Infrastructure-less bootstrapping: trustless bootstrapping to enable mobility for mobile devices

US 8,584,207 B2
Filed: 02/09/2009
Issued: 11/12/2013
Est. Priority Date: 11/17/2004
Status: Expired due to Fees

First Claim

Patent Images

1. In a Home Agent, a method of supporting a session in Mobile IP, comprising:

receiving by the Home Agent a first Mobile IP message identifying a Mobile Node from the Mobile Node, wherein the first Mobile IP message indicates to the Home Agent that the Mobile Node is requesting dynamic configuration of a Mobile-Home authentication key to be shared between the Mobile Node and the Home Agent during the session, wherein the first Mobile IP message does not include the Mobile-Home authentication key and wherein the first Mobile IP message or a portion thereof is not encrypted by the Mobile-Home authentication key;

in response to the first Mobile IP message, generating by the Home Agent a Mobile-Home authentication key to be shared between the Home Agent and the Mobile Node during the session; and

sending by the Home Agent a second Mobile IP message identifying the Home Agent to the Mobile Node, the second Mobile IP message including a lifetime and a first token to be used by the Mobile Node for generating the Mobile-Home authentication key, the lifetime being associated with the session and the Mobile-Home authentication key such that the Mobile-Home authentication key is not valid after the session has ended or during another session, thereby enabling the Mobile Node to encrypt messages to the Home Agent during the session using the Mobile-Home authentication key.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for supporting a session in Mobile IP are disclosed. A Mobile Node sends a first Mobile IP message identifying the Mobile Node to a Home Agent, wherein the first Mobile IP message indicates to the Home Agent that the Mobile Node is requesting dynamic configuration of a Mobile-Home authentication key to be shared between the Mobile Node and the Home Agent during the session. A Mobile-Home authentication key to be shared between the Home Agent and the Mobile Node is obtained or generated by the Mobile Node and the Home Agent, where the Mobile-Home authentication key is not valid after the session has ended or during another session. The Home Agent sends a second Mobile IP message to the Mobile Node, the second Mobile IP message including a lifetime associated with the session, wherein the lifetime indicates a lifetime of the key, thereby enabling the Mobile Node to register with the Home Agent using the Mobile-Home authentication key to be shared between the Home Agent and the Mobile Node during the session.

86 Citations

View as Search Results

42 Claims

1. In a Home Agent, a method of supporting a session in Mobile IP, comprising:
- receiving by the Home Agent a first Mobile IP message identifying a Mobile Node from the Mobile Node, wherein the first Mobile IP message indicates to the Home Agent that the Mobile Node is requesting dynamic configuration of a Mobile-Home authentication key to be shared between the Mobile Node and the Home Agent during the session, wherein the first Mobile IP message does not include the Mobile-Home authentication key and wherein the first Mobile IP message or a portion thereof is not encrypted by the Mobile-Home authentication key;
  
  in response to the first Mobile IP message, generating by the Home Agent a Mobile-Home authentication key to be shared between the Home Agent and the Mobile Node during the session; and
  
  sending by the Home Agent a second Mobile IP message identifying the Home Agent to the Mobile Node, the second Mobile IP message including a lifetime and a first token to be used by the Mobile Node for generating the Mobile-Home authentication key, the lifetime being associated with the session and the Mobile-Home authentication key such that the Mobile-Home authentication key is not valid after the session has ended or during another session, thereby enabling the Mobile Node to encrypt messages to the Home Agent during the session using the Mobile-Home authentication key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method as recited in claim 1, further comprising:
    - associating the Mobile-Home authentication key with the Mobile Node and the lifetime.
  - 3. The method as recited in claim 1, further comprising:
    - obtaining information from the first Mobile IP message; and
      
      wherein the Mobile-Home authentication key is generated using the information obtained from the first Mobile IP message.
  - 4. The method as recited in claim 3, wherein a second token generated by the Mobile Node is provided in the first Mobile IP message and wherein the information comprises the second token generated by the Mobile Node.
  - 5. The method as recited in claim 1, wherein the session is initiated when the Mobile Node boots up.
  - 6. The method as recited in claim 1, wherein the session ends when the Mobile Node reboots.
  - 7. The method as recited in claim 1, further comprising:
    - receiving a third Mobile IP message including the home address, the third Mobile IP message being a registration request or a binding update; and
      
