Secured map messages for telecommunications networks
First Claim
1. A method of sending a mobile application part (MAP) protocol message between a first network element of a first telecommunications network and a second network element of a second telecommunications network, the method comprising:
- between a key administration center of the first telecommunications network and a key administration center of the second telecommunications network, using Internet Key Exchange (IRE) to negotiate a master security association between the first telecommunications network and the second telecommunications network, the master security association comprising a set of security parameters;
using the master security association to derive a unique connection-specific security association for use by the first network element on a connection between the first network element and the second network element;
at the first network element, including a parameter obtained from the connection-specific security association in an encrypted/authenticated MAP message sent from the first network element to the second network element;
at the second network element, upon receipt of the MAP message using the master security association to derive a connection-specific security association for use by the second network element;
using the connection-specific security association for use by the second network element to decrypt/decode the MAP message;
performing negotiating of the master security association between the first telecommunications network and the second telecommunications network over a first intermediate network which differs from a second intermediate network over which the MAP message is sent, wherein the first intermediate network and the second intermediate network interconnect the first telecommunications network and the second telecommunications network.
1 Assignment
0 Petitions
Accused Products
Abstract
An encrypted/authenticated mobile application part (MAP) protocol message is sent between a first network element (42A) of a first telecommunications network (40A) and a second network element (42B) of a second telecommunications network (40B). The first network element uses a master security association to derive a connection-specific security association, and includes in the encrypted/authenticated MAP message a parameter obtained from the connection-specific security association. Upon receipt at the second network element, the master security association is used to derive a connection-specific security association for use by the second network element. The second network element uses the connection-specific security association to decrypt/decode the MAP message.
21 Citations
30 Claims
-
1. A method of sending a mobile application part (MAP) protocol message between a first network element of a first telecommunications network and a second network element of a second telecommunications network, the method comprising:
-
between a key administration center of the first telecommunications network and a key administration center of the second telecommunications network, using Internet Key Exchange (IRE) to negotiate a master security association between the first telecommunications network and the second telecommunications network, the master security association comprising a set of security parameters; using the master security association to derive a unique connection-specific security association for use by the first network element on a connection between the first network element and the second network element; at the first network element, including a parameter obtained from the connection-specific security association in an encrypted/authenticated MAP message sent from the first network element to the second network element; at the second network element, upon receipt of the MAP message using the master security association to derive a connection-specific security association for use by the second network element; using the connection-specific security association for use by the second network element to decrypt/decode the MAP message; performing negotiating of the master security association between the first telecommunications network and the second telecommunications network over a first intermediate network which differs from a second intermediate network over which the MAP message is sent, wherein the first intermediate network and the second intermediate network interconnect the first telecommunications network and the second telecommunications network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A telecommunications system comprising a first telecommunications network and a second telecommunications network, the system comprising:
-
a first key administration center at the first telecommunications network and a second key administration center at the second telecommunications network which negotiate a master security association using Internet Key Exchange (IRE), the master security associating comprising a set of security parameters; a first network element of the first telecommunications network which uses the master security association to derive a unique connection-specific security association for use by the first network element on a connection between the first network element and the second network element and which includes a parameter obtained from the connection-specific security association in an encrypted/authenticated MAP message sent from the first network element to the second network element; a second network element belonging to the second telecommunications network, the second network element being configured, upon receipt of the MAP message, to use the master security association to derive a connection-specific security association for the second network element and to use the connection-specific security association for the second network element to decrypt/decode the MAP message; performing negotiating of the master security association between the first telecommunications network and the second telecommunications network over a first intermediate network for interconnecting the first telecommunications network and the second telecommunications network and over which the master security association is negotiated; a second intermediate network, which differs from the intermediate network, for interconnecting the first telecommmunications network and the second telecommunications network and over which the MAP message is sent. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification