Method and apparatus for security of IP security tunnel using public key infrastructure in mobile communication network
First Claim
1. A method for security of an IP security tunnel using public key infrastructure in a security gateway of a mobile communication network, the method comprising the steps of:
- receiving a request message from a mobile node which relates to a security service requested by the mobile node;
determining if there is security association (SA) for the security service, and determining if there is a public key related to a peer address when the SA does not exist;
sending a certificate request message to a certificate authority (CA) when the public key does not exist, and receiving a certificate response message from the certificate authority which has a certificate that comprises a public key related to the peer address;
performing an internet key exchange and SA establishment procedure with a peer corresponding to the peer address by using the certificate;
completing the internet key exchange and the SA establishment; and
encrypting a packet received from the mobile node by means of the public key, transmitting the encrypted packet to the peer, decrypting a packet received from the peer by means of a private key corresponding to the public key, and transmitting the decrypted packet to the mobile node.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus is provided for security of an IP security tunnel using public key infrastructure, including the steps of receiving a request message which relates to a security service requested by a mobile node, determining if there is security association (SA) for the security service and determining if there is a public key related to a peer address when the SA does not exist, sending a certificate request message to a certificate authority (CA) when the public key does not exist and receiving a certificate response message which has a certificate that includes a public key. The method further includes the steps of performing an internet key exchange and SA establishment procedure with a peer corresponding to the peer address by using the certificate, completing the internet key exchange and the SA establishment, and encrypting a packet received from the mobile node, transmitting the encrypted packet to the peer, decrypting a packet received from the peer, and transmitting the decrypted packet to the mobile node.
82 Citations
44 Claims
-
1. A method for security of an IP security tunnel using public key infrastructure in a security gateway of a mobile communication network, the method comprising the steps of:
-
receiving a request message from a mobile node which relates to a security service requested by the mobile node;
determining if there is security association (SA) for the security service, and determining if there is a public key related to a peer address when the SA does not exist;
sending a certificate request message to a certificate authority (CA) when the public key does not exist, and receiving a certificate response message from the certificate authority which has a certificate that comprises a public key related to the peer address;
performing an internet key exchange and SA establishment procedure with a peer corresponding to the peer address by using the certificate;
completing the internet key exchange and the SA establishment; and
encrypting a packet received from the mobile node by means of the public key, transmitting the encrypted packet to the peer, decrypting a packet received from the peer by means of a private key corresponding to the public key, and transmitting the decrypted packet to the mobile node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for security of an IP security tunnel using public key infrastructure in a security gateway of a mobile communication network, the method comprising the steps of:
-
creating a tunnel in cooperation with a service node providing a service to a mobile node, and receiving a packet having a security-required peer address through the created tunnel;
buffering the received packet, and determining if security association (SA) for the security-required peer address has been established;
determining if there is a public key related to the peer address when the SA does not exist;
sending a certificate request message to a certificate authority (CA) when the public key does not exist, and receiving a certificate response message which has a certificate comprising a public key related to the peer address from the certificate authority;
performing an internet key exchange and SA establishment procedure with a peer corresponding to the peer address by using the certificate; and
encrypting a packet received from the mobile node by means of the public key to transmit the encrypted packet to the peer when the internet key exchange and the SA establishment are completed, and decrypting a packet received from the peer by means of a private key corresponding to the public key to transmit the decrypted packet to the mobile node. - View Dependent Claims (15, 16, 17)
-
-
18. A method for security of an IP security tunnel using public key infrastructure in a mobile communication network, the method comprising the steps of:
-
creating, by a security gateway for a mobile node, a new key pair containing a public key and a private key in order to change public/private keys used to communicate with the mobile node and a peer, and sending a key update request message including the new key pair to a certificate authority;
storing, by the certificate authority, an existing certificate of the security gateway in a certification revocation list, creating a certificate response message having a new certificate including the new key pair, and transmitting the certificate response message to the security gateway;
storing, by the security gateway, a pre-stored certificate in a certification revocation list of the security gateway, storing the new certificate, and transmitting a confirmation message to the certificate authority; and
broadcasting, by the certificate authority, a certificate announcement message including the new certificate to authentication clients which are managed by the certificate authority in response to the confirmation message. - View Dependent Claims (19, 20, 21, 22, 23)
-
-
24. An apparatus for security of an IP security tunnel using public key infrastructure in a security gateway of a mobile communication network, the apparatus comprising:
-
a mobile node for generating a request message related to a security service to transmit the request message to the security gateway, and transmitting/receiving packet data;
the security gateway for determining if there is security association (SA) for the security service, determining if there is a public key related to a peer address when the SA does not exist, sending a certificate request message to a certificate authority (CA) when the public key does not exist, receiving a certificate response message which has a certificate including a public key related to the peer address from the certificate authority, performing an internet key exchange and SA establishment procedure with a peer corresponding to the peer address by using the certificate, encrypting a packet received from the mobile node by means of the public key, transmitting the encrypted packet to the peer when the internet key exchange and the SA establishment has been completed, decrypting a packet received from the peer by means of a private key corresponding to the public key, and transmitting the decrypted packet to the mobile node; and
the certificate authority for transmitting a certificate response message, which has the certificate including the public key related to the peer address, to the security gateway when the certificate request message is received from the security gateway. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
Specification