US 12,335,729 B2
Methods providing security for multiple NAS connections using separate counts and related network nodes and wireless terminals
Noamen Ben Henda, Stockholm (SE); and Monica Wifvesson, Lund (SE)
Assigned to TELEFONAKTIEBOLAGET LM ERICSSON (PUBL), Stockholm (SE)
Filed by Telefonaktiebolaget LM Ericsson (publ), Stockholm (SE)
Filed on Apr. 4, 2023, as Appl. No. 18/130,485.
Application 18/130,485 is a continuation of application No. 16/983,378, filed on Aug. 3, 2020, granted, now 11,653,205.
Application 16/983,378 is a continuation of application No. 16/473,311, granted, now 10,771,978, issued on Sep. 8, 2020, previously published as PCT/EP2018/061713, filed on May 7, 2018.
Claims priority of provisional application 62/502,966, filed on May 8, 2017.
Prior Publication US 2023/0284017 A1, Sep. 7, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/32 (2006.01); H04L 67/1097 (2022.01); H04W 12/02 (2009.01); H04W 12/03 (2021.01); H04W 12/033 (2021.01); H04W 12/041 (2021.01); H04W 12/0431 (2021.01); H04W 12/069 (2021.01); H04W 12/106 (2021.01); H04W 72/52 (2023.01); H04W 76/15 (2018.01); H04W 84/18 (2009.01)
CPC H04W 12/069 (2021.01) [H04L 9/3242 (2013.01); H04L 67/1097 (2013.01); H04W 12/02 (2013.01); H04W 12/03 (2021.01); H04W 12/033 (2021.01); H04W 12/041 (2021.01); H04W 12/0431 (2021.01); H04W 12/106 (2021.01); H04W 72/52 (2023.01); H04W 76/15 (2018.02); H04L 2209/80 (2013.01); H04W 84/18 (2013.01)] 13 Claims
OG exemplary drawing
 
1. A method at a first communication node providing communication of Network Access Stratum, NAS, messages with a second communication node of a wireless communication network, the method comprising:
communicating a first NAS message between the first communication node and the second communication node over a first NAS connection, wherein communicating the first NAS message comprises:
performing integrity protection for the first NAS message using a first NAS connection identification by generating a first message authentication code based on the first NAS connection identification, a master key of a NAS security context, and the first NAS message, wherein the first NAS connection identification is provided as an input to generate the first message authentication code, and
transmitting the first NAS message with the first message authentication code over the first NAS connection to the second communication node, wherein the first communication node is either a wireless terminal or a network node of a radio access network (RAN); and
communicating a second NAS message between the first communication node and the second communication node over a second NAS connection, wherein communicating the second NAS message comprises;
performing integrity protection for the second NAS message using a second NAS connection identification, wherein the first and second NAS connections are different and share the master key by generating a second message authentication code based on the second NAS connection identification, the master key, and the second NAS message, wherein the second NAS connection identification is provided as an input to generate the second message authentication code, and
transmitting the second NAS message with the second message authentication code over the second NAS connection to the second communication node, wherein the first and second NAS connections are parallel NAS connections that are associated with a same wireless terminal and are secured using the master key.