Authentication system for mobile entities
First Claim
1. A security method for use in a communication system including at least one mobile node that includes a secret value and a plurality of nodes that are coupled to a security server that also stores said secret value, the method comprising:
- operating the security server to generate a token from said stored secret and to communicate said token to a first one of said plurality of nodes;
operating the first one of said plurality of nodes to communicate with said mobile node;
transferring the generated token from said first one of said plurality of nodes to a second one of said plurality of nodes;
operating the second one of said plurality of nodes to generate a new encryption key from said token; and
operating the second one of said plurality of nodes to communicate with said mobile node using said new encryption key to encrypt at least some data transmitted to said mobile node.
3 Assignments
0 Petitions
Accused Products
Abstract
Verification and authentication methods for use in mobile communications systems where base stations do not have direct access to a shared secret common to a security server and mobile node are described. Unilateral authentication of a mobile node by a base station is augmented through the use of a mutual authentication token (MAT) generated by the security server and the mobile node as a function of the shared secret. With each handoff the MAT generated by the security server is passed from base station to base station via a secure communications channel. After each handoff the mobile node and new base station perform a unilateral authentication operation and establish a new encryption key that is a function of the MAT. Existence of a trust relationship between a new base station and the last base station is verified by the new base station'"'"'s ability to properly encrypt data.
313 Citations
38 Claims
-
1. A security method for use in a communication system including at least one mobile node that includes a secret value and a plurality of nodes that are coupled to a security server that also stores said secret value, the method comprising:
-
operating the security server to generate a token from said stored secret and to communicate said token to a first one of said plurality of nodes;
operating the first one of said plurality of nodes to communicate with said mobile node;
transferring the generated token from said first one of said plurality of nodes to a second one of said plurality of nodes;
operating the second one of said plurality of nodes to generate a new encryption key from said token; and
operating the second one of said plurality of nodes to communicate with said mobile node using said new encryption key to encrypt at least some data transmitted to said mobile node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 26, 28, 29, 30, 31, 32, 33, 34, 36, 37, 38)
-
-
25. A communication system including:
-
a security server including;
a secret value corresponding to a mobile node;
means for generating a token from said secret value; and
means for communicating said token to a base station;
a first base station coupled to said security server, the first base station including;
means for communicating with a mobile node;
a memory for storing said token generated by said security server and a first encryption key used to encrypt information transmitted to said mobile node; and
means for transmitting said token to another base station as part of a mobile node handoff operation; and
a second base station coupled to said first base station, the second base station including;
means for generating as second encryption key as a function of said token following a handoff operation involving the transfer of said token from said first base station to said second base station.
-
-
27. A method of operating a mobile node in a communication system including a plurality of nodes that are coupled by a communications channel to a security server that stores a secret value corresponding to said mobile node, the method comprising:
-
storing said secret value in said mobile node;
performing a mutual authentication operation with a first one of said base stations using said shared secret to generate at least one value transmitted to said first one of said base stations as part of the mutual authentication operation;
generating a token as a function of said stored secret value;
generating an encryption key as a function of said generated token; and
encrypting information sent to a second one of said plurality of nodes using said generated encryption key.
-
-
35. A mobile node for use in a communication system including a plurality of nodes that are coupled by a communications channel to a security server, the security server storing a secret value corresponding to said mobile node, the mobile mode comprising:
-
a memory including said secret value;
means for performing a mutual authentication operation with a first one of said base stations;
means for performing a mutual authentication operation with a first one of said base stations using said shared secret to generate at least one value transmitted to said first one of said base stations as part of the mutual authentication operation;
means for generating a token as a function of said stored secret value;
means for generating an encryption key as a function of said generated token; and
means for encrypting information sent to a second one of said plurality of nodes using said generated encryption key.
-
Specification