (en) Security and information supporting method and system for using policy control in re-subscription or adding subscription to mobile network operator in mobile telecommunication system environment
KR101681854B1 (en) Discovery and operation of hybrid wireless wide area and wireless local area networks
US20170171752A1 (en) Securing signaling interface between radio access network and a service management entity to support service slicing
JP6671527B2 (en) Method and apparatus for a terminal device to discover another terminal device
KR20180034449A (en) Techniques for broadcasting service discovery information
JP6159020B2 (en) Proximity service permission method, apparatus and system
KR102255901B1 (en) Authorization of applications for direct discovery
KR20110091305A (en) Method and apparatus for selecting public land mobile network for emergency call in multiple operator core network
US20160262019A1 (en) Security method and system for supporting discovery and communication between proximity based service terminals in mobile communication system environment
WO2016110093A1 (en) D2d mode b discovery security method, terminal and system, and storage medium
JP2018537927A (en) Emergency service support via WLAN access to 3GPP evolved packet core for unauthenticated users
US20190274039A1 (en) Communication system, network apparatus, authentication method, communication terminal, and security apparatus
KR102088848B1 (en) Security supporting method and system for proximity based service group communication or public safety in mobile telecommunication system environment
JP6476523B2 (en) Wireless access point
CN116746182A (en) Secure communication method and apparatus
CN108616805B (en) Emergency number configuration and acquisition method and device
US9131365B2 (en) Methods, apparatuses and computer program products for securing communications
JP2023080266A (en) Mobility management node, user equipment, and method therefor
JP6522799B2 (en) Method for discovering handover functionality of a mobile communication network, system for discovering handover functionality of a mobile communication network, user equipment, program and computer program product
JP7053812B2 (en) Public alert message through N3GPP access
US20200169885A1 (en) Method and system for supporting security and information for proximity based service in mobile communication system environment
WO2016079309A1 (en) Profile to ensure the same level of security as in the existing 3gpp system for proximity service (prose) epc support for wlan direct discovery and communication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15797675

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15797675

Country of ref document: EP

Kind code of ref document: A1