METHOD FOR RECONFIGURING SECURITY MECHANISM OF A WIRELESS NETWORK AND THE MOBILE NODE AND NETWORK NODE THEREOF

US 20090119760A1
Filed: 10/31/2008
Published: 05/07/2009
Est. Priority Date: 11/06/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method for reconfiguring security management mechanism of a wireless network, comprising the steps of:

a network node sending a broadcast packet to a mobile node in the same domain, wherein the broadcast packet includes a plurality of authentication protocols supported by the network node;

the mobile node selecting one authentication protocol in accordance with the received broadcast packet, and sending an encrypted negotiation packet to the network node;

the network node examining whether the negotiation packet is valid by communicating with an authentication server;

the network node conducting an authentication process according to the authentication protocol in the protocol packet if the negotiation packet is valid;

the mobile node communicating with the network node to complete the authentication process; and

the mobile node and the network node generating a security association after the authentication process, wherein the security association includes an authentication key for protecting signaling packets.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for reconfiguring the security mechanism of a wireless network system includes steps of: sending a packet from a network node to a mobile node; sending a negotiation packet from the mobile node to the network node according to a selected authentication protocol; the mobile node and the network node proceeding the authentication process if the received negotiation packet is valid; the mobile node and the network node generating a security association after the authentication process is completed.

100 Citations

View as Search Results

20 Claims

1. A method for reconfiguring security management mechanism of a wireless network, comprising the steps of:
- a network node sending a broadcast packet to a mobile node in the same domain, wherein the broadcast packet includes a plurality of authentication protocols supported by the network node;
  
  the mobile node selecting one authentication protocol in accordance with the received broadcast packet, and sending an encrypted negotiation packet to the network node;
  
  the network node examining whether the negotiation packet is valid by communicating with an authentication server;
  
  the network node conducting an authentication process according to the authentication protocol in the protocol packet if the negotiation packet is valid;
  
  the mobile node communicating with the network node to complete the authentication process; and
  
  the mobile node and the network node generating a security association after the authentication process, wherein the security association includes an authentication key for protecting signaling packets.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising the step of:
    - the mobile node selecting one mobile management protocol in accordance with the received broadcasted packet, wherein the broadcast packet includes a plurality of mobile management protocols supported by the network node.
  - 3. The method of claim 1, wherein the examining step is based on a pre-shared key.
  - 4. The method of claim 1, wherein the broadcast packet is transmitted periodically.

5. A security management method used at a network end, comprising the steps of:
- a plurality of network nodes and edged network nodes at the network end taking their certificates from an authentication server upon startup;
  
  the network nodes and edged network nodes broadcasting the certificates to their neighboring nodes;
  
  the neighboring nodes forwarding their certificates to the network nodes and edged network nodes; and
  
  the network nodes and edged network nodes establishing a security association with their neighboring nodes.
- View Dependent Claims (6)
- - 6. The security management method of claim 5, wherein the establishing step comprises:
    - a transmitter generating a message authentication code in the signaling packet in accordance with the security association; and
      
      a receiver confirming the completeness of transmitted packets in accordance with the security association and message authentication code.

7. A mobile node of a wireless network with a security management mechanism, comprising:
- a client-end platform controller;
  
  a client-end platform controller notifier configured to monitor packet transmission and to transmit received packets to the client-end platform controller;
  
  a security parameter recorder configured to record a pre-shared key and an authentication key generated during an authentication process; and
  
  a client-end security protection unit connected to the client-end platform controller, the client-end platform controller notifier and the security parameter recorder, wherein the client-end security protection unit verifies packets passing the client-end platform controller and client-end platform controller notifier in accordance with data in the security parameter recorder;
  
  a plurality of client-end authentication modules each corresponding to a set of authentication protocols, and connected to the security parameter recorder and client-end platform controller;
  
  a client-end platform registrar connected to the client-end platform controller and the client-end authentication modules for defining a template of each authentication protocol and receiving a registration application of each authentication protocol; and
  
