WO2008002439A3 - Method of creating security associations in mobile ip networks - Google Patents

Method of creating security associations in mobile ip networks Download PDF

Info

Publication number
WO2008002439A3
WO2008002439A3 PCT/US2007/014419 US2007014419W WO2008002439A3 WO 2008002439 A3 WO2008002439 A3 WO 2008002439A3 US 2007014419 W US2007014419 W US 2007014419W WO 2008002439 A3 WO2008002439 A3 WO 2008002439A3
Authority
WO
WIPO (PCT)
Prior art keywords
access gateway
mobile
key
mobile station
home agent
Prior art date
Application number
PCT/US2007/014419
Other languages
French (fr)
Other versions
WO2008002439A2 (en
Inventor
Peter James Mccann
Semyon B Mizikovsky
Ganapathy Subramanian Sundaram
Original Assignee
Lucent Technologies Inc
Peter James Mccann
Semyon B Mizikovsky
Ganapathy Subramanian Sundaram
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lucent Technologies Inc, Peter James Mccann, Semyon B Mizikovsky, Ganapathy Subramanian Sundaram filed Critical Lucent Technologies Inc
Priority to CN200780024311XA priority Critical patent/CN101480018B/en
Priority to EP07835844A priority patent/EP2039116B1/en
Priority to JP2009518164A priority patent/JP5004037B2/en
Priority to AT07835844T priority patent/ATE538609T1/en
Publication of WO2008002439A2 publication Critical patent/WO2008002439A2/en
Publication of WO2008002439A3 publication Critical patent/WO2008002439A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/04Network layer protocols, e.g. mobile IP [Internet Protocol]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks

Abstract

A key distribution scheme is provided, which is useful for establishing, distributing, and maintaining security associations in a Mobile IP network. An authentication server performs an initial validation of a new session and generates a root key which it delivers to the initial access gateway and to the home agent. The initial access gateway and the home agent each independently compute a derivative key available only to themselves. The initial access gateway, acting as proxy for the mobile station, uses the derivative key to sign the Mobile IP registration or binding update transactions, and sends the signed registration or binding update to the home agent for validation. Once the session is established between the mobile station and the home agent, the access gateways act as proxies on behalf of the mobile station to maintain the session mobility. In handoff, the new access gateway acquires the root key as part of the transferred session context. The new access gateway, acting as proxy for the mobile station, computes a new derivative key from the root key and uses it to sign a binding update.
PCT/US2007/014419 2006-06-26 2007-06-19 Method of creating security associations in mobile ip networks WO2008002439A2 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN200780024311XA CN101480018B (en) 2006-06-26 2007-06-19 Method of creating security associations in mobile ip networks
EP07835844A EP2039116B1 (en) 2006-06-26 2007-06-19 Method of creating security associations in mobile IP networks
JP2009518164A JP5004037B2 (en) 2006-06-26 2007-06-19 Method for creating a security association in a mobile IP network
AT07835844T ATE538609T1 (en) 2006-06-26 2007-06-19 METHOD FOR GENERATING SECURITY LINKS IN MOBILE IP NETWORKS

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/474,591 2006-06-26
US11/474,591 US8189544B2 (en) 2006-06-26 2006-06-26 Method of creating security associations in mobile IP networks

Publications (2)

Publication Number Publication Date
WO2008002439A2 WO2008002439A2 (en) 2008-01-03
WO2008002439A3 true WO2008002439A3 (en) 2008-05-02

Family

ID=38844991

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/014419 WO2008002439A2 (en) 2006-06-26 2007-06-19 Method of creating security associations in mobile ip networks

Country Status (7)

Country Link
US (1) US8189544B2 (en)
EP (1) EP2039116B1 (en)
JP (1) JP5004037B2 (en)
KR (1) KR101030645B1 (en)
CN (1) CN101480018B (en)
AT (1) ATE538609T1 (en)
WO (1) WO2008002439A2 (en)

