System for negotiating security association on application layer
First Claim
Patent Images
1. A method for computer-aided negotiation of a security association on an application layer between a first computer and a second computer, the first computer and the second computer being coupled to one another via a telecommunication network, comprising:
- transmitting in a first SIP-compatible message along with a random number and authentication data, a list of more than one possible security association between the first computer and the second computer from the first computer to the second computer according to SIP protocol of the application layer, an integrity algorithm, a validity time period, and a security parameter index being included for and assigned to each security association in the list, each security parameter index identifying a corresponding security association in the list, said security associations including a maximum life of the security associations;
respectively determining cryptographic parameters for a cryptographically protected communication link in a network layer to be set up using the security association,selecting a security association by the second computer from among the list of more than one possible security association received using said first SIP-compatible message, andtransmitting to the first computer in a second SIP-compatible message at least one of the security association selected by the second computer and an indication of the security association selected by the second computer to be used by the first and second computer without reselecting a new security association for the validity time period, whereinthe first computer is a mobile communication terminal and the second computer is a mobile radio network computer and a communication link is set up using the security association selected.
1 Assignment
0 Petitions
Accused Products
Abstract
A first computer sends a list of possible security associations to a second computer in a message according to a protocol of an application layer, a security parameter index being contained in the message for each security association. The second computer selects a security association and transmits it or an indication of the security association selected by it to the first computer.
30 Citations
21 Claims
-
1. A method for computer-aided negotiation of a security association on an application layer between a first computer and a second computer, the first computer and the second computer being coupled to one another via a telecommunication network, comprising:
-
transmitting in a first SIP-compatible message along with a random number and authentication data, a list of more than one possible security association between the first computer and the second computer from the first computer to the second computer according to SIP protocol of the application layer, an integrity algorithm, a validity time period, and a security parameter index being included for and assigned to each security association in the list, each security parameter index identifying a corresponding security association in the list, said security associations including a maximum life of the security associations; respectively determining cryptographic parameters for a cryptographically protected communication link in a network layer to be set up using the security association, selecting a security association by the second computer from among the list of more than one possible security association received using said first SIP-compatible message, and transmitting to the first computer in a second SIP-compatible message at least one of the security association selected by the second computer and an indication of the security association selected by the second computer to be used by the first and second computer without reselecting a new security association for the validity time period, wherein the first computer is a mobile communication terminal and the second computer is a mobile radio network computer and a communication link is set up using the security association selected. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system for computer-aided negotiation of a security association on an application layer between a first computer and a second computer, the first computer and the second computer being coupled to one another via a telecommunication network, comprising:
-
a processor in each of the first computer and the second computer programmed to transmit a first SIP-compatible message from the first computer to the second computer, the message having a random number, authentication data and a list of more than one possible security association between the first computer and the second computer according to SIP protocol of the application layer, including an integrity algorithm, a validity time period, and a security parameter index assigned to and identifying each security association in the list, the security association respectively determining cryptographic parameters used for a cryptographically protected communication link in a network layer to be set up using the security association, and wherein the second computer selects to select a security association from among the list of more than one possible security association received using said first SIP-compatible message, and a second SIP-compatible message is transmitted from the second computer to the first computer at least one of the security association selected by the second computer and an indication of the security association selected by the second computer to be used by the first and second computer is provided without reselecting a new security association for the validity time period, and the first computer is a mobile communication terminal and the second computer is a mobile radio network computer.
-
-
17. A computer, coupled to a remote computer via a telecommunication network, for negotiating a security association on an application layer between said computer and the remote computer, comprising:
-
a processor programmed to transmit to the remote computer a first SIP-compatible message with a random number, authentication data and a list of more than one possible security association between the computer and the remote computer according to SIP protocol of the application layer, including a security parameter index assigned to and identifying each security association in the list, an integrity algorithm, and a validity time period, the security association respectively determining cryptographic parameters used for a cryptographically protected communication link in a network layer to be set up using the security association, and a processor programmed to receive in a second SIP-compatible message from the remote computer at least one of a selected security association and an indication of the selected security association selected by the remote computer from among the list of more than one possible security associations received using said first SIP-compatible message to be used by the computer and the remote computer without reselecting a new security association for the validity time period, wherein the remote computer is a mobile radio network computer.
-
-
18. A computer, coupled to a remote computer via a telecommunication network, for negotiating a security association on an application layer between the remote computer and said computer, comprising:
a processor programmed to receive a first SIP-compatible message according to SIP protocol of the application layer, the message including a random number, authentication data and a list of more than one possible security association between the remote computer and the computer and a security parameter index assigned to and identifying each security association, an integrity algorithm, and a validity time period, the security association being used for respectively determining cryptographic parameters used for a cryptographically protected communication link in a network layer, to be set up using the security association, to select a security association from among the list of more than one possible security association received using said first SIP-compatible message, and to transmit to the remote computer in a second SIP-compatible message at least one of the security association and an indication of the security association to be used by the computer and the remote computer without reselecting a new security association for the validity time period, wherein said remote computer is a mobile radio network computer.
-
19. At least one computer readable recording medium storing at least one program to control at least one processor to perform a method for computer-aided negotiation of a security association on an application layer between a first computer and a second computer, the first computer and the second computer being coupled to one another via a telecommunication network, said method comprising:
-
transmitting a first SIP-compatible message with a random number, authentication data and a list of more than one possible security association between the first computer and the second computer from the first computer to the second computer according to SIP protocol of the application layer, a security parameter index being included for and assigned to each security association in the list, as well as an integrity algorithm, and a validity time period, each security parameter index identifying a corresponding security association in the list; respectively determining cryptographic parameters for a cryptographically protected communication link in a network layer to be set up using the security association, selecting a security association by the second computer from among the list of more than one possible security association received using said first SIP-compatible message, and transmitting in a second SIP-compatible message to the first computer at least one of the security association selected by the second computer and an indication of the security association selected by the second computer to be used by the first and second computer without reselecting a new security association for the validity time period, wherein the first computer is a mobile communication terminal and the second computer is a mobile radio network computer.
-
-
20. A method for computer-aided negotiation of a security association on an application layer between a first computer and a second computer, comprising:
-
transmitting a SIP-compatible message with a random number, authentication data and a list of more than one possible security association from the first computer to the second computer according to SIP protocol of the application layer, said security associations specifying an integrity algorithm, at least one of a maximum life of the security associations and a maximum service life of keys, one security association in the list to be used by the first and second computer without reselecting a new security association for a validity time period, wherein the first computer is a mobile communication terminal and the second computer is a mobile radio network computer and the second computer selects the one security association from among the list of more than one possible security association received using said first SIP-compatible message.
-
-
21. A method, comprising:
-
transmitting a SIP-compatible message with a random number, authentication data and a list of more than one possible security association between a first computer and a second computer based on SIP protocol of an application layer, the security associations including, an integrity algorithm, and a maximum life of keys, one security association in the list to be used by the first and second computer without reselecting a new security association for a validity time period, and wherein the first computer is a mobile communication terminal and the second computer is a mobile radio network computer and the second computer selects the one security association from among the list of more than one possible security association received using said first SIP-compatible message.
-
Specification