Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Status of Claims
Claims 16-17, 20, 23, 27, 30, 32-34 are subject to examination.
Claims 1-15, 18, 19, 21, 22, 24-26, 28-29, 31, are cancelled.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 16-17, 22, 27, 32, 34, is/are rejected under 35 U.S.C. 103 as being unpatentable over LEE et al., 20210067958 Qualcomm in view of Freda et al., 20180092017, HANDE et al., 20200389515 and Li et al., 20230345310.
Referring to claim 16, LEE- Qualcomm discloses a method for handling key distribution for multicast and broadcast services (MBS) in a wireless network, the method comprising:
[0084] A multicast or broadcast transmission in 5G NR may be secured using a 5G NR network architecture including components of a 5G core (5GC). For example, the application (e.g., an application function (AF)) may interact with the 5GC via a network exposure function (NEF) and/or policy control function (PCF) to establish a service policy. A Session Management Function (SMF) may configure and control one or more quality of service (QoS) flows for the multicast or broadcast service at other nodes including a user plane function (UPF), radio access network (RAN) nodes, and user equipment (UEs). An Access and Mobility Management Function (AMF) may control mobility and non-access stratum (NAS) signaling and transport. The RAN nodes may map the QoS flow to a radio bearer and select broadcast or unicast delivery per UE.
transmitting, by an application function (AF), a message about an MBS session to a user equipment (UE) in the wireless network;
[0042] determining the UE is authorized to receive the multicast or broadcast service.
[0043] authenticating the UE with an application function for the multicast or broadcast service.
[0122] FIG. 4 is a diagram of an example architecture for a network 400 including an application function 410, a 5GC 190, a radio access network (RAN) 430, and a UE 104.
[0128] FIG. 6 is a message diagram 600 illustrating example messages transmitted between a UE 104, RAN node 402, AMF 192, SMF 194, AF 410, and UPF 195 for key generation, key refresh, and key distribution for multicast or broadcast services using the first security architecture 500.
[0130] The network may optionally perform secondary authentication or authorization 604. For example, the service policy for the AF 410 may require the UE 104 to authenticate with the AF 410, for example, by logging in with credentials. Accordingly, the UE 104 and AF 410 may exchange messages for the secondary authentication or authorization 604.
[0091] FIG. 1 is a diagram illustrating an example of a wireless communications system and an access network 100. The wireless communications system (also referred to as a wireless wide area network (WWAN)) includes base stations 102, UEs 104, an Evolved Packet Core (EPC) 160, and another core network (e.g., a 5G Core (5GC) 190).
PNG
media_image1.png
574
856
media_image1.png
Greyscale
generating an MBS key for the MBS session, providing the generated MBS key to the UE via at least one network entity
[0093] As discussed above, the 5GC and RAN nodes (e.g., base stations 102) may perform various security functions for multicast or broadcast transmissions using the multicast-broadcast key. An SMF 194 may include a security component 188 that controls key generation and key distribution.
[0123] In an aspect, the SMF 194 may include the security component 188 that performs control key generation, key refresh, and key distribution for multicast or broadcast services. The security component 188 may include a key generation component 441 that generates a multicast-broadcast key for a QoS flow; a session component 442 that receives PDU session requests from UEs and establishes the requested session; a key distribution component 443 that distributes the multicast-broadcast key to the UE 104, the UPF 195, and/or the RAN nodes 402; a security policy component 444 that determines a security policy for a session; and a service policy component 445 that implements a service policy for a multicast or broadcast service.
[0124] The SMF 194 may communicate with the AMF 192 to authenticate a UE 104. The SMF 194 may generate or authorize generation of keys based on the service policy for the particular broadcast or multicast service. For example, the service policy may indicate a type of security to be applied (e.g., encryption and/or integrity protection). The SMF 194 may generate keys, or may authorize a RAN node 402 to generate keys. In an aspect, the SMF 194 may generate a multicast-broadcast key (K_MB). The SMF 194 may further derive a key for encryption using a one-way key derivation function (KDF) (e.g., K_MB_enc=KDF(K_MB, “encryption”)) and a key for integrity check (e.g., K_MB_int=KDF(K_MB, “integrity protection”). In some cases, a cell-specific key may be delivered to the UE 104 or derived from the K_MB. The UE may derive the appropriate K_MB_enc or K_MB_int using the KDF. The SMF 194 may also control key refresh based on the service policy. Key refresh may include generating a new key to replace an old key.
PNG
media_image2.png
544
856
media_image2.png
Greyscale
wherein the generated MBS key by the AF is used to protect a traffic related to the MBS session
[0124] The SMF 194 may communicate with the AMF 192 to authenticate a UE 104. The SMF 194 may generate or authorize generation of keys based on the service policy for the particular broadcast or multicast service. For example, the service policy may indicate a type of security to be applied (e.g., encryption and/or integrity protection). The SMF 194 may generate keys, or may authorize a RAN node 402 to generate keys. In an aspect, the SMF 194 may generate a multicast-broadcast key (K_MB).
PNG
media_image2.png
544
856
media_image2.png
Greyscale
[0194] At block 1310, the method 1300 may include receiving at least one multicast-broadcast key for a multicast or broadcast service carried by a RB associated with a data session. In an aspect, for example, the UE 104, the RX processor 356, and/or the controller/processor 359 may execute the multicast receiver component 140 and/or the key management component 142 to receive at least one multicast-broadcast key for the multicast or broadcast service carried by the RB associated with the data session. In some implementations, the data session may be a PDU session. In some implementations, the data session may include one or more QoS flows, each QoS flow being associated with a unique multicast-broadcast key of the at least one multicast-broadcast key. Accordingly, the UE 104, the RX processor 356, and/or the controller/processor 359 executing the multicast receiver component 140 and/or the key management component 142 may provide means for receiving at least one multicast-broadcast key for a multicast or broadcast service carried by a RB associated with the data session.
[0092] One or more of the UEs 104 may include a multicast receiver component 140 that receives multicast transmissions using a multicast-broadcast key. The multicast receiver component 140 may include a session component 141 that transmits a request for a PDU session for a multicast or broadcast service, a key management component 142 that receives and/or derives keys for a QoS flow for the multicast or broadcast service, a receiving component 143 that receives a RB and QoS flow packets for the multicast or broadcast service, a decoding component that decodes the QoS flow packets using the keys, and an optional capability component 145 that signals UE capabilities and receives a security policy based on UE capabilities.
[0123] In an aspect, the SMF 194 may include the security component 188 that performs control key generation, key refresh, and key distribution for multicast or broadcast services. The security component 188 may include a key generation component 441 that generates a multicast-broadcast key for a QoS flow; a session component 442 that receives PDU session requests from UEs and establishes the requested session; a key distribution component 443 that distributes the multicast-broadcast key to the UE 104, the UPF 195, and/or the RAN nodes 402; a security policy component 444 that determines a security policy for a session; and a service policy component 445 that implements a service policy for a multicast or broadcast service.
PNG
media_image3.png
580
826
media_image3.png
Greyscale
PNG
media_image4.png
466
470
media_image4.png
Greyscale
[0037] In an aspect, distributing the key includes delivering the key from the SMF to the UE via non-access stratum (NAS) signaling; and delivering the key to a multicast-broadcast user plane function that encrypts, integrity protects, or both for the packets for the multicast or broadcast service with the key.
LEE-Qualcomm does not specifically mention about, which is well-known in the art, which Freda discloses, announcement message, wherein the announcement message comprises a temporary mobile group identity (TMGI), para 84, 144.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by LEE-Qualcomm to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known TMGI with announcement. One of ordinary skilled in the art would readily know what TMGI is and that Temporary Mobile Group Identity (TMGI) is used/announced within MBMS to uniquely identify Multicast and Broadcast bearer services, para 84, 144.
LEE-Qualcomm and Freda do not specifically mention about, which is well-known in the art, which HANDE discloses, by the AF (use of server with application function to perform steps, para 79, 55, 57.
