Secure traffic redirection in a mobile communication system

US 7,962,122 B2
Filed: 05/21/2004
Issued: 06/14/2011
Est. Priority Date: 05/23/2003
Status: Active Grant

First Claim

Patent Images

1. A method of securely authenticating subscriber and security data in a mobile routing system when the subscribers are also subscribers of a radio communication network, the method comprising:

performing a first run of an authentication and key agreement procedure in the radio communication network, between a mobile node and an authentication server of the radio communication network, so as to authenticate the mobile node to the radio communication network;

initiating an authentication procedure with a stable forwarding agent of the mobile routing system;

performing a second run of the authentication and key agreement procedure between the mobile node and the authentication server so as to generate a shared secret;

providing the shared secret to the stable forwarding agent and using the shared secret to authenticate the mobile node to the stable forwarding agent;

sending a public key from the mobile node to the stable forwarding agent;

agreeing upon keys by which further communications between the mobile node and the stable forwarding agent can be secured;

following authentication of the mobile node to the stable forwarding agent, collecting at the stable forwarding agent subscriber contact information from said authentication server;

using the subscriber contact information to assign a Fully Qualified Domain Name and/or IP address to the mobile node; and

updating a subscriber database and DNS server with the Full Qualified Domain name and/or IP address and the public key provided by the mobile node.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of securely initializing subscriber and security data in a mobile routing system when the subscribers are also subscribers of a radio communication network. The method comprises, within the mobile routing system, authenticating subscribers to the mobile routing system using an authentication procedure defined for the radio communication network, collecting subscriber information from relevant nodes of the radio network, and agreeing upon keys by which further communications between the subscribers and the mobile routing system can take place, and using the subscriber information and keys in the provision of mobility services to subscriber mobile nodes and correspondent nodes.

39 Citations

View as Search Results

8 Claims

1. A method of securely authenticating subscriber and security data in a mobile routing system when the subscribers are also subscribers of a radio communication network, the method comprising:
- performing a first run of an authentication and key agreement procedure in the radio communication network, between a mobile node and an authentication server of the radio communication network, so as to authenticate the mobile node to the radio communication network;
  
  initiating an authentication procedure with a stable forwarding agent of the mobile routing system;
  
  performing a second run of the authentication and key agreement procedure between the mobile node and the authentication server so as to generate a shared secret;
  
  providing the shared secret to the stable forwarding agent and using the shared secret to authenticate the mobile node to the stable forwarding agent;
  
  sending a public key from the mobile node to the stable forwarding agent;
  
  agreeing upon keys by which further communications between the mobile node and the stable forwarding agent can be secured;
  
  following authentication of the mobile node to the stable forwarding agent, collecting at the stable forwarding agent subscriber contact information from said authentication server;
  
  using the subscriber contact information to assign a Fully Qualified Domain Name and/or IP address to the mobile node; and
  
  updating a subscriber database and DNS server with the Full Qualified Domain name and/or IP address and the public key provided by the mobile node.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method according to claim 1, further comprising:
    - transporting messages associated with the second run, between the stable forwarding agent used by a mobile node and the authentication server via the stable forwarding agent.
  - 3. A method according to claim 1, further comprising:
    - sending session keys, agreed upon during the second run of the authentication procedure from the authentication server to the stable forwarding agent.
  - 4. A method according to claim 1, further wherein the mobile routing system is a Mobile IP based system, and the stable forwarding agent is a Home Agent.
  - 5. A method according to claim 1, wherein the mobile routing system is a HIP based system.
  - 6. A method according to claim 1, wherein said authentication and key agreement procedure is the Authentication and Key Agreement procedure specified by 3GPP.
  - 7. A method according to claim 1, wherein the collected subscriber contact information comprises one or more of the following:
    - the name and postal address of a subscriber;
      
      the telephone number associated with a subscriber;
      
      the existing Fully Qualified Domain Name for a subscriber; and
      
      the status of any mobility services established earlier for a subscriber.

8. A stable forwarding agent of a mobile routing system for use in securely authenticating subscriber and security data in the mobile routing system, the mobile routing system having subscribers who are also subscribers of a radio communication network, where a first run of an authentication and key agreement procedure has been performed in the radio communication network between a mobile node and an authentication server of the radio communication network so as to authenticate the mobile node to the radio communication network, the stable forwarding agent comprising:
- a relay for relaying messages associated with a second run of the authentication and key agreement procedure between the mobile node and the authentication node of the radio communication network, the second run follows the first run and results in generation of a shared secret;
  
  a receiver for receiving and using the shared secret to authenticate the mobile node, for collecting subscriber contact information from the authentication server, and for receiving a public key from the mobile node;
  
  a key determining processor for agreeing upon keys by which further communications between the mobile node and the stable forwarding agent can be secured; and
  
  a mobility service provisioning processor for using the subscriber contact information to assign a suitable Fully Qualified Domain Name and/or IP address to said mobile node and for updating a subscriber database and DNS server with the Fully Qualified Domain name and/or IP address and the public key provided by the mobile node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Arkko, Jari, Nikander, Pekka
Primary Examiner(s)
DESIR, PIERRE LOUIS

Application Number

US10/557,750
Publication Number

US 20070186000A1
Time in Patent Office

2,580 Days
Field of Search

455/410, 455/411, 455/415, 455/428, 370/400, 370/352, 370/356, 370/353, 370/354, 370/355, 380/247, 380/248, 380/249, 380/250, 713/151, 713/155, 713/156, 713/157, 713/158, 713/159
US Class Current

455/411
CPC Class Codes

H04L 63/0853   using an additional device,...

H04W 12/069   using certificates or pre-s...

H04W 40/02   Communication route or path...

Secure traffic redirection in a mobile communication system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

39 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Secure traffic redirection in a mobile communication system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links