AAA broker specification and protocol

US 6,915,345 B1
Filed: 10/02/2000
Issued: 07/05/2005
Est. Priority Date: 10/02/2000
Status: Active Grant

First Claim

Patent Images

1. The method of establishing a connection for a mobile node on a communication system having a home network for the mobile node and at least one foreign network comprising the steps of:

receiving a registration request message at a foreign network Authentication, Authorization, Accounting server;

transmitting a request to an Authentication, Authorization, Accounting broker server to obtain service level agreement information to establish a secure connection between the foreign and home networks;

receiving at the foreign network Authentication, Authorization, Accounting server a response transmitted from the Authentication, Authorization, Accounting broker server containing service level agreement information stored on the Authentication, Authorization, Accounting broker server, wherein the response transmitted from the Authentication, Authorization, Accounting broker server contains the Internet Protocol address of the home network to which the request should be directly forwarded and one or more instances of a first value to indicate that one or more different host networks can be contacted.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an IP-based mobile communications system, the Mobile Node changes its point of attachment to the network while maintaining network connectivity. The present invention improves the attachment of the Mobile Node to the IP mobile communications system by allowing a AAA Broker Server to maintain client information necessary to establish the a secure Mobile Node connection to the home network.

175 Citations

39 Claims

1. The method of establishing a connection for a mobile node on a communication system having a home network for the mobile node and at least one foreign network comprising the steps of:
- receiving a registration request message at a foreign network Authentication, Authorization, Accounting server;
  
  transmitting a request to an Authentication, Authorization, Accounting broker server to obtain service level agreement information to establish a secure connection between the foreign and home networks;
  
  receiving at the foreign network Authentication, Authorization, Accounting server a response transmitted from the Authentication, Authorization, Accounting broker server containing service level agreement information stored on the Authentication, Authorization, Accounting broker server, wherein the response transmitted from the Authentication, Authorization, Accounting broker server contains the Internet Protocol address of the home network to which the request should be directly forwarded and one or more instances of a first value to indicate that one or more different host networks can be contacted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 19)
- - 2. The method of establishing a home network connection in claim 1 further comprising the step of:
    - establishing a connection with an Authentication, Authorization, Accounting server on the home network based upon the information received from the Authentication, Authorization, Accounting broker server.
  - 3. The method of establishing a home network connection in claim 1 further comprising the step of:
    - receiving a response from the Authentication, Authorization, Accounting broker server with a rejection response after the Authentication, Authorization, Accounting broker server determines that the home network is not found by the Authentication, Authorization, Accounting broker server.
  - 4. The method of establishing a home network connection in claim 1 further comprising the step of:
    - transmitting the request to the Authentication, Authorization, Accounting broker server for all messages to be addressed to unknown networks in order to identify the home network.
  - 5. The method of establishing a home network connection in claim 1 further comprising the step of:
    - receiving the response from the Authentication, Authorization, Accounting broker server with a tag value that indicates the timeout value for a particular host.
  - 6. The method of establishing a home network connection in claim 1 further comprising the step of:
    - receiving the response from the Authentication, Authorization, Accounting broker server with a session time-out value as a discretionary indication to the home network server on how long the home network entry should be maintained as valid on the foreign network.
  - 7. The method of establishing a home network connection in claim 1 further comprising the step of:
    - receiving the response from the Authentication, Authorization, Accounting broker server with a tag value that indicates a host sever selection value.
  - 8. The method of establishing a home network connection in claim 1 further comprising the step of:
    - receiving the response from the Authentication, Authorization, Accounting broker server with a certificate of the foreign network server and the host network server.
  - 9. The method of establishing a home network connection in claim 8 further comprising the step of:
    - receiving the response from the Authentication, Authorization, Accounting broker server with a certificate encapsulated in an Attribute Value Pair of the foreign network server and the host network server.
  - 10. The method of establishing a home network connection in claim 8 further comprising the step of:
    - receiving the response from the Authentication, Authorization, Accounting broker server with a certificate of the foreign network server and the host network server where the foreign network server forwards the certificate in a communication to the home AAA Authentication, Authorization, Accounting server.
  - 11. The method of establishing a home network connection in claim 1 further comprising the step of:
    - receiving the response from the Authentication, Authorization, Accounting broker server with a certificate encapsulated in an Attribute Value Pair of the foreign network server and the host network server.
  - 12. The method of establishing a home network connection in claim 1 further comprising the step of:
    - transmitting a request to a second Authentication, Authorization, Accounting broker server in response to the response received by the foreign network server.
  - 13. The method of establishing a home network connection in claim 1 further comprising the step of:
    - receiving the response from the Authentication, Authorization, Accounting broker server after the Authentication, Authorization, Accounting broker server validates the request from the foreign network against information retained in the Authentication, Authorization, Accounting broker server on allowed request clients.
  - 14. The method of establishing a home network connection in claim 1 further comprising the step of:
    - receiving the response from the Authentication, Authorization, Accounting broker server after the Authentication, Authorization, Accounting broker server validates the request from the foreign network by processing a destination attribute in an attempt to find a match on the home network.
  - 15. The method of establishing a home network connection in claim 1 further comprising the step of:
    - receiving the response from the Authentication, Authorization, Accounting broker server after the Authentication, Authorization, Accounting broker server validates the request from the foreign network by processing a user name attribute in an attempt to find a match on the home network.
  - 16. The method of establishing a home network connection in claim 15 further comprising the step of:
    - receiving the response from the Authentication, Authorization, Accounting broker server after the Authentication, Authorization, Accounting broker server validates the request from the foreign network by processing a destination attribute in an attempt to find a match on the home network.
  - 18. The method of establishing a home network connection in claim 1 further comprising the step of:
    - after receiving the response from Authentication, Authorization, Accounting broker server that services the home network, the foreign network initiates a security association pursuant to the returned service level agreement information in the response message by transmitting a message to the home network from the foreign network.
  - 19. The method of establishing a home network connection in claim 1 further comprising the step of:
    - receiving message from the home network server at the foreign network Authentication, Authorization, Accounting server after the home network that services the home network Authentication, Authorization, Accounting server processes a request from the foreign network server for a secure connection.

