Method and system for providing security in proximity and Ad-Hoc networks

US 7,907,934 B2
Filed: 09/09/2004
Issued: 03/15/2011
Est. Priority Date: 04/27/2004
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

providing, by a node or a network device, security in a network which comprises at least one node;

checking a plurality of context-awareness parameters, the plurality of context-awareness parameters comprising at least one of a type of context parameter, a sender/receiver/user group parameter, a time-dependent context parameter, a communications mode parameter, and a location information parameter,setting at least one of a plurality of security parameters for a connection of a node to another node of the network depending on a result of the check of the plurality of context-awareness parameters, the setting of the at least one of the plurality of security parameters being based on a combination of context-awareness parameters that includes at least one of;

a type of application executing on the node or the network device, a sender/receiver/user group, time information and communication mode used by the node or network device;

representing context by the plurality of context-awareness parameters;

obtaining a mapping between the context and the at least one security parameter; and

establishing the connection between the node and the other node via a direct radio link, the node and the other node forming part of an ad-hoc network;

wherein, when the other node receives a request for service from the node, the other node checks required security based on a context of the service, starts negotiating with the node about establishing the required security, and provides the service to the node after establishment of the required security.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and node provides security in a network such as a mobile proximity network and a mobile Ad-Hoc network. The security is provided by setting at least one of security parameters for a connection of a node to another node of the network. At least one context-awareness parameter is checked, and at least one of the security parameters is set depending on the result of the check of the at least one context-awareness parameter.

29 Citations

View as Search Results

34 Claims

1. A method comprising:
- providing, by a node or a network device, security in a network which comprises at least one node;
  
  checking a plurality of context-awareness parameters, the plurality of context-awareness parameters comprising at least one of a type of context parameter, a sender/receiver/user group parameter, a time-dependent context parameter, a communications mode parameter, and a location information parameter,setting at least one of a plurality of security parameters for a connection of a node to another node of the network depending on a result of the check of the plurality of context-awareness parameters, the setting of the at least one of the plurality of security parameters being based on a combination of context-awareness parameters that includes at least one of;
  
  a type of application executing on the node or the network device, a sender/receiver/user group, time information and communication mode used by the node or network device;
  
  representing context by the plurality of context-awareness parameters;
  
  obtaining a mapping between the context and the at least one security parameter; and
  
  establishing the connection between the node and the other node via a direct radio link, the node and the other node forming part of an ad-hoc network;
  
  wherein, when the other node receives a request for service from the node, the other node checks required security based on a context of the service, starts negotiating with the node about establishing the required security, and provides the service to the node after establishment of the required security.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method according to claim 1, wherein the at least one node comprises a mobile node.
  - 3. A method according to claim 1, wherein the network comprises at least one of a mobile proximity network and a mobile ad hoc network.
  - 4. A method according to claim 1, further comprising:
    - providing a number of security classes, each security class thereof having security provisions, wherein the result of the check of the at least one context-awareness parameter indicates one of the security classes.
  - 5. A method according to claim 1, wherein the at least one context-awareness parameter comprises at least one of type of context, actual sender/receiver/user group, time-dependent context, location information, and communications mode.
  - 6. A method according to claim 1, further comprising:
    - defining the plurality of security parameters with at least one of accessibility, integrity, and confidentiality of proximity and ad hoc applications.
  - 7. A method according to claim 1, further comprising:
    - setting the at least one context-awareness parameter by a user which defines a set of applications to be accepted or supported by said user and security degrees to be used for the set of applications.
  - 8. A method according to claim 1, further comprising:
    - configuring security classes and related security procedures to a system and/or to the at least one node.
  - 9. A method according to claim 1, further comprising:
    - establishing a signaling connection between an overlay network and the node, wherein said signaling connection is used for delivery of context information to the node when the node starts interacting with the overlay network.
  - 10. A method according to claim 1, further comprisingchecking, with the other node, history data related to the originating one node, anddeciding on providing or not providing the requested service dependent on the history data.
  - 11. A method according to claim 1, wherein the mapping is performed by the network and obtained therefrom.

12. An apparatus comprising:
- a processor configured to check a plurality of context-awareness parameters, the plurality of context-awareness parameters comprising at least one of a type of context parameter, a sender/receiver/user group parameter, a time-dependent context parameter, a communications mode parameter, and a location information parameter;
  
  the processor also configured to set at least one of plurality of security parameters for a connection of a node to another node of a network depending on a result of the check of the plurality of context-awareness parameters, and to represent context by the plurality of context-awareness parameters;
  
  the processor further configured to obtain a mapping between the context and the at least one security parameter;
  
  an establisher configured to establish a connection to the other node via a direct radio link;
  
  a checker configured to check a required security based on a context of a service, upon receiving a request for service from the apparatus;
  
  a negotiator configured to start negotiating with the other node about establishing the required security; and
  
  a provider configured to provide the service to the other node after establishment of the required security;
  
  wherein setting the at least one of the plurality of security parameters is based on a combination of context-awareness parameters that includes at least one of;
  
  a type of application executing on the node or the network device, a sender/receiver/user group, time information and communication mode used by the node or network device.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. An apparatus according to claim 12, wherein the apparatus comprises a mobile node.
  - 14. An apparatus according to claim 12, wherein the apparatus further comprises:
    - a user interface configured to allow a user to start a request, enter parameter options or select functional options supported by the apparatus.
  - 15. An apparatus according to claim 12, further comprising:
    - a subscriber identifier configured to be used as a security basis for establishing security transactions within a mobile network.
  - 16. An apparatus according to claim 12, further comprising:
    - a controller, which is connected to interfaces of the apparatus, wherein the interfaces comprise interfaces for proximity and ad-hoc networks, and interfaces for network infrastructure.
  - 17. An apparatus according to claim 16, further comprising:
    - a card reader configured to receive a card; and
      