Note:
Claim 27 claims that a controller without “AF” can also perform the claimed steps.
Accordingly, any processing device/software can perform the claimed steps.
an application function is a specific task performed within a software program for an end-user, while a service management function relates to the broader, organizational process of delivering and supporting that application as a service to the business
Note: The applicant’s cancelled claims also mentioned that any network entity can generate the key for the session.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by LEE-Qualcomm to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known entities such as server with AF. One of ordinary skilled in the art would readily know what server with AF is and that it is used to perform steps within MBMS for associated Multicast and Broadcast bearer services, para 79, 55, 57.
LEE-Qualcomm, HANDE and Freda do not specifically mention about, which is well-known in the art, which Li discloses, MBSF (para 125, 160, 100).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by LEE-Qualcomm to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known MBSF. One of ordinary skilled in the art would readily know what MBSF is. Multicast broadcast service function refers to the use of multicast technology to transmit data to multiple recipients simultaneously. This service is particularly useful for applications that require the same data to be sent to multiple recipients, such as video streaming, online gaming, and software updates. By sending data from a single source to multiple destinations, multicast would enable reducing network congestion and enhances network efficiency. It is a crucial method for efficiently distributing data to multiple receivers, which would ensure a smoother and more efficient data transfer process for multiple recipients.
Referring to claim 27, Lee-Qualcomm discloses an apparatus for handling key distribution for multicast and broadcast services (MBS) in a wireless network, the apparatus comprising: a communicator; and a controller configured to control the communicator to
[0084] A multicast or broadcast transmission in 5G NR may be secured using a 5G NR network architecture including components of a 5G core (5GC). For example, the application (e.g., an application function (AF)) may interact with the 5GC via a network exposure function (NEF) and/or policy control function (PCF) to establish a service policy. A Session Management Function (SMF) may configure and control one or more quality of service (QoS) flows for the multicast or broadcast service at other nodes including a user plane function (UPF), radio access network (RAN) nodes, and user equipment (UEs). An Access and Mobility Management Function (AMF) may control mobility and non-access stratum (NAS) signaling and transport. The RAN nodes may map the QoS flow to a radio bearer and select broadcast or unicast delivery per UE.
transmitting a message about an MBS session to a user equipment (UE) in the wireless network;
[0042] determining the UE is authorized to receive the multicast or broadcast service.
[0043] authenticating the UE with an application function for the multicast or broadcast service.
[0122] FIG. 4 is a diagram of an example architecture for a network 400 including an application function 410, a 5GC 190, a radio access network (RAN) 430, and a UE 104.
[0128] FIG. 6 is a message diagram 600 illustrating example messages transmitted between a UE 104, RAN node 402, AMF 192, SMF 194, AF 410, and UPF 195 for key generation, key refresh, and key distribution for multicast or broadcast services using the first security architecture 500.
[0130] The network may optionally perform secondary authentication or authorization 604. For example, the service policy for the AF 410 may require the UE 104 to authenticate with the AF 410, for example, by logging in with credentials. Accordingly, the UE 104 and AF 410 may exchange messages for the secondary authentication or authorization 604.
[0091] FIG. 1 is a diagram illustrating an example of a wireless communications system and an access network 100. The wireless communications system (also referred to as a wireless wide area network (WWAN)) includes base stations 102, UEs 104, an Evolved Packet Core (EPC) 160, and another core network (e.g., a 5G Core (5GC) 190).
PNG
media_image1.png
574
856
media_image1.png
Greyscale
generating an MBS key for the MBS session, providing the generated MBS key to the UE via at least one network entity
[0093] As discussed above, the 5GC and RAN nodes (e.g., base stations 102) may perform various security functions for multicast or broadcast transmissions using the multicast-broadcast key. An SMF 194 may include a security component 188 that controls key generation and key distribution.
[0123] In an aspect, the SMF 194 may include the security component 188 that performs control key generation, key refresh, and key distribution for multicast or broadcast services. The security component 188 may include a key generation component 441 that generates a multicast-broadcast key for a QoS flow; a session component 442 that receives PDU session requests from UEs and establishes the requested session; a key distribution component 443 that distributes the multicast-broadcast key to the UE 104, the UPF 195, and/or the RAN nodes 402; a security policy component 444 that determines a security policy for a session; and a service policy component 445 that implements a service policy for a multicast or broadcast service.
[0124] The SMF 194 may communicate with the AMF 192 to authenticate a UE 104. The SMF 194 may generate or authorize generation of keys based on the service policy for the particular broadcast or multicast service. For example, the service policy may indicate a type of security to be applied (e.g., encryption and/or integrity protection). The SMF 194 may generate keys, or may authorize a RAN node 402 to generate keys. In an aspect, the SMF 194 may generate a multicast-broadcast key (K_MB). The SMF 194 may further derive a key for encryption using a one-way key derivation function (KDF) (e.g., K_MB_enc=KDF(K_MB, “encryption”)) and a key for integrity check (e.g., K_MB_int=KDF(K_MB, “integrity protection”). In some cases, a cell-specific key may be delivered to the UE 104 or derived from the K_MB. The UE may derive the appropriate K_MB_enc or K_MB_int using the KDF. The SMF 194 may also control key refresh based on the service policy. Key refresh may include generating a new key to replace an old key.
PNG
media_image2.png
544
856
media_image2.png
Greyscale
wherein the generated MBS key by the AF is used to protect a traffic related to the MBS session
[0124] The SMF 194 may communicate with the AMF 192 to authenticate a UE 104. The SMF 194 may generate or authorize generation of keys based on the service policy for the particular broadcast or multicast service. For example, the service policy may indicate a type of security to be applied (e.g., encryption and/or integrity protection). The SMF 194 may generate keys, or may authorize a RAN node 402 to generate keys. In an aspect, the SMF 194 may generate a multicast-broadcast key (K_MB).
PNG
media_image2.png
544
856
media_image2.png
Greyscale
[0194] At block 1310, the method 1300 may include receiving at least one multicast-broadcast key for a multicast or broadcast service carried by a RB associated with a data session. In an aspect, for example, the UE 104, the RX processor 356, and/or the controller/processor 359 may execute the multicast receiver component 140 and/or the key management component 142 to receive at least one multicast-broadcast key for the multicast or broadcast service carried by the RB associated with the data session. In some implementations, the data session may be a PDU session. In some implementations, the data session may include one or more QoS flows, each QoS flow being associated with a unique multicast-broadcast key of the at least one multicast-broadcast key. Accordingly, the UE 104, the RX processor 356, and/or the controller/processor 359 executing the multicast receiver component 140 and/or the key management component 142 may provide means for receiving at least one multicast-broadcast key for a multicast or broadcast service carried by a RB associated with the data session.
[0092] One or more of the UEs 104 may include a multicast receiver component 140 that receives multicast transmissions using a multicast-broadcast key. The multicast receiver component 140 may include a session component 141 that transmits a request for a PDU session for a multicast or broadcast service, a key management component 142 that receives and/or derives keys for a QoS flow for the multicast or broadcast service, a receiving component 143 that receives a RB and QoS flow packets for the multicast or broadcast service, a decoding component that decodes the QoS flow packets using the keys, and an optional capability component 145 that signals UE capabilities and receives a security policy based on UE capabilities.
[0123] In an aspect, the SMF 194 may include the security component 188 that performs control key generation, key refresh, and key distribution for multicast or broadcast services. The security component 188 may include a key generation component 441 that generates a multicast-broadcast key for a QoS flow; a session component 442 that receives PDU session requests from UEs and establishes the requested session; a key distribution component 443 that distributes the multicast-broadcast key to the UE 104, the UPF 195, and/or the RAN nodes 402; a security policy component 444 that determines a security policy for a session; and a service policy component 445 that implements a service policy for a multicast or broadcast service.
