IP security and mobile networking
First Claim
1. A method of sending and receiving packets in a secure connection between a first network node and a second network node, wherein said packets may be transferred through a plurality of independent data networks in the path between the first network node and second network node, and that the first network node and each of the data networks may operate under different security policies for specifying certain transformations that are applied to the packets, said method is wherein the first network node is able to dynamically change its security policy such that the suitable transformations are applied to the packets in order to maintain the secure connection.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention discloses a method transferring packets between a mobile host device (100) and a source node via a number of independent data networks while maintaining a secure connection. The independent networks may include, for example, the Internet (120), localized Access Zones (110, 140), a Corporate Intranets, a Home Network (130) etc. Problems may occur, for example, when the mobile node is using a co-located care-of address, in which case both IP-in-IP and IPsec tunneling transformations are performed, and the current IPsec and IP-in-IP implementations cannot perform the required tunneling operations on the mobile host. This is because the IP-in-IP and IPsec tunneling when the IP-in-IP tunnel is not the outermost transformation. In an embodiment of the invention, the security policy operated by the mobile host includes a primary security policy and a dynamic secondary security policy that selectively apply specified transformations to certain packets in the data transfer.
141 Citations
18 Claims
- 1. A method of sending and receiving packets in a secure connection between a first network node and a second network node, wherein said packets may be transferred through a plurality of independent data networks in the path between the first network node and second network node, and that the first network node and each of the data networks may operate under different security policies for specifying certain transformations that are applied to the packets, said method is wherein the first network node is able to dynamically change its security policy such that the suitable transformations are applied to the packets in order to maintain the secure connection.
-
15. A mobile device capable of establishing a connection with a network and having a data transfer security policy governing the transfer of packets to and from the mobile device, wherein the data transfer security policy comprises:
-
a first set of transformations associated with a primary security policy for application to the transferred packets; and
a second set of transformations associated with a secondary security policy for suitable for selective application to certain packets.
-
Specification