      a memory,where the card reader and the memory are connected to the controller so that the controller is able to read and write data from or into the card and from or into the memory.
  - 18. An apparatus according to claim 17, wherein the memory comprises a secured memory area configured to store information about security aspects of nodes of a mobile network, the secured memory area comprising at least one of the following informationauthentication data related to a node,ad-hoc level identities of the node,security keys used by the node, anda distance to the node measured as a number of hops between the node and a trunk node.
  - 19. An apparatus according to claim 12, further comprising:
    - a history checker configured to check history data related to the other node; and
      
      a decider configured to decide on providing or not providing the service depending on the history data.
  - 20. An apparatus according to claim 12, wherein the mapping is performed by the network and obtained therefrom.

21. An apparatus comprising:
- a controller configured to provide security in a network which comprises at least one node;
  
  a processor configured to check a plurality of context-awareness parameters, the plurality of context-awareness parameters comprising at least one of a type of context parameter, a sender/receiver/user group parameter, a time-dependent context parameter, a communications mode parameter, and a location information parameter,the processor further configured to set at least one of a plurality of security parameters for a connection of a node to another node of the network depending on a result of the check of the plurality of context-awareness parameters and to represent context by the plurality of context-awareness parameters;
  
  the processor is further configured to obtain a mapping between the context and the at least one security parameter; and
  
  an establisher configured to establish the connection between the node and the other node via a direct radio link, the node and the other node forming part of an ad-hoc network;
  
  wherein, when the other node receives a request for service from the node, the other node checks required security based on a context of the service, starts negotiating with the node about establishing the required security, and provides the service to the node after establishment of the required security;
  
  and wherein setting of the at least one of the plurality of security parameters is based on a combination of context-awareness parameters that includes at least one of;
  
  a type of application executing on the node or the network device, a sender/receiver/user group, time information and communication mode used by the node or network device.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
- - 22. An apparatus according to claim 21, wherein the at least one node comprises a mobile node.
  - 23. An apparatus according to claim 21, wherein the network comprises at least one of a mobile proximity network and a mobile ad hoc network.
  - 24. An apparatus according to claim 21, wherein the at least one context-awareness parameter comprises at least one of type of context, actual sender/receiver/user group, time-dependent context, location information, and communications mode.
  - 25. An apparatus according to claim 21, further comprising a definer configured to define the plurality of security parameters with at least one of accessibility, integrity, and confidentiality of proximity and ad hoc applications.
  - 26. An apparatus according to claim 21, wherein the parameter setter is configured to set the at least one context-awareness parameter by a user which defines a set of applications to be accepted or supported by said user and security degrees to be used for the set of applications.
  - 27. An apparatus according to claim 21, further comprising a processor configured to configure security classes and related security procedures to the system and/or to the at least one node.
  - 28. An apparatus according to claim 21, wherein the mapping is performed by the network and obtained therefrom.

29. A method comprising:
- checking, by a node or network device, a plurality of context-awareness parameters, the plurality of context-awareness parameters comprising a type of context parameter, a sender/receiver/user group parameter, a time-dependent context parameter, a communications mode parameter, and a location information parameter;
  
  setting at least one of a plurality of security parameters for a connection of a node to another node of a network depending on a result of the check of the plurality of context-awareness parameters, the setting of the at least one of the plurality of security parameters being based on a combination of context-awareness parameters that includes at least one of;
  
  a type of application executing on the node or the network device, a sender/receiver/user group, time information and communication mode used by the node or network device;
  
  representing context by the plurality of context-awareness parameters;
  
  obtaining a mapping between the context and the at least one security parameter; and
  
  establishing the connection between the node and the other node via a direct radio link, the node and the other node forming part of an ad-hoc network;
  
  wherein, when the other node receives a request for service from the node, the other node checks required security based on a context of the service, starts negotiating with the node about establishing the required security, and provides the service to the node after establishment of the required security.
- View Dependent Claims (30, 31, 32, 33, 34)
- - 30. A method according to claim 29, wherein the node comprises a mobile node.
  - 31. A method according to claim 29, further comprising:
    - allowing a user to start a request, enter parameter options, or select functional options supported by the node.
  - 32. A method according to claim 29, further comprising:
    - establishing security transactions within a mobile network.
  - 33. A method according to claim 29, further comprising:
    - checking history data related to the other node; and
      
      deciding whether to provide the service, depending on the history data.
  - 34. A method according to claim 29, wherein is performed by the network and obtained therefrom.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Naghian, Siamak
Primary Examiner(s)
Kincaid; Lester
Assistant Examiner(s)
HERRERA, DIEGO D

Application Number

US10/936,681
Publication Number

US 20050239438A1
Time in Patent Office

2,378 Days
Field of Search

455/410, 455/435.1
US Class Current

455/410
CPC Class Codes

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04W 12/02   Protecting privacy or anony...

H04W 12/08   Access security

H04W 12/61   Time-dependent

H04W 12/63   Location-dependent; Proximi...

H04W 12/67   Risk-dependent, e.g. select...

H04W 28/18   Negotiating wireless commun...

H04W 84/18   Self-organising networks, e...

Method and system for providing security in proximity and Ad-Hoc networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for providing security in proximity and Ad-Hoc networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links