PNG
media_image3.png
580
826
media_image3.png
Greyscale
PNG
media_image4.png
466
470
media_image4.png
Greyscale
[0037] In an aspect, distributing the key includes delivering the key from the SMF to the UE via non-access stratum (NAS) signaling; and delivering the key to a multicast-broadcast user plane function that encrypts, integrity protects, or both for the packets for the multicast or broadcast service with the key.
LEE-Qualcomm does not specifically mention about, which is well-known in the art, which Freda discloses, announcement message, wherein the announcement message comprises a temporary mobile group identity (TMGI), para 84, 144.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by LEE-Qualcomm to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known TMGI with announcement. One of ordinary skilled in the art would readily know what TMGI is and that Temporary Mobile Group Identity (TMGI) is used/announced within MBMS to uniquely identify Multicast and Broadcast bearer services, para 84, 144.
LEE-Qualcomm and Freda do not specifically mention about, which is well-known in the art, which HANDE discloses, performing the steps by a single controller (use of server with application function to perform steps, para 79, 55, 57.
Note:
Claim 27 claims that a controller without “AF” can also perform the claimed steps.
Accordingly, any processing device/software can perform the claimed steps.
an application function is a specific task performed within a software program for an end-user, while a service management function relates to the broader, organizational process of delivering and supporting that application as a service to the business
Note: The applicant’s cancelled claims also mentioned that any network entity can generate the key for the session.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by LEE-Qualcomm to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known entities such as server with AF. One of ordinary skilled in the art would readily know what server with AF is and that it is used to perform steps within MBMS for associated Multicast and Broadcast bearer services, para 79, 55, 57.
LEE-Qualcomm, HANDE and Freda do not specifically mention about, which is well-known in the art, which Li discloses, MBSF (para 125, 160, 100).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by LEE-Qualcomm to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known MBSF. One of ordinary skilled in the art would readily know what MBSF is. Multicast broadcast service function refers to the use of multicast technology to transmit data to multiple recipients simultaneously. This service is particularly useful for applications that require the same data to be sent to multiple recipients, such as video streaming, online gaming, and software updates. By sending data from a single source to multiple destinations, multicast would enable reducing network congestion and enhances network efficiency. It is a crucial method for efficiently distributing data to multiple receivers, which would ensure a smoother and more efficient data transfer process for multiple recipients.
Referring to claims 17, 34, LEE- Qualcomm discloses wherein the at least one network entity comprises at least one of a next generation radio access network (NG-RAN), an access and mobility management function (AMF), an MB-session management function (MB-SMF), an MB-user plane function (MB-UPF), a policy control function (PCF), a network exposure function (NEF), an NF repository function (NRF).
[0127] The SMF 194 may also distribute the multicast-broadcast key to the UPF 195. For example, the SMF 194 may transmit the key via a N4 interface. The UPF 195 may protect packets of the QoS flow using the multicast-broadcast key. For example, the UPF 195 may encrypt the packets using the multicast-broadcast key with a known cryptographic algorithm (e.g., a symmetric algorithm). As another example, the UPF 195 may integrity protect the packets using the multicast-broadcast key (e.g., with a signed hash of the packet). The UPF 195 may also perform both encryption and integrity protection. The UPF 195 may forward the protected packets to the RAN nodes 402, which may deliver the protected packets to the UEs 104 on multicast or unicast channels. A UE 104 may change RAN nodes 402 without changing the multicast-broadcast key because the packets for the QoS flow are protected at the UPF 195.
[0124] The SMF 194 may communicate with the AMF 192 to authenticate a UE 104. The SMF 194 may generate or authorize generation of keys based on the service policy for the particular broadcast or multicast service. For example, the service policy may indicate a type of security to be applied (e.g., encryption and/or integrity protection). The SMF 194 may generate keys, or may authorize a RAN node 402 to generate keys. In an aspect, the SMF 194 may generate a multicast-broadcast key (K_MB). The SMF 194 may further derive a key for encryption using a one-way key derivation function (KDF) (e.g., K_MB_enc=KDF(K_MB, “encryption”)) and a key for integrity check (e.g., K_MB_int=KDF(K_MB, “integrity protection”). In some cases, a cell-specific key may be delivered to the UE 104 or derived from the K_MB. The UE may derive the appropriate K_MB_enc or K_MB_int using the KDF. The SMF 194 may also control key refresh based on the service policy. Key refresh may include generating a new key to replace an old key. For example, the service policy may specify conditions for refreshing the key for a QoS flow. For instance, the service policy may specify that the key should be replaced whenever there is a change in a group membership or subscription, or when a UE starts or stops a session. Accordingly, a key refresh may prevent former members or subscribers from accessing the QoS flow without the new key. As another example, the service policy may specify a time period for refreshing the key. Example time periods may be hourly, daily, or weekly, although other time periods could be specified. As discussed in further detail below, the SMF 194 may generate or refresh the key itself, or may authorize the RAN nodes 402 to generate or refresh a key.
wherein the at least one network entity generates a session key for the MBS session, wherein the multicast session security context includes the session key for MBS traffic.
[0103] The 5GC 190 may include a Access and Mobility Management Function (AMF) 192, other AMFs 193, a Session Management Function (SMF) 194, and a User Plane Function (UPF) 195. The AMF 192 may be in communication with a Unified Data Management (UDM) 196. The AMF 192 is the control node that processes the signaling between the UEs 104 and the 5GC 190. Generally, the AMF 192 provides QoS flow and session management.
[0124] The SMF 194 may communicate with the AMF 192 to authenticate a UE 104. The SMF 194 may generate or authorize generation of keys based on the service policy for the particular broadcast or multicast service. For example, the service policy may indicate a type of security to be applied (e.g., encryption and/or integrity protection). The SMF 194 may generate keys, or may authorize a RAN node 402 to generate keys. In an aspect, the SMF 194 may generate a multicast-broadcast key (K_MB).
[0194] At block 1310, the method 1300 may include receiving at least one multicast-broadcast key for a multicast or broadcast service carried by a RB associated with a data session. In an aspect, for example, the UE 104, the RX processor 356, and/or the controller/processor 359 may execute the multicast receiver component 140 and/or the key management component 142 to receive at least one multicast-broadcast key for the multicast or broadcast service carried by the RB associated with the data session. In some implementations, the data session may be a PDU session. In some implementations, the data session may include one or more QoS flows, each QoS flow being associated with a unique multicast-broadcast key of the at least one multicast-broadcast key. Accordingly, the UE 104, the RX processor 356, and/or the controller/processor 359 executing the multicast receiver component 140 and/or the key management component 142 may provide means for receiving at least one multicast-broadcast key for a multicast or broadcast service carried by a RB associated with the data session.
[0092] One or more of the UEs 104 may include a multicast receiver component 140 that receives multicast transmissions using a multicast-broadcast key. The multicast receiver component 140 may include a session component 141 that transmits a request for a PDU session for a multicast or broadcast service, a key management component 142 that receives and/or derives keys for a QoS flow for the multicast or broadcast service, a receiving component 143 that receives a RB and QoS flow packets for the multicast or broadcast service, a decoding component that decodes the QoS flow packets using the keys, and an optional capability component 145 that signals UE capabilities and receives a security policy based on UE capabilities.
[0123] In an aspect, the SMF 194 may include the security component 188 that performs control key generation, key refresh, and key distribution for multicast or broadcast services. The security component 188 may include a key generation component 441 that generates a multicast-broadcast key for a QoS flow; a session component 442 that receives PDU session requests from UEs and establishes the requested session; a key distribution component 443 that distributes the multicast-broadcast key to the UE 104, the UPF 195, and/or the RAN nodes 402; a security policy component 444 that determines a security policy for a session; and a service policy component 445 that implements a service policy for a multicast or broadcast service.
Referring to claim 22, 32, LEE-Qualcomm discloses the controller is further configured to determining, by the AF server, whether the security protection applies to an ongoing MBS session; and the controller is further configured to sending, by the AF server, the multicast session security context to the UE through the at least one network entity in response to determining that the security protection applies to the ongoing MBS session.
