Intelligent security association management server for mobile IP networks
First Claim
1. A method of implementing internet protocol security in a mobile IP network, comprising the steps of:
- a. establishing a security association for a communication between a first node and a second node;
b. storing, at the first node and at the second node, the security association; and
c. synchronizing, with a security association policy server, the security association between the first node and the second node.
1 Assignment
0 Petitions
Accused Products
Abstract
A solution to asynchronous security association between nodes by implementing a security association policy server for IPsec in third generation and beyond wireless mobile access, Internet protocol-based digital networks supporting Mobile IP is disclosed. The security association policy server stores data related to a communication and a security association between nodes in the network, and determines an security association management protocol for the security association. Employing the security association management protocol for the particular security association, the security association management server determines an appropriate combination of security association management factors to ensure synchronization between nodes. The security association management server, may instruct a node to eliminate a security association stored in its cache when it is determined that the security association no longer needs to be stored, or may inform the nodes to re-key a security association when it is determined that the security association is not synchronized.
-
Citations
17 Claims
-
1. A method of implementing internet protocol security in a mobile IP network, comprising the steps of:
-
a. establishing a security association for a communication between a first node and a second node;
b. storing, at the first node and at the second node, the security association; and
c. synchronizing, with a security association policy server, the security association between the first node and the second node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An internet protocol network comprising:
-
a. a plurality of nodes configured to communicate with each other over the network, and to store security associations for communications the between plurality of nodes;
b. at least one security association policy server provided in the network and in communication with the nodes, the at least one security association policy server configured to synchronize the security associations between the nodes according to a security association management protocol. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for synchronizing a security association for a node in an internet protocol network, comprising the steps of:
-
a. storing a security association at a mobile node for a communication between the mobile node and a second node in the network, the mobile node storing the security association for no more than a discrete lifetime;
b. storing at a security association policy server, data related to the security association stored at the mobile node; and
c. analyzing the data related to the security association according to a predetermined criteria to determine a whether the security association stored at the mobile node is eliminated prior to expiration of the lifetime.
-
Specification