Dynamic foreign agent—home agent security association allocation for IP mobility systems

US 8,615,658 B2
Filed: 01/17/2013
Issued: 12/24/2013
Est. Priority Date: 03/28/2007
Status: Active Grant

First Claim

Patent Images

1. A method for establishing a secure communication pathway between a mobile node and a home agent on a home network, comprising the steps of:

receiving a registration request at a foreign agent on a foreign network from said mobile node located on said foreign network, said registration request including care-of addressing information to establish a communication pathway between the mobile node and the home agent located on the home network;

transmitting an access request from the foreign agent to a home network AAA server located on the home network with a security association request for a specified foreign agent-home agent pairing, said home network AAA server dynamically allocating security parameters to support the security association request;

receiving an access response at the foreign agent from the home network AAA server which includes the dynamically allocated security parameter information generated by the home network AAA server;

transmitting the registration request to the home agent from the foreign agent including a selected portion of the security parameters received by the foreign agent, said home agent receiving the dynamically allocated security parameter information separately from the home network AAA server after receiving the registration request;

receiving a registration response at the foreign agent from the home agent after confirmation of the foreign agent-home agent security association information, said registration response being provided to the mobile node to establish the communication pathway between the home agent and the mobile node.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Utilizing the AAA infrastructure to dynamically allocate the various parameters needed to establish the security association between the Foreign Agent and the Home Agent. The present invention uses the AAA server as a central entity to dynamically generate and distribute the chosen security association parameters needed to support the Foreign Agent and Home Agent security association based on a request from the Foreign Agent. The AAA server can also dynamically assigns a unique SPI value to the Foreign Agent and Home Agent pairs. The various parameters that can be allocated in the present invention include a FA-HA shared secret key or a public/private key pair, an authentication algorithm and mode, a FA-HA secret key lifetime, and security parameter index or security index values. The present invention also can assist in making sure that the Foreign Agent and the Home Agent stay synchronized with respect to their security association.

57 Citations

28 Claims

1. A method for establishing a secure communication pathway between a mobile node and a home agent on a home network, comprising the steps of:
- receiving a registration request at a foreign agent on a foreign network from said mobile node located on said foreign network, said registration request including care-of addressing information to establish a communication pathway between the mobile node and the home agent located on the home network;
  
  transmitting an access request from the foreign agent to a home network AAA server located on the home network with a security association request for a specified foreign agent-home agent pairing, said home network AAA server dynamically allocating security parameters to support the security association request;
  
  receiving an access response at the foreign agent from the home network AAA server which includes the dynamically allocated security parameter information generated by the home network AAA server;
  
  transmitting the registration request to the home agent from the foreign agent including a selected portion of the security parameters received by the foreign agent, said home agent receiving the dynamically allocated security parameter information separately from the home network AAA server after receiving the registration request;
  
  receiving a registration response at the foreign agent from the home agent after confirmation of the foreign agent-home agent security association information, said registration response being provided to the mobile node to establish the communication pathway between the home agent and the mobile node.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the home network AAA server dynamically allocates the security parameter information including an SPI index value each time the foreign agent requests a security association for a specific home agent-foreign agent pairing.
  - 3. The method of claim 2, wherein old SPI index values will be considered invalid if those values do not match the dynamically allocated SPI index values issued by the home network AAA server.
  - 4. The method of claim 1, wherein the home network AAA server dynamically allocates the security parameters each time the foreign agent requests a security association for a specific home agent-foreign agent pairing even though there is an existing security association for that home agent-foreign agent pairing.
  - 5. The method of claim 1, wherein security parameters that are dynamically allocated include a foreign agent-home agent shared secret key or a public/private key pair.
  - 6. The method of claim 1, wherein security parameters that are dynamically allocated include an authentication algorithm and mode.
  - 7. The method of claim 1, wherein security parameters that are dynamically allocated include a foreign agent-home agent secret key lifetime.

8. A foreign agent node in a foreign communication network, comprising:
- communication logic configured to communicate with a mobile node and a home network of the mobile node;
  
  processing logic, wherein the processing logic is configured to;
  
  receive a registration request from the mobile node located on the foreign communication network using the communication logic, the registration request including care-of addressing information to establish a communication pathway between the mobile node and a home agent located on the home network;
  
  transmit an access request a home network AAA server located on the home network with a security association request for a specified foreign agent-home agent pairing using the communication logic, wherein the home network AAA server is configured to dynamically allocate security parameters to support the security association request;
  
  receive an access response from the home network AAA server using the communication logic, wherein the access response includes the dynamically allocated security parameter information generated by the home network AAA server;
  
  transmit the registration request to the home agent using the communication logic, wherein the registration request includes a selected portion of the security parameters received by the foreign agent, and wherein the home agent is configured to receive the dynamically allocated security parameter information separately from the home network AAA server after receiving the registration request;
  
  receive a registration response from the home agent using the communication logic, wherein said receiving the registration response is performed after confirmation of the foreign agent-home agent security association information, wherein the registration response is usable to establish the communication pathway between the home agent and the mobile node.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The foreign agent node of claim 8, wherein the home network AAA server dynamically allocates the security parameter information including an SPI index value each time the foreign agent requests a security association for a specific home agent-foreign agent pairing.
  - 10. The foreign agent node of claim 9, wherein old SPI index values are considered invalid if those values do not match the dynamically allocated SPI index values issued by the home network AAA server.
  - 11. The foreign agent node of claim 8, wherein the home network AAA server dynamically allocates the security parameters each time the foreign agent requests a security association for a specific home agent-foreign agent pairing even though there is an existing security association for that home agent-foreign agent pairing.
  - 12. The foreign agent node of claim 8, wherein security parameters that are dynamically allocated include a foreign agent-home agent shared secret key or a public/private key pair.
  - 13. The foreign agent node of claim 8, wherein security parameters that are dynamically allocated include an authentication algorithm and mode.
  - 14. The foreign agent node of claim 8, wherein security parameters that are dynamically allocated include a foreign agent-home agent secret key lifetime.