Families Citing this family (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8189544B2 (en) 2006-06-26 2012-05-29 Alcatel Lucent Method of creating security associations in mobile IP networks
KR100811893B1 (en) * 2006-12-04 2008-03-10 한국전자통신연구원 Method for supporting mobility for vertical handover of mobile node
US9392434B2 (en) 2007-01-22 2016-07-12 Qualcomm Incorporated Message ordering for network based mobility management systems
US9155118B2 (en) * 2007-01-22 2015-10-06 Qualcomm Incorporated Multi-link support for network based mobility management systems
US8170529B1 (en) * 2007-02-08 2012-05-01 Clearwire Ip Holdings Llc Supporting multiple authentication technologies of devices connecting to a wireless network
WO2008099802A1 (en) * 2007-02-13 2008-08-21 Nec Corporation Mobile terminal management system, network device, and mobile terminal operation control method used for them
FI20070157A0 (en) * 2007-02-23 2007-02-23 Nokia Corp Fast authentication of update messages with key differentiation on mobile IP systems
CN101690080A (en) * 2007-03-12 2010-03-31 北方电讯网络有限公司 Tunneling support for mobile ip using a key for flow identification
CN101803413B (en) 2007-09-20 2015-12-09 爱立信电话股份有限公司 For the method and apparatus of the internetwork roaming at communication network
WO2009044539A1 (en) * 2007-10-05 2009-04-09 Panasonic Corporation Communication control method, network node, and mobile terminal
US20090106831A1 (en) * 2007-10-18 2009-04-23 Yingzhe Wu IPsec GRE TUNNEL IN SPLIT ASN-CSN SCENARIO
JP4924501B2 (en) * 2008-03-21 2012-04-25 富士通株式会社 Gateway apparatus and handover method
US20110191494A1 (en) * 2008-05-27 2011-08-04 Turanyi Zoltan Richard System and method for backwards compatible multi-access with proxy mobile internet protocol
CN101605319B (en) * 2008-06-12 2013-04-17 华为技术有限公司 State-switching information-processing method, movable access gateway and movable terminal
CN101448252B (en) * 2008-06-20 2011-03-16 中兴通讯股份有限公司 Network switching implementation method, system thereof and mobile nodes
WO2010030149A2 (en) * 2008-09-15 2010-03-18 Samsung Electronics Co., Ltd. Method and system for creating a mobile internet protocol version 4 connection
EP2190252B1 (en) * 2008-11-25 2013-09-18 Alcatel Lucent Method for managing mobility of a mobile device within a network using a proxy MIPv6 protocol
US9258696B2 (en) * 2009-02-11 2016-02-09 Alcatel-Lucent Method for secure network based route optimization in mobile networks
CN102014382B (en) * 2009-09-04 2015-08-12 中兴通讯股份有限公司 A kind of update method of session key and system
CN102026092B (en) * 2009-09-16 2014-03-12 中兴通讯股份有限公司 Method and network for mobile multimedia broadcasting service key synchronization
JP5585584B2 (en) * 2009-09-28 2014-09-10 日本電気株式会社 Mobile communication system, mobile communication method and program
KR101571567B1 (en) * 2009-11-27 2015-12-04 삼성전자주식회사 Apparatus and method for supplying idle mode handover in a herefogeneous wireless communication system
US8566926B1 (en) 2010-03-18 2013-10-22 Sprint Communications Company L.P. Mobility protocol selection by an authorization system
US8340292B1 (en) 2010-04-01 2012-12-25 Sprint Communications Company L.P. Lawful intercept management by an authorization system
US8359028B1 (en) 2010-06-15 2013-01-22 Sprint Spectrum L.P. Mitigating the impact of handoffs through comparison of historical call lengths
US8391858B1 (en) 2010-06-15 2013-03-05 Sprint Spectrum L.P. Mitigating the impact of handoffs through comparison of non-preferred wireless coverage areas
US8649355B1 (en) 2010-09-01 2014-02-11 Sprint Spectrum L.P. Supporting simple IP with address translation in a wireless communication device
US8565129B1 (en) * 2010-09-01 2013-10-22 Sprint Spectrum L.P. Supporting simple IP with address translation in a proxy mobile IP gateway
US8892724B1 (en) 2010-10-08 2014-11-18 Sprint Spectrum L.P. Assigning a type of address based on expected port utilization
US8498414B2 (en) * 2010-10-29 2013-07-30 Telefonaktiebolaget L M Ericsson (Publ) Secure route optimization in mobile internet protocol using trusted domain name servers
CN102065428B (en) * 2010-12-28 2013-06-12 广州杰赛科技股份有限公司 User terminal switching method of safe wireless metropolitan area network
US20130305332A1 (en) * 2012-05-08 2013-11-14 Partha Narasimhan System and Method for Providing Data Link Layer and Network Layer Mobility Using Leveled Security Keys
KR101407553B1 (en) * 2012-09-27 2014-06-27 주식회사 엘지유플러스 Mobile terminal and controlling method thereof, and recording medium thereof
US9185606B1 (en) 2012-10-12 2015-11-10 Sprint Spectrum L.P. Assignment of wireless network resources
US9167427B2 (en) * 2013-03-15 2015-10-20 Alcatel Lucent Method of providing user equipment with access to a network and a network configured to provide access to the user equipment
CN112348998B (en) * 2020-07-24 2024-03-12 深圳Tcl新技术有限公司 Method and device for generating one-time password, intelligent door lock and storage medium

