Methods and apparatus for bootstrapping mobile-foreign and foreign-home authentication keys in mobile IP

US 8,165,290 B2
Filed: 12/22/2009
Issued: 04/24/2012
Est. Priority Date: 09/27/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A Foreign Agent supporting Mobile IP and adapted for generating an authentication key to be shared between the Foreign Agent and a Home Agent, comprising:

a processor; and

a memory, at least one of the processor or the memory being adapted for;

receiving by the Foreign Agent supporting Mobile IP a first key material generated by the Home Agent, thereby enabling the Foreign Agent to generate a Foreign-Home authentication key shared between the Foreign Agent and the Home Agent;

dynamically generating by the Foreign Agent a second key material;

transmitting by the Foreign Agent the second key material such that it is received by the Home Agent, thereby enabling the Home Agent to generate a Foreign-Home authentication key shared between the Home Agent and the Foreign Agent;

dynamically generating by the Foreign Agent the Foreign-Home authentication key shared between the Home Agent and the Foreign Agent from the first key material;

wherein dynamically generating the second key material includes computing the value of Y=(g^y)mod n, wherein y is a random integer, wherein Y is the second key material, and both g and n are group parameters that are universally known to the Mobile Node, Foreign Agent, and Home Agent; and

wherein dynamically generating the Foreign-Home authentication key shared between the Home Agent and the Foreign Agent includes computing the value k=(X^y) mod n, wherein X is the first key material received from the Home Agent, wherein k is the Foreign-Home authentication key.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for dynamically generating authentication keys are disclosed. Specifically, a Mobile-Foreign authentication key is separately generated by both the Mobile Node and Foreign Agent. Similarly, a Foreign-Home authentication key is separately generated by the Foreign Agent and the Home Agent. In accordance with one embodiment, generation of the Mobile-Foreign authentication key and Foreign-Home authentication key are accomplished via the Diffie-Hellman key generation scheme.

Citations

23 Claims

1. A Foreign Agent supporting Mobile IP and adapted for generating an authentication key to be shared between the Foreign Agent and a Home Agent, comprising:
- a processor; and
  
  a memory, at least one of the processor or the memory being adapted for;
  
  receiving by the Foreign Agent supporting Mobile IP a first key material generated by the Home Agent, thereby enabling the Foreign Agent to generate a Foreign-Home authentication key shared between the Foreign Agent and the Home Agent;
  
  dynamically generating by the Foreign Agent a second key material;
  
  transmitting by the Foreign Agent the second key material such that it is received by the Home Agent, thereby enabling the Home Agent to generate a Foreign-Home authentication key shared between the Home Agent and the Foreign Agent;
  
  dynamically generating by the Foreign Agent the Foreign-Home authentication key shared between the Home Agent and the Foreign Agent from the first key material;
  
  wherein dynamically generating the second key material includes computing the value of Y=(g^y)mod n, wherein y is a random integer, wherein Y is the second key material, and both g and n are group parameters that are universally known to the Mobile Node, Foreign Agent, and Home Agent; and
  
  wherein dynamically generating the Foreign-Home authentication key shared between the Home Agent and the Foreign Agent includes computing the value k=(X^y) mod n, wherein X is the first key material received from the Home Agent, wherein k is the Foreign-Home authentication key.
- View Dependent Claims (2, 3)
- - 2. The Foreign Agent as recited in claim 1, wherein transmitting the second key material comprises transmitting the second key material to the Home Agent.
  - 3. The Foreign Agent as recited in claim 1, wherein transmitting the second key material comprises broadcasting the second key material.

4. A Foreign Agent supporting Mobile IP and adapted for generating an authentication key to be shared between a Mobile Node and the Foreign Agent to which the Mobile Node has roamed, comprising:
- a processor; and
  
  a memory, at least one of the processor or the memory being adapted for;
  
  receiving by the Foreign Agent supporting Mobile IP a first key material generated by the Mobile Node, thereby enabling the Foreign Agent to generate a Mobile-Foreign authentication key shared between the Mobile Node and the Foreign Agent;
  
  dynamically generating a second key material by the Foreign Agent;
  
  transmitting the second key material by the Foreign Agent to the Mobile Node, thereby enabling the Mobile Node to generate a Mobile-Foreign authentication key shared between the Mobile Node and the Foreign Agent; and
  
  dynamically generating the Mobile-Foreign authentication key shared between the Mobile Node and the Foreign Agent from the first key material by the Foreign Agent;
  
  wherein dynamically generating the second key material includes computing the value of Y=(g^y)mod n, wherein y is a random integer, wherein Y is the second key material, and both g and n are group parameters that are universally known to the Mobile Node, Foreign Agent, and Home Agent; and
  
  wherein dynamically generating the Mobile-Foreign authentication key shared between the Mobile Node and the Foreign Agent includes computing the value k=(X^y) mod n, wherein X is the first key material received from the Mobile Node, wherein k is the Mobile-Foreign authentication key.
- View Dependent Claims (5, 6)
- - 5. The Foreign Agent as recited in claim 4, at least one of the processor or the memory being further adapted for:
    - determining whether the Foreign Agent shares an authentication key with the Home Agent;
      
      when the Foreign Agent does not share an authentication key with the Home Agent, transmitting a request for a Foreign-Home authentication key.
  - 6. The Foreign Agent as recited in claim 5, at least one of the processor or the memory being further adapted for:
    - receiving key material generated by the Home Agent; and
      
      generating a Foreign-Home authentication key from the key material generated by the Home Agent.