      sending a fourth Mobile IP message including the home address, the fourth Mobile IP message being a registration reply or a binding acknowledgement, wherein both the third and fourth Mobile IP message are encrypted using the Mobile-Home authentication key.
  - 8. The method as recited in claim 7, wherein the third Mobile IP message requests an extension of the lifetime of the Mobile-Home authentication key.
  - 9. The method as recited in claim 1, wherein the first Mobile IP message is a registration request or a Binding Update, and the second Mobile IP message is a registration reply or a Binding Acknowledgement.
  - 10. The method as recited in claim 1, wherein the session is identified by a session identifier in the first, second, third, and fourth Mobile IP message.
  - 11. The method as recited in claim 1, wherein at least a portion of the first Mobile IP message and the second Mobile IP message are encrypted, wherein the at least a portion of the first Mobile IP message is encrypted using the Home Agent'"'"'s public key, the method further comprising:
    - decrypting by the Home Agent the at least a portion of the first Mobile IP message using a private key of the Home Agent.
  - 12. The method as recited in claim 11, wherein the portion of the first Mobile IP message includes a second token generated by the Mobile Node to be used by the Home Agent to generate the Mobile-Home authentication key.
  - 13. The method as recited in claim 11, wherein the second Mobile IP message is encrypted using the Mobile Node'"'"'s public key, the method further comprising:
    - encrypting the second Mobile IP message using the Mobile Node'"'"'s public key.
  - 14. The method as recited in claim 13, wherein the Mobile Node'"'"'s public key is provided in the first Mobile IP message, the method further comprising:
    - obtaining the Mobile Node'"'"'s public key from the first Mobile IP message.
  - 15. The method as recited in claim 1, wherein the sending step is performed without authenticating the Mobile Node in Mobile IP.
  - 16. The method as recited in claim 15, wherein the Mobile Node is not authenticated using a shared security association.
  - 17. The method as recited in claim 15, wherein the Mobile Node is authenticated during layer 2 or layer 3 authentication prior to the receiving step.
  - 18. The method as recited in claim 15, wherein the first Mobile IP message includes a Mobile Node identifier identifying the Mobile Node, wherein the Mobile Node identifier is not authenticated by the Home Agent.
  - 19. The method as recited in claim 1, wherein the first Mobile IP message includes a suggested lifetime and wherein the lifetime provided in the second Mobile IP message is less than or equal to the suggested lifetime.
  - 20. The method as recited in claim 1, wherein a body of the first Mobile IP message includes a source address provided in a header of the first Mobile IP message, the method further comprising:
    - determining whether the source address provided in the header of the first Mobile IP message is equal to the source address in the body of the first Mobile IP message.
  - 21. The method as recited in claim 1, further comprising:
    - receiving messages from the Mobile Node during the session, wherein the messages are encrypted using the Mobile-Home authentication key.
  - 22. The method as recited in claim 1, further comprising:
    - generating by the Home Agent the first token.

23. In a Mobile Node, a method, comprising:
- composing and sending by the Mobile Node a first Mobile IP message identifying the Mobile Node to a Home Agent, wherein the first Mobile IP message indicates to the Home Agent that the Mobile Node is initiating dynamic configuration of a Mobile-Home authentication key to be shared between the Mobile Node and the Home Agent during a session, wherein the first Mobile IP message does not include the Mobile-Home authentication key and wherein the first Mobile IP message or a portion thereof is not encrypted by the Mobile-Home authentication key;
  
  receiving by the Mobile Node a second Mobile IP message identifying the Mobile Node from the Home Agent, the second Mobile IP message including a lifetime and a first token to be used by the Mobile Node for generating the Mobile-Home authentication key, the lifetime being associated with the session and the Mobile-Home authentication key such that the Mobile-Home authentication key is not valid after the session has ended or during another session;
  
  obtaining by the Mobile Node the first token from the second Mobile IP message; and
  
  generating by the Mobile Node the Mobile-Home authentication key to be shared between the Home Agent and the Mobile Node during the session using the first token.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 24. The method as recited in claim 23, further comprising:
    - sending a third Mobile IP message including an IP address of the Home Agent, the third Mobile IP message being a registration request or a binding update and being secured by the Mobile-Home authentication key; and
      
      receiving a fourth Mobile IP message from the Home Agent, the fourth Mobile IP message being a registration reply or a binding acknowledgement, wherein the fourth Mobile IP message is encrypted by the Mobile-Home authentication key.
  - 25. The method as recited in claim 24, wherein sending the third Mobile IP message is performed to extend the lifetime associated with the session and the Mobile-Home authentication key to be shared between the Home Agent and the Mobile Node during the session.
  - 26. The method as recited in claim 23, wherein the session is initiated when the Mobile Node boots up.
  - 27. The method as recited in claim 23, wherein the session ends when the Mobile Node reboots.
  - 28. The method as recited in claim 23, wherein the first Mobile IP message is a registration request or a Binding Update, and the second Mobile IP message is a registration reply or a Binding Acknowledgement.
  - 29. The method as recited in claim 23, wherein at least a portion of the first Mobile IP message and the second Mobile IP message are encrypted, wherein the at least a portion of the first Mobile IP message is encrypted using the Home Agent'"'"'s public key, the method further comprising:
    - encrypting the at least a portion of the first Mobile IP message using the Home Agent'"'"'s public key.
  - 30. The method as recited in claim 29, wherein the second Mobile IP message is encrypted using the Mobile Node'"'"'s public key, the method further comprising:
    - decrypting the second Mobile IP message using the Mobile Node'"'"'s private key.
  - 31. The method as recited in claim 30, wherein the Mobile Node'"'"'s public key is provided in the first Mobile IP message, the method further comprising:
    - providing the Mobile Node'"'"'s public key in the first Mobile IP message.
  - 32. The method as recited in claim 23, wherein the Mobile Node is not authenticated in Mobile IP.
  - 33. The method as recited in claim 32, wherein the Mobile Node is authenticated during layer 2 or layer 3 authentication.
  - 34. The method as recited in claim 23, wherein the Mobile Node is not authenticated via a shared security association prior to obtaining the Mobile-Home authentication key.
  - 35. The method as recited in claim 23, wherein the first Mobile IP message includes a suggested lifetime and wherein the lifetime provided in the second Mobile IP message is less than or equal to the suggested lifetime.
  - 36. The method as recited in claim 23, further comprising:
    - encrypting by the Mobile Node a message using the Mobile-Home authentication key to generate an encrypted message; and
      
      transmitting by the Mobile Node the encrypted message to the Home Agent.
  - 37. The method as recited in claim 23, further comprising:
    - encrypting messages to the Home Agent using the Mobile-Home authentication key during the session.

38. A non-transitory computer-readable storage medium storing thereon computer-readable instructions for supporting a session in Mobile IP in a Home Agent, comprising:
- instructions for determining from a first Mobile IP message received from a Mobile Node and identifying the Mobile Node that the Mobile Node is requesting dynamic configuration of a Mobile-Home authentication key to be shared between the Mobile Node and the Home Agent during the session, wherein the first Mobile IP message does not include the Mobile-Home authentication key and wherein the first Mobile IP message or a portion thereof is not encrypted by the Mobile-Home authentication key;
  
  instructions for in response to the first Mobile IP message, generating a Mobile-Home authentication key to be shared between the Home Agent and the Mobile Node during the session; and
  
  instructions for sending a second Mobile IP message identifying the Home Agent to the Mobile Node, the second Mobile IP message including a lifetime and a first token to be used by the Mobile Node for generating the Mobile-Home authentication key, the lifetime being associated with the session and the Mobile-Home authentication key such that the Mobile-Home authentication key is not valid after the session has ended or during another session, thereby enabling the Mobile Node to encrypt messages to the Home Agent during the session using the Mobile-Home authentication key.

39. A Home Agent adapted for supporting a session in Mobile IP, comprising:
- means for receiving a first Mobile IP message identifying a Mobile Node from the Mobile Node, wherein the first Mobile IP message indicates to the Home Agent that the Mobile Node is requesting dynamic configuration of a Mobile-Home authentication key to be shared between the Mobile Node and the Home Agent during the session, wherein the first Mobile IP message does not include the Mobile-Home authentication key and wherein the first Mobile IP message or a portion thereof is not encrypted by the Mobile-Home authentication key;
  
  means for in response to the first Mobile IP message, generating a Mobile-Home authentication key to be shared between the Home Agent and the Mobile Node during the session; and
  
  means for sending a second Mobile IP message identifying the Home Agent to the Mobile Node, the second Mobile IP message including a lifetime and a first token to be used by the Mobile Node for generating the Mobile-Home authentication key, the lifetime being associated with the session and the Mobile-Home authentication key such that the Mobile-Home authentication key is not valid after the session has ended or during another session, thereby enabling the Mobile Node to encrypt messages to the Home Agent during the session using the Mobile-Home authentication key.

