Dynamic key generation and exchange for mobile devices
First Claim
Patent Images
1. A machine-implemented method comprising:
- producing a first authentication message comprising;
authentication data encrypted with a first key; and
a data structure comprising the first key, wherein the data structure is encrypted with a second key;
generating a request message to have a first network device associated with a first network deliver datagrams destined for a home address associated with a mobile device on the first network to a second address on a second, different network; and
embedding the authentication message in the request message.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for dynamic generation and exchange of a key which may be used to authenticate messages between a mobile network device (e.g., a laptop computer) and a network device (e.g., a router) configured to route datagrams destined for the mobile network device.
-
Citations
47 Claims
-
1. A machine-implemented method comprising:
-
producing a first authentication message comprising;
authentication data encrypted with a first key; and
a data structure comprising the first key, wherein the data structure is encrypted with a second key;
generating a request message to have a first network device associated with a first network deliver datagrams destined for a home address associated with a mobile device on the first network to a second address on a second, different network; and
embedding the authentication message in the request message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A machine-implemented method comprising:
receiving at a first device associated with a home network an authentication message and a request message to reroute datagrams destined for a first address of a mobile device associated with the home network to a second address not associated with the home network, wherein the request message comprises;
a data structure that includes a first key encrypted with a second key; and
determining if the authentication message is valid. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
-
29. A computer program product residing on a computer readable medium having instructions stored thereon that, when executed by the processor, cause that processor to:
-
form an authentication message comprising;
authentication data encrypted with a first key; and
the first key encrypted with a second key;
generate a request message requesting that datagrams destined for a first Internet Protocol address of a mobile device be routed to a second Internet Protocol address; and
include the authentication request message in the request message. - View Dependent Claims (30, 31, 32)
-
-
33. A computer program product residing on a computer readable medium having instructions stored thereon that, when executed by the processor, cause that processor to:
-
extract an authentication message from a message requesting that datagrams destined for a first Internet Protocol address of a mobile device be routed to a second Internet Protocol address, wherein the authentication message comprises;
authentication data encrypted with a first key; and
a data structure comprising the first key, and encrypted with a second key;
verify the authentication data; and
if the authentication data is valid, then generating a third key. - View Dependent Claims (34, 35, 36)
-
-
37. A system comprising:
-
a first network device associated with a first network; and
a second network device associated with the first network, the second network device capable of;
producing an authentication message including a data structure comprising the first key with the data structure encrypted with a second key;
generating a request message to have the first network device deliver datagrams destined for a home address associated with the second device on the first network to a second address on a second, different network; and
including the authentication message within the request message. - View Dependent Claims (38, 39, 40, 41, 42)
-
-
43. A system comprising:
-
a router associated with a first network and comprising an input port for receiving datagrams and a switch fabric for determining destination of datagrams; and
a processor capable of;
reading request message to reroute datagrams destined for a first address of a mobile device associated with the first network to a second address associated with a second, different network, wherein the request message includes a data structure comprising a first key unknown to the processor encrypted with a second key that is known to the processor, verifying an authentication message associated with the request message wherein the authentication message comprises a hashed version of the request message computed using the first key; and
if the authentication message is valid, then generating a third key. - View Dependent Claims (44, 45, 46, 47)
-
Specification