7. A Foreign Agent supporting Mobile IP and adapted for generating a Mobile-Foreign authentication key to be shared between a Mobile Node and the Foreign Agent and a Foreign-Home authentication key to be shared between the Foreign Agent and a Home Agent, comprising:
- a processor; and
  
  a memory, at least one of the processor or the memory being adapted for;
  
  receiving by the Foreign Agent supporting Mobile IP a first key material generated by the Mobile Node, thereby enabling the Foreign Agent to generate a Mobile-Foreign authentication key shared between the Mobile Node and the Foreign Agent;
  
  dynamically generating by the Foreign Agent a second key material;
  
  transmitting by the Foreign Agent the second key material to the Mobile Node, thereby enabling the Mobile Node to generate a Mobile-Foreign authentication key shared between the Mobile Node and the Foreign Agent;
  
  dynamically generating by the Foreign Agent the Mobile-Foreign authentication key shared between the Mobile Node and the Foreign Agent from the first key material;
  
  receiving by the Foreign Agent a third key material generated by the Home Agent, thereby enabling the Foreign Agent to generate a Foreign-Home authentication key shared between the Home Agent and the Foreign Agent;
  
  dynamically generating by the Foreign Agent a fourth key material;
  
  transmitting by the Foreign Agent the fourth key material to the Home Agent, thereby enabling the Home Agent to generate a Foreign-Home authentication key shared between the Home Agent and the Foreign Agent; and
  
  dynamically generating by the Foreign Agent the Foreign-Home authentication key shared between the Home Agent and the Foreign Agent from the third key material;
  
  wherein dynamically generating the second key material includes computing the value of Y=(g^y)mod n, wherein y is a random integer, wherein Y is the second key material, and both g and n are group parameters that are universally known to the Mobile Node, Foreign Agent, and Home Agent; and
  
  wherein dynamically generating the Mobile-Foreign authentication key shared between the Mobile Node and the Foreign Agent includes computing the value k=(X^y) mod n, wherein X is the first key material received from the Mobile Node, wherein k is the Mobile-Foreign authentication key.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The Foreign Agent as recited in claim 7, at least one of the processor or the memory being further adapted for:
    - generating an ICMP Router Discovery Protocol (IRDP) router advertisement message including the second key material;
      
      wherein transmitting the second key material to the Mobile Node comprises transmitting the IRDP router advertisement message to the Mobile Node.
  - 9. The Foreign Agent as recited in claim 7, wherein the Mobile-Foreign authentication key and the Foreign-Home authentication key are generated using the Diffie-Hellman Key Exchange scheme.
  - 10. The Foreign Agent as recited in claim 7, at least one of the processor or the memory being further adapted for:
    - receiving a first registration request from the Mobile Node, the first registration request having a Mobile-Foreign key request extension including the first key material and indicating a request to generate a key between the Mobile Node and the Foreign Agent;
      
      sending a first registration reply to the Mobile Node, the first registration reply having a Foreign-Home key request extension including the fourth key material and indicating a request for the Home Agent to generate a key between the Foreign Agent and the Home Agent;
      
      receiving a second registration request from the Mobile Node including the Mobile-Foreign key request extension and the Foreign-Home key request extension;
      
      forwarding the second registration request to the Home Agent;
      
      receiving a second registration reply from the Home Agent, the second registration reply having a Foreign-Home key reply extension including the third key material;
      
      appending a Mobile-Foreign key reply extension including the second key material to the second registration reply; and
      
      forwarding the second registration reply to the Mobile Node.
  - 11. The Foreign Agent as recited in claim 10, wherein the Mobile-Foreign key request extension, the Foreign-Home key request extension, the Mobile-Foreign key reply extension and the Foreign-Home key reply extension each includes a Security Parameter Index (SPI).
  - 12. The Foreign Agent as recited in claim 10, at least one of the processor or the memory being further adapted for:
    - determining whether the second registration reply indicates that the Home Agent has accepted the registration of the Mobile Node with the Home Agent;
      
      when it is determined that the Home Agent has accepted the registration of the Mobile Node with the Home Agent, obtaining the Foreign-Home key reply extension from the second registration reply and obtaining the third key material from the Foreign-Home key reply extension, thereby enabling the Foreign Agent to generate the Foreign-Home authentication key.
  - 13. The Foreign Agent as recited in claim 12, at least one of the processor or the memory being further adapted for:
    - when it is determined that the Home Agent has accepted the registration of the Mobile Node with the Home Agent, generating the Mobile-Foreign authentication key from the third key material.
  - 14. The Foreign Agent as recited in claim 7, at least one of the processor or the memory being further adapted for:
    - activating the Foreign-Home authentication key.

15. In a Home Agent supporting Mobile IP, a method of performing registration of a Mobile Node visiting a Foreign Agent, comprising:
- receiving by the Home Agent a registration request including a Foreign-Home key request extension and identifying a Mobile Node, the Foreign-Home key request extension including key material generated by the Foreign Agent and indicating a request for the Home Agent to generate a key between the Foreign Agent and the Home Agent;
  
  dynamically generating by the Home Agent a Foreign-Home authentication key shared between the Home Agent and the Foreign Agent from the key material obtained from the Foreign-Home key request extension, wherein generating the Foreign-Home authentication key shared between the Foreign Agent and the Home Agent from the key material obtained from the Foreign-Home key request extension is performed by computing the value k=(Y^x) mod n, wherein Y is the key material obtained from the Foreign-Home key request extension, wherein k is the Foreign-Home authentication key;
  
  generating by the Home Agent key material to be provided in a Foreign-Home key reply extension by computing the value of X=(g^x)mod n, wherein x is a random integer, wherein X is the key material generated by the Home Agent, and both g and n are group parameters that are universally known to the Mobile Node, Foreign Agent and the Home Agent;
  
  composing by the Home Agent a registration reply including a Foreign-Home key reply extension including the key material generated by the Home Agent; and
  
  sending by the Home Agent the registration reply to the Foreign Agent, the registration reply indicating success or failure of the registration of the Mobile Node with the Foreign Agent.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method as recited in claim 15, wherein the registration request and registration reply further includes a Mobile-Foreign key request extension, the Mobile-Foreign key request extension including key material generated by the Mobile Node and indicating a request to generate a key between the Mobile Node and the Foreign Agent.
  - 17. The method as recited in claim 15, wherein the registration request further includes a Mobile-Home Authentication Extension, the method further comprising:
    - verifying the Mobile-Home Authentication Extension to determine whether the Foreign-Home key request extension was modified; and
      
      composing the Foreign-Home key reply extension when it is determined that the Foreign-Home key request extension was not modified.
  - 18. The method as recited in claim 15, wherein the Foreign-Home authentication key is generated according to the Diffie-Hellman key exchange scheme.
  - 19. The method as recited in claim 15, further comprising:
    - generating key material; and
      
      providing the key material generated by the Home Agent in the Foreign-Home key reply extension of the registration reply.
  - 20. The method as recited in claim 15, further comprising:
    - generating key material according to the Diffie-Hellman key exchange scheme; and
      
      providing the key material generated by the Home Agent in the Foreign-Home key reply extension of the registration reply.
  - 21. The method as recited in claim 15, wherein the key material in the Foreign-Home key request extension and the key material in the Foreign-Home key reply extension are generated according to the Diffie-Hellman key exchange scheme.

22. A Home Agent supporting Mobile IP, comprising:
- a processor; and
  
  a memory, at least one of the processor or the memory being adapted for;
  
  receiving by the Home Agent a registration request including a Foreign-Home key request extension and identifying a Mobile Node, the Foreign-Home key request extension including key material generated by a Foreign Agent and indicating a request for the Home Agent to generate a key between the Foreign Agent and the Home Agent;
  
  dynamically generating by the Home Agent a Foreign-Home authentication key shared between the Home Agent and the Foreign Agent from the key material obtained from the Foreign-Home key request extension, wherein generating the Foreign-Home authentication key shared between the Foreign Agent and the Home Agent from the key material obtained from the Foreign-Home key request extension is performed by computing the value k=(Y^x) mod n, wherein Y is the key material obtained from the Foreign-Home key request extension, wherein k is the Foreign-Home authentication key;
  
  generating by the Home Agent key material to be provided in a Foreign-Home key reply extension by computing the value of X=(g^x)mod n, wherein x is a random integer, wherein X is the key material generated by the Home Agent, and both g and n are group parameters that are universally known to the Mobile Node, Foreign Agent and the Home Agent;
  
  composing by the Home Agent a registration reply including a Foreign-Home key reply extension including the key material generated by the Home Agent; and
  
  sending by the Home Agent the registration reply to the Foreign Agent, the registration reply indicating success or failure of the registration of the Mobile Node with the Foreign Agent.
- View Dependent Claims (23)
- - 23. The Home Agent as recited in claim 22, wherein the registration request and registration reply further includes a Mobile-Foreign key request extension, the Mobile-Foreign key request extension including key material generated by the Mobile Node and indicating a request to generate a key between the Mobile Node and the Foreign Agent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Gundavelli, Srinath, Leung, Kent, Patel, Alpesh
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
ABYANEH, ALI S

Application Number

US12/645,286
Publication Number

US 20100166179A1
Time in Patent Office

854 Days
Field of Search

380/247, 380/249, 380/270, 713/179
US Class Current

380/44
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 9/0844   with user authentication or...

H04W 12/041   Key generation or derivation

H04W 12/06   Authentication

H04W 80/04   Network layer protocols, e....

Methods and apparatus for bootstrapping mobile-foreign and foreign-home authentication keys in mobile IP

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for bootstrapping mobile-foreign and foreign-home authentication keys in mobile IP

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links