[0124] The SMF 194 may communicate with the AMF 192 to authenticate a UE 104. The SMF 194 may generate or authorize generation of keys based on the service policy for the particular broadcast or multicast service. For example, the service policy may indicate a type of security to be applied (e.g., encryption and/or integrity protection). The SMF 194 may generate keys, or may authorize a RAN node 402 to generate keys. In an aspect, the SMF 194 may generate a multicast-broadcast key (K_MB). The SMF 194 may further derive a key for encryption using a one-way key derivation function (KDF) (e.g., K_MB_enc=KDF(K_MB, “encryption”)) and a key for integrity check (e.g., K_MB_int=KDF(K_MB, “integrity protection”). In some cases, a cell-specific key may be delivered to the UE 104 or derived from the K_MB. The UE may derive the appropriate K_MB_enc or K_MB_int using the KDF. The SMF 194 may also control key refresh based on the service policy. Key refresh may include generating a new key to replace an old key. For example, the service policy may specify conditions for refreshing the key for a QoS flow. For instance, the service policy may specify that the key should be replaced whenever there is a change in a group membership or subscription, or when a UE starts or stops a session. Accordingly, a key refresh may prevent former members or subscribers from accessing the QoS flow without the new key. As another example, the service policy may specify a time period for refreshing the key. Example time periods may be hourly, daily, or weekly, although other time periods could be specified. As discussed in further detail below, the SMF 194 may generate or refresh the key itself, or may authorize the RAN nodes 402 to generate or refresh a key.
[0085] In an aspect, the present disclosure provides for key distribution and management to implement a security policy for a multicast or broadcast service. The UE may transmit a PDU session establishment request to the SMF for a service to which the UE is subscribed. The UE may receive a multicast-broadcast key for a QoS flow for the service. The UE may also receive a RB configuration and receive one or more packets of the QoS flow over the RB. The UE may decode the packets using the multicast-broadcast key. The decoding may include decrypting, verifying the integrity, or a combination thereof. Accordingly, the multicast-broadcast key for the QoS flow may secure the multicast or broadcast service to the UE.
[0086] The network may implement security for QoS flows. The network may generate the multicast-broadcast key for the QoS flow carried on the RB for the multicast or broadcast service. The multicast-broadcast key may be for any UE subscribed to the multicast or broadcast service. The network may protect packets of the QoS flow using the key. The network may receive the PDU session establishment request from an authenticated UE at the SMF. The SMF may control distribution of the key to the UE based on the UE being authenticated and being subscribed to the service.
[0087] The network may provide for key distribution and management using different architectures. In a first security architecture, security may be provided by the UPF and the QoS flow may be protected between the UPF and the UE. The SMF may generate the multicast-broadcast keys and distribute the keys to the UE and the UPF. In a second security architecture, the RAN nodes may secure the QoS flow using cell-specific keys. The SMF may generate the multicast-broadcast keys, and the UE and SMF may derive cell-specific keys for each cell.
Claim(s) 20, 30, is/are rejected under 35 U.S.C. 103 as being unpatentable over LEE-Qualcomm in view of Freda, Li and Hande, and LEE et al., WO 2018208114 A1, 2018 .
Referring to claim(s) 20, 30, LEE-Qualcomm discloses updating, by the AF server, the session key for an ongoing MBS session; and sending, by the AF server, a message to a next generation radio access network (NG-RAN) through the at least one network entity, wherein the message indicates that the session key is changed for ongoing MBS session and the NG-RAN sends the message to the UE (
[0167] The RAN node 402 may perform the key refresh in block 1022 according to the security policy. The RAN node 402 may generate a new cell-specific multicast-broadcast key to replace the cell-specific multicast-broadcast key used in the block 1014.
[0136] The SMF 194 may perform a key refresh 618 according to the service policy of the AF 410. The SMF 194 may generate a new multicast-broadcast key to replace the multicast-broadcast key used in the block 616.
[0154] The SMF 194 may perform a key refresh 818 according to the service policy of the AF 410. The SMF 194 may generate a new root multicast-broadcast key to replace the multicast-broadcast key used in the block 814. The SMF 194 may also derive any cell-specific keys or node keys.
[0124] The SMF 194 may communicate with the AMF 192 to authenticate a UE 104. The SMF 194 may generate or authorize generation of keys based on the service policy for the particular broadcast or multicast service. For example, the service policy may indicate a type of security to be applied (e.g., encryption and/or integrity protection). The SMF 194 may generate keys, or may authorize a RAN node 402 to generate keys. In an aspect, the SMF 194 may generate a multicast-broadcast key (K_MB). The SMF 194 may further derive a key for encryption using a one-way key derivation function (KDF) (e.g., K_MB_enc=KDF(K_MB, “encryption”)) and a key for integrity check (e.g., K_MB_int=KDF(K_MB, “integrity protection”). In some cases, a cell-specific key may be delivered to the UE 104 or derived from the K_MB. The UE may derive the appropriate K_MB_enc or K_MB_int using the KDF. The SMF 194 may also control key refresh based on the service policy. Key refresh may include generating a new key to replace an old key. For example, the service policy may specify conditions for refreshing the key for a QoS flow. For instance, the service policy may specify that the key should be replaced whenever there is a change in a group membership or subscription, or when a UE starts or stops a session. Accordingly, a key refresh may prevent former members or subscribers from accessing the QoS flow without the new key. As another example, the service policy may specify a time period for refreshing the key. Example time periods may be hourly, daily, or weekly, although other time periods could be specified. As discussed in further detail below, the SMF 194 may generate or refresh the key itself, or may authorize the RAN nodes 402 to generate or refresh a key.
in at least one of a system information block (SIB), a MBS multicast control channel (MCCH) information message or a RRC reconfiguration message,
[112] The controller/processor 375 provides RRC layer functionality associated with broadcasting of system information (e.g., MIB, SIBs), RRC connection control (e.g., RRC connection paging, RRC connection establishment, RRC connection modification, and RRC connection release), inter radio access technology (RAT) mobility, and measurement configuration for UE measurement reporting; PDCP layer functionality associated with header compression/decompression, security (ciphering, deciphering, integrity protection, integrity verification), and handover support functions; RLC layer functionality associated with the transfer of upper layer packet data units (PDUs), error correction through ARQ, concatenation, segmentation, and reassembly of RLC service data units (SDUs), re-segmentation of RLC data PDUs, and reordering of RLC data PDUs; and MAC layer functionality associated with mapping between logical channels and transport channels, multiplexing of MAC SDUs onto transport blocks (TBs), demultiplexing of MAC SDUs from TBs, scheduling information reporting, error correction through HARQ, priority handling, and logical channel prioritization.
[0112] FIG. 3 is a block diagram of a base station 310 in communication with a UE 350 in an access network. In the DL, IP packets from the EPC 160 may be provided to a controller/processor 375. The controller/processor 375 implements layer 3 and layer 2 functionality. Layer 3 includes a radio resource control (RRC) layer, and layer 2 includes a service data adaptation protocol (SDAP) layer, a packet data convergence protocol (PDCP) layer, a radio link control (RLC) layer, and a medium access control (MAC) layer. The controller/processor 375 provides RRC layer functionality associated with broadcasting of system information (e.g., MIB, SIBs), RRC connection control (e.g., RRC connection paging, RRC connection establishment, RRC connection modification, and RRC connection release), inter radio access technology (RAT) mobility, and measurement configuration for UE measurement reporting; PDCP layer functionality associated with header compression/decompression, security (ciphering, deciphering, integrity protection, integrity verification), and handover support functions
LEE-Qualcomm, Freda, Li and Hande does not specifically mention about, which is well-known in the art, which LEE discloses,
wherein the message comprises at least one of a new temporary mobile group identity (TMGI), a new session key index for corresponding TMGI, and a selected protocol for corresponding TMGI.
(The relay UE performing sidelink communication for ProSe UE-network relay operation should be in RRC_CONNECTED. After receiving a layer 2 link establishment request or a temporary mobile group identity (TMGI) monitoring request (higher layer message) from a remote UE, the relay UE indicates that it is a relay UE and intends to perform ProSe UE-network relay sidelink communication. Notify The eNB may provide resources for ProSe UE-network relay communication, 2nd para, page 10.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by LEE-Qualcomm to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known TMGI. One of ordinary skilled in the art would readily know what TMGI is and that Temporary Mobile Group Identity (TMGI) is used within MBMS to uniquely identify Multicast and Broadcast bearer services, 2nd para, page 10.
Claim(s) 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over LEE-Qualcomm in view of Freda, Li and Hande and WANG et al., CN 111935807 A, 2020.
Referring to claim(s) 20, LEE-Qualcomm discloses updating, by the AF server, the session key for an ongoing MBS session; and sending, by the AF server, a message to a next generation radio access network (NG-RAN) through the at least one network entity, wherein the message indicates that the session key is changed for ongoing MBS session and the NG-RAN sends the message to the UE (
[0167] The RAN node 402 may perform the key refresh in block 1022 according to the security policy. The RAN node 402 may generate a new cell-specific multicast-broadcast key to replace the cell-specific multicast-broadcast key used in the block 1014.
[0136] The SMF 194 may perform a key refresh 618 according to the service policy of the AF 410. The SMF 194 may generate a new multicast-broadcast key to replace the multicast-broadcast key used in the block 616.
[0154] The SMF 194 may perform a key refresh 818 according to the service policy of the AF 410. The SMF 194 may generate a new root multicast-broadcast key to replace the multicast-broadcast key used in the block 814. The SMF 194 may also derive any cell-specific keys or node keys.
[0124] The SMF 194 may communicate with the AMF 192 to authenticate a UE 104. The SMF 194 may generate or authorize generation of keys based on the service policy for the particular broadcast or multicast service. For example, the service policy may indicate a type of security to be applied (e.g., encryption and/or integrity protection). The SMF 194 may generate keys, or may authorize a RAN node 402 to generate keys. In an aspect, the SMF 194 may generate a multicast-broadcast key (K_MB). The SMF 194 may further derive a key for encryption using a one-way key derivation function (KDF) (e.g., K_MB_enc=KDF(K_MB, “encryption”)) and a key for integrity check (e.g., K_MB_int=KDF(K_MB, “integrity protection”). In some cases, a cell-specific key may be delivered to the UE 104 or derived from the K_MB. The UE may derive the appropriate K_MB_enc or K_MB_int using the KDF. The SMF 194 may also control key refresh based on the service policy. Key refresh may include generating a new key to replace an old key. For example, the service policy may specify conditions for refreshing the key for a QoS flow. For instance, the service policy may specify that the key should be replaced whenever there is a change in a group membership or subscription, or when a UE starts or stops a session. Accordingly, a key refresh may prevent former members or subscribers from accessing the QoS flow without the new key. As another example, the service policy may specify a time period for refreshing the key. Example time periods may be hourly, daily, or weekly, although other time periods could be specified. As discussed in further detail below, the SMF 194 may generate or refresh the key itself, or may authorize the RAN nodes 402 to generate or refresh a key.
in at least one of a system information block (SIB), a MBS multicast control channel (MCCH) information message or a RRC reconfiguration message,
[112] The controller/processor 375 provides RRC layer functionality associated with broadcasting of system information (e.g., MIB, SIBs), RRC connection control (e.g., RRC connection paging, RRC connection establishment, RRC connection modification, and RRC connection release), inter radio access technology (RAT) mobility, and measurement configuration for UE measurement reporting; PDCP layer functionality associated with header compression/decompression, security (ciphering, deciphering, integrity protection, integrity verification), and handover support functions; RLC layer functionality associated with the transfer of upper layer packet data units (PDUs), error correction through ARQ, concatenation, segmentation, and reassembly of RLC service data units (SDUs), re-segmentation of RLC data PDUs, and reordering of RLC data PDUs; and MAC layer functionality associated with mapping between logical channels and transport channels, multiplexing of MAC SDUs onto transport blocks (TBs), demultiplexing of MAC SDUs from TBs, scheduling information reporting, error correction through HARQ, priority handling, and logical channel prioritization.
[0112] FIG. 3 is a block diagram of a base station 310 in communication with a UE 350 in an access network. In the DL, IP packets from the EPC 160 may be provided to a controller/processor 375. The controller/processor 375 implements layer 3 and layer 2 functionality. Layer 3 includes a radio resource control (RRC) layer, and layer 2 includes a service data adaptation protocol (SDAP) layer, a packet data convergence protocol (PDCP) layer, a radio link control (RLC) layer, and a medium access control (MAC) layer. The controller/processor 375 provides RRC layer functionality associated with broadcasting of system information (e.g., MIB, SIBs), RRC connection control (e.g., RRC connection paging, RRC connection establishment, RRC connection modification, and RRC connection release), inter radio access technology (RAT) mobility, and measurement configuration for UE measurement reporting; PDCP layer functionality associated with header compression/decompression, security (ciphering, deciphering, integrity protection, integrity verification), and handover support functions
LEE-Qualcomm, Freda, Li and Hande does not specifically mention about, which is well-known in the art, which WANG discloses,
wherein the message comprises at least one of a new temporary mobile group identity (TMGI), a new session key index for corresponding TMGI, and a selected protocol for corresponding TMGI.
( In addition to the change period of each multicast broadcast service MBS, the first information may also include the configuration related to the current cell broadcast MBS, the scheduling information, and the adjacent cell list information. Specifically, for each MBS, the first communication node will obtain at least one of the following information: the temporary mobile group identifier of the MBS (Temporary Mobile GroupIdentity, TMGI), session identifier (Session ID), a G-Radio Network Temporary Identifier (G-RNTI), a channel MTCH scheduling information (scheduling time-domain resource information) for transmitting the MBS, and an adjacent cell list supporting the MBS. The first communication node may receive control information of Group paging messages through a system information block SIB message or a broadcast configuration channel or an RRC dedicated message, para 5, page 12.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by LEE-Qualcomm to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known TMGI. One of ordinary skilled in the art would readily know what TMGI is and that Temporary Mobile Group Identity (TMGI) is used within MBMS to uniquely identify Multicast and Broadcast bearer services, 2nd para, page 10.
Claim(s) 23, 33 is/are rejected under 35 U.S.C. 103 as being unpatentable over LEE-Qualcomm in view of Freda, Li Hande and Kadiri et al., 20210068003.
Referring to claim(s) 23, 33, LEE-Qualcomm discloses wherein the multicast session security context is stored in a memory of the UE (
[0103] The 5GC 190 may include a Access and Mobility Management Function (AMF) 192, other AMFs 193, a Session Management Function (SMF) 194, and a User Plane Function (UPF) 195. The AMF 192 may be in communication with a Unified Data Management (UDM) 196. The AMF 192 is the control node that processes the signaling between the UEs 104 and the 5GC 190. Generally, the AMF 192 provides QoS flow and session management.
[0124] The SMF 194 may communicate with the AMF 192 to authenticate a UE 104. The SMF 194 may generate or authorize generation of keys based on the service policy for the particular broadcast or multicast service. For example, the service policy may indicate a type of security to be applied (e.g., encryption and/or integrity protection). The SMF 194 may generate keys, or may authorize a RAN node 402 to generate keys. In an aspect, the SMF 194 may generate a multicast-broadcast key (K_MB).
[0194] At block 1310, the method 1300 may include receiving at least one multicast-broadcast key for a multicast or broadcast service carried by a RB associated with a data session. In an aspect, for example, the UE 104, the RX processor 356, and/or the controller/processor 359 may execute the multicast receiver component 140 and/or the key management component 142 to receive at least one multicast-broadcast key for the multicast or broadcast service carried by the RB associated with the data session. In some implementations, the data session may be a PDU session. In some implementations, the data session may include one or more QoS flows, each QoS flow being associated with a unique multicast-broadcast key of the at least one multicast-broadcast key. Accordingly, the UE 104, the RX processor 356, and/or the controller/processor 359 executing the multicast receiver component 140 and/or the key management component 142 may provide means for receiving at least one multicast-broadcast key for a multicast or broadcast service carried by a RB associated with the data session.
