Method for secure handover
First Claim
1. In a mobile, wireless telecommunications network, a method for achieving secure handover of a mobile terminal from a first access point to a second access point, wherein the first access point and the second access point are physically connected through a fixed network, said method comprising the steps of:
- transmitting a security token from the first access point to the mobile terminal over a radio interface;
transmitting the security token from the mobile terminal to the second access point over the radio interface;
transmitting the security token from the first access point to the second access point through the fixed network; and
establishing a communications link between the mobile terminal and the second access point, to achieve secure handover, if the second access point determines that the security token received from the mobile terminal matches the security token received from the first access point.
7 Assignments
0 Petitions
Accused Products
Abstract
In a mobile, wireless telecommunications network, communications relating to a mobile terminal can be protected during a handover of the mobile terminal from a first access point to a second access point. This may be accomplished by transmitting a security token from the first access point to the mobile terminal, and then from the mobile terminal to the second access point, over the radio interface. Thereafter, the security token is transmitted from the first access point to the second access point through the fixed network to which both the first and the second access points are connected. The communications link between the mobile terminal and the second access point needed to achieve secure handover is then established only if the second access point determines that the security token received from the mobile terminal matches the security token received from the first access point.
162 Citations
26 Claims
-
1. In a mobile, wireless telecommunications network, a method for achieving secure handover of a mobile terminal from a first access point to a second access point, wherein the first access point and the second access point are physically connected through a fixed network, said method comprising the steps of:
-
transmitting a security token from the first access point to the mobile terminal over a radio interface;
transmitting the security token from the mobile terminal to the second access point over the radio interface;
transmitting the security token from the first access point to the second access point through the fixed network; and
establishing a communications link between the mobile terminal and the second access point, to achieve secure handover, if the second access point determines that the security token received from the mobile terminal matches the security token received from the first access point. - View Dependent Claims (2, 3, 4, 5)
at the second access point, obtaining an encryption key from the first access point to decipher the encrypted security token.
-
-
4. The method of claim 2 further comprising the step of:
at the second access point, obtaining an encryption key from a common key database to decipher the encrypted security token.
-
5. The method of claim 1 further comprising the steps of:
-
transmitting a mobile terminal identification code, along with the security token, from the mobile terminal to the second access point; and
transmitting a security token request and the mobile terminal identification code from the second access point to the first access point, through the fixed network.
-
-
6. In a mobile, wireless telecommunications network, a method for achieving secure handover of a mobile terminal from a first access point to a second access point, said method comprising the steps of:
-
transmitting a first message from the first access point to the mobile terminal over a radio interface, wherein the first message contains an encrypted security token and a hash code;
in the mobile terminal, deciphering the encrypted security token using an encryption key shared by the mobile terminal and the first access point;
in the mobile terminal, re-encrypting the security token using an encryption key that is shared by the mobile terminal and the second access point;
transmitting a second message from the mobile terminal to the second access point, wherein the second message contains the re-encrypted security token and the hash code;
deciphering the re-encrypted security token at the second access point using the encryption key shared by the mobile terminal and the second access point; and
establishing a communications link between the mobile terminal and the second access point, to achieve secure handover, if the second access point authenticates the mobile terminal based on the deciphered security token and the hash code. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
deciphering the security token at the second access point by applying the encryption key shared by the first access point and the second access point to the hash code;
comparing the security token deciphered using the encryption key shared by the mobile terminal and the second access point with the security token deciphered using the encryption key shared by the first access point and the second access point; and
authenticating the mobile terminal if the second access point determines that there is a match between the security token deciphered using the encryption key shared by the mobile terminal and the second access point and the security token deciphered using the encryption key shared by the first access point and the second access point.
-
-
9. The method of claim 7, wherein the hash code is also a function of a timestamp value.
-
10. The method of claim 6, wherein the first message and the second message each contain a timestamp value.
-
11. The method of claim 10 further comprising the step of:
determining, as a function of the timestamp value, whether an excessive period of time elapsed between the time the first message was transmitted from the first access point to the mobile terminal and the time the second message was received by the second access point.
-
12. The method of claim 11 further comprising the step of:
preventing the establishment of a communications link between the mobile terminal and the second access point, if it is determined that an excessive amount of time has elapsed.
-
13. The method of claim 11 further comprising the step of:
encrypting the timestamp value using an encryption key that is shared by the first access point and the second access point.
-
14. In a mobile, wireless telecommunications network, a method for achieving secure handover of a mobile terminal from a first access point to a second access point, wherein the first access point and the second access point are physically connected through a fixed network, said method comprising the steps of:
-
transmitting a security token from the first access point to the mobile terminal over a radio interface;
transmitting the security token from the mobile terminal to the second access point over the radio interface;
transmitting the security token from the first access point to the second access point through the fixed network; and
establishing a communications link between the mobile terminal and the second access point, to achieve secure handover, if the second access point determines that the security token received from the mobile terminal matches the security token received from the first access point. - View Dependent Claims (15, 16, 17, 18)
at the second access point, obtaining an encryption key from the first access point to decipher the encrypted security token.
-
-
17. The method of claim 15 further comprising the step of:
at the second access point, obtaining an encryption key from a common key database to decipher the encrypted security token.
-
18. The method of claim 14 further comprising the steps of:
-
transmitting a mobile terminal identification code, along with the security token, from the mobile terminal to the second access point; and
transmitting a security token request and the mobile terminal identification code from the second access point to the first access point, through the fixed network.
-
-
19. In a mobile, wireless telecommunications network, a method for achieving secure handover of a mobile terminal from a first access point to a second access point, said method comprising the steps of:
-
transmitting a first message from the first access point to the mobile terminal over a radio interface, wherein the first message contains an encrypted security token and a hash code;
in the mobile terminal, deciphering the encrypted security token using an encryption key shared by the mobile terminal and the first access point;
in the mobile terminal, re-encrypting the security token using an encryption key that is shared by the mobile terminal and the second access point;
transmitting a second message from the mobile terminal to the second access point, wherein the second message contains the re-encrypted security token and the hash code;
deciphering the re-encrypted security token at the second access point using the encryption key shared by the mobile terminal and the second access point; and
establishing a communications link between the mobile terminal and the second access point, to achieve secure handover, if the second access point authenticates the mobile terminal based on the deciphered security token and the hash code. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
deciphering the security token at the second access point by applying the encryption key shared by the first access point and the second access point to the hash code;
comparing the security token deciphered using the encryption key shared by the mobile terminal and the second access point with the security token deciphered using the encryption key shared by the first access point and the second access point; and
authenticating the mobile terminal if the second access point determines that there is a match between the security token deciphered using the encryption key shared by the mobile terminal and the second access point and the security token deciphered using the encryption key shared by the first access point and the second access point.
-
-
22. The method of claim 20, wherein the hash code is also a function of a timestamp value.
-
23. The method of claim 19, wherein the first message and the second message each contain a timestamp value.
-
24. The method of claim 23 further comprising the step of:
determining, as a function of the timestamp value, whether an excessive period of time elapsed between the time the first message was transmitted from the first access point to the mobile terminal and the time the second message was received by the second access point.
-
25. The method of claim 24 further comprising the step of:
preventing the establishment of a communications link between the mobile terminal and the second access point, if it is determined that an excessive amount of time has elapsed.
-
26. The method of claim 24 further comprising the step of:
encrypting the timestamp value using an encryption key that is shared by the first access point and the second access point.
Specification