Method to provide dynamic internet protocol security policy service
First Claim
Patent Images
1. A method to dynamically provide Internet Protocol security policy service, comprising the steps of:
- receiving a connection request sent from a mobile node to a foreign agent, wherein the mobile node uses Mobile Internet Protocol;
obtaining at least one policy template for the mobile node, wherein the at least one policy template includes processing information for Internet Protocol security packets sent between the foreign agent and a home agent for the mobile node;
negotiating Internet Protocol security parameters with the home agent;
creating at least one filter, wherein the at least one filter identifies data packets traveling between the home agent and the foreign agent to receive Internet Protocol security processing, and wherein the at least one filter identifies the at least one policy template to apply to the data packets receiving Internet Protocol security processing; and
storing the at least one filter in a list of active filters maintained by the foreign agent, wherein the list of active filters identifies data packets in a plurality of active Internet Protocol security sessions between the foreign agent and respective home agents of other mobile nodes that are registered with the foreign agent.
4 Assignments
0 Petitions
Accused Products
Abstract
A mobile node may roam away from its home network to a foreign network. The mobile node may communicate using the Mobile Internet Protocol, and it may use Internet Protocol security to communicate with its home network. A foreign agent on the foreign network and a home agent on the home network may dynamically link a policy to be used for a Internet Protocol security session between the foreign agent and the home agent. The foreign agent and the home agent may dynamically create a filter to be used for the Internet Protocol Security session.
191 Citations
29 Claims
-
1. A method to dynamically provide Internet Protocol security policy service, comprising the steps of:
-
receiving a connection request sent from a mobile node to a foreign agent, wherein the mobile node uses Mobile Internet Protocol;
obtaining at least one policy template for the mobile node, wherein the at least one policy template includes processing information for Internet Protocol security packets sent between the foreign agent and a home agent for the mobile node;
negotiating Internet Protocol security parameters with the home agent;
creating at least one filter, wherein the at least one filter identifies data packets traveling between the home agent and the foreign agent to receive Internet Protocol security processing, and wherein the at least one filter identifies the at least one policy template to apply to the data packets receiving Internet Protocol security processing; and
storing the at least one filter in a list of active filters maintained by the foreign agent, wherein the list of active filters identifies data packets in a plurality of active Internet Protocol security sessions between the foreign agent and respective home agents of other mobile nodes that are registered with the foreign agent. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method to dynamically provide policy service to a mobile node, comprising the steps of:
-
receiving an authentication request sent from a foreign agent on a foreign network to a home agent on a home network, wherein the authentication request indicates a mobile node roaming from the home network to the foreign network, and wherein the mobile node uses Mobile Internet Protocol;
determining whether the mobile node needs Internet Protocol security for packets sent between the foreign agent and the home agent;
informing the foreign agent that the mobile node needs Internet Protocol security for data packets sent between the home agent and the foreign agent; and
linking at least one security policy template for the mobile node to the home agent, wherein the security policy template specifies parameters to be used in Internet Protocol security communications between the foreign agent and the home agent;
creating a filter wherein the filter identifies packets traveling between the home agent and the foreign agent to receive Internet Protocol security processing, and wherein the filter identifies the policy template to apply to the packets receiving Internet Protocol security processing; and
storing the at least one filter in a list of active filters maintained by the home agent, wherein the list of active filters identifies data packets in a plurality of active Internet Protocol security sessions between the home agent and respective foreign agents of other mobile nodes. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for providing policy service in an Internet Protocol security application, comprising the steps of:
-
receiving a request from a mobile node roaming to a foreign network to establish a secure connection to a home network, wherein the mobile node uses Mobile Internet Protocol;
authenticating the mobile node with the home network;
receiving an indication to use Internet Protocol security for packets sent between a home agent on the home network and a foreign agent on the foreign network;
linking a policy for the mobile node to the foreign agent, wherein the policy identifies processing information for Internet Protocol security packets sent between the foreign agent and the home agent;
negotiating Internet Protocol security parameters with a home agent to create a virtual tunnel between the foreign agent and the home agent;
creating a filter for the mobile node, wherein the filter can be used to identify packets traveling between the foreign agent and the home agent that use Internet Protocol security; and
storing the at least one filter in a list of active filters maintained by the foreign agent, wherein the list of active filters identifies data packets in a plurality of active Internet Protocol security sessions between the foreign agent and respective home agents of other mobile nodes that are registered with the foreign agent. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
-
Specification