Secure tunnel establishment upon attachment or handover to an access network

US 8,792,453 B2
Filed: 10/28/2009
Issued: 07/29/2014
Est. Priority Date: 12/03/2008
Status: Active Grant

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method for establishing a secure tunnel to a trusted packet data gateway upon a mobile node initially attaching to or performing a handover to a target access network, the method comprising:

determining from a reachability list maintained in the mobile node at least one trusted packet data gateway that is reachable through the target access network, wherein the reachability list lists data sets indicating data paths and the reachability status of respective known trusted packet data gateways for each respective data path, andestablishing a secure tunnel to the trusted packet data gateway determined from the reachability list maintained in the mobile node, the secure tunnel is established prior to the attachment to the target access network.

View all claims

3 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

The invention relates to a method, mobile node and computer-readable medium for establishing (or pre-establishing) a secure tunnel to an ePDG to prepare for a mobile node attachment or handover to another access network. To reduce the delay of a handover or upon attachment of a mobile node to an access network implied by mechanisms to discover a ePDG, the mobile node maintains a reachability list that can be consulted to identify an ePDG or ePDGs that are reachable in the target access network, i.e. to which the mobile node may establish a secure tunnel. If the mobile node can identify a reachable ePDG for a given access network from the reachability list, the mobile node (pre-)establishes a secure tunnel to the ePDG upon attaching to the given access network. In alternative solutions DNS, DHCP or other mechanism can be used to provide the mobile node with information on ePDGs in its vicinity.

13 Citations

View as Search Results

26 Claims

1. A method for establishing a secure tunnel to a trusted packet data gateway upon a mobile node initially attaching to or performing a handover to a target access network, the method comprising:
- determining from a reachability list maintained in the mobile node at least one trusted packet data gateway that is reachable through the target access network, wherein the reachability list lists data sets indicating data paths and the reachability status of respective known trusted packet data gateways for each respective data path, andestablishing a secure tunnel to the trusted packet data gateway determined from the reachability list maintained in the mobile node, the secure tunnel is established prior to the attachment to the target access network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method according to claim 1, wherein the data paths are indicated bycombinations of access network identifiers, core network identifiers and access point names, orcombinations of core network identifiers and access point names, oraccess point names.
  - 3. The method according to claim 2, further comprising trying, upon the mobile node having attached to the target access network, to establish a secure tunnel to a trusted packet data gateway pre-configured in the mobile node or learned from a DNS query, in case no access point name of a packet data network through which a trusted packet data gateway can be reached could be determined from the reachability list.
  - 4. The method according to claim 3, further comprising adding to the reachability list a data set indicating the data path to said unreachable trusted packet data gateway and that the unreachable trusted packet data gateway is not reachable through the data path, in case no secure tunnel can be established to a trusted packet data gateway due to the trusted packet data gateway being unreachable.
  - 5. The method according to claim 3, further comprising adding to the reachability list a data set indicating the data path to said reachable trusted packet data gateway and that the reachable trusted packet data gateway is reachable through the data path, in case a secure tunnel can be established to a trusted packet data gateway.
  - 6. The method according to claim 4, further comprising adding to the reachability list a data set indicating the data path to said reachable trusted packet data gateway and that the reachable trusted packet data gateway is reachable through the data path, in case a secure tunnel can be established to a trusted packet data gateway.
  - 7. The method according to claim 1, further comprising updating the reachability list, if the reachability status of a trusted packet data gateway changes for a given data path.
  - 8. The method according to claim 2, further comprising updating the reachability list, if the reachability status of a trusted packet data gateway changes for a given data path.
  - 9. The method according to claim 1, further comprising:
    - receiving a reachability list from another mobile node or network node in the access network or core network connected thereto.
  - 10. The method according to claim 2, further comprising:
    - receiving a reachability list from another mobile node or network node in the access network or core network connected thereto.
  - 11. The method according to claim 9, further comprising updating the maintained reachability list based on the reachability list received from another mobile node or network node in the access network or core network connected thereto.
  - 12. The method according to claim 10, further comprising updating the maintained reachability list based on the reachability list received from another mobile node or network node in the access network or core network connected thereto.
  - 13. The method according to claim 1, wherein the reachability list consists of two list, a white list listing the data paths of trusted packet data gateway being reachable through the respective data path and the respective of trusted packet data gateway and a black list listing the data paths of trusted packet data gateway not being reachable through the respective data path and the respective of trusted packet data gateway.
  - 14. The method according to claim 2, wherein the reachability list consists of two list, a white list listing the data paths of trusted packet data gateway being reachable through the respective data path and the respective of trusted packet data gateway and a black list listing the data paths of trusted packet data gateway not being reachable through the respective data path and the respective of trusted packet data gateway.
  - 15. The method according to one of claim 1, wherein the steps of the method are performed by the mobile node only in case the IP address configured on a mobile node'"'"'s interface to the target access network is differing from the IP address configured on a mobile node'"'"'s interface to the source access network, or in case the a trusted packet data gateway to which the mobile node has established a tunnel through the source access network is not reachable through the target access network according to the reachability list.

