SECURE ASSOCIATION

US 20140150063A1
Filed: 09/14/2011
Published: 05/29/2014
Est. Priority Date: 09/14/2010
Status: Active Grant

First Claim

Patent Images

1-3. -3. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To enable formation of secure associations between IP-enabled devices when they have not previously connected, a method is proposed where a declaration of ownership of a target device is made by the subscriber of a originating device and that subscriber giving that declaration is authenticated by means of a SIM card, say. The originating device establishes secure connection to a first server. The target device establishes a secure connection to a second server. Provided the first and second servers can establish a conventional IP-type SA (e.g. using IPSec or TLS), there is a chain of secure associations between the two devices. This chain is then used to build a new secure association between originating device and target Device. The first and second servers thus act as proxies for two devices respectively and negotiate the secure association on their behalf. They then transfer the new secure association information securely to the devices using the existing chain of secure associations.

25 Citations

View as Search Results

12 Claims

1-3. -3. (canceled)

4. A method for forming secure associations between IP-enabled devices, the method comprising:
- establishing a first association between a first one of said devices and a first network server,receiving, from a subscriber known to the network using an authentication storage means, a declaration of ownership to the network of a second one of said devices,assigning a network realm identity to the second device,receiving authentication information in response to authentication of the subscriber giving the declaration;
  
  transferring the authentication information to the second device,facilitating a second association between the second device and a second network server in accordance with the transferred authentication information,establishing a secure connection between the first and second network servers, said secure connection having corresponding secure association information, andtransferring said corresponding secure association information to both first and second devices using the first and second associations respectively, thereby providing the necessary association between the first and second IP-enabled devices.
- View Dependent Claims (5, 6)
- - 5. The method of claim 4, wherein declaration of ownership is received from a subscriber authentication storage means.
  - 6. The method of claim 4, wherein receiving authentication information includes:
    - sending an authentication challenge to the subscriber authentication storage means; and
      
      receiving authentication information in response to the authentication challenge.

9. A system for forming secure associations between IP-enabled devices, the system comprising:
- a first network server and a second network server, the first network server and a second network server being operable to establish a secure IP-type association therebetween, said secure association having corresponding secure association information, wherein the first network server includes means for establishing a first association with a first one of said devices, means for receiving, from a subscriber known to the network using an authentication storage means, a declaration of ownership of a second one of said devices, means for assigning a network realm identity to the second device, means for receiving authentication information in response to authentication of the subscriber giving the declaration, and means for transferring the authentication information to the second device;
  
  the second network server having means for establishing a second association with the second device in accordance with the transferred authentication information,wherein the first network server transfers said corresponding secure association information to the first device using the first association and the second network server transfers said corresponding secure association information to the second device using the second association, thereby providing the necessary association between the first and second IP-enabled devices.
- View Dependent Claims (10, 11, 12)
- - 10. The system of claim 9, wherein declaration of ownership is received from a subscriber authentication storage means.
  - 11. The system of claim 9, wherein the means for receiving authentication information includes:
    - means for sending an authentication challenge to the subscriber authentication storage means; and
      
      means for receiving authentication information in response to the authentication challenge.
  - 12. The system of claim 9, wherein the authentication storage means is a (U)SIM.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vodafone IP Licensing Limited (Vodafone Group PLC)
Original Assignee
Vodafone IP Licensing Limited (Vodafone Group PLC)
Inventors
Bone, Nicholas

Granted Patent

US 9,699,156 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/18   using different networks or...

H04L 63/20   for managing network securi...

H04W 12/06   Authentication

SECURE ASSOCIATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

SECURE ASSOCIATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others