System and method for implementing fast reauthentication
First Claim
1. A system comprising:
- an authentication server that includes a processor and a memory and that is configured to perform an initial authentication of a mobile station, and to provide reauthentication information associated with the mobile station, wherein the initial authentication is performed using an A3/A8 algorithm routine, and wherein the reauthentication information comprises an authorization key, an encryption key, a master key, pseudo International Mobile Scriber Identity (IMSI) information, and an authorization counter, which is configured for identifying an upper limit of successive attempts by the mobile station to employ fast reauthentication within a predetermined time interval; and
a security gateway that includes a processor and a memory and that is configured to provide an encrypted link with both the mobile station and the authentication server, wherein the security gateway is configured to cache and to use the reauthentication information previously received from the authentication server to perform a subsequent fast reauthentication of the mobile station in response to a request via an Internet protocol security (IPSec) tunnel, the fast reauthentication being performed by the security gateway without communicating with the authentication server, and without using the A3/A8 algorithm routine.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for efficiently reauthenticating a client of a network. In a specific embodiment, the system includes an authentication server and a Security GateWay (SGW) in communication with the client. The SGW includes reauthentication information associated with the client. In a more specific embodiment, the authentication server includes an Authentication, Authorization, and Accounting (AAA) server. The SGW further includes one or more routines for employing the reauthentication information to reauthenticate the client. The AAA server performs initial authentication of the client to enable client access to the network, which yields the reauthentication information. The reauthentication information includes one or more keys and/or counters, such as an authorization key, an encryption key, and a master key, which is/are predetermined by the AAA server.
-
Citations
21 Claims
-
1. A system comprising:
-
an authentication server that includes a processor and a memory and that is configured to perform an initial authentication of a mobile station, and to provide reauthentication information associated with the mobile station, wherein the initial authentication is performed using an A3/A8 algorithm routine, and wherein the reauthentication information comprises an authorization key, an encryption key, a master key, pseudo International Mobile Scriber Identity (IMSI) information, and an authorization counter, which is configured for identifying an upper limit of successive attempts by the mobile station to employ fast reauthentication within a predetermined time interval; and a security gateway that includes a processor and a memory and that is configured to provide an encrypted link with both the mobile station and the authentication server, wherein the security gateway is configured to cache and to use the reauthentication information previously received from the authentication server to perform a subsequent fast reauthentication of the mobile station in response to a request via an Internet protocol security (IPSec) tunnel, the fast reauthentication being performed by the security gateway without communicating with the authentication server, and without using the A3/A8 algorithm routine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus comprising:
-
one or more processors; and logic encoded in one or more non-transitory tangible media for execution by the one or more processors, and when executed operable to; receive in a security gateway, reauthentication information from an authentication server that performed an initial authentication of a mobile station, wherein the initial authentication is performed using an A3/A8 algorithm routine; store the reauthentication information on the security gateway, wherein the security gateway is adapted to manage an encrypted connection between the mobile station and a network, wherein the reauthentication information comprises an authorization key, an encryption key, a master key, pseudo International Mobile Scriber Identity (IMSI) information, and an authorization counter, which is configured for identifying an upper limit of successive attempts by the mobile station to employ fast reauthentication within a predetermined time interval, and wherein the security gateway comprises a cache memory for storing the reauthentication information; and access the reauthentication information to perform a subsequent fast reauthentication of the mobile station in response to a request via an Internet protocol security (IPSec) tunnel, wherein the fast reauthentication is performed by the security gateway without communicating with the authentication server and without using the A3/A8 algorithm routine. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method comprising:
-
receiving in a security gateway, reauthentication information from an authentication server that performed an initial authentication of a mobile station, wherein the initial authentication is performed using an A3/A8 algorithm routine; storing the reauthentication information on the security gateway, wherein the security gateway is adapted to manage an encrypted connection between the mobile station and a network, wherein the reauthentication information comprises an authorization key, an encryption key, a master key, pseudo International Mobile Scriber Identity (IMSI) information, and an authorization counter, which is configured for identifying an upper limit of successive attempts by the mobile station to employ fast reauthentication within a predetermined time interval, wherein the storing of the authentication information comprises using a cache memory on the security gateway; and accessing the reauthentication information to perform a subsequent fast reauthentication of the mobile station in response to a request via an Internet protocol security (IPSec) tunnel, wherein the fast reauthentication is performed by the security gateway without communicating with the authentication server and without using the A3/A8 algorithm routine. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification