Method and apparatus for securing communication between a mobile node and a network

US 8,788,821 B2
Filed: 09/19/2012
Issued: 07/22/2014
Est. Priority Date: 11/26/2003
Status: Active Grant

First Claim

Patent Images

1. A method of generating a message comprising the steps of:

a device accessing a message;

the device generating a checksum of the message;

the device accessing a session key, wherein the session key is negotiated prior to the accessing by;

initiating a communication session using a protocol;

receiving a public key within a vendor specific packet of the protocol, wherein the vendor specific packet includes a field indicating that the packet includes data in a format specified by a vendor;

generating a session key from the public key; and

communicating the session key within an initial request message (RRQ) of the protocol;

the device generating an authentication code by performing a one-way hash function on the checksum using the session key; and

the device generating an output message that includes the message and the authentication code, wherein the output message is intended for a first hop IP router.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with the teachings of the present invention, a method and apparatus is presented for securely negotiating a session key between a mobile node and a network node, such as a first hop IP router. A session key is encoded using asymmetric encryption. The encrypted session key is then communicated to the first hop IP router for later use. In accordance with another teaching of the present invention, the session key is then used by the mobile node and a first hop IP router to authenticate a message. Lastly, in accordance with the third teaching of the present invention, a standardized protocol is used to securely negotiate the session key between the mobile node and the first hop IP router.

Citations

14 Claims

1. A method of generating a message comprising the steps of:
- a device accessing a message;
  
  the device generating a checksum of the message;
  
  the device accessing a session key, wherein the session key is negotiated prior to the accessing by;
  
  initiating a communication session using a protocol;
  
  receiving a public key within a vendor specific packet of the protocol, wherein the vendor specific packet includes a field indicating that the packet includes data in a format specified by a vendor;
  
  generating a session key from the public key; and
  
  communicating the session key within an initial request message (RRQ) of the protocol;
  
  the device generating an authentication code by performing a one-way hash function on the checksum using the session key; and
  
  the device generating an output message that includes the message and the authentication code, wherein the output message is intended for a first hop IP router.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1,wherein the device is a mobile node and the communication session is initiated with a router in a network;
    - andwherein initiating the communication session includes registering or authenticating the mobile node within the network using the protocol.
  - 3. The method of claim 1, wherein said generating the output message comprises encoding the authentication code with the message.
  - 4. A method of generating a message as set forth in claim 1, wherein the device comprises a mobile node.
  - 5. The method of claim 1, further comprising:
    - the device wirelessly transmitting the output message to a base station.
  - 6. The method of claim 1, wherein said generating the output message comprises combining the authentication code and the message.

7. A mobile device, comprising:
- wireless communication circuitry for performing wireless communication;
  
  processing hardware coupled to the wireless communication circuitry, wherein the processing hardware is configured to;
  
  access a message;
  
  generate a checksum of the message;
  
  access a session key, wherein the processing hardware is configured to negotiate the session key prior to accessing the message by;
  
  initiating a communication session using a protocol;
  
  receiving a public key within a vendor specific packet of the protocol, wherein the vendor specific packet includes a field indicating that the packet includes data in a format specified by a vendor;
  
  generating a session key from the public key; and
  
  communicating the session key within an initial request message (RRQ) of the protocol;
  
  generate an authentication code by performing a one-way hash function on the checksum using the session key;
  
  generate an output message that includes the message and the authentication code; and
  
  transmit the output message via the wireless communication circuitry, wherein the output message is intended for a first hop IP router.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The mobile device of claim 7, wherein the processing hardware comprises a memory medium storing program instructions and a processor coupled to the memory medium and configured to execute the program instructions.
  - 9. The mobile device of claim 7, wherein generating the output message includes combining the authentication code and the message.
  - 10. The mobile device of claim 7, wherein generating the output message includes appending the authentication code to the message.
  - 11. The mobile device of claim 7, wherein generating the output message includes encoding the authentication code with the message.
  - 12. The mobile device of claim 7, wherein the mobile device is configured to transmit the output message to a base station.

13. A non-transitory, computer accessible memory medium comprising program instructions, wherein the program instructions are executable by a mobile device to:
- access a message;
  
  generate a checksum of the message;
  
  access a session key, wherein the program instructions are executable to negotiate the session key prior to the accessing the message by;
  
  initiating a communication session using a protocol;
  
  receiving a public key within a vendor specific packet of the protocol, wherein the vendor specific packet includes a field indicating that the packet includes data in a format specified by a vendor;
  
  generating a session key from the public key; and
  
  communicating the session key within an initial request message (RRQ) of the protocol;
  
  generate an authentication code by performing a one-way hash function on the checksum using the session key; and
  
  generate an output message that includes the message and authentication code, wherein the output message is intended for a first hop IP router.
- View Dependent Claims (14)
- - 14. The non-transitory, computer accessible memory medium of claim 13, wherein generating the output message includes appending the authentication code to the message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Chowdhury, Kuntal
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
HO, DAO Q

Application Number

US13/622,413
Publication Number

US 20130024691A1
Time in Patent Office

671 Days
Field of Search

713/170
US Class Current

713/168
CPC Class Codes

G06F 21/64   Protecting data integrity, ...

H04L 2463/062   applying encryption of the ...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/12   Applying verification of th...

H04L 9/3242   involving keyed hash functi...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/10   Integrity

H04W 12/50   Secure pairing of devices

Method and apparatus for securing communication between a mobile node and a network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for securing communication between a mobile node and a network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links