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2718312B1 (en) * 1994-03-29 1996-06-07 Rola Nevoux Method for the combined authentication of a telecommunications terminal and a user module.
US6351536B1 (en) * 1997-10-01 2002-02-26 Minoru Sasaki Encryption network system and method
US20020133716A1 (en) * 2000-09-05 2002-09-19 Shlomi Harif Rule-based operation and service provider authentication for a keyed system
KR100480258B1 (en) * 2002-10-15 2005-04-07 삼성전자주식회사 Authentication method for fast hand over in wireless local area network
US7792527B2 (en) * 2002-11-08 2010-09-07 Ntt Docomo, Inc. Wireless network handoff key
US7275157B2 (en) * 2003-05-27 2007-09-25 Cisco Technology, Inc. Facilitating 802.11 roaming by pre-establishing session keys
US7593717B2 (en) * 2003-09-12 2009-09-22 Alcatel-Lucent Usa Inc. Authenticating access to a wireless local area network based on security value(s) associated with a cellular system
US20050079869A1 (en) * 2003-10-13 2005-04-14 Nortel Networks Limited Mobile node authentication
KR100582546B1 (en) * 2003-12-26 2006-05-22 한국전자통신연구원 Method for sending and receiving using encryption/decryption key
KR100527632B1 (en) * 2003-12-26 2005-11-09 한국전자통신연구원 System and method for user authentication of ad-hoc gateway in ad-hoc network
KR100636318B1 (en) * 2004-09-07 2006-10-18 삼성전자주식회사 Method and system for authentication of address ownership using care of address binding protocol
PT1854263E (en) * 2005-02-04 2011-07-05 Qualcomm Inc Secure bootstrapping for wireless communications
KR100625926B1 (en) 2005-04-13 2006-09-20 주식회사 케이티프리텔 Method for providing ccoa-type mobile ip improved in authentication function and system therefor
US8189544B2 (en) 2006-06-26 2012-05-29 Alcatel Lucent Method of creating security associations in mobile IP networks

