DISTRIBUTION OF GROUP CRYPTOGRAPHY MATERIAL IN A MOBILE IP ENVIRONMENT

US 20090122985A1
Filed: 11/14/2007
Published: 05/14/2009
Est. Priority Date: 11/14/2007
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving a Mobile IP registration request from a group member, the group member being a Mobile Node;

generating a mobility binding for the group member that associates the group member with a care-of address, wherein the group member is a member of one or more groups;

generating a Mobile IP registration reply, the Mobile IP registration reply identifying one or more key servers, each of the one or more key servers serving at least one of the one or more groups and being adapted for distributing group cryptography material to members of each group that is served by the corresponding key server; and

sending the Mobile IP registration reply to the group member, thereby enabling the group member to obtain group cryptography material for at least one of the one or more groups from at least one of the one or more key servers to enable the group member to use the group cryptography material to securely communicate with other group members.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a Home Agent receives a Mobile IP registration request from a group member, where the group member is a Mobile Node. The Home Agent generates a mobility binding for the group member that associates the group member with a care-of address, wherein the group member is a member of one or more groups. The Home Agent generates a Mobile IP registration reply, where the Mobile IP registration reply identifies one or more key servers. Each of the one or more key servers serves at least one of the one or more groups and is adapted for distributing group cryptography material to members of each group that is served by the corresponding key server. The Home Agent sends the Mobile IP registration reply to the group member, thereby enabling the group member to obtain cryptography material for at least one of the one or more groups from at least one of the one or more key servers to enable the group member to use the cryptography group material to securely communicate with other group members.

Citations

25 Claims

1. A method, comprising:
- receiving a Mobile IP registration request from a group member, the group member being a Mobile Node;
  
  generating a mobility binding for the group member that associates the group member with a care-of address, wherein the group member is a member of one or more groups;
  
  generating a Mobile IP registration reply, the Mobile IP registration reply identifying one or more key servers, each of the one or more key servers serving at least one of the one or more groups and being adapted for distributing group cryptography material to members of each group that is served by the corresponding key server; and
  
  sending the Mobile IP registration reply to the group member, thereby enabling the group member to obtain group cryptography material for at least one of the one or more groups from at least one of the one or more key servers to enable the group member to use the group cryptography material to securely communicate with other group members.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method as recited in claim 1, wherein the Mobile IP registration reply further identifies the one or more groups.
  - 3. The method as recited in claim 1, wherein the Mobile IP registration reply identifies at least one of a Home Address or a care-of address of at least one of the one or more key servers.
  - 4. The method as recited in claim 1, further comprising:
    - receiving a subsequent Mobile IP registration request from the group member;
      
      updating the mobility binding for the group member;
      
      ascertaining whether another key server that serves at least one of the one or more groups is closer to the group member than at least one of the one or more key servers that serves the at least one of the one or more groups;
      
      generating a subsequent Mobile IP registration reply according to whether another key server is closer to the group member; and
      
      sending the subsequent Mobile IP registration reply to the group member.
  - 5. The method as recited in claim 4, wherein the subsequent Mobile IP registration request identifies at least one of a Home Address or a care-of address of at least one of the one or more key servers
  - 6. The method as recited in claim 4, further comprising:
    - when it is ascertained that another key server that serves at least one of the one or more groups is closer to the group member than the at least one of the one or more key servers that serves the at least one of the one or more groups, the subsequent Mobile IP registration reply identifies the another key server such that the group member is notified that the another key server is closer to the group member than the at least one of the one or more key servers.
  - 7. The method as recited in claim 1, further comprising:
    - determining that another key server that serves at least one of the one or more groups is closer to the group member than at least one of the one or more key servers that serves the at least one of the one or more groups; and
      
      notifying the group member that the another key server is closer to the group member than the at least one of the one or more key servers.
  - 8. The method as recited in claim 7, wherein the group member is responsible for notifying the another key server that it is responsible for sending rekey information to the group member when a group key of one of the at least one of the one or more groups is modified.
  - 9. The method as recited in claim 1, further comprising:
    - ascertaining whether another key server that serves at least one of the one or more groups is closer to the group member than at least one of the one or more key servers that serves the at least one of the one or more groups;
      
      when it is ascertained that another key server that serves at least one of the one or more groups is closer to the group member than the at least one of the one or more key servers that serves the at least one of the one or more groups, notifying the at least one of the one or more key servers that they are no longer responsible for sending rekey information to the group member when a group key of one of the at least one of the one or more groups is modified.
  - 10. The method as recited in claim 1, further comprising:
    - transmitting a list identifying at least one key server to the group member.
  - 11. The method as recited in claim 10, further comprising:
    - identifying the at least one key server, wherein the at least one key server is selected in accordance with a location of the at least one key server with respect to a location the group member.
  - 12. The method as recited in claim 1, further comprising:
    - ascertaining whether another key server that serves at least one of the one or more groups is closer to the group member than at least one of the one or more key servers that serves the at least one of the one or more groups;
      
      when it is ascertained that another key server that serves at least one of the one or more groups is closer to the group member than the at least one of the one or more key servers that serves the at least one of the one or more groups, notifying the another key server that it is responsible for sending rekey information to the group member when group cryptography material of one of the at least one of the one or more groups is modified.

