Secure traffic redirection in a mobile communication system
First Claim
1. A method of securely authenticating subscriber and security data in a mobile routing system when the subscribers are also subscribers of a radio communication network, the method comprising:
- performing a first run of an authentication and key agreement procedure in the radio communication network, between a mobile node and an authentication server of the radio communication network, so as to authenticate the mobile node to the radio communication network;
initiating an authentication procedure with a stable forwarding agent of the mobile routing system;
performing a second run of the authentication and key agreement procedure between the mobile node and the authentication server so as to generate a shared secret;
providing the shared secret to the stable forwarding agent and using the shared secret to authenticate the mobile node to the stable forwarding agent;
sending a public key from the mobile node to the stable forwarding agent;
agreeing upon keys by which further communications between the mobile node and the stable forwarding agent can be secured;
following authentication of the mobile node to the stable forwarding agent, collecting at the stable forwarding agent subscriber contact information from said authentication server;
using the subscriber contact information to assign a Fully Qualified Domain Name and/or IP address to the mobile node; and
updating a subscriber database and DNS server with the Full Qualified Domain name and/or IP address and the public key provided by the mobile node.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of securely initializing subscriber and security data in a mobile routing system when the subscribers are also subscribers of a radio communication network. The method comprises, within the mobile routing system, authenticating subscribers to the mobile routing system using an authentication procedure defined for the radio communication network, collecting subscriber information from relevant nodes of the radio network, and agreeing upon keys by which further communications between the subscribers and the mobile routing system can take place, and using the subscriber information and keys in the provision of mobility services to subscriber mobile nodes and correspondent nodes.
39 Citations
8 Claims
-
1. A method of securely authenticating subscriber and security data in a mobile routing system when the subscribers are also subscribers of a radio communication network, the method comprising:
-
performing a first run of an authentication and key agreement procedure in the radio communication network, between a mobile node and an authentication server of the radio communication network, so as to authenticate the mobile node to the radio communication network; initiating an authentication procedure with a stable forwarding agent of the mobile routing system; performing a second run of the authentication and key agreement procedure between the mobile node and the authentication server so as to generate a shared secret; providing the shared secret to the stable forwarding agent and using the shared secret to authenticate the mobile node to the stable forwarding agent; sending a public key from the mobile node to the stable forwarding agent; agreeing upon keys by which further communications between the mobile node and the stable forwarding agent can be secured; following authentication of the mobile node to the stable forwarding agent, collecting at the stable forwarding agent subscriber contact information from said authentication server; using the subscriber contact information to assign a Fully Qualified Domain Name and/or IP address to the mobile node; and updating a subscriber database and DNS server with the Full Qualified Domain name and/or IP address and the public key provided by the mobile node. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A stable forwarding agent of a mobile routing system for use in securely authenticating subscriber and security data in the mobile routing system, the mobile routing system having subscribers who are also subscribers of a radio communication network, where a first run of an authentication and key agreement procedure has been performed in the radio communication network between a mobile node and an authentication server of the radio communication network so as to authenticate the mobile node to the radio communication network, the stable forwarding agent comprising:
-
a relay for relaying messages associated with a second run of the authentication and key agreement procedure between the mobile node and the authentication node of the radio communication network, the second run follows the first run and results in generation of a shared secret; a receiver for receiving and using the shared secret to authenticate the mobile node, for collecting subscriber contact information from the authentication server, and for receiving a public key from the mobile node; a key determining processor for agreeing upon keys by which further communications between the mobile node and the stable forwarding agent can be secured; and a mobility service provisioning processor for using the subscriber contact information to assign a suitable Fully Qualified Domain Name and/or IP address to said mobile node and for updating a subscriber database and DNS server with the Fully Qualified Domain name and/or IP address and the public key provided by the mobile node.
-
Specification