Methods and apparatus for dynamic session key generation and rekeying in mobile IP
First Claim
1. In a server adapted for authentication, authorization, and accounting, a method of generating a shared key between a Home Agent and a Mobile Node, comprising:
- receiving a request message by the server from a Home Agent, the request message identifying the Mobile Node;
deriving key information by the server from a key or password associated with the Mobile Node; and
sending a reply message by the server to the Home Agent, the reply message including the key information associated with the Mobile Node, thereby enabling the Home Agent to derive a shared key to be shared between the Mobile Node and the Home Agent from the key information;
wherein the reply message does not include the shared key to be shared between the Mobile Node and the Home Agent in any form.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus for providing a centralized source of session keys to be shared by a Home Agent and a Mobile Node are disclosed. In accordance with one aspect of the invention, a Mobile Node registers with a Home Agent supporting Mobile IP by sending a registration request to the Home Agent. The Home Agent sends a request message (e.g., access-request message) to a AAA server, the request message identifying the Mobile Node. The AAA server then derives key information from a key or password associated with the Mobile Node. The AAA server then sends a reply message (e.g., access-reply message) to the Home Agent, the reply message including the key information associated with the Mobile Node, thereby enabling the Home Agent to derive a shared key to be shared between the Mobile Node and the Home Agent from the key information. The Home Agent derives a key from the key information, the key being a shared key between the Mobile Node and the Home Agent. A registration reply is then sent to the Mobile Node. When the Mobile Node receives a registration reply from the Home Agent, the registration reply indicates that the Mobile Node is to derive a key to be shared between the Mobile Node and the Home Agent. The Mobile Node then derives a key to be shared between the Mobile Node and the Home Agent from key information stored at the Mobile Node. The Mobile Node may initiate “re-keying” by sending a subsequent registration request to the Home Agent.
-
Citations
53 Claims
-
1. In a server adapted for authentication, authorization, and accounting, a method of generating a shared key between a Home Agent and a Mobile Node, comprising:
-
receiving a request message by the server from a Home Agent, the request message identifying the Mobile Node; deriving key information by the server from a key or password associated with the Mobile Node; and sending a reply message by the server to the Home Agent, the reply message including the key information associated with the Mobile Node, thereby enabling the Home Agent to derive a shared key to be shared between the Mobile Node and the Home Agent from the key information; wherein the reply message does not include the shared key to be shared between the Mobile Node and the Home Agent in any form. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. In a Home Agent supporting Mobile IP, a method of authenticating a Mobile Node, comprising:
-
receiving a Mobile IP registration request by the Home Agent from a Mobile Node, the Mobile IP registration request identifying the Mobile Node; sending a request message by the Home Agent to a AAA server, the request message identifying the Mobile Node; receiving a reply message by the Home Agent from the AAA server, the reply message including key information associated with the Mobile Node; deriving a key by the Home Agent from the key information, the key being a shared key between the Mobile Node and the Home Agent, wherein deriving the key from the key information does not include decryption of the key information; and sending a Mobile IP registration reply by the Home Agent to the Mobile Node, wherein the Mobile IP registration reply does not include the key in any form. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. In a Mobile Node, a method of registering with a Home Agent supporting Mobile IP, comprising:
-
sending a Mobile IP registration request from the Mobile Node to the Home Agent; receiving a Mobile IP registration reply by the Mobile Node from the Home Agent, the Mobile IP registration reply indicating that the Mobile Node is to derive a key to be shared between the Mobile Node and the Home Agent, wherein the Mobile IP registration reply does not include the key to be shared between the Mobile Node and the Home Agent in any form; and deriving a key to be shared between the Mobile Node and the Home Agent from key information stored at the Mobile Node, wherein deriving the key from the key information does not include decryption of the key information. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44)
-
-
45. A computer-readable medium storing thereon computer readable instructions for generating a shared key between a Home Agent and a Mobile Node in a server adapted for authentication, authorization, and accounting, comprising:
-
instructions for receiving a request message from a Home Agent, the request message identifying the Mobile Node; instructions for deriving key information from a key or password associated with the Mobile Node; and instructions for sending a reply message to the Home Agent, the reply message including the key information associated with the Mobile Node, thereby enabling the Home Agent to derive a shared key to be shared between the Mobile Node and the Home Agent from the key information, wherein the reply message does not include the shared key in any form.
-
-
46. A server adapted for authentication, authorization, and accounting, the server being adapted for generating a shared key between a Home Agent and a Mobile Node, comprising:
-
a processor; and a memory, at least one of the processor and the memory being adapted for; receiving a request message from a Home Agent, the request message identifying the Mobile Node; deriving key information from a key or password associated with the Mobile Node; and sending a reply message to the Home Agent, the reply message including the key information associated with the Mobile Node, thereby enabling the Home Agent to derive a shared key to be shared between the Mobile Node and the Home Agent from the key information, wherein the reply message does not include the shared key in any form.