15. A method for establishing a secure communication pathway between a mobile node and a home agent on a home network, comprising the steps of:
- a home network AAA server receiving an access request from a foreign agent on a foreign network with a security association request for a specified foreign agent-home agent pairing, wherein the access request is received in response to a registration request at the foreign agent by the mobile node located on the foreign network, wherein the registration request comprises care-of addressing information to establish a communication pathway between the mobile node and the home agent located on the home network;
  
  the home network AAA server dynamically allocating security parameters to support the security association request;
  
  the home network AAA server providing an access response to the foreign agent which includes the dynamically allocated security parameter information generated by the home network AAA server, wherein the foreign agent is configured to transmit the registration request to the home agent from the foreign agent including a selected portion of the security parameters received by the foreign agent;
  
  the home network AAA server separately transmitting the dynamically allocated security parameter information to the home agent after receiving the registration request, wherein the home agent is configured to provide a registration response to the foreign agent after confirmation of the foreign agent-home agent security association information, wherein the registration response is usable to establish the communication pathway between the home agent and the mobile node.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method of claim 15, wherein the home network AAA server dynamically allocates the security parameter information including an SPI index value each time the foreign agent requests a security association for a specific home agent-foreign agent pairing.
  - 17. The method of claim 16, wherein old SPI index values will be considered invalid if those values do not match the dynamically allocated SPI index values issued by the home network AAA server.
  - 18. The method of claim 15, wherein the home network AAA server dynamically allocates the security parameters each time the foreign agent requests a security association for a specific home agent-foreign agent pairing even though there is an existing security association for that home agent-foreign agent pairing.
  - 19. The method of claim 15, wherein security parameters that are dynamically allocated include a foreign agent-home agent shared secret key or a public/private key pair.
  - 20. The method of claim 15, wherein security parameters that are dynamically allocated include an authentication algorithm and mode.
  - 21. The method of claim 15, wherein security parameters that are dynamically allocated include a foreign agent-home agent secret key lifetime.

22. A home network AAA server of a home communication network, comprising:
- communication logic configured to communicate with a foreign agent of a foreign communication network and a home agent of the home communication network;
  
  processing logic, wherein the processing logic is configured to;
  
  receive an access request from a foreign agent on the foreign communication network using the communication logic, wherein the access request includes a security association request for a specified foreign agent-home agent pairing, wherein the access request is received in response to a registration request at the foreign agent by the mobile node located on the foreign communication network, wherein the registration request comprises care-of addressing information to establish a communication pathway between the mobile node and the home agent located on the home network;
  
  dynamically allocate security parameters to support the security association request;
  
  provide an access response to the foreign agent using the communication logic, wherein the access response comprises the dynamically allocated security parameter information generated by the home network AAA server, wherein the foreign agent is configured to transmit the registration request to the home agent from the foreign agent including a selected portion of the security parameters received by the foreign agent;
  
  separately transmit the dynamically allocated security parameter information to the home agent after receiving the registration request using the communication logic, wherein the home agent is configured to provide a registration response to the foreign agent after confirmation of the foreign agent-home agent security association information, wherein the registration response is usable to establish the communication pathway between the home agent and the mobile node.
- View Dependent Claims (23, 24, 25, 26, 27, 28)
- - 23. The home network AAA server of claim 22, wherein the home network AAA server dynamically allocates the security parameter information including an SPI index value each time the foreign agent requests a security association for a specific home agent-foreign agent pairing.
  - 24. The home network AAA server of claim 23, wherein old SPI index values will be considered invalid if those values do not match the dynamically allocated SPI index values issued by the home network AAA server.
  - 25. The home network AAA server of claim 22, wherein the home network AAA server dynamically allocates the security parameters each time the foreign agent requests a security association for a specific home agent-foreign agent pairing even though there is an existing security association for that home agent-foreign agent pairing.
  - 26. The home network AAA server of claim 22, wherein security parameters that are dynamically allocated include a foreign agent-home agent shared secret key or a public/private key pair.
  - 27. The home network AAA server of claim 22, wherein security parameters that are dynamically allocated include an authentication algorithm and mode.
  - 28. The home network AAA server of claim 22, wherein security parameters that are dynamically allocated include a foreign agent-home agent secret key lifetime.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Muhanna, Ahmad, Khalil, Mohamed
Primary Examiner(s)
KOSOWSKI, CAROLYN M

Application Number

US13/743,429
Publication Number

US 20130130655A1
Time in Patent Office

341 Days
Field of Search

380/248, 713/168
US Class Current

713/168
CPC Class Codes

H04L 63/068   using time-dependent keys, ...

H04L 63/08   for authentication of entit...

H04L 63/0892   by using authentication-aut...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 28/18   Negotiating wireless commun...

H04W 48/14   using user query or user de...

H04W 60/00   Affiliation to network, e.g...

H04W 8/065   involving selection of the ...

H04W 80/04   Network layer protocols, e....

Dynamic foreign agent—home agent security association allocation for IP mobility systems

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

57 Citations

28 Claims

Specification

Use Cases

Quick Links

Others

Dynamic foreign agent—home agent security association allocation for IP mobility systems

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

28 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others