[0092] One or more of the UEs 104 may include a multicast receiver component 140 that receives multicast transmissions using a multicast-broadcast key. The multicast receiver component 140 may include a session component 141 that transmits a request for a PDU session for a multicast or broadcast service, a key management component 142 that receives and/or derives keys for a QoS flow for the multicast or broadcast service, a receiving component 143 that receives a RB and QoS flow packets for the multicast or broadcast service, a decoding component that decodes the QoS flow packets using the keys, and an optional capability component 145 that signals UE capabilities and receives a security policy based on UE capabilities.
[0123] In an aspect, the SMF 194 may include the security component 188 that performs control key generation, key refresh, and key distribution for multicast or broadcast services. The security component 188 may include a key generation component 441 that generates a multicast-broadcast key for a QoS flow; a session component 442 that receives PDU session requests from UEs and establishes the requested session; a key distribution component 443 that distributes the multicast-broadcast key to the UE 104, the UPF 195, and/or the RAN nodes 402; a security policy component 444 that determines a security policy for a session; and a service policy component 445 that implements a service policy for a multicast or broadcast service).
LEE-Qualcomm, Li, Freda and Hande does not specifically mention about, which is well-known in the art, which Kadiri discloses, when the UE is in an idle mode or a connection-mode or switch between modes
[0214] In some examples, the UE control component 1235 may transmit a wake up message to trigger the at least one UE to transition to a CONNECTED mode state in order to receive the multicast/broadcast traffic, where the wake up message is a per multicast/broadcast quality of service flow message.
[0216] In some examples, the UE control component 1235 may transmit a service announcement to the at least one UE in a multicast/broadcast service area via a multicast control channel in order to trigger the at least one UE to transition to CONNECTED mode in order to receive the multicast/broadcast traffic.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by LEE-Qualcomm to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known one of the modes of the UE. One of ordinary skilled in the art would readily know what a trigger to the UE is. The trigger would enable switching between modes in order handle multicast/broadcast traffic along with flow message, para 214, 216.
Claim(s) 23 is/are rejected under 35 U.S.C. 103 as being unpatentable over LEE-Qualcomm in view of Freda, Li and Hande and Lee et al., 11671824.
Referring to claim(s) 23, LEE-Qualcomm discloses wherein the multicast session security context is stored in a memory of the UE (
[0103] The 5GC 190 may include a Access and Mobility Management Function (AMF) 192, other AMFs 193, a Session Management Function (SMF) 194, and a User Plane Function (UPF) 195. The AMF 192 may be in communication with a Unified Data Management (UDM) 196. The AMF 192 is the control node that processes the signaling between the UEs 104 and the 5GC 190. Generally, the AMF 192 provides QoS flow and session management.
[0124] The SMF 194 may communicate with the AMF 192 to authenticate a UE 104. The SMF 194 may generate or authorize generation of keys based on the service policy for the particular broadcast or multicast service. For example, the service policy may indicate a type of security to be applied (e.g., encryption and/or integrity protection). The SMF 194 may generate keys, or may authorize a RAN node 402 to generate keys. In an aspect, the SMF 194 may generate a multicast-broadcast key (K_MB).
[0194] At block 1310, the method 1300 may include receiving at least one multicast-broadcast key for a multicast or broadcast service carried by a RB associated with a data session. In an aspect, for example, the UE 104, the RX processor 356, and/or the controller/processor 359 may execute the multicast receiver component 140 and/or the key management component 142 to receive at least one multicast-broadcast key for the multicast or broadcast service carried by the RB associated with the data session. In some implementations, the data session may be a PDU session. In some implementations, the data session may include one or more QoS flows, each QoS flow being associated with a unique multicast-broadcast key of the at least one multicast-broadcast key. Accordingly, the UE 104, the RX processor 356, and/or the controller/processor 359 executing the multicast receiver component 140 and/or the key management component 142 may provide means for receiving at least one multicast-broadcast key for a multicast or broadcast service carried by a RB associated with the data session.
[0092] One or more of the UEs 104 may include a multicast receiver component 140 that receives multicast transmissions using a multicast-broadcast key. The multicast receiver component 140 may include a session component 141 that transmits a request for a PDU session for a multicast or broadcast service, a key management component 142 that receives and/or derives keys for a QoS flow for the multicast or broadcast service, a receiving component 143 that receives a RB and QoS flow packets for the multicast or broadcast service, a decoding component that decodes the QoS flow packets using the keys, and an optional capability component 145 that signals UE capabilities and receives a security policy based on UE capabilities.
[0123] In an aspect, the SMF 194 may include the security component 188 that performs control key generation, key refresh, and key distribution for multicast or broadcast services. The security component 188 may include a key generation component 441 that generates a multicast-broadcast key for a QoS flow; a session component 442 that receives PDU session requests from UEs and establishes the requested session; a key distribution component 443 that distributes the multicast-broadcast key to the UE 104, the UPF 195, and/or the RAN nodes 402; a security policy component 444 that determines a security policy for a session; and a service policy component 445 that implements a service policy for a multicast or broadcast service).
LEE-Qualcomm, Freda, Li and Hande does not specifically mention about, which is well-known in the art, which Lee discloses, when the UE is in an idle mode or a connection-mode or switch between modes
transmit a UE capability message indicating one or more security algorithms; receive a security policy, via non-access stratum (NAS) signaling or radio resource control (RRC) signaling, indicating a selected security algorithm; receive at least one multicast-broadcast key for a multicast or broadcast service carried by a radio bearer (RB) associated with a data session; receive at least one updated multicast-broadcast key for the data session via the NAS signaling protected by radio access network (RAN) security between a core network node and the UE or RRC via a reconfiguration message for the UE from a radio access network (RAN) node with which the UE is in a connected mode; and decode packets for the multicast or broadcast service received on the RB using the at least one updated multicast-broadcast key, or a key derived from the updated multicast-broadcast key utilizing the selected security algorithm. Claim 1
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by LEE-Qualcomm to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known one of the modes of the UE. One of ordinary skilled in the art would readily know what a trigger to the UE is. The trigger would enable switching between modes in order handle multicast/broadcast traffic along with flow message, claim 1.
