Secure association
First Claim
1. A method for forming secure associations between IP-enabled devices, the method comprising:
- establishing, at a first network server, a first secure association between a first one of said devices and the first network server,receiving, at the first network server, from a subscriber known to a network using an authentication storage device, a declaration of ownership to the network of a second one of said devices,the first network server assigning a network realm identity to the second device,receiving, at the first network server, authentication information in response to authentication of the subscriber giving the declaration;
transferring the same authentication information from the first network server to the second device,the second network server establishing a second secure association between the second device and the second network server using the transferred authentication information,the first network server establishing a secure connection to the second network server using a third secure association, the first, second and third secure associations forming a chain of secure associations between the first device and the first network server, between the second device and the second network server, and between the first network server and the second network server, said secure connection having corresponding secure association information, the first and second network servers acting as proxies for the first and second devices, negotiating a fourth, different secure association on their behalf using the established chain of secure associations, the negotiated fourth secure association allowing the first device and the second device to communicate directly with each other in a secure manner as a result of the chain of secure associations, despite the first device having no prior communications with the second device and without the first and second devices exchanging keys or certificates, andthe first network server transferring said corresponding secure association information to both first and second devices using the first and second associations respectively, thereby providing the necessary association between the first and second IP-enabled devices.
1 Assignment
0 Petitions
Accused Products
Abstract
To enable formation of secure associations between IP-enabled devices when they have not previously connected, a method is proposed where a declaration of ownership of a target device is made by the subscriber of a originating device and that subscriber giving that declaration is authenticated by means of a SIM card, say. The originating device establishes secure connection to a first server. The target device establishes a secure connection to a second server. Provided the first and second servers can establish a conventional IP-type SA (e.g. using IPSec or TLS), there is a chain of secure associations between the two devices. This chain is then used to build a new secure association between originating device and target Device. The first and second servers thus act as proxies for two devices respectively and negotiate the secure association on their behalf. They then transfer the new secure association information securely to the devices using the existing chain of secure associations.
-
Citations
9 Claims
-
1. A method for forming secure associations between IP-enabled devices, the method comprising:
-
establishing, at a first network server, a first secure association between a first one of said devices and the first network server, receiving, at the first network server, from a subscriber known to a network using an authentication storage device, a declaration of ownership to the network of a second one of said devices, the first network server assigning a network realm identity to the second device, receiving, at the first network server, authentication information in response to authentication of the subscriber giving the declaration; transferring the same authentication information from the first network server to the second device, the second network server establishing a second secure association between the second device and the second network server using the transferred authentication information, the first network server establishing a secure connection to the second network server using a third secure association, the first, second and third secure associations forming a chain of secure associations between the first device and the first network server, between the second device and the second network server, and between the first network server and the second network server, said secure connection having corresponding secure association information, the first and second network servers acting as proxies for the first and second devices, negotiating a fourth, different secure association on their behalf using the established chain of secure associations, the negotiated fourth secure association allowing the first device and the second device to communicate directly with each other in a secure manner as a result of the chain of secure associations, despite the first device having no prior communications with the second device and without the first and second devices exchanging keys or certificates, and the first network server transferring said corresponding secure association information to both first and second devices using the first and second associations respectively, thereby providing the necessary association between the first and second IP-enabled devices. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for forming secure associations between IP-enabled devices, the system comprising:
-
a first network server and a second network server, the first network server and the second network server being operable to establish a first secure IP-type association therebetween, said secure association having corresponding secure association information, wherein the first network server establishes a first association with a first one of said devices, receives, from a subscriber known to the network using an authentication storage device, a declaration of ownership of a second one of said devices, assigns a network realm identity to the second device, receives authentication information in response to authentication of the subscriber giving the declaration, and transfers the same authentication information to the second device; and the second network server establishing a second secure association with the second device in accordance with the transferred authentication information, wherein the first network server transfers said corresponding secure association information to the first device using the first association and the second network server transfers said corresponding secure association information to the second device using the second association, the first network server establishing a secure connection to the second network server using a third secure association, the first, second and third secure associations forming a chain of secure associations between the first device and the first network server, between the second device and the second network server, and between the first network server and the second network server, the first and second network servers acting as proxies for the first and second devices, negotiating a fourth, different secure association on their behalf using the established chain of secure associations, the negotiated fourth secure association allowing the first device and the second device to communicate directly with each other in a secure manner as a result of the chain of secure associations, despite the first device having no prior communications with the second device and without the first and second devices exchanging keys or certificates. - View Dependent Claims (7, 8, 9)
-
Specification