DYNAMIC FOREIGN AGENT-HOME SECURITY ASSOCIATION ALLOCATION FOR IP MOBILITY SYSTEMS
First Claim
1. A communication system, comprising:
- a home network having a home agent and a home network AAA server;
a foreign network having a foreign agent;
a security association being established between the home agent and the foreign agent based on a dynamic allocation of security parameters and an SPI index value from the home network AAA server after receiving a specific security association request for the home agent-foreign agent pair from the foreign agent, said security association request being initiated after a registration request is received by the foreign agent from a mobile node, wherein the registration request received by the foreign agent is transferred to the home agent after the security association between the foreign agent and the home agent is established and the home network AAA server dynamically allocates the security parameters and SPI index values each time the foreign agent requests a security association for a specific home agent-foreign agent pairing.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention utilizes the AAA infrastructure to dynamically allocate the various parameters needed to establish the security association between the Foreign Agent and the Home Agent. The present invention uses the AAA server as a central entity to dynamically generate and distribute the chosen security association parameters needed to support the Foreign Agent and Home Agent security association based on a request from the Foreign Agent. The AAA server can also dynamically assigns a unique SPI value to the Foreign Agent and Home Agent pairs. The various parameters that can be allocated in the present invention include a FA-HA shared secret key or a public/private key pair, an authentication algorithm and mode, a FA-HA secret key lifetime, and security parameter index or security index values. The present invention also can assist in making sure that the Foreign Agent and the Home Agent stay synchronized with respect to their security association.
-
Citations
22 Claims
-
1. A communication system, comprising:
-
a home network having a home agent and a home network AAA server; a foreign network having a foreign agent; a security association being established between the home agent and the foreign agent based on a dynamic allocation of security parameters and an SPI index value from the home network AAA server after receiving a specific security association request for the home agent-foreign agent pair from the foreign agent, said security association request being initiated after a registration request is received by the foreign agent from a mobile node, wherein the registration request received by the foreign agent is transferred to the home agent after the security association between the foreign agent and the home agent is established and the home network AAA server dynamically allocates the security parameters and SPI index values each time the foreign agent requests a security association for a specific home agent-foreign agent pairing. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for establishing a secure communication pathway between a mobile node and a home agent on a home network, comprising the steps of:
-
receiving a registration request at a foreign agent on a foreign network from said mobile node located on said foreign network, said registration request including care-of addressing information to establish a communication pathway between the mobile node and the home agent located on the home network; transmitting an access request from the foreign agent to a home network AAA server located on the home network with a security association request for a specified foreign agent-home agent pairing, said home network AAA server dynamically allocating security parameters to support the security association request; receiving an access response at the foreign agent from the home network AAA server which includes the dynamically allocated security parameter information generated by the home network AAA server; transmitting the registration request to the home agent from the foreign agent including a selected portion of the security parameters received by the foreign agent, said home agent receiving the dynamically allocated security parameter information separately from the home network AAA server after receiving the registration request; receiving a registration response at the foreign agent from the home agent after confirmation of the foreign agent-home agent security association information, said registration response being provided to the mobile node to establish the communication pathway between the home agent and the mobile node. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A communication system, comprising:
-
a home network having a home agent and a home network AAA server computer; a foreign network having a foreign agent; a security association being established between the home agent and the foreign agent based on a dynamic allocation of security parameters and an SPI index value from the home network AAA server computer after receiving a specific security association request for the home agent-foreign agent pair from the foreign agent, said security association request being initiated after a registration request is received by the foreign agent from a mobile node. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
-
Specification