Key distribution mechanism for IP environment
First Claim
1. A method of exchanging keys comprising:
- generating a first key at a user;
transferring said first key to said first domain;
certifying the first key at a first domain;
generating a second key at peer entity;
transferring said second key to said first domain; and
certifying the second key at said first domain.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus are provided for exchanging Diffie Hellman keys. This may include generating and transferring a first key at a user (such as a mobile node) and generating and transferring the first key to a first domain (such as a home domain). The first key may be certified at the first domain. A second key may be generated at a peer entity and transferred to the first domain. The second key may be certified at the first domain. After being certified, the first key may be transferred to the peer entity and the second key may be transferred to the user. Accordingly, the peer entity and the user are able to exchange their Diffie Hellman information in an authenticated manner and can derive the shared session key.
-
Citations
39 Claims
-
1. A method of exchanging keys comprising:
-
generating a first key at a user;
transferring said first key to said first domain;
certifying the first key at a first domain;
generating a second key at peer entity;
transferring said second key to said first domain; and
certifying the second key at said first domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 25, 26, 27, 28, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
13. A method of exchanging keys comprising:
-
transferring a first key from a user to a first domain;
generating a second key at a peer entity in a second domain;
transferring said second key to said first domain;
certifying said first key in said first domain; and
certifying said second key in said first domain.
-
-
24. A system for IP communications comprising:
-
a home domain, the home domain containing at least one server;
a user sharing a first security association with at least one server in the home domain; and
a second domain, the second domain containing at least one server, a security association existing between the at least one server in the home domain and the at least one server in the second domain, said at least one server in said home domain to certify a key of said user and to certify a key of said at least one server of said second domain.
-
-
29. A method of exchanging keys in a IP network comprising:
-
authenticating a first key of a user at a first domain;
authenticating a second key of a peer entity at said first domain;
transferring said authenticated first key to said peer entity; and
transferring said authenticated second key to said user.
-
Specification