Key distribution mechanism for IP environment

US 20020118674A1
Filed: 02/25/2002
Published: 08/29/2002
Est. Priority Date: 02/23/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method of exchanging keys comprising:

generating a first key at a user;

transferring said first key to said first domain;

certifying the first key at a first domain;

generating a second key at peer entity;

transferring said second key to said first domain; and

certifying the second key at said first domain.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus are provided for exchanging Diffie Hellman keys. This may include generating and transferring a first key at a user (such as a mobile node) and generating and transferring the first key to a first domain (such as a home domain). The first key may be certified at the first domain. A second key may be generated at a peer entity and transferred to the first domain. The second key may be certified at the first domain. After being certified, the first key may be transferred to the peer entity and the second key may be transferred to the user. Accordingly, the peer entity and the user are able to exchange their Diffie Hellman information in an authenticated manner and can derive the shared session key.

Citations

39 Claims

1. A method of exchanging keys comprising:
- generating a first key at a user;
  
  transferring said first key to said first domain;
  
  certifying the first key at a first domain;
  
  generating a second key at peer entity;
  
  transferring said second key to said first domain; and
  
  certifying the second key at said first domain.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 25, 26, 27, 28, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 2. The method of claim 1, wherein said user and said first domain share a symmetric key.
  - 3. The method of claim 1, wherein said peer entity is located within a second domain, and said second domain and said first domain share a symmetric key.
  - 4. The method of claim 1, wherein said user comprises a mobile node.
  - 5. The method of claim 4, wherein said mobile node is in a visited domain.
  - 6. The method of claim 5, wherein said first domain comprises a home domain.
  - 7. The method of claim 6, wherein said home domain comprises an Authentication, Authorization and Accounting (AAA) server.
  - 8. The method of claim 7, further comprising communicating with said user by the AAA server through an AAA client.
  - 9. The method of claim 8, wherein the AAA client comprises one of an attendant located in a router, a Registration Agent, and a server located in a second domain.
  - 10. The method of claim 1, wherein said first key comprises a first Diffie Hellman value of said user and said second key comprises a second Diffie Hellman value of said user.
  - 11. The method of claim 1, further comprising transferring said first key to said peer entity after certifying said first key.
  - 12. The method of claim 11, further comprising transferring said second key to said user after certifying said second key.
  - 14. The method of claim 13, wherein said user and said first domain share a symmetric key.
  - 15. The method of claim 13, wherein said peer entity is located in a second domain, and said second domain and said first domain share a symmetric key.
  - 16. The method of claim 13, wherein said user is in a visited domain.
  - 17. The method of claim 16, wherein said first domain comprises a home domain.
  - 18. The method of claim 17, wherein said home domain comprises an Authentication, Authorization and Accounting (AAA) server.
  - 19. The method of claim 18, further comprising communicating with the user by the AAA server through an AAA client.
  - 20. The method of claim 19, wherein the AAA client comprises one of an attendant located in a router, a Registration Agent, and a server located in a second domain.
  - 21. The method of claim 13, wherein said first key comprises a first Diffie Hellman value of said user and said second key comprises a second Diffie Hellman value of said peer entity.
  - 22. The method of claim 13, further comprising transferring said second key to said user after certifying said second key.
  - 23. The method of claim 13, further comprising transferring said first key to a peer entity located in a second domain.
  - 25. The system of claim 24, wherein said at least one server in said home domain comprises an Authentication, Authorization and Accounting server.
  - 26. The system of claim 25, wherein the AAA server comprises one of an attendant located in a router, a Registration Agent, and a server located in the second domain.
  - 27. The system of claim 24, wherein said user comprises a mobile phone.
  - 28. The system of claim 24, wherein said key of said user comprises a first Diffie Hellman value and said key of said at least one server of said second domain comprises a second Diffie Hellman value.
  - 30. The method of claim 29, wherein said user utilizes a third key to authenticate said first key and transfer said first key to said first domain.
  - 31. The method of claim 30, wherein said third key comprises a shared key between said first domain and said user.
  - 32. The method of claim 31, wherein said first domain utilizes said third key to authenticate the origin of said received first key and then utilizes a fourth key to authenticate said first key and transfer said authorized first key to a second domain.
  - 33. The method of claim 32, wherein said fourth key comprises a shared key between said first domain and said second domain that includes said peer entity.
  - 34. The method of claim 32, wherein said second domain utilizes said fourth key to authenticate said second key and transfer said authorized second key to said first domain.
  - 35. The method of claim 34, wherein said first domain utilizes said fourth key to authenticate the origin of said received second key and then utilizes said third key to authenticate said second key and transfer said second key to said user.
  - 36. The method of claim 29, wherein said user comprises a mobile node.
  - 37. The method of claim 29, further comprising generating and authenticating said first key at said user prior to authenticating said first key at said first domain.
  - 38. The method of claim 29, further comprising generating and authenticating said second key at a second domain prior to authenticating said second key at said first domain.
  - 39. The method of claim 29, wherein said first key comprises a Diffie Hellman value of said user, and said second key comprises a Diffie Hellman value of said peer entity.

13. A method of exchanging keys comprising:
- transferring a first key from a user to a first domain;
  
  generating a second key at a peer entity in a second domain;
  
  transferring said second key to said first domain;
  
  certifying said first key in said first domain; and
  
  certifying said second key in said first domain.

24. A system for IP communications comprising:
- a home domain, the home domain containing at least one server;
  
  a user sharing a first security association with at least one server in the home domain; and
  
  a second domain, the second domain containing at least one server, a security association existing between the at least one server in the home domain and the at least one server in the second domain, said at least one server in said home domain to certify a key of said user and to certify a key of said at least one server of said second domain.

29. A method of exchanging keys in a IP network comprising:
- authenticating a first key of a user at a first domain;
  
  authenticating a second key of a peer entity at said first domain;
  
  transferring said authenticated first key to said peer entity; and
  
  transferring said authenticated second key to said user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Corporation
Original Assignee
Nokia Corporation
Inventors
Le, Franck, Faccin, Stefano M.

Application Number

US10/080,393
Publication Number

US 20020118674A1
Time in Patent Office

Days
Field of Search
US Class Current

370/352
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 63/0892   by using authentication-aut...

H04L 63/126   the source of the received ...

Key distribution mechanism for IP environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Key distribution mechanism for IP environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links