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
CHARLES E PERKINS NOKIA RESEARCH CENTER PAT R CALHOUN SUN MICROSYSTEMS LABORATORIES: "AAA Registration Keys for Mobile IP; draft-ietf-mobileip-aaa-key-03.txt;", IETF STANDARD-WORKING-DRAFT, INTERNET ENGINEERING TASK FORCE, IETF, CH, vol. mobileip, no. 3, 28 January 2001 (2001-01-28), XP015023294, ISSN: 0000-0004 *
LEUNG G DOMMETY P YEGANI CISCO SYSTEMS K CHOWDHURY STARENT NETWORKS K: "Mobility Management using Proxy Mobile IPv4; draft-leung-mip4-proxy-mode-01.txt", IETF STANDARD-WORKING-DRAFT, INTERNET ENGINEERING TASK FORCE, IETF, CH, no. 1, 25 June 2006 (2006-06-25), XP015045658, ISSN: 0000-0004 *
LEUNG G DOMMETY P YEGANI CISCO SYSTEMS K: "Mobility Management using Proxy Mobile IPv4; draft-leung-mip4-proxy-mode-00.txt", IETF STANDARD-WORKING-DRAFT, INTERNET ENGINEERING TASK FORCE, IETF, CH, 26 February 2006 (2006-02-26), XP015044337, ISSN: 0000-0004 *
MADJID NAKHJIRI NARAYANAN VENKITARAMAN MOTOROLA LABS: "EAP based Proxy Mobile IP key bootstrapping for WiMAX; draft-nakhjiri-pmip-key-01.txt", IETF STANDARD-WORKING-DRAFT, INTERNET ENGINEERING TASK FORCE, IETF, CH, no. 1, January 2006 (2006-01-01), XP015044435, ISSN: 0000-0004 *

Also Published As

Publication number Publication date
US8189544B2 (en) 2012-05-29
CN101480018A (en) 2009-07-08
CN101480018B (en) 2012-07-18
EP2039116B1 (en) 2011-12-21
JP2009542159A (en) 2009-11-26
JP5004037B2 (en) 2012-08-22
ATE538609T1 (en) 2012-01-15
KR20090018665A (en) 2009-02-20
US20070297377A1 (en) 2007-12-27
WO2008002439A2 (en) 2008-01-03
KR101030645B1 (en) 2011-04-20
EP2039116A2 (en) 2009-03-25

Similar Documents

Publication Publication Date Title
WO2008002439A3 (en) Method of creating security associations in mobile ip networks
WO2007005573A3 (en) Facilitating mobility for a mobile station
WO2009073812A3 (en) Apparatus and method for directing a communication session to a communication device of a group of devices having a common registration identity
PL1943855T3 (en) Method and server for providing a mobile key
WO2003015360A3 (en) System and method for secure network roaming
WO2009038831A3 (en) Methods and apparatus for providing pmip key hierarchy in wireless communication networks
WO2007103479A3 (en) System and method for exchanging policy information in a roaming communications environment
WO2006136926A3 (en) Establishing sessions with defined quality of service
EP2552143A3 (en) Method and apparatus for roaming between communications networks
CN101351019B (en) Access gateway, terminal as well as method and system for establishing data connection
WO2009117568A3 (en) Method and system for providing voice over ip (voip) to wireless communication devices
ATE473567T1 (en) THIRD PARTY FEES CALCULATION FOR SIP SESSIONS
WO2007079349A3 (en) Wireless router assisted security handoff (wrash) in a multi-hop wireless network
WO2007136440A3 (en) Apparatus and method for establishing a vpn tunnel between a wireless device and a lan
EP1713289A4 (en) A method for establishing security association between the roaming subscriber and the server of the visited network
WO2009028885A3 (en) Method and system for managing mobility in a mobile communication system using proxy mobile internet protocol
DE602005016080D1 (en) KEY DISTRIBUTION METHOD
EP2421288A3 (en) Telecommunications system and method
WO2007024357A3 (en) Extensible authentication protocol over local area network (eapol) proxy in a wireless network for node to node authentication
WO2010036043A3 (en) Method for providing a roaming service between heterogeneous networks and system therefor
WO2008024782A3 (en) Method and apparatus for interworking authorization of dual stack operation
WO2009011621A8 (en) Method for reducing the control signaling in handover situations
WO2008147323A3 (en) Method and apparatus for combining internet protocol authentication and mobility signaling
EP1853031A4 (en) A method for transmitting the message in the mobile internet protocol network
WO2007139884A3 (en) Method and system for providing pln service to inbound roamers when no roaming relationship exists

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200780024311.X

Country of ref document: CN

WWE Wipo information: entry into national phase

Ref document number: 6978/CHENP/2008

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 2009518164

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 1020087031529

Country of ref document: KR

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2007835844

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: RU

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07835844

Country of ref document: EP

Kind code of ref document: A2