Efficient security association establishment negotiation technique
First Claim
1. A security association establishment negotiation method comprising:
- forwarding identifying information and a request for a security association from a mobile node via a first interface to a first network element;
forwarding the identifying information and the request for a security association from the first network element to a second network element via a second interface;
performing negotiations between the first network element and the second network element via the second interface to establish a security association between the mobile node and the first network element, the second network element utilizing previously stored security association parameters of the mobile node; and
upon agreement between the first network element and the second network element with regard to the security association parameters, the first network element forwarding the agreed-upon security association parameters negotiated between the first network element and the second network element to the mobile node via the first interface.
4 Assignments
0 Petitions
Accused Products
Abstract
A Security Association establishment negotiation technique includes forwarding identifying information from a Mobile Node via a first interface to a first network element. Negotiations are then initiated between the first network element and a second network element serving as a proxy for the Mobile Node via a second interface to establish a Security Association between the Mobile Node and the first network element, the second network element utilizing previously stored Security Association parameters of the Mobile Node. Upon agreement between the first network element and the second network element with regard to the Security Association parameters, the first network element forwards the agreed-upon Security Association parameters to the Mobile Node via the first interface. The first network element may include a Home Agent, a Correspondent Node or a Agent, and the first interface may include a wireless interface to forward information between the Mobile Node and the first network element. The first network element may also include a first gateway connected to it. The first gateway may include a AAA (Authentication, Authorization, and Accounting) server. The second network element may include a second gateway and an Subscriber database/Authentication Center, and the second gateway may be connected to the Subscriber database/Authentication Center. The second gateway may also include a AAA server.
-
Citations
16 Claims
-
1. A security association establishment negotiation method comprising:
-
forwarding identifying information and a request for a security association from a mobile node via a first interface to a first network element; forwarding the identifying information and the request for a security association from the first network element to a second network element via a second interface; performing negotiations between the first network element and the second network element via the second interface to establish a security association between the mobile node and the first network element, the second network element utilizing previously stored security association parameters of the mobile node; and upon agreement between the first network element and the second network element with regard to the security association parameters, the first network element forwarding the agreed-upon security association parameters negotiated between the first network element and the second network element to the mobile node via the first interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A security association establishment negotiation apparatus for a mobile node, the apparatus comprising:
-
a first interface connected to a first network element to forward identifying information and the request for a security association from the mobile node to the first network element; and a second interface connected between the first network element and a second network element, configured to forward the identifying information and the request for a security association from the first network element to the second network element, the first network element performing negotiations between the first network element and the second network element to establish a security association between the mobile node and the first network element utilizing security association parameters of the mobile node previously stored in the second network element; wherein, upon agreement between the first network element and the second network element with regard to the security association parameters, the first network element forwarding the agreed-upon security association parameters negotiated between the first network element and the second network element to the mobile node via the first interface. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification