DYNAMIC FOREIGN AGENT-HOME SECURITY ASSOCIATION ALLOCATION FOR IP MOBILITY SYSTEMS

US 20100106969A1
Filed: 03/27/2008
Published: 04/29/2010
Est. Priority Date: 03/28/2007
Status: Active Grant

First Claim

Patent Images

1. A communication system, comprising:

a home network having a home agent and a home network AAA server;

a foreign network having a foreign agent;

a security association being established between the home agent and the foreign agent based on a dynamic allocation of security parameters and an SPI index value from the home network AAA server after receiving a specific security association request for the home agent-foreign agent pair from the foreign agent, said security association request being initiated after a registration request is received by the foreign agent from a mobile node, wherein the registration request received by the foreign agent is transferred to the home agent after the security association between the foreign agent and the home agent is established and the home network AAA server dynamically allocates the security parameters and SPI index values each time the foreign agent requests a security association for a specific home agent-foreign agent pairing.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention utilizes the AAA infrastructure to dynamically allocate the various parameters needed to establish the security association between the Foreign Agent and the Home Agent. The present invention uses the AAA server as a central entity to dynamically generate and distribute the chosen security association parameters needed to support the Foreign Agent and Home Agent security association based on a request from the Foreign Agent. The AAA server can also dynamically assigns a unique SPI value to the Foreign Agent and Home Agent pairs. The various parameters that can be allocated in the present invention include a FA-HA shared secret key or a public/private key pair, an authentication algorithm and mode, a FA-HA secret key lifetime, and security parameter index or security index values. The present invention also can assist in making sure that the Foreign Agent and the Home Agent stay synchronized with respect to their security association.

Citations

22 Claims

1. A communication system, comprising:
- a home network having a home agent and a home network AAA server;
  
  a foreign network having a foreign agent;
  
  a security association being established between the home agent and the foreign agent based on a dynamic allocation of security parameters and an SPI index value from the home network AAA server after receiving a specific security association request for the home agent-foreign agent pair from the foreign agent, said security association request being initiated after a registration request is received by the foreign agent from a mobile node, wherein the registration request received by the foreign agent is transferred to the home agent after the security association between the foreign agent and the home agent is established and the home network AAA server dynamically allocates the security parameters and SPI index values each time the foreign agent requests a security association for a specific home agent-foreign agent pairing.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The communication system of claim 1, wherein the home network AAA server dynamically allocates the security parameters and SPI index values each time the foreign agent requests a security association for a specific home agent-foreign agent pairing even in the event that there is an existing security association for that home agent-foreign agent pairing.
  - 3. The communication system of claim 1, wherein old SPI index values will be considered invalid if those values do not match the dynamically allocated SPI index values issued by the home network AAA server.
  - 4. The communication system of claim 1, wherein security parameters that can be dynamically allocated include a foreign agent-home agent shared secret key or a public/private key pair.
  - 5. The communication system of claim 1, wherein security parameters that can be dynamically allocated include an authentication algorithm and mode.
  - 6. The communication system of claim 1, wherein security parameters that can be dynamically allocated include a foreign agent-home agent secret key lifetime.

7. A method for establishing a secure communication pathway between a mobile node and a home agent on a home network, comprising the steps of:
- receiving a registration request at a foreign agent on a foreign network from said mobile node located on said foreign network, said registration request including care-of addressing information to establish a communication pathway between the mobile node and the home agent located on the home network;
  
  transmitting an access request from the foreign agent to a home network AAA server located on the home network with a security association request for a specified foreign agent-home agent pairing, said home network AAA server dynamically allocating security parameters to support the security association request;
  
  receiving an access response at the foreign agent from the home network AAA server which includes the dynamically allocated security parameter information generated by the home network AAA server;
  
  transmitting the registration request to the home agent from the foreign agent including a selected portion of the security parameters received by the foreign agent, said home agent receiving the dynamically allocated security parameter information separately from the home network AAA server after receiving the registration request;
  
  receiving a registration response at the foreign agent from the home agent after confirmation of the foreign agent-home agent security association information, said registration response being provided to the mobile node to establish the communication pathway between the home agent and the mobile node.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The method of claim 7, wherein the home network AAA server dynamically allocates the security parameter information each time the foreign agent requests a security association for a specific home agent-foreign agent pairing.
  - 9. The method of claim 7, wherein the home network AAA server dynamically allocates the security parameter information including an SPI index value each time the foreign agent requests a security association for a specific home agent-foreign agent pairing.
  - 10. The method of claim 9, wherein old SPI index values will be considered invalid if those values do not match the dynamically allocated SPI index values issued by the home network AAA server.
  - 11. The method of claim 7, wherein the home network AAA server dynamically allocates the security parameters each time the foreign agent requests a security association for a specific home agent-foreign agent pairing even though there is an existing security association for that home agent-foreign agent pairing.
  - 12. The method of claim 7, wherein security parameters that can be dynamically allocated include a foreign agent-home agent shared secret key or a public/private key pair.
  - 13. The method of claim 7, wherein security parameters that can be dynamically allocated include an authentication algorithm and mode.
  - 14. The method of claim 7, wherein security parameters that can be dynamically allocated include a foreign agent-home agent secret key lifetime.

15. A communication system, comprising:
- a home network having a home agent and a home network AAA server computer;
  
  a foreign network having a foreign agent;
  
  a security association being established between the home agent and the foreign agent based on a dynamic allocation of security parameters and an SPI index value from the home network AAA server computer after receiving a specific security association request for the home agent-foreign agent pair from the foreign agent, said security association request being initiated after a registration request is received by the foreign agent from a mobile node.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The communication system of claim 15, wherein the registration request received by the foreign agent is transferred to the home agent after the security association between the foreign agent and the home agent is established.
  - 17. The communication system of claim 15, wherein the home network AAA server dynamically allocates the security parameters and SPI index values each time the foreign agent requests a security association for a specific home agent-foreign agent pairing.
  - 18. The communication system of claim 17, wherein old SPI index values will be considered invalid if those values do not match the dynamically allocated SPI index values issued by the home network AAA server.
  - 19. The communication system of claim 15, wherein the home network AAA server dynamically allocates the security parameters and SPI index values each time the foreign agent requests a security association for a specific home agent-foreign agent pairing even though there is an existing security association for that home agent-foreign agent pairing.
  - 20. The communication system of claim 15, wherein security parameters that can be dynamically allocated include a foreign agent-home agent shared secret key or a public/private key pair.
  - 21. The communication system of claim 15, wherein security parameters that can be dynamically allocated include an authentication algorithm and mode.
  - 22. The communication system of claim 15, wherein security parameters that can be dynamically allocated include a foreign agent-home agent secret key lifetime.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Khalil, Mohamed, Muhanna, Ahmad

Granted Patent

US 8,411,858 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 63/068   using time-dependent keys, ...

H04L 63/08   for authentication of entit...

H04L 63/0892   by using authentication-aut...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 28/18   Negotiating wireless commun...

H04W 48/14   using user query or user de...

H04W 60/00   Affiliation to network, e.g...

H04W 8/065   involving selection of the ...

H04W 80/04   Network layer protocols, e....

DYNAMIC FOREIGN AGENT-HOME SECURITY ASSOCIATION ALLOCATION FOR IP MOBILITY SYSTEMS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

DYNAMIC FOREIGN AGENT-HOME SECURITY ASSOCIATION ALLOCATION FOR IP MOBILITY SYSTEMS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links