13. An apparatus, comprising:
- means for receiving a Mobile IP registration request from a group member, the group member being a Mobile Node;
  
  means for generating a mobility binding for the group member that associates the group member with a care-of address, wherein the group member is a member of one or more groups;
  
  means for generating a Mobile IP registration reply, the Mobile IP registration reply identifying one or more key servers, each of the one or more key servers serving at least one of the one or more groups and being adapted for distributing group cryptography material to members of each group that is served by the corresponding key server; and
  
  means for sending the Mobile IP registration reply to the group member, thereby enabling the group member to obtain group cryptography material for at least one of the one or more groups from at least one of the one or more key servers to enable the group member to use the shared key to secure communications with other group members.

14. An apparatus, comprising:
- a processor; and
  
  a memory, at least one of the processor or the memory being adapted for;
  
  receiving a Mobile IP registration request from a group member, the group member being a Mobile Node;
  
  generating a mobility binding for the group member that associates the group member with a care-of address, wherein the group member is a member of one or more groups;
  
  generating a Mobile IP registration reply, the Mobile IP registration reply identifying one or more key servers, each of the one or more key servers serving at least one of the one or more groups and being adapted for distributing group cryptography material to members of each group that is served by the corresponding key server; and
  
  sending the Mobile IP registration reply to the group member, thereby enabling the group member to obtain group cryptography material for at least one of the one or more groups from at least one of the one or more key servers to enable the group member to use the shared key to secure communications with other group members.

15. An apparatus, comprising:
- a processor; and
  
  a memory, at least one of the processor or the memory being adapted for;
  
  receiving a Mobile IP registration request from a key server, the key server being a Mobile Node;
  
  generating a mobility binding for the key server that associates the key server with a care-of address, the key server serving one or more groups and being adapted for distributing group cryptography material to members of each of the one or more groups that is served by the key server;
  
  generating a Mobile IP registration reply; and
  
  sending the Mobile IP registration reply to the key server.

16. A method, comprising:
- receiving a Mobile IP registration request from a key server, the key server being a Mobile Node;
  
  generating a mobility binding for the key server that associates the key server with a care-of address, the key server serving one or more groups and being adapted for distributing group cryptography material to members of each of the one or more groups that is served by the key server;
  
  generating a Mobile IP registration reply; and
  
  sending the Mobile IP registration reply to the key server.
- View Dependent Claims (17, 18, 20, 21, 22, 23, 24, 25)
- - 17. The method as recited in claim 16, wherein the key server is a member of at least one of the one or more groups.
  - 18. The method as recited in claim 16, wherein the Mobile IP registration request identifies a location of the key server.
  - 20. The method as recited in claim 16, wherein the Mobile IP registration reply identifies one or more key servers.
  - 21. The method as recited in claim 20, wherein the Mobile IP registration reply further identifies a location associated with each of the one or more key servers.
  - 22. The method as recited in claim 20, wherein the Mobile IP registration reply identifies at least one of a care-of address or a home address of each of the one or more key servers.
  - 23. The method as recited in claim 20, each of the one or more key servers serving at least one of the one or more groups that are served by the key server, wherein the Mobile IP registration reply further identifies the at least one of the one or more groups that is served by each of the one or more key servers.
  - 24. The method as recited in claim 20, wherein the Mobile IP registration reply identifies a set of groups that is served by each of the one or more key servers.
  - 25. The method as recited in claim 16, further comprising:
    - notifying the key server of a care-of address of one of the members of one of the one or more groups.

19. The method as recited in 16, wherein the Mobile IP registration request identifies each of the one or more groups that is served by the key server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Popoviciu, Ciprian Pompiliu, Khalid, Mohamed, Asati, Rajiv, Kamarthy, Kavitha, Akhter, Aamer Saeed

Granted Patent

US 8,411,866 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/255
CPC Class Codes

H04L 2209/80 Wireless

H04L 9/0833 involving conference or gro...

DISTRIBUTION OF GROUP CRYPTOGRAPHY MATERIAL IN A MOBILE IP ENVIRONMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

DISTRIBUTION OF GROUP CRYPTOGRAPHY MATERIAL IN A MOBILE IP ENVIRONMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links