Security framework for an IP mobility system using variable-based security associations and broker redirection

US 7,174,018 B1
Filed: 06/16/2000
Issued: 02/06/2007
Est. Priority Date: 06/24/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method for securely communicating to a mobile node on a communications system having a home network for the mobile node and at least one foreign network comprising the steps of:

requiring at least one security association between the home network and the foreign network, wherein the home network has at least one home agent network server;

establishing at least one security association between the mobile node and the foreign network using a registration reply message to transmit a public key, said registration reply message originating at the home agent network server and transmitted to the mobile node to acknowledge registering the mobile node care-of address with the home agent network server;

requiring that an information packet received by the home network be encrypted with an encryption mechanism;

transmitting the information packet from the mobile node using the security associations to support secure communications from the mobile node;

routing the information packet through a secure messaging gateway that includes a firewall and an AAA server performing authentication and accounting functions;

coupling a service level agreement broker to the foreign network, separate from any AAA server on either the home network or the foreign network, to support establishment and maintenance of a plurality of security associations for multiple networks and multiple nodes used in communications on the communications system to include establishing and maintaining a single service level agreement for communications among multiple networks and multiple nodes; and

decoding information from the encrypted information packet at the home network to retrieve the information.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an IP-based mobile communications system, the Mobile Node changes its point of attachment to the network while maintaining network connectivity. Security concerns arise in the mobile system because authorized users are subject to the following forms of attack: (1) session stealing where a hostile node hijacks session from mobile node by redirecting packets, (2) spoofing where the identity of an authorized user is utilized in an unauthorized manner to obtain access to the network, and (3) eavesdropping and stealing of data during session with authorized user. No separate secure network exists in the IP-based mobility communications system, and therefore, it is necessary to protect information transmitted in the mobile system from the above-identified security attacks.

The present invention improves the security of communications in a IP mobile communications system by creating variable-based Security Associations between various nodes on the system, a Virtual Private Network supported by an Service Level Agreement between various foreign networks and a home network, and an SLA Broker to promote large-scale roaming among different SLAs supported by the SLA Broker or agreements with other SLA Brokers.

181 Citations

37 Claims

1. A method for securely communicating to a mobile node on a communications system having a home network for the mobile node and at least one foreign network comprising the steps of:
- requiring at least one security association between the home network and the foreign network, wherein the home network has at least one home agent network server;
  
  establishing at least one security association between the mobile node and the foreign network using a registration reply message to transmit a public key, said registration reply message originating at the home agent network server and transmitted to the mobile node to acknowledge registering the mobile node care-of address with the home agent network server;
  
  requiring that an information packet received by the home network be encrypted with an encryption mechanism;
  
  transmitting the information packet from the mobile node using the security associations to support secure communications from the mobile node;
  
  routing the information packet through a secure messaging gateway that includes a firewall and an AAA server performing authentication and accounting functions;
  
  coupling a service level agreement broker to the foreign network, separate from any AAA server on either the home network or the foreign network, to support establishment and maintenance of a plurality of security associations for multiple networks and multiple nodes used in communications on the communications system to include establishing and maintaining a single service level agreement for communications among multiple networks and multiple nodes; and
  
  decoding information from the encrypted information packet at the home network to retrieve the information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of securely communicating to a mobile node in claim 1 further comprising the step of:
    - establishing a security association between the home network and a correspondent node.
  - 3. The method of securely communicating to a mobile node in claim 1 further comprising the step of:
    - establishing a security association between the mobile node and a correspondent node.
  - 4. The method of securely communicating to a mobile node in claim 3 further comprising the step of:
    - establishing a security association between the home network and a correspondent node.
  - 5. The method of securely communicating to a mobile node in claim 1 further comprising the step of:
    - encrypting information using a public key algorithm.
  - 6. The method of securely communicating to a mobile node in claim 1 further comprising the step of:
    - encrypting information using a private key algorithm.
  - 7. The method of securely communicating to a mobile node in claim 1 further comprising the step of:
    - supporting the secure communication for the security association between the foreign network and the mobile node using a code-based cellular communication system.
  - 8. The method of securely communicating to a mobile node in claim 1 further comprising the step of:
    - requiring multiple security associations between a plurality of foreign networks and the home network.
  - 9. The method of securely communicating to a mobile node in claim 8 further comprising the step of:
    - establishing a service level agreement to manage the secure communication of information packets on the multiple security associations.
  - 10. The method of securely communicating to a mobile node in claim 9 further comprising the step of:
    - establishing a broker to assist in the use of service level agreements on the secure communications system.

