Method for secure handover

US 6,370,380 B1
Filed: 02/17/1999
Issued: 04/09/2002
Est. Priority Date: 02/17/1999
Status: Expired due to Term

First Claim

Patent Images

1. In a mobile, wireless telecommunications network, a method for achieving secure handover of a mobile terminal from a first access point to a second access point, wherein the first access point and the second access point are physically connected through a fixed network, said method comprising the steps of:

transmitting a security token from the first access point to the mobile terminal over a radio interface;

transmitting the security token from the mobile terminal to the second access point over the radio interface;

transmitting the security token from the first access point to the second access point through the fixed network; and

establishing a communications link between the mobile terminal and the second access point, to achieve secure handover, if the second access point determines that the security token received from the mobile terminal matches the security token received from the first access point.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a mobile, wireless telecommunications network, communications relating to a mobile terminal can be protected during a handover of the mobile terminal from a first access point to a second access point. This may be accomplished by transmitting a security token from the first access point to the mobile terminal, and then from the mobile terminal to the second access point, over the radio interface. Thereafter, the security token is transmitted from the first access point to the second access point through the fixed network to which both the first and the second access points are connected. The communications link between the mobile terminal and the second access point needed to achieve secure handover is then established only if the second access point determines that the security token received from the mobile terminal matches the security token received from the first access point.

162 Citations

26 Claims

1. In a mobile, wireless telecommunications network, a method for achieving secure handover of a mobile terminal from a first access point to a second access point, wherein the first access point and the second access point are physically connected through a fixed network, said method comprising the steps of:
- transmitting a security token from the first access point to the mobile terminal over a radio interface;
  
  transmitting the security token from the mobile terminal to the second access point over the radio interface;
  
  transmitting the security token from the first access point to the second access point through the fixed network; and
  
  establishing a communications link between the mobile terminal and the second access point, to achieve secure handover, if the second access point determines that the security token received from the mobile terminal matches the security token received from the first access point.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the security token is encrypted at the first access point.
  - 3. The method of claim 2 further comprising the step of:
4. The method of claim 2 further comprising the step of:
- at the second access point, obtaining an encryption key from a common key database to decipher the encrypted security token.
5. The method of claim 1 further comprising the steps of:
- transmitting a mobile terminal identification code, along with the security token, from the mobile terminal to the second access point; and
  
  transmitting a security token request and the mobile terminal identification code from the second access point to the first access point, through the fixed network.

6. In a mobile, wireless telecommunications network, a method for achieving secure handover of a mobile terminal from a first access point to a second access point, said method comprising the steps of:
- transmitting a first message from the first access point to the mobile terminal over a radio interface, wherein the first message contains an encrypted security token and a hash code;
  
  in the mobile terminal, deciphering the encrypted security token using an encryption key shared by the mobile terminal and the first access point;
  
  in the mobile terminal, re-encrypting the security token using an encryption key that is shared by the mobile terminal and the second access point;
  
  transmitting a second message from the mobile terminal to the second access point, wherein the second message contains the re-encrypted security token and the hash code;
  
  deciphering the re-encrypted security token at the second access point using the encryption key shared by the mobile terminal and the second access point; and
  
  establishing a communications link between the mobile terminal and the second access point, to achieve secure handover, if the second access point authenticates the mobile terminal based on the deciphered security token and the hash code.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The method of claim 6, wherein the hash code is a function of the security token and an encryption key that is shared by the first access point and the second access point.
  - 8. The method of claim 7 further comprising the steps of:
9. The method of claim 7, wherein the hash code is also a function of a timestamp value.
10. The method of claim 6, wherein the first message and the second message each contain a timestamp value.
11. The method of claim 10 further comprising the step of:
- determining, as a function of the timestamp value, whether an excessive period of time elapsed between the time the first message was transmitted from the first access point to the mobile terminal and the time the second message was received by the second access point.
12. The method of claim 11 further comprising the step of:
- preventing the establishment of a communications link between the mobile terminal and the second access point, if it is determined that an excessive amount of time has elapsed.
13. The method of claim 11 further comprising the step of:
- encrypting the timestamp value using an encryption key that is shared by the first access point and the second access point.