17. The method of establishing a connection for a mobile node on a communication system having a home network for the mobile node and at least one foreign network comprising the steps of:
- receiving a registration request message at a foreign network Authentication, Authorization, Accounting server;
  
  transmitting a request to an Authentication, Authorization, Accounting broker server to obtain service level agreement information to establish a secure connection between the foreign and home networks;
  
  receiving at the foreign network Authentication, Authorization, Accounting server a response transmitted from the Authentication, Authorization, Accounting broker server containing service level agreement information stored on the Authentication, Authorization, Accounting broker server, wherein the response transmitted from the Authentication, Authorization, Accounting broker server contains the Internet Protocol address of the home network to which the request should be directly forwarded, and one or more instances of a first value to indicate that one or more different host networks can be contacted; and
  
  contacting a second Authentication, Authorization, Accounting broker server after a rejection response is received from the Authentication, Authorization, Accounting broker server.

20. A system for establishing a home network connection of a mobile node on a foreign network in a wireless communications network comprising:
- a home network having a home agent coupled to a home Authentication, Authorization, Accounting server;
  
  a foreign network having a foreign agent coupled to a foreign Authentication, Authorization, Accounting server;
  
  a mobile node transmitting a request to the foreign Authentication, Authorization, Accounting server in a request to establish a secure connection between the mobile node and the home network;
  
  an Authentication, Authorization, Accounting broker server coupled to the foreign Authentication, Authorization, Accounting server transmitting a request to the Authentication, Authorization, Accounting broker server to determine the location of the home network and security association information for establishing the secure connection between the mobile node and the home network according to a security protocol specified in the Authentication, Authorization, Accounting broker server; and
  
