WO2003014935A8 - Efficient security association establishment negotiation technique - Google Patents

Efficient security association establishment negotiation technique

Info

Publication number
WO2003014935A8
WO2003014935A8 PCT/IB2002/003135 IB0203135W WO03014935A8 WO 2003014935 A8 WO2003014935 A8 WO 2003014935A8 IB 0203135 W IB0203135 W IB 0203135W WO 03014935 A8 WO03014935 A8 WO 03014935A8
Authority
WO
WIPO (PCT)
Prior art keywords
security
visited
network
home
security association
Prior art date
Application number
PCT/IB2002/003135
Other languages
French (fr)
Other versions
WO2003014935A1 (en
Inventor
Stefano Faccin
Franck Le
Original Assignee
Nokia Corp
Nokia Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Corp, Nokia Inc filed Critical Nokia Corp
Publication of WO2003014935A1 publication Critical patent/WO2003014935A1/en
Publication of WO2003014935A8 publication Critical patent/WO2003014935A8/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols

Abstract

A mobile terminal (200) is connected via a wireless interface to an agent (210) of a visited network (220) which is connected to a visited gateway (230) connected toa home gateway (240). A subscriber database/authentication center (260) is disposed within the home network (250). It is assumed that there is a pre-established security asociation between the visited GW (230), which can be the visited AAA server, and the agent (210). This Security Association may, for example, be set up offline throufh manual key entry, Internet Key Exchange Protocol or Key Distribution Server specific to the Visited Network (220). This provides security internally to the network so that the operator can choose the level and type of security to be implemented in its network. There is another pre-selected Security Association between Subscriber databse/Authentication Center (260) and the Home GW (240). This security Association may be established in the same fashion as that noted above and also serves to provide security internally to the network. There is still another pre-established Security ãssociation between the Home GW (240) and the Visited GW (230).
PCT/IB2002/003135 2001-08-08 2002-08-08 Efficient security association establishment negotiation technique WO2003014935A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US09/923,966 2001-08-08
US09/923,966 US7213144B2 (en) 2001-08-08 2001-08-08 Efficient security association establishment negotiation technique

Publications (2)

Publication Number Publication Date
WO2003014935A1 WO2003014935A1 (en) 2003-02-20
WO2003014935A8 true WO2003014935A8 (en) 2003-05-01

Family

ID=25449529

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2002/003135 WO2003014935A1 (en) 2001-08-08 2002-08-08 Efficient security association establishment negotiation technique

Country Status (2)

Country Link
US (1) US7213144B2 (en)
WO (1) WO2003014935A1 (en)