-
-
47. A server adapted for authentication, authorization, and accounting, the server being adapted for generating a shared key between a Home Agent and a Mobile Node, comprising:
-
means for receiving a request message from a Home Agent, the request message identifying the Mobile Node; means for deriving key information from a key or password associated with the Mobile Node; and means for sending a reply message to the Home Agent, the reply message including the key information associated with the Mobile Node, thereby enabling the Home Agent to derive a shared key to be shared between the Mobile Node and the Home Agent from the key information, wherein the reply message does not include the shared key in any form.
-
-
48. A computer-readable medium storing thereon computer-readable instructions for authenticating a Mobile Node in a Home Agent supporting Mobile IP, comprising:
-
instructions for receiving a Mobile IP registration request from a Mobile Node, the Mobile IP registration request identifying the Mobile Node; instructions for sending a request message to a AAA server, the request message identifying the Mobile Node; instructions for receiving a reply message from the AAA server, the reply message including key information associated with the Mobile Node; instructions for deriving a key from the key information, the key being a shared key between the Mobile Node and the Home Agent, wherein deriving the key from the key information does not include decryption of the key information; and instructions for sending a Mobile IP registration reply to the Mobile Node, wherein the Mobile IP registration reply does not include the shared key in any form.
-
-
49. A Home Agent supporting Mobile IP, the Home Agent being adapted for authenticating a Mobile Node, comprising:
-
a processor; and a memory, at least one of the processor and the memory being adapted for; receiving a Mobile IP registration request from a Mobile Node, the Mobile IP registration request identifying the Mobile Node; sending a request message to a AAA server, the request message identifying the Mobile Node; receiving a reply message from the AAA server, the reply message including key information associated with the Mobile Node; deriving a key from the key information, the key being a shared key between the Mobile Node and the Home Agent, wherein deriving the key from the key information does not include decryption of the key information; and sending a Mobile IP registration reply to the Mobile Node, wherein the Mobile IP registration reply does not include the shared key in any form.
-
-
50. A Home Agent supporting Mobile IP and adapted for authenticating a Mobile Node, comprising:
-
means for receiving a Mobile IP registration request from a Mobile Node, Mobile IP the registration request identifying the Mobile Node; means for sending a request message to a AAA server, the request message identifying the Mobile Node; means for receiving a reply message from the AAA server, the reply message including key information associated with the Mobile Node; means for deriving a key from the key information, the key being a shared key between the Mobile Node and the Home Agent, wherein deriving the key from the key information does not include decryption of the key information; and means for sending a Mobile IP registration reply to the Mobile Node, wherein the Mobile IP registration reply does not include the shared key in any form.
-
-
51. A computer-readable medium storing thereon computer-readable instructions for registering a Mobile Node with a Home Agent supporting Mobile IP, comprising:
-
instructions for sending a Mobile IP registration request to the Home Agent; instructions for receiving a Mobile IP registration reply from the Home Agent, the Mobile IP registration reply indicating that the Mobile Node is to derive a key to be shared between the Mobile Node and the Home Agent, wherein the Mobile IP registration reply does not include the key to be shared between the Mobile Node and the Home Agent in any form; and instructions for deriving a key to be shared between the Mobile Node and the Home Agent from key information stored at the Mobile Node, wherein deriving the key from the key information does not include decryption of the key information.
-
-
52. A Mobile Node adapted for registering with a Home Agent supporting Mobile IP, comprising:
-
a processor; and a memory, at least one of the processor and the memory being adapted for; sending a Mobile IP registration request to the Home Agent; receiving a Mobile IP registration reply from the Home Agent, the Mobile IP registration reply indicating that the Mobile Node is to derive a key to be shared between the Mobile Node and the Home Agent, wherein the Mobile IP registration reply does not include the key in any form; and deriving a key to be shared between the Mobile Node and the Home Agent from key information stored at the Mobile Node, wherein deriving the key from the key information does not include decryption of the key information.
-
-
53. A Mobile Node adapted for registering with a Home Agent supporting Mobile IP, comprising:
-
means for sending a Mobile IP registration request to the Home Agent; means for receiving a Mobile IP registration reply from the Home Agent, the Mobile IP registration reply indicating that the Mobile Node is to derive a key to be shared between the Mobile Node and the Home Agent, wherein the Mobile IP registration reply does not include the key in any form; and means for deriving a key to be shared between the Mobile Node and the Home Agent from key information stored at the Mobile Node, wherein deriving the key from the key information does not include decryption of the key information.
-
Specification