Pertinent references:
SHARMA et al., WO 2020127522 A2 discloses,
The counter check procedure in wireless telecommunications systems is used to check if packets have been inserted in the middle by an intruder. The procedure can also ask the terminal device to report SCG bearer terminated on SN side as well to the MCG or MN node. Thus, the SN may request the MN to execute a counter check procedure to verify the value of the PDCP COUNT(s) associated with DRB(s) offloaded to the SN. To accomplish this, the SN communicates this request and the expected values of PDCP COUNT(s) and associated radio bearer identities to the MN. The MN then issues a counter check request message to the terminal device on SRB1 which indicates the current COUNT MSB values associated to each DRB (data radio bearer) and requests the terminal device compares these with the terminal device’s own COUNT MSB values and reports the result of the comparison in a counter check response message (also on SRB1 ). If the MN receives a RRC counter check response from the terminal device that indicates one or more PDCP COUNT values (possibly associated with both MN and SN) do not match expectation from the network side, the MN may release the connection (RRCRelease is not currently supported by the SN) or report the difference of the PDCP COUNT values to the serving AMF (Access and Mobility Management Function) or O&M (Operation and Maintenance) server for further traffic analysis, e.g., to seek to detect the intruder. Further details on existing counter check procedures can be found in the relevant standards, for example 3GPP TS 33.501 version 15.2.0 Release 15 (2018-09) [8], last para, page 10
Thus, to summarise some aspects of approaches according to some embodiments of the disclosure if the MCG link is down there may be a need to perform a counter check procedure by the secondary node, in which case it may, for example, be performed either using SRB3 or a new SRB terminated in SN node. Thus in certain embodiments, a counter check procedure may be performed directly by the secondary node side of the SRB when the master node radio conditions are bad. In some examples for example, by restricting which / how many DRB identities can be included in a counter check request message to DRBs that terminate in the secondary node, fourth para, page 10
( Proposed dual connectivity approaches for EN-DC (evolved universal terrestrial radio access new radio dual connectivity) and MR-DC (multi-radio access technology dual connectivity) have been established on the assumption that the MCG or MeNB/MN cell is a macro cell and the SCG or SeNB/ SN cell is a small cell within the Macro / MN cell. Since the macro / MN cell coverage is ubiquitous, all RRC (radio resource control) procedures including security, RLM/RLF (radio link monitoring / radio link failure) procedures, are centred in and controlled by the master node MN. In these configurations SRB 3 (signal radio bearer 3) is provided as a supplementary SRB. When SRB1 is split then RRC messages are still generated by the master node, but the user plane protocol stacks from both the MN and SN is used. So, SRB1 splitting can be used only for redundancy of user plane paths and not for the redundant RRC path, last para, page 10
Thus certain embodiments of the disclosure as discussed herein may be implemented in wireless telecommunication systems / networks according to various different architectures, such as the example architectures shown in Figures 1 and 2, and indeed in networks supporting aspects of different architectures in parallel, for example with co-existence of a legacy radio access network architecture, e.g., as schematically represented in Figure 1 , with a new RAT architecture, e.g., as schematically represented in Figure 2. 1st para, page 6.
In addition to the MCG bearer and the SCG bearer, dual connectivity defines a third, split bearer, for the purpose of sharing resources in the MN and the SN on the network side of the telecommunications system. A split bearer 71 1 is delivered to a PDCP in the MN 705, and the MN 705, at the PDCP, then controls a split or division of the split bearer's data between the MN 705 and the SN 706. Data for the MN 705 is passed to the MN's RLC and then its MAC, and data for the SN 706 is passed from the MN 705, using the X2 protocol layer, to an RLC in the SN and then to the MAC of the SN, 3rd para, page 7
Figure 4B shows a schematic representation of an example user plane protocol stack utilising a SCG split bearer. As in Figure 4A, a master node 705 and a secondary node 706 each receive their designated bearers, MCG bearer 709 and SCG bearer 710 respectively, and these are handled by a PCDP, a RLC and a MAC layer, as before. No split bearer of the type shown in Figure 4A is included, however. Instead there is a SCG split bearer 712 which is delivered to the SN 706. A PDCP in the SN 706 receives the SCG split bearer 712 and divides the data. Some is retained in the SN, being passed to the RLC and MAC layers. Other data is passed from the SN 706 to the MN 705 via an X2 protocol, and the MN 705 handles it with its own RLC and MAC resources, 4th para, page 7
As mentioned above, only the MN has a RRC entity in a conventional DC implementation and so signalling radio bearers for RRC are transported over the MCG only, similar to an MCG bearer. For terminal devices configured for dual connectivity and split bearer transport, user traffic from the core network can be received at the MN as a split bearer, and then divided between the MN and the SN for handling and passing to the terminal device (user equipment / UE). Any traffic on a SCG bearer is received from the core network at the SN and transported using resources of the SN to the UE, 3rd last para, page 7
The counter check procedure in wireless telecommunications systems is used to check if packets have been inserted in the middle by an intruder. Currently this procedure can only be initiated by the MN node. The procedure can also ask the terminal device to report SCG bearer terminated on SN side as well to the MCG or MN node. Thus, the SN may request the MN to execute a counter check procedure to verify the value of the PDCP COUNT(s) associated with DRB(s) offloaded to the SN. To accomplish this, the SN communicates this request and the expected values of PDCP COUNT(s) and associated radio bearer identities to the MN. The MN then issues a counter check request message to the terminal device on SRB1 which indicates the current COUNT MSB values associated to each DRB (data radio bearer) and requests the terminal device compares these with the terminal device’s own COUNT MSB values and reports the result of the comparison in a counter check response message (also on SRB1 ). If the MN receives a RRC counter check response from the terminal device that indicates one or more PDCP COUNT values (possibly associated with both MN and SN) do not match expectation from the network side, the MN may release the connection (RRCRelease is not currently supported by the SN) or report the difference of the PDCP COUNT values to the serving AMF (Access and Mobility Management Function) or O&M (Operation and Maintenance) server for further traffic analysis, e.g., to seek to detect the intruder. Further details on existing counter check procedures can be found in the relevant standards, for example 3GPP TS 33.501 version 15.2.0 Release 15 (2018-09), last para, page 10
determining, by the network entity, whether the amount of data sent or received on each DRB or sent on each MRB by the network entity is the same as the amount of data received or sent on each DRB and/or the amount of data received on each MRB by the UE; detecting, by the network entity, a man in the middle attack in response to determining that the amount of data sent or received on each DRB or the amount of data received on each MRB by the network entity is not the same as the amount of data received or sent on each DRB or the amount of data received on each MRB by the UE; Thus, in accordance with some example implementations, a network implementing the approaches described herein can seek to help ensure any eavesdropping or man-in-the-middle attacks are detected by initiating a counter check procedure either periodically or any time, even if the MN link has failed. If a counter check procedure is required when the MN link is not available and the UE is configured for path / equipment redundancy, then the SN can undertake the procedure. It may be the case the MN link is made intentionally unavailable to the UE by sabotage, 2nd para page 14.
(if the MN connection is lost, the terminal device declares RLF (radio link failure) and performs re-establishment. Even if the SN connection still has good radio conditions, it is currently removed if the MN connection fails. Even if the current approaches for dual connectivity are modified to maintain the SN connection on failed MN connection, the inventors have recognised that some issues still remain, for example in relation to counter check procedures, 2nd last para, page 10.
CAO et al., CN 111866975 A discloses,
Optionally, the radio bearer configuration information includes: the PTP bearer configuration information, and/or the PTM bearer configuration information, 6th para, page 8
wherein the PTP bearer configuration information is used for configuring the PTP bearer; the PTP bearer configuration information comprises at least one of the following: PTP radio bearer identifier, service data adaptation protocol (SDAP) configuration information, packet data packet data PDCP) configuration information, radio link control RLC bearer configuration information; the PTM bearer configuration information is used for configuring the PTM bearer, 8th para, page 8.
Response to Arguments
Applicant’s remarks/arguments dated 3/5/26 with respect to amended claim(s) dated 3/5/26 have been considered. It is noted that the Applicant has amended the claims in response to the prior office action. Accordingly, the above rejections in this office action (over prior rejections) are applied in order to address the claim amendments, and also the arguments that are made in view of the amended claims.
LEE- Qualcomm discloses a method for handling key distribution for multicast and broadcast services (MBS) in a wireless network, the method comprising:
[0084] A multicast or broadcast transmission in 5G NR may be secured using a 5G NR network architecture including components of a 5G core (5GC). For example, the application (e.g., an application function (AF)) may interact with the 5GC via a network exposure function (NEF) and/or policy control function (PCF) to establish a service policy. A Session Management Function (SMF) may configure and control one or more quality of service (QoS) flows for the multicast or broadcast service at other nodes including a user plane function (UPF), radio access network (RAN) nodes, and user equipment (UEs). An Access and Mobility Management Function (AMF) may control mobility and non-access stratum (NAS) signaling and transport. The RAN nodes may map the QoS flow to a radio bearer and select broadcast or unicast delivery per UE.
transmitting, by an application function (AF), a message about an MBS session to a user equipment (UE) in the wireless network;
[0042] determining the UE is authorized to receive the multicast or broadcast service.
[0043] authenticating the UE with an application function for the multicast or broadcast service.
[0122] FIG. 4 is a diagram of an example architecture for a network 400 including an application function 410, a 5GC 190, a radio access network (RAN) 430, and a UE 104.
[0128] FIG. 6 is a message diagram 600 illustrating example messages transmitted between a UE 104, RAN node 402, AMF 192, SMF 194, AF 410, and UPF 195 for key generation, key refresh, and key distribution for multicast or broadcast services using the first security architecture 500.
[0130] The network may optionally perform secondary authentication or authorization 604. For example, the service policy for the AF 410 may require the UE 104 to authenticate with the AF 410, for example, by logging in with credentials. Accordingly, the UE 104 and AF 410 may exchange messages for the secondary authentication or authorization 604.
[0091] FIG. 1 is a diagram illustrating an example of a wireless communications system and an access network 100. The wireless communications system (also referred to as a wireless wide area network (WWAN)) includes base stations 102, UEs 104, an Evolved Packet Core (EPC) 160, and another core network (e.g., a 5G Core (5GC) 190).
PNG
media_image1.png
574
856
media_image1.png
Greyscale
generating an MBS key for the MBS session, providing the generated MBS key to the UE via at least one network entity
[0093] As discussed above, the 5GC and RAN nodes (e.g., base stations 102) may perform various security functions for multicast or broadcast transmissions using the multicast-broadcast key. An SMF 194 may include a security component 188 that controls key generation and key distribution.
[0123] In an aspect, the SMF 194 may include the security component 188 that performs control key generation, key refresh, and key distribution for multicast or broadcast services. The security component 188 may include a key generation component 441 that generates a multicast-broadcast key for a QoS flow; a session component 442 that receives PDU session requests from UEs and establishes the requested session; a key distribution component 443 that distributes the multicast-broadcast key to the UE 104, the UPF 195, and/or the RAN nodes 402; a security policy component 444 that determines a security policy for a session; and a service policy component 445 that implements a service policy for a multicast or broadcast service.
[0124] The SMF 194 may communicate with the AMF 192 to authenticate a UE 104. The SMF 194 may generate or authorize generation of keys based on the service policy for the particular broadcast or multicast service. For example, the service policy may indicate a type of security to be applied (e.g., encryption and/or integrity protection). The SMF 194 may generate keys, or may authorize a RAN node 402 to generate keys. In an aspect, the SMF 194 may generate a multicast-broadcast key (K_MB). The SMF 194 may further derive a key for encryption using a one-way key derivation function (KDF) (e.g., K_MB_enc=KDF(K_MB, “encryption”)) and a key for integrity check (e.g., K_MB_int=KDF(K_MB, “integrity protection”). In some cases, a cell-specific key may be delivered to the UE 104 or derived from the K_MB. The UE may derive the appropriate K_MB_enc or K_MB_int using the KDF. The SMF 194 may also control key refresh based on the service policy. Key refresh may include generating a new key to replace an old key.
PNG
media_image2.png
544
856
media_image2.png
Greyscale
wherein the generated MBS key by the AF is used to protect a traffic related to the MBS session
[0124] The SMF 194 may communicate with the AMF 192 to authenticate a UE 104. The SMF 194 may generate or authorize generation of keys based on the service policy for the particular broadcast or multicast service. For example, the service policy may indicate a type of security to be applied (e.g., encryption and/or integrity protection). The SMF 194 may generate keys, or may authorize a RAN node 402 to generate keys. In an aspect, the SMF 194 may generate a multicast-broadcast key (K_MB).
PNG
media_image2.png
544
856
media_image2.png
Greyscale
[0194] At block 1310, the method 1300 may include receiving at least one multicast-broadcast key for a multicast or broadcast service carried by a RB associated with a data session. In an aspect, for example, the UE 104, the RX processor 356, and/or the controller/processor 359 may execute the multicast receiver component 140 and/or the key management component 142 to receive at least one multicast-broadcast key for the multicast or broadcast service carried by the RB associated with the data session. In some implementations, the data session may be a PDU session. In some implementations, the data session may include one or more QoS flows, each QoS flow being associated with a unique multicast-broadcast key of the at least one multicast-broadcast key. Accordingly, the UE 104, the RX processor 356, and/or the controller/processor 359 executing the multicast receiver component 140 and/or the key management component 142 may provide means for receiving at least one multicast-broadcast key for a multicast or broadcast service carried by a RB associated with the data session.
[0092] One or more of the UEs 104 may include a multicast receiver component 140 that receives multicast transmissions using a multicast-broadcast key. The multicast receiver component 140 may include a session component 141 that transmits a request for a PDU session for a multicast or broadcast service, a key management component 142 that receives and/or derives keys for a QoS flow for the multicast or broadcast service, a receiving component 143 that receives a RB and QoS flow packets for the multicast or broadcast service, a decoding component that decodes the QoS flow packets using the keys, and an optional capability component 145 that signals UE capabilities and receives a security policy based on UE capabilities.
[0123] In an aspect, the SMF 194 may include the security component 188 that performs control key generation, key refresh, and key distribution for multicast or broadcast services. The security component 188 may include a key generation component 441 that generates a multicast-broadcast key for a QoS flow; a session component 442 that receives PDU session requests from UEs and establishes the requested session; a key distribution component 443 that distributes the multicast-broadcast key to the UE 104, the UPF 195, and/or the RAN nodes 402; a security policy component 444 that determines a security policy for a session; and a service policy component 445 that implements a service policy for a multicast or broadcast service.
PNG
media_image3.png
580
826
media_image3.png
Greyscale
PNG
media_image4.png
466
470
media_image4.png
Greyscale
[0037] In an aspect, distributing the key includes delivering the key from the SMF to the UE via non-access stratum (NAS) signaling; and delivering the key to a multicast-broadcast user plane function that encrypts, integrity protects, or both for the packets for the multicast or broadcast service with the key.
LEE-Qualcomm does not specifically mention about, which is well-known in the art, which Freda discloses, announcement message, wherein the announcement message comprises a temporary mobile group identity (TMGI), para 84, 144.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by LEE-Qualcomm to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known TMGI with announcement. One of ordinary skilled in the art would readily know what TMGI is and that Temporary Mobile Group Identity (TMGI) is used/announced within MBMS to uniquely identify Multicast and Broadcast bearer services, para 84, 144.
LEE-Qualcomm and Freda do not specifically mention about, which is well-known in the art, which HANDE discloses, by the AF (use of server with application function to perform steps, para 79, 55, 57.
Note:
Claim 27 claims that a controller without “AF” can also perform the claimed steps.
Accordingly, any processing device/software can perform the claimed steps.
an application function is a specific task performed within a software program for an end-user, while a service management function relates to the broader, organizational process of delivering and supporting that application as a service to the business
Note: The applicant’s cancelled claims also mentioned that any network entity can generate the key for the session.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by LEE-Qualcomm to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known entities such as server with AF. One of ordinary skilled in the art would readily know what server with AF is and that it is used to perform steps within MBMS for associated Multicast and Broadcast bearer services, para 79, 55, 57.
LEE-Qualcomm, HANDE and Freda do not specifically mention about, which is well-known in the art, which Li discloses, MBSF (para 125, 160, 100).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by LEE-Qualcomm to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known MBSF. One of ordinary skilled in the art would readily know what MBSF is. Multicast broadcast service function refers to the use of multicast technology to transmit data to multiple recipients simultaneously. This service is particularly useful for applications that require the same data to be sent to multiple recipients, such as video streaming, online gaming, and software updates. By sending data from a single source to multiple destinations, multicast would enable reducing network congestion and enhances network efficiency. It is a crucial method for efficiently distributing data to multiple receivers, which would ensure a smoother and more efficient data transfer process for multiple recipients.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARESH PATEL whose telephone number is (571)272-3973. The examiner can normally be reached on M-F 9-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado, can be reached at (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HARESH N PATEL/Primary Examiner, Art Unit 2496
April 28, 2026
Prosecution Insights