  the foreign Authentication, Authorization, Accounting server receives a response from the Authentication, Authorization, Accounting broker server with the Internet Protocol address of the home network to which the request should be directly forwarded and one or more instances of a first value to indicate that one or more different host networks can be contacted.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 21. The system set forth in claim 20 wherein:
    - the foreign Authentication, Authorization, Accounting server receives a response from the Authentication, Authorization, Accounting server broker server that contain the Internet Protocol address of the home network to which the request should be directly forwarded.
  - 22. The system set forth in claim 20 wherein:
    - the foreign Authentication, Authorization, Accounting server transmits the request to the Authentication, Authorization, Accounting broker server for all messages to be addressed to unknown networks in order to identify the home network.
  - 23. The system set forth in claim 20 wherein:
    - the foreign Authentication, Authorization, Accounting server receives a response from the Authentication, Authorization, Accounting broker server with a tag value that indicates a host server selection value.
  - 24. The system set forth in claim 20 wherein:
    - the foreign Authentication, Authorization, Accounting server receives a response from the Authentication, Authorization, Accounting broker server that includes a session time-out value as a discretionary indication to the foreign network server on how long the home network entry should be maintained as valid on the foreign network.
  - 25. The system set forth in claim 24 wherein:
    - the foreign Authentication, Authorization, Accounting server receives the response from the Authentication, Authorization, Accounting broker server with a tag value that indicates a host server selection value.
  - 26. The system set forth in claim 20 wherein:
    - the foreign Authentication, Authorization, Accounting server receives the response from the Authentication, Authorization, Accounting broker server with a certificate of the foreign network server and the host network server.
  - 27. The system set forth in claim 20 wherein:
    - the foreign Authentication, Authorization, Accounting server receives the response from the Authentication, Authorization, Accounting broker server with a certificate encapsulated in an Attribute Value Pair of the foreign network server and the host network server.
  - 28. The system set forth in claim 20 wherein:
    - the foreign Authentication, Authorization, Accounting server receives the response from the Authentication, Authorization, Accounting broker server with a certificate that is forwarded to the home Authentication, Authorization, Accounting server.
  - 29. The system set forth in claim 28 wherein:
    - the foreign Authentication, Authorization, Accounting server receives the response from the Authentication, Authorization, Accounting broker server with a certificate encapsulated in an Attribute Value Pair of the foreign network server and the host network server.
  - 30. The system set forth in claim 20 wherein:
    - the foreign Authentication, Authorization, Accounting server transmits a second request to a second Authentication, Authorization, Accounting broker server in response to a rejection response received from the Authentication, Authorization, Accounting broker by the foreign network server.
  - 31. The system set forth in claim 20 wherein:
    - the foreign Authentication, Authorization, Accounting server receives a response from the Authentication, Authorization, Accounting broker server after the Authentication, Authorization, Accounting broker validates the request from the foreign network against the information retained in the Authentication, Authorization, Accounting broker server on the allowed request clients.
  - 32. The system set forth in claim 20 wherein:
    - the foreign Authentication, Authorization, Accounting server receives a response from the Authentication, Authorization, Accounting broker server after the Authentication, Authorization, Accounting broker validates the request from the foreign network by processing a destination attribute in an attempt to find a match on the home network.
  - 33. The system set forth in claim 20 wherein:
    - the foreign Authentication, Authorization, Accounting server receives a response from the Authentication, Authorization, Accounting broker server after the Authentication, Authorization, Accounting broker validates the request from the foreign network by processing a user name attribute in an attempt to find a match on the home network.
  - 34. The system set forth in claim 33 wherein:
    - the foreign Authentication, Authorization, Accounting server receives a response from the Authentication, Authorization, Accounting broker server after the Authentication, Authorization, Accounting broker validates the request from the foreign network by processing a destination attribute in an attempt to find a match on the home network.
  - 35. The system set forth in claim 20 wherein:
    - the foreign Authentication, Authorization, Accounting server receives a rejection response from the Authentication, Authorization, Accounting broker server after the Authentication, Authorization, Accounting broker server determines that the home network is not found serviced by the Authentication, Authorization, Accounting broker server.
  - 36. The system set forth in claim 20 wherein:
    - the foreign Authentication, Authorization, Accounting server contacts a second Authentication, Authorization, Accounting broker server after a rejection response is received from the Authentication, Authorization, Accounting broker server.
  - 37. The system set forth in claim 20 wherein:
    - the foreign Authentication, Authorization, Accounting server initiates a security association pursuant to the returned information in the response message by transmitting a message to the home network from the foreign network.
  - 38. The system set forth in claim 20 wherein:
    - the foreign Authentication, Authorization, Accounting server receives a message from the home network server to the foreign network server after home network server processes the request from the foreign network server for a secure connection.

39. A method for establishing a connection for a mobile node on a communication system having a home network for the mobile node and at least one foreign network comparing the steps of:
- receiving a registration request message at a foreign Authentication, Authorization, Accounting server;
  
  transmitting a request to an Authentication, Authorization, Accounting broker server to obtain service level agreement information to establish a secure connection between the foreign and home network;
  
  receiving at the foreign network Authentication, Authorization, Accounting server a response from the Authentication, Authorization, Accounting broker server containing service level agreement information wherein the response transmitted from Authentication, Authorization, Accounting broker server contains the Internet Protocol address of the home network to which the request should be directly forwarded and one or more instances of a first value to indicate that one or more different host networks can be contacted; and
  
  establishing a secure connection with an Authentication, Authorization, Accounting server on the home network based upon the service level agreement information received from the Authentication, Authorization, Accounting broker server to encrypt information packets transmitted between the home network and the mobile node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Tummala, Rambabu, Mitton, David J., Akhtar, Haseeb
Primary Examiner(s)
Follansbee, John
Assistant Examiner(s)
Chang, Jungwon

Application Number

US09/677,274
Time in Patent Office

1,737 Days
Field of Search

709/225, 709/217, 709/202, 709/229, 709/249, 455/432.1, 455/432, 455/433, 370/328, 370/238, 370/329
US Class Current

709/225
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0892   by using authentication-aut...

H04W 12/033   of the user plane, e.g. use...

H04W 12/06   Authentication

AAA broker specification and protocol

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

175 Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

AAA broker specification and protocol

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

175 Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links