  a protocol selector connected to the client-end platform controller for selecting an authentication protocol to determine the security management mechanism.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The mobile node of claim 7, further comprising a plurality of client-end mobile management modules, wherein each client-end mobile management module corresponds to a mobile management protocol, and is connected to the client-end platform registrar and client-end platform controller.
  - 9. The mobile node of claim 8, wherein the protocol selector further selects a mobile management protocol to determine the mobile management mechanism.
  - 10. The mobile node of claim 7, wherein the client-end authentication modules include an authentication registrar and an authentication controller, wherein the authentication registrar is used to register at the client-end platform registrar and to establish two communication channels to the client-end platform controller and security parameter recorder, and the authentication controller is configured to control the client-end authentication modules and to communicate with the client-end platform controller and the security parameter recorder.
  - 11. The mobile node of claim 8, wherein the client-end mobile management modules comprise a mobile management registrar and a mobile management controller, wherein the mobile management registrar is used to register at the client-end platform registrar and to establish one communication channel to the client-end platform controller, the mobile management controller is configured to control the client-end mobile management module and to communicate with the client-end platform controller.
  - 12. The mobile node of claim 7, wherein the security parameter recorder adds an electronic signature on output packets from the mobile node.

13. A network node of a wireless network with a security management mechanism, comprising:
- a platform controller;
  
  a platform controller notifier configured to monitor packet transmission and to transmit received packets to the platform controller;
  
  a security parameter database configured to record common secret information with neighboring nodes; and
  
  a security protection unit connected to the platform controller, the platform controller notifier and the security parameter database, wherein the security protection unit verifies packets passing the platform controller and platform controller notifier in accordance with data in the security parameter database;
  
  a plurality of authentication modules each corresponding to an authentication protocol and connected to the security parameter database and platform controller;
  
  a platform registrar connected to the platform controller and the authentication modules for defining a template of each authentication protocol and for receiving a registration application of each authentication protocol; and
  
  a mobile node database connected to the platform controller and the platform controller notifier for recording all mobile nodes in the same domain.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The network node of claim 13, wherein the security parameter database records a pre-shared key and an authentication key generated during the authentication process if the network node is an edged network node.
  - 15. The network node of claim 13, wherein the data in the security parameter database includes a network protocol address, authentication information, contact information and security management mechanism of the mobile node.
  - 16. The network node of claim 13, further comprising a plurality of mobile management modules, each corresponding to a mobile management protocol and connected to the platform registrar and platform controller.
  - 17. The network node of claim 13, wherein each of the authentication modules includes an authentication registrar and authentication controller, wherein the authentication registrar is used to register at the platform registrar and to establish two communication channels to the platform controller and security parameter database, and the authentication controller is configured to control the authentication modules and to communicate with the platform controller and the security parameter database.
  - 18. The network node of claim 16, wherein the mobile management modules each comprise a mobile management registrar and a mobile management controller, wherein the mobile management registrar is used to register at the platform registrar and to establish one communication channel to the platform controller, and the mobile management controller is configured to control the authentication module and to communicate with the platform controller.
  - 19. The network node of claim 16, wherein the mobile node database records mobile management mechanism that is being used or will be used.
  - 20. The network node of claim 13, wherein the security protection unit adds an electronic signature on output packets from the network node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
National Tsing Hua University
Original Assignee
National Tsing Hua University
Inventors
HUNG, SHAO HSIU, HSIEH, CHENG KUAN, CHEN, JYH CHENG

Application Number

US12/262,725
Publication Number

US 20090119760A1
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04W 12/069   using certificates or pre-s...

H04W 88/02   Terminal devices

METHOD FOR RECONFIGURING SECURITY MECHANISM OF A WIRELESS NETWORK AND THE MOBILE NODE AND NETWORK NODE THEREOF

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

100 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR RECONFIGURING SECURITY MECHANISM OF A WIRELESS NETWORK AND THE MOBILE NODE AND NETWORK NODE THEREOF

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

100 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links