14. In a mobile, wireless telecommunications network, a method for achieving secure handover of a mobile terminal from a first access point to a second access point, wherein the first access point and the second access point are physically connected through a fixed network, said method comprising the steps of:
- transmitting a security token from the first access point to the mobile terminal over a radio interface;
  
  transmitting the security token from the mobile terminal to the second access point over the radio interface;
  
  transmitting the security token from the first access point to the second access point through the fixed network; and
  
  establishing a communications link between the mobile terminal and the second access point, to achieve secure handover, if the second access point determines that the security token received from the mobile terminal matches the security token received from the first access point.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14, wherein the security token is encrypted at the first access point.
  - 16. The method of claim 15 further comprising the step of:
17. The method of claim 15 further comprising the step of:
- at the second access point, obtaining an encryption key from a common key database to decipher the encrypted security token.
18. The method of claim 14 further comprising the steps of:
- transmitting a mobile terminal identification code, along with the security token, from the mobile terminal to the second access point; and
  
  transmitting a security token request and the mobile terminal identification code from the second access point to the first access point, through the fixed network.

19. In a mobile, wireless telecommunications network, a method for achieving secure handover of a mobile terminal from a first access point to a second access point, said method comprising the steps of:
- transmitting a first message from the first access point to the mobile terminal over a radio interface, wherein the first message contains an encrypted security token and a hash code;
  
  in the mobile terminal, deciphering the encrypted security token using an encryption key shared by the mobile terminal and the first access point;
  
  in the mobile terminal, re-encrypting the security token using an encryption key that is shared by the mobile terminal and the second access point;
  
  transmitting a second message from the mobile terminal to the second access point, wherein the second message contains the re-encrypted security token and the hash code;
  
  deciphering the re-encrypted security token at the second access point using the encryption key shared by the mobile terminal and the second access point; and
  
  establishing a communications link between the mobile terminal and the second access point, to achieve secure handover, if the second access point authenticates the mobile terminal based on the deciphered security token and the hash code.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
- - 20. The method of claim 19, wherein the hash code is a function of the security token and an encryption key that is shared by the first access point and the second access point.
  - 21. The method of claim 20 further comprising the steps of:
22. The method of claim 20, wherein the hash code is also a function of a timestamp value.
23. The method of claim 19, wherein the first message and the second message each contain a timestamp value.
24. The method of claim 23 further comprising the step of:
- determining, as a function of the timestamp value, whether an excessive period of time elapsed between the time the first message was transmitted from the first access point to the mobile terminal and the time the second message was received by the second access point.
25. The method of claim 24 further comprising the step of:
- preventing the establishment of a communications link between the mobile terminal and the second access point, if it is determined that an excessive amount of time has elapsed.
26. The method of claim 24 further comprising the step of:
- encrypting the timestamp value using an encryption key that is shared by the first access point and the second access point.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wi-Fi One, LLC (Inception Holdings, LLC)
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Almehag, Lorens, Norefors, Arne, Cheng, Yi, Jerrestam, Karl Dan Gustav
Primary Examiner(s)
Le, Thanh Cong
Assistant Examiner(s)
TRAN, TUAN A

Application Number

US09/251,396
Time in Patent Office

1,147 Days
Field of Search

455/411, 455/436, 455/437, 455/438, 455/439, 455/440, 455/441, 455/442, 455/443, 455/444, 455/450, 455/451, 455/452, 370/331, 370/332, 370/333, 370/334, 380/247, 380/248, 713/156
US Class Current

455/436
CPC Class Codes

H04L 2463/061   applying further key deriva...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/126   the source of the received ...

H04W 12/06   Authentication

H04W 12/10   Integrity

H04W 12/61   Time-dependent

H04W 36/0038   of security context informa...

H04W 36/08   Reselecting an access point

H04W 76/10   Connection setup

H04W 84/12   WLAN [Wireless Local Area N...

H04W 92/20   between access points

Method for secure handover

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

162 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

Method for secure handover

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

162 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others