11. A method for securely communicating to a mobile node on a communications system having a home network for the mobile node and at least one foreign network comprising the steps of:
- requiring at least one security association between the home network and the mobile node, wherein the home network has at least one home agent network server, and using a service level agreement broker to establish and maintain a plurality of security associations;
  
  transmitting a registration message containing a public key, said registration message originating at the home agent network sever and routed to the mobile node to acknowledge registering the mobile node care-of-address with the home network;
  
  requiring that an information packet transmitted to the home network be encrypted using an encryption mechanism;
  
  transmitting the information packet from the mobile node using the security associations to support secure communications from the mobile node;
  
  routing the information packet through a secure messaging gateway comprising a firewall blocking access of unsecured packets and an AAA server, separate from the service level agreement broker, performing authentication and accounting functions, said service level agreement broker operating from any AAA server on either the home or foreign network to support establishment and maintenance of a plurality of security associations from multiple networks and multiple nodes used in communications on the communications system to include establishing and maintaining a single service level agreement for communications among multiple networks and multiple nodes; and
  
  decoding information from the encrypted information packet at the home network to retrieve the information.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of securely communicating to a mobile node in claim 11 further comprising the step of:
    - establishing a security association between the home network and a correspondent node.
  - 13. The method of securely communicating to a mobile node in claim 11 further comprising the step of:
    - establishing a security association between the mobile node and a correspondent node.
  - 14. The method of securely communicating to a mobile node in claim 13 further comprising the step of:
    - establishing a security association between the home network and a correspondent node.
  - 15. The method of securely communicating to a mobile node in claim 11 further comprising the step of:
    - encrypting information using a public key algorithm.
  - 16. The method of securely communicating to a mobile node in claim 11 further comprising the step of:
    - encrypting information using a private key algorithm.
  - 17. The method of securely communicating to a mobile node in claim 11 further comprising the step of:
    - establishing multiple security associations between a plurality of foreign networks and the home network.
  - 18. The method of securely communicating to a mobile node in claim 17 further comprising the step of:
    - establishing a service level agreement to manage the secure communication of information packets on the multiple security associations.
  - 19. The method of securely communicating to a mobile node in claim 18 further comprising the step of:
    - maintaining a plurality of service level agreements at the service level agreement broker for use on the secure communications system, said service level agreements including a plurality of networks.

20. A system for securely communicating to a mobile node in a wireless communications network comprising:
- a home network having a home agent server coupled to a router capable of directing information packets to and from the home network;
  
  a foreign network having a foreign agent coupled to a router capable of directing information packets to and from the foreign network and a transceiver capable of performing wireless communications with at least one mobile node in the transmission range of the transceiver for the foreign network;
  
  a broker entity separate from any AAA server functioning as a consortium of a plurality of security associations, said broker used to establish security associations that can include a single security level agreement established on multiple nodes among different network to form a virtual private network;
  
  said security associations including a security association established between the home network and the foreign network and a security association established between the mobile node and the foreign network using registration messages to transmit a public key, the registration messages used for registering the mobile node care-of address with the home network and addressing to route between the home network and the mobile node, both security associations used to support the secure communication of information packets from the mobile node to the home network; and
  
