Dynamic foreign agent—home agent security association allocation for IP mobility systems
First Claim
1. A method for establishing a secure communication pathway between a mobile node and a home agent on a home network, comprising the steps of:
- receiving a registration request at a foreign agent on a foreign network from said mobile node located on said foreign network, said registration request including care-of addressing information to establish a communication pathway between the mobile node and the home agent located on the home network;
transmitting an access request from the foreign agent to a home network AAA server located on the home network with a security association request for a specified foreign agent-home agent pairing, said home network AAA server dynamically allocating security parameters to support the security association request;
receiving an access response at the foreign agent from the home network AAA server which includes the dynamically allocated security parameter information generated by the home network AAA server;
transmitting the registration request to the home agent from the foreign agent including a selected portion of the security parameters received by the foreign agent, said home agent receiving the dynamically allocated security parameter information separately from the home network AAA server after receiving the registration request;
receiving a registration response at the foreign agent from the home agent after confirmation of the foreign agent-home agent security association information, said registration response being provided to the mobile node to establish the communication pathway between the home agent and the mobile node.
0 Assignments
0 Petitions
Accused Products
Abstract
Utilizing the AAA infrastructure to dynamically allocate the various parameters needed to establish the security association between the Foreign Agent and the Home Agent. The present invention uses the AAA server as a central entity to dynamically generate and distribute the chosen security association parameters needed to support the Foreign Agent and Home Agent security association based on a request from the Foreign Agent. The AAA server can also dynamically assigns a unique SPI value to the Foreign Agent and Home Agent pairs. The various parameters that can be allocated in the present invention include a FA-HA shared secret key or a public/private key pair, an authentication algorithm and mode, a FA-HA secret key lifetime, and security parameter index or security index values. The present invention also can assist in making sure that the Foreign Agent and the Home Agent stay synchronized with respect to their security association.
57 Citations
28 Claims
-
1. A method for establishing a secure communication pathway between a mobile node and a home agent on a home network, comprising the steps of:
-
receiving a registration request at a foreign agent on a foreign network from said mobile node located on said foreign network, said registration request including care-of addressing information to establish a communication pathway between the mobile node and the home agent located on the home network; transmitting an access request from the foreign agent to a home network AAA server located on the home network with a security association request for a specified foreign agent-home agent pairing, said home network AAA server dynamically allocating security parameters to support the security association request; receiving an access response at the foreign agent from the home network AAA server which includes the dynamically allocated security parameter information generated by the home network AAA server; transmitting the registration request to the home agent from the foreign agent including a selected portion of the security parameters received by the foreign agent, said home agent receiving the dynamically allocated security parameter information separately from the home network AAA server after receiving the registration request; receiving a registration response at the foreign agent from the home agent after confirmation of the foreign agent-home agent security association information, said registration response being provided to the mobile node to establish the communication pathway between the home agent and the mobile node. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A foreign agent node in a foreign communication network, comprising:
-
communication logic configured to communicate with a mobile node and a home network of the mobile node; processing logic, wherein the processing logic is configured to; receive a registration request from the mobile node located on the foreign communication network using the communication logic, the registration request including care-of addressing information to establish a communication pathway between the mobile node and a home agent located on the home network; transmit an access request a home network AAA server located on the home network with a security association request for a specified foreign agent-home agent pairing using the communication logic, wherein the home network AAA server is configured to dynamically allocate security parameters to support the security association request; receive an access response from the home network AAA server using the communication logic, wherein the access response includes the dynamically allocated security parameter information generated by the home network AAA server; transmit the registration request to the home agent using the communication logic, wherein the registration request includes a selected portion of the security parameters received by the foreign agent, and wherein the home agent is configured to receive the dynamically allocated security parameter information separately from the home network AAA server after receiving the registration request; receive a registration response from the home agent using the communication logic, wherein said receiving the registration response is performed after confirmation of the foreign agent-home agent security association information, wherein the registration response is usable to establish the communication pathway between the home agent and the mobile node. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method for establishing a secure communication pathway between a mobile node and a home agent on a home network, comprising the steps of:
-
a home network AAA server receiving an access request from a foreign agent on a foreign network with a security association request for a specified foreign agent-home agent pairing, wherein the access request is received in response to a registration request at the foreign agent by the mobile node located on the foreign network, wherein the registration request comprises care-of addressing information to establish a communication pathway between the mobile node and the home agent located on the home network; the home network AAA server dynamically allocating security parameters to support the security association request; the home network AAA server providing an access response to the foreign agent which includes the dynamically allocated security parameter information generated by the home network AAA server, wherein the foreign agent is configured to transmit the registration request to the home agent from the foreign agent including a selected portion of the security parameters received by the foreign agent; the home network AAA server separately transmitting the dynamically allocated security parameter information to the home agent after receiving the registration request, wherein the home agent is configured to provide a registration response to the foreign agent after confirmation of the foreign agent-home agent security association information, wherein the registration response is usable to establish the communication pathway between the home agent and the mobile node. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A home network AAA server of a home communication network, comprising:
-
communication logic configured to communicate with a foreign agent of a foreign communication network and a home agent of the home communication network; processing logic, wherein the processing logic is configured to; receive an access request from a foreign agent on the foreign communication network using the communication logic, wherein the access request includes a security association request for a specified foreign agent-home agent pairing, wherein the access request is received in response to a registration request at the foreign agent by the mobile node located on the foreign communication network, wherein the registration request comprises care-of addressing information to establish a communication pathway between the mobile node and the home agent located on the home network; dynamically allocate security parameters to support the security association request; provide an access response to the foreign agent using the communication logic, wherein the access response comprises the dynamically allocated security parameter information generated by the home network AAA server, wherein the foreign agent is configured to transmit the registration request to the home agent from the foreign agent including a selected portion of the security parameters received by the foreign agent; separately transmit the dynamically allocated security parameter information to the home agent after receiving the registration request using the communication logic, wherein the home agent is configured to provide a registration response to the foreign agent after confirmation of the foreign agent-home agent security association information, wherein the registration response is usable to establish the communication pathway between the home agent and the mobile node. - View Dependent Claims (23, 24, 25, 26, 27, 28)
-
Specification