16. A method for establishing a secure tunnel to a trusted packet data gateway, the method comprising the steps:
- establishing a secure tunnel to the trusted packet data gateway through a source access gateway and via a packet data network gateway prior to handover to a target access network,checking prior to attachment to the target access network whether the trusted packet data gateway can be reached through the target access network by checking reachability status of the trusted packet data gateway through the target access network based on a reachability list maintained by the mobile node, wherein the reachability list lists data sets indicating data paths and the reachability status of respective known trusted packet data gateways for each respective data path, andrequesting via the source access network the core network node of a core network connected to the source access network to maintain the connection to the trusted packet data gateway via the packet data network gateway upon the mobile node attaching to the target access network.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
- - 17. The method according to claim 16, further comprising performing the following steps, in case the trusted packet data gateway cannot be reached through the target access network:
    - determining from a reachability list maintained in the mobile node at least one trusted packet data gateway that is reachable through the target access network, wherein the reachability list lists data sets indicating data paths and the reachability status of respective known trusted packet data gateways for each respective data path, andestablishing a secure tunnel to the trusted packet data gateway determined from the reachability list maintained in the mobile node.
  - 18. The method according to claim 17, wherein the data paths are indicated bycombinations of access network identifiers, core network identifiers and access point names, orcombinations of core network identifiers and access point names, oraccess point names.
  - 19. The method according to claim 18, further comprising trying, upon the mobile node having attached to the target access network, to establish a secure tunnel to a trusted packet data gateway pre-configured in the mobile node or learned from a DNS query, in case no access point name of a packet data network through which a trusted packet data gateway can be reached could be determined from the reachability list.
  - 20. The method according to claim 19, further comprising adding to the reachability list a data set indicating the data path to said unreachable trusted packet data gateway and that the unreachable trusted packet data gateway is not reachable through the data path, in case no secure tunnel can be established to a trusted packet data gateway due to the trusted packet data gateway being unreachable.
  - 21. The method according to claim 17, further comprising receiving a reachability list from another mobile node or network node in the access network or core network connected thereto.
  - 22. The method according to claim 21, further comprising updating the maintained reachability list based on the reachability list received from another mobile node or network node in the access network or core network connected thereto.
  - 23. The method according to claim 17, wherein the reachability list consists of two list, a white list listing the data paths of trusted packet data gateway being reachable through the respective data path and the respective of trusted packet data gateway and a black list listing the data paths of trusted packet data gateway not being reachable through the respective data path and the respective of trusted packet data gateway.
  - 24. The method according to claim 18, wherein the reachability list consists of two list, a white list listing the data paths of trusted packet data gateway being reachable through the respective data path and the respective of trusted packet data gateway and a black list listing the data paths of trusted packet data gateway not being reachable through the respective data path and the respective of trusted packet data gateway.

25. A mobile node comprising:
- a processing unit configured to determine from a reachability list maintained in the mobile node at least one trusted packet data gateway that is reachable through the target access network, wherein the reachability list lists data sets indicating data paths and the reachability status of respective known trusted packet data gateways for each respective data path, anda communication unit configured to establish a secure tunnel to the trusted packet data gateway, determined from the reachability list maintained in the mobile node, wherein the secure tunnel is established prior to the attachment to the target access network.

26. A mobile node comprising:
- a communication unit configured to establish a secure tunnel to the trusted packet data gateway through a source access gateway and via a packet data network gateway prior to handover to a target access network, anda processing unit configured to check prior to attachment to the target access network whether the trusted packet data gateway can be reached through the target access network by checking reachability status of the trusted packet data gateway through the target access network based on a reachability list maintained by the mobile node, wherein the reachability list lists data sets indicating data paths and the reachability status of respective known trusted packet data gateways for each respective data path,wherein the communication unit is configured to request via the source access network the core network node of a core network connected to the source access network to maintain the connection to the trusted packet data gateway via the packet data network gateway upon the mobile node attaching to the target access network.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Sovereign Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
Panasonic Intellectual Property Corporation of America (Panasonic Holdings Corporation)
Inventors
Bachmann, Jens, Ikeda, Shinkichi, Aramaki, Takashi
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
ASEFA, DEBEBE A

Application Number

US13/126,924
Publication Number

US 20110261787A1
Time in Patent Office

1,735 Days
Field of Search

370254-340, 709201-213
US Class Current

370/331
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/164   at the network layer

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

H04W 12/037   of the control plane, e.g. ...

H04W 12/80   Arrangements enabling lawfu...

H04W 36/0038   of security context informa...

H04W 76/12   Setup of transport tunnels

H04W 80/04   Network layer protocols, e....

Secure tunnel establishment upon attachment or handover to an access network

First Claim

3 Assignments

Litigations

0 Petitions

Accused Products

Abstract

13 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Secure tunnel establishment upon attachment or handover to an access network

First Claim

3 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links