  said information packets routed through a secure messaging gateway comprising a firewall blocking access of unsecured packets and an AAA server performing authentication and accounting functions to track secure communication transmissions, said AAA server separate from the broker.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
- - 21. The system of securely communicating to a mobile node in claim 20 further comprising:
    - a security association between the home network and a correspondent node.
  - 22. The system of securely communicating to a mobile node in claim 20 further comprising:
    - a security association between the mobile node and a correspondent node.
  - 23. The system of securely communicating to a mobile node in claim 22 further comprising:
    - a security association between the home network and a correspondent node.
  - 24. The system of securely communicating to a mobile node in claim 20 further comprising:
    - a public key encryption means to secure communications.
  - 25. The system of securely communicating to a mobile node in claim 20 further comprising:
    - a private key encryption means to secure communications.
  - 26. The system of securely communicating to a mobile node in claim 20 further comprising:
    - multiple security associations between a plurality of foreign networks and the home network.
  - 27. The system of securely communicating to a mobile node in claim 26 further comprising:
    - a service level agreement to manage the secure communication of information packets on the multiple security associations.
  - 28. The system of securely communicating to a mobile node in claim 27 further comprising:
    - a broker to assist in the use of service level agreements on a plurality of networks on the secure communications system by establishing a single service level agreement with a common security association on multiple nodes.

29. A system for securely communicating to a mobile node in a wireless communications network comprising:
- a home network having a home agent network server coupled to a router capable of directing information packets to and from the home network;
  
  a foreign network having a foreign agent coupled to a router capable of directing information packets to and from the foreign network and a transceiver capable of performing wireless communications with at least one mobile node in the transmission range of the transceiver for the foreign network;
  
  a security association established between the home network and the mobile node using a registration message, said registration message used for registering the mobile node care-of address with the home network and addressing to transmit between the home network and the mobile node, the security association used to support the secure communication of information packets from the mobile node to the home network said security association established using a broker supporting a plurality of security associations, said broker existing and functioning separately from any AAA server to support establish and maintain a plurality of security associations from multiple networks and multiple nodes used in communications on the communications system to include establishing and maintaining a single service level agreement for communications among multiple networks and multiple nodes; and
  
  a security gateway including a firewall function blocking unsecured packet access to the network and an AAA server performing authentication and accounting functions used to track secure communication transmission using the security association, said AAA server separate from said broker.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37)
- - 30. The system of securely communicating to a mobile node in claim 29 further comprising:
    - a security association between the home network and a correspondent node.
  - 31. The system of securely communicating to a mobile node in claim 29 further comprising:
    - a security association between the mobile node and a correspondent node.
  - 32. The system of securely communicating to a mobile node in claim 31 further comprising:
    - a security association between the home network and a correspondent node.
  - 33. The system of securely communicating to a mobile node in claim 29 further comprising:
    - a public key encryption means to secure communications.
  - 34. The system of securely communicating to a mobile node in claim 29 further comprising:
    - a private key encryption means to secure communications.
  - 35. The system of securely communicating to a mobile node in claim 29 further comprising:
    - multiple security associations between a plurality of foreign networks and the home network.
  - 36. The system of securely communicating to a mobile node in claim 35 further comprising:
    - a service level agreement to manage the secure communication of information packets on the multiple security associations.
  - 37. The system of securely communicating to a mobile node in claim 36 further comprising:
    - said broker to assist in the use of service level agreements having a plurality of security associations for a plurality of nodes on the secure communications system and functioning as a consortium of security level agreements on a plurality of networks forming said system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Clearinghouse LLC (RPX Corporation)
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Patil, Basavaraj B., Qaddoura, Emad A., Akhtar, Haseeb, Narayanan, Raja P.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Lanier, Benjamin E.

Application Number

US09/595,551
Time in Patent Office

2,426 Days
Field of Search

380/258, 380/270, 713/154, 713/153
US Class Current

380/258
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/0442   wherein the sending and rec...

H04L 63/0892   by using authentication-aut...

H04L 63/164   at the network layer

H04L 63/205   involving negotiation or de...

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

H04W 12/037   of the control plane, e.g. ...

H04W 12/122   Counter-measures against at...

H04W 80/04   Network layer protocols, e....

Security framework for an IP mobility system using variable-based security associations and broker redirection

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

181 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Security framework for an IP mobility system using variable-based security associations and broker redirection

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

181 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links