40. A Home Agent adapted for supporting a session in Mobile IP, comprising:
- a processor; and
  
  a memory, at least one of the processor and the memory being adapted for;
  
  receiving a first Mobile IP message identifying a Mobile Node from the Mobile Node, wherein the first Mobile IP message indicates to the Home Agent that the Mobile Node is requesting dynamic configuration of a Mobile-Home authentication key to be shared between the Mobile Node and the Home Agent during the session, wherein the first Mobile IP message does not include the Mobile-Home authentication key and wherein the first Mobile IP message or a portion thereof is not encrypted by the Mobile-Home authentication key;
  
  in response to the first Mobile IP message, generating a Mobile-Home authentication key to be shared between the Home Agent and the Mobile Node during the session; and
  
  sending a second Mobile IP message identifying the Home Agent to the Mobile Node, the second Mobile IP message including a lifetime and a first token to be used by the Mobile Node for generating the Mobile-Home authentication key, the lifetime being associated with the session and the Mobile-Home authentication key such that the Mobile-Home authentication key is not valid after the session has ended or during another session, thereby enabling the Mobile Node to encrypt messages to the Home Agent during the session using the Mobile-Home authentication key.

41. An apparatus, comprising:
- a processor; and
  
  a memory, at least one of the processor or the memory being configured for;
  
  composing and sending by a Mobile Node a first Mobile IP message identifying the Mobile Node to a Home Agent, wherein the first Mobile IP message indicates to the Home Agent that the Mobile Node is initiating dynamic configuration of a Mobile-Home authentication key to be shared between the Mobile Node and the Home Agent during a session, wherein the first Mobile IP message does not include the Mobile-Home authentication key and wherein the first Mobile IP message or a portion thereof is not encrypted by the Mobile-Home authentication key;
  
  receiving by the Mobile Node a second Mobile IP message identifying the Mobile Node from the Home Agent, the second Mobile IP message including a lifetime and a first token to be used by the Mobile Node for generating the Mobile-Home authentication key, the lifetime being associated with the session and the Mobile-Home authentication key such that the Mobile-Home authentication key is not valid after the session has ended or during another session; and
  
  obtaining by the Mobile Node the first token from the second Mobile IP message; and
  
  generating by the Mobile Node the Mobile-Home authentication key to be shared between the Home Agent and the Mobile Node during the session using the first token.

42. A non-transitory computer-readable medium storing thereon computer-readable instructions for performing a method, comprising:
- composing and sending by a Mobile Node a first Mobile IP message identifying the Mobile Node to a Home Agent, wherein the first Mobile IP message indicates to the Home Agent that the Mobile Node is initiating dynamic configuration of a Mobile-Home authentication key to be shared between the Mobile Node and the Home Agent during a session, wherein the first Mobile IP message does not include the Mobile-Home authentication key and wherein the first Mobile IP message or a portion thereof is not encrypted by the Mobile-Home authentication key;
  
  receiving by the Mobile Node a second Mobile IP message identifying the Mobile Node from the Home Agent, the second Mobile IP message including a lifetime and a first token to be used by the Mobile Node for generating the Mobile-Home authentication key, the lifetime being associated with the session and the Mobile-Home authentication key such that the Mobile-Home authentication key is not valid after the session has ended or during another session; and
  
  obtaining by the Mobile Node the first token from the second Mobile IP message; and
  
  generating by the Mobile Node the Mobile-Home authentication key to be shared between the Home Agent and the Mobile Node during the session using the first token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Dommety, Gopal, Patel, Alpesh
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Jamshidi, Ghodrat

Application Number

US12/368,179
Publication Number

US 20090144809A1
Time in Patent Office

1,737 Days
Field of Search

713/153, 713/181, 726/3, 726/14, 726/4, 726/181
US Class Current

726/4
CPC Class Codes

H04L 61/5007   Internet protocol [IP] addr...

H04L 63/0442   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/0823   using certificates cryptogr...

H04L 63/1441   Countermeasures against mal...

H04W 12/041   Key generation or derivation

H04W 12/069   using certificates or pre-s...

H04W 80/04   Network layer protocols, e....

Infrastructure-less bootstrapping: trustless bootstrapping to enable mobility for mobile devices

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

86 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Infrastructure-less bootstrapping: trustless bootstrapping to enable mobility for mobile devices

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

86 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links