Method for implementing IP security in mobile IP networks
First Claim
1. A method of implementing Internet protocol security in a mobile IP network, comprising the steps of:
- initiating communication from a first node to a second node;
checking by the first node if any security association is established with the second node; and
initiating by the first node establishment of a security association for protecting communications with the second node if no security association is established with the second node.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for implementing IPsec in third generation and beyond wireless, mobile access, Internet protocol-based digital networks supporting Mobile IP is disclosed. A sending node initiates establishment of a security association for a receiving node, rather than waiting for the receiving node to initiate security association establishment after receiving a packet from the sending node. Thus, the disclosed method greatly reduces packet delay introduced by required authentication and security association establishment processes. The IPsec may use the Kerberos key exchange method. The Kerberos key exchange method, since it requires less computational overhead, is a suitable IPsec method for mobile IP networks where less resourceful devices such as PDAs and cellular phones are primary network access devices. Since the Kerberos key exchange method requires less computational overhead, packet delay associated with authentication and security processes are further reduced.
149 Citations
21 Claims
-
1. A method of implementing Internet protocol security in a mobile IP network, comprising the steps of:
-
initiating communication from a first node to a second node;
checking by the first node if any security association is established with the second node; and
initiating by the first node establishment of a security association for protecting communications with the second node if no security association is established with the second node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 17, 18, 19, 20, 21)
-
-
12. A method for implementing Kerberos-based Internet security protocol in a mobile IP network, comprising the steps of:
-
establishing a Layer 2 secret key between a node and a base transceiver station when the node is establishing wireless connection with the base transceiver station;
reporting the established Layer 2 secret key from a Layer 2 to a Layer 3 in the node; and
using the reported Layer 2 secret key to authenticate the node to the network when the node logs in the network.
-
-
16. An IP network comprising:
-
nodes communicate with each other over the network;
security association mangers provided in the network for managing security associations for the nodes, wherein when asked by a first node that needs to communicate with a second node, a security association manager returns to the first node a security association previously established for communication with the second node if the security association remains stored inside thereof, and if there is no security association stored for communication with the second node, the security association manager conducts establishment of a security association, stores the security association inside thereof and distributes it to the first node.
-
Specification