Communications security methods for supporting end-to-end security associations
First Claim
1. A communications method for use in a system comprising a first, second and third nodes, and a first secret, said first secret being shared between the first and second nodes to secure communications between said first and second nodes, the method comprising:
- operating the first node to establish a secure communications session with said second node using the first shared secret to secure the contents of packets communicated from the first node that are directed to the second node as part of the secure communications session, packets communicated from the first node that are directed to the second node being addressed to said second node by use of a second node destination address;
operating a third node which is coupled to said first and second nodes to maintain in memory a copy of said first shared secret; and
operating the third node to receive a secure flow of packets from the first node that are directed to said second node as part of the secure communications session.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus facilitating mobile node paging in a system where a mobile node is able to hand off application processing to an application proxy are described. Paging determinations are made based on application processing results corresponding to processing the content of multiple packet payloads. In some cases paging determinations are made based on processing the payload of a single packet in conjunction with information received from a mobile node, e.g., intermediate application processing results, mobile node state information, etc. To facilitate application processing handoffs in a manner that is transparent to a peer node involved in an ongoing communications session with the mobile node, security information may be passed between the mobile node and the application proxy node in a manner that is transparent to the peer node allowing an end to end security association to be maintained throughout the communications session with the peer node.
61 Citations
51 Claims
-
1. A communications method for use in a system comprising a first, second and third nodes, and a first secret, said first secret being shared between the first and second nodes to secure communications between said first and second nodes, the method comprising:
-
operating the first node to establish a secure communications session with said second node using the first shared secret to secure the contents of packets communicated from the first node that are directed to the second node as part of the secure communications session, packets communicated from the first node that are directed to the second node being addressed to said second node by use of a second node destination address; operating a third node which is coupled to said first and second nodes to maintain in memory a copy of said first shared secret; and operating the third node to receive a secure flow of packets from the first node that are directed to said second node as part of the secure communications session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 42)
-
-
19. A communications system, comprising:
-
a first node including a first shared secret and a communications application for establishing a secure communications session using said first shared secret to secure packets communicated as part of said secure communications session; a mobile node including said first shared secret, a second shared secret, and at least one communications application for maintaining a secure communications session with said first node using said first shared secret; an intermediate node, coupled to said first node and said mobile node, said intermediate node including said first shared secret and said second shared secret, said intermediate node including; means for processing packets re-directed away from said mobile node to said intermediate node, said redirected packets being packets which were originally directed by said first node towards said mobile node as part of a secure communications session using said first shared secret; and means for sending a message to said first node secured by said first shared secret indicating successful receipt of said packets by said mobile node. - View Dependent Claims (20, 21)
-
-
22. A communications system for use with a second node, said communications system comprising:
-
a first node including; memory means for storing a first secret, said first secret being shared between the first node and the second node to secure communications between said first and second nodes; and means for establishing a secure communications session with said second node using the first shared secret to secure the contents of packets communicated from the first node that are directed to the second node as part of a secure communications session; a third node, coupled to said first and second nodes, the third node including; means for storing a copy of said first shared secret; and means for receiving a secure flow of packets from the first node that are re-directed away from said second node to said third node, said redirected packets being packets which were originally directed to said second node as part of the secure communications session. - View Dependent Claims (23, 24)
-
-
25. A method of operating a third node in a system comprising a first node, a second node and said third node, a first secret being shared between the first and second nodes to secure communications between said first and second nodes, the method comprising:
-
receiving from said second node the first shared secret; storing said first shared secret in memory; and receiving a secure flow of packets from the first node that are re-directed away from said second node to said third node, said redirected packets being packets which were originally directed to said second node as part of the secure communications session. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. A third node in a system comprising a first node, a second node and said third node, a first secret being shared between the first and second nodes to secure communications between said first and second nodes, the third node comprising:
-
a receiver for receiving from said second node the first shared secret; memory in which said first shared secret is stored; and an agent module for receiving a secure flow of packets from the first node that are re-directed away from said second node to said third node, said redirected packets being packets which were originally directed to said second node as part of the secure communications session. - View Dependent Claims (35, 36)
-
-
37. A third node in a system comprising a first node, a second node and said third node, a first secret being shared between the first and second nodes to secure communications between said first and second nodes, the third node comprising:
-
means for receiving from said second node the first shared secret; means for storing said first shared secret; and means for receiving a secure flow of packets from the first node that are re-directed away from said second node to said third node, said redirected packets being packets which were originally directed to said second node as part of the secure communications session. - View Dependent Claims (38, 39)
-
-
40. A non-transitory machine readable medium including computer executable instructions for controlling a third node in a system comprising a first node, a second node and said third node, a first secret being shared between the first and second nodes to secure communications between said first and second nodes, to perform a communications method including the steps of:
-
receiving from said second node the first shared secret; storing said first shared secret in memory; and receiving a secure flow of packets from the first node that are re-directed away from said second node to said third node, said redirected packets being packets which were originally directed to said second node as part of the secure communications session. - View Dependent Claims (41)
-
-
43. A communications method for use in a system comprising a first node, a second node and a third node, and a first secret, said first secret being shared between the first and second nodes to secure communications between said first and second nodes, the method comprising:
-
operating the first node to establish a secure communications session with said second node using the first shared secret to secure the contents of packets communicated from the first node that are directed to the second node as part of the secure communications session; operating a third node which is coupled to said first and second nodes to maintain in memory a copy of said first shared secret; and operating the third node to receive a secure flow of packets from the first node that are re-directed away from said second node to said third node, said redirected packets being packets which were originally directed to said second node as part of the secure communications session. - View Dependent Claims (44, 45, 46)
-
-
47. A communications method for use in a system comprising a first node, a second node and a third node, and a first secret, said first secret being shared between the first and second nodes to secure communications between said first and second nodes, the third node being on a communications path extending between said first and second nodes, the method comprising:
-
operating the first node to establish a secure communications session with said second node using the first shared secret to secure the contents of packets communicated from the first node that are directed to the second node as part of the secure communications session; operating a third node which is coupled to said first and second nodes to maintain in memory a copy of said first shared secret; operating the third node to receive a secure flow of packets from the first node that are directed to said second node as part of the secure communications session; and operating the third node to intercept and process said received secure flow of packets from the first node. - View Dependent Claims (48, 49, 50, 51)
-
Specification