System and method for secure network roaming
First Claim
1. A process, comprising:
- providing a mobile node (MN) adapted to communicate with a packet gateway node (PGN) via a first network connection of a first network;
establishing an encrypted channel between the MN and the PGN based on an authentication mechanism of the first network connection between the MN and the PGN;
receiving by the MN configuration data from the PGN using the encrypted channel; and
using by the MN the configuration data for secure communication with the PGN via a second network connection of a second network through at least an access point, the first and second networks being different networks.
9 Assignments
0 Petitions
Accused Products
Abstract
A wireless data network process and system are provided based on a network with prior network-based authentication of a connected mobile node (MN) and with a network connection to a packet gateway node (PGN). The method and system establish and use an authentication mechanism between the MN and the PGN using the network connection. An encrypted channel is then set up between the MN and the PGN based on authentication established with the authentication mechanism. Configuration data is sent from the PGN to the MN using the encrypted channel. The configuration data may then be used by the MN for communication to and from the MN with the PGN via an access point. Any network connected to the PGN via any access point may then be used.
-
Citations
32 Claims
-
1. A process, comprising:
-
providing a mobile node (MN) adapted to communicate with a packet gateway node (PGN) via a first network connection of a first network; establishing an encrypted channel between the MN and the PGN based on an authentication mechanism of the first network connection between the MN and the PGN; receiving by the MN configuration data from the PGN using the encrypted channel; and using by the MN the configuration data for secure communication with the PGN via a second network connection of a second network through at least an access point, the first and second networks being different networks. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A wireless data network process, comprising:
-
providing a serving GPRS support node with a radio network connection to a Gateway GPRS support packet gateway node (PGN); at a mobile node client (MN) generating a public/private key pair and storing the pair; sending from the MN a message containing its public key to the PGN via the radio network connection; responding from the PGN with a message containing the PGN'"'"'s public key; receiving the PGN'"'"'s public key at the MN and storing this PGN public key at the MN; establishing an encrypted channel between the MN and the PGN based on authentication established using one or more of the exchanged public keys; performing at the MN a secure copy from the PGN to copy a configuration file from a designated directory on the PGN to a designated directory on the MN; using a configuration application at the MN to extract Mobile Internet Protocol (MIP) configuration and IP Security protocol (IPsec) configuration data from the configuration file; and using by the MN the MIP and IPsec configuration data for secure communication with the PGN via a second network connection of a second network through at least an access point, the first and second networks being different networks. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A wireless network system, comprising:
-
a mobile node (MN) with a wireless transceiver; a serving General Packet Radio Service (GPRS) support node; a radio access network; a GPRS gateway, a packet gateway node (PGN) with an internet connection, the PGN being capable of acting as a Mobile IP home agent (HA); a wireless local area network (WLAN) with a wireless access node and an internet connection; at least one or both of a connection from the MN to the PGN and a connection between the MN and the WLAN; a PGN public key; a MN generated public/private key pair stored at the MN, the MN public key being sent from the MN to the PGN via the radio network connection and the PGN'"'"'s public key being sent in reply to the MN via the radio network; a configuration file at the MN and sent by the PGN using a secure copy format based on the exchanged public keys; a configuration application at the MN to extract Mobile Internet Protocol (MIP) configuration and IP Security protocol (IPsec) configuration data from the configuration file; and an IPSec Security Association between the MN and the PGN with a security parameters index obtained from the SA for identifying the MN, the IPSec Security association being established between the PGN and the MN using the IP Security protocol (IPsec) configuration data; wherein the MN is adapted to use the MIP and IPsec configuration data for secure communication with the PGN via a second network connection of a second network through at least an access point, the first and second networks being different networks.
-
-
19. A process, comprising:
-
providing a packet gateway node (PGN) adapted to communicate with a mobile node (MN) via first network connection of a first network; establishing an encrypted channel between the PGN and the MN based on an authentication mechanism of the first network connection between the PGN and the MN; and sending by the PGN to the MN configuration data using the encrypted channel, the configuration data for secure communication between the MN and the PGN via second network connection of a second network through at least an access point, the first and second networks being different networks. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A mobile node (MN), comprising:
-
a transceiver adapted to transmit and receive signals to and from a packet gateway node (PGN) via a first network connection of a first network; storage coupled to the transceiver and adapted to store at least data to facilitate establishment of an encrypted channel between the MN and the PGN; and wherein the MN is adapted to cooperate with the PGN to establish the encrypted channel between the PGN and the MN based on an authentication mechanism of the first network connection between the MN and the PGN, the MN further adapted to receive configuration data from the PGN using the encrypted channel, the configuration data including at least information that facilitates the MN to securely communicate with the PGN via a second network connection of a second network through at least an access point, the first and second networks being different networks. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32)
-
Specification