Families Citing this family (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8140845B2 (en) * 2001-09-13 2012-03-20 Alcatel Lucent Scheme for authentication and dynamic key exchange
US7028183B2 (en) * 2001-11-13 2006-04-11 Symantec Corporation Enabling secure communication in a clustered or distributed architecture
FI113515B (en) * 2002-01-18 2004-04-30 Nokia Corp Addressing in wireless LANs
US20030226037A1 (en) * 2002-05-31 2003-12-04 Mak Wai Kwan Authorization negotiation in multi-domain environment
US7853983B2 (en) * 2002-07-29 2010-12-14 Bea Systems, Inc. Communicating data from a data producer to a data receiver
US7716723B1 (en) * 2002-10-07 2010-05-11 Cisco Technology, Inc. System and method for network user authentication
EP1586214B1 (en) 2003-01-16 2008-12-03 Research In Motion Limited System and method of exchanging identification information for mobile stations
CN1792085A (en) * 2003-06-18 2006-06-21 艾利森电话股份有限公司 Online charging in mobile network
WO2004112348A1 (en) * 2003-06-18 2004-12-23 Telefonaktiebolaget Lm Ericsson (Publ) Method, system and apparatus to support mobile ip version 6 services
US7561586B2 (en) * 2003-09-19 2009-07-14 Nortel Networks Limited Method and apparatus for providing network VPN services on demand
CA2451313C (en) 2003-11-28 2011-10-18 Nicolas Nedkov Systems and methods for controlling access to a public data network from a visited access provider
WO2005086462A1 (en) * 2004-02-27 2005-09-15 Nortel Networks Limited Nai based aaa extensions
CN1265676C (en) * 2004-04-02 2006-07-19 华为技术有限公司 Method for realizing roaming user to visit network inner service
US20050266826A1 (en) * 2004-06-01 2005-12-01 Nokia Corporation Method for establishing a security association between a wireless access point and a wireless node in a UPnP environment
WO2006059216A1 (en) * 2004-12-01 2006-06-08 Nokia Corporation Method and system for providing wireless data network interworking
EP1864427B1 (en) * 2005-03-17 2018-08-01 Electronics and Telecommunications Research Institute Method for negotiating security-related functions of subscriber station in wireless portable internet system
US7609162B2 (en) * 2005-10-10 2009-10-27 Electronics And Telecommunications Research Institute Mobile RFID service providing apparatus and method thereof
EP1949724A4 (en) * 2005-11-16 2011-07-06 Nokia Corp System and method for establishing bearer-independent and secure connections
DE102006006072B3 (en) 2006-02-09 2007-08-23 Siemens Ag A method for securing the authenticity of messages exchanged according to a Mobile Internet Protocol
CN101496387B (en) * 2006-03-06 2012-09-05 思科技术公司 System and method for access authentication in a mobile wireless network
CN102869007B (en) * 2007-02-05 2015-12-09 华为技术有限公司 The method of secure algorithm negotiation, device and network system
US9846866B2 (en) * 2007-02-22 2017-12-19 First Data Corporation Processing of financial transactions using debit networks
US8411858B2 (en) * 2007-03-28 2013-04-02 Apple Inc. Dynamic foreign agent-home agent security association allocation for IP mobility systems
CN101309500B (en) 2007-05-15 2011-07-20 华为技术有限公司 Security negotiation method and apparatus when switching between different wireless access technologies
CA2590989C (en) * 2007-06-05 2014-02-11 Diversinet Corp. Protocol and method for client-server mutual authentication using event-based otp
GB2454204A (en) * 2007-10-31 2009-05-06 Nec Corp Core network selecting security algorithms for use between a base station and a user device
CN102143489A (en) * 2010-02-01 2011-08-03 华为技术有限公司 Method, device and system for authenticating relay node
RU2688251C1 (en) * 2015-10-05 2019-05-21 Телефонактиеболагет Лм Эрикссон (Пабл) Wireless communication
CN108347410B (en) * 2017-01-24 2021-08-31 华为技术有限公司 Safety implementation method, equipment and system
CN112740733B (en) * 2020-12-24 2022-08-26 华为技术有限公司 Secure access method and device

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5091942A (en) * 1990-07-23 1992-02-25 Ericsson Ge Mobile Communications Holding, Inc. Authentication system for digital cellular communications
DE69534012T2 (en) * 1994-03-17 2006-05-04 Kokusai Denshin Denwa Co., Ltd. Authentication method for mobile communication
US5537474A (en) * 1994-07-29 1996-07-16 Motorola, Inc. Method and apparatus for authentication in a communication system
US5600708A (en) 1995-08-04 1997-02-04 Nokia Mobile Phones Limited Over the air locking of user identity modules for mobile telephones
FI105746B (en) 1995-09-29 2000-09-29 Nokia Mobile Phones Ltd Integrated radio communication system
JP3651721B2 (en) * 1996-11-01 2005-05-25 株式会社東芝 Mobile computer device, packet processing device, and communication control method
US6571289B1 (en) * 1998-08-03 2003-05-27 Sun Microsystems, Inc. Chained registrations for mobile IP
US6760444B1 (en) * 1999-01-08 2004-07-06 Cisco Technology, Inc. Mobile IP authentication
US6526506B1 (en) * 1999-02-25 2003-02-25 Telxon Corporation Multi-level encryption access point for wireless network
US6466964B1 (en) * 1999-06-15 2002-10-15 Cisco Technology, Inc. Methods and apparatus for providing mobility of a node that does not support mobility
WO2001026322A2 (en) * 1999-10-05 2001-04-12 Nortel Networks Limited Key exchange for a network architecture
US6766453B1 (en) * 2000-04-28 2004-07-20 3Com Corporation Authenticated diffie-hellman key agreement protocol where the communicating parties share a secret key with a third party
FI110558B (en) * 2000-05-24 2003-02-14 Nokia Corp Method for processing location information of a terminal connected to a packet data network via a cellular network
US6915345B1 (en) * 2000-10-02 2005-07-05 Nortel Networks Limited AAA broker specification and protocol
US20020056001A1 (en) * 2000-11-09 2002-05-09 Magee Stephen D. Communication security system
US7333482B2 (en) * 2000-12-22 2008-02-19 Interactive People Unplugged Ab Route optimization technique for mobile IP
US6839338B1 (en) * 2002-03-20 2005-01-04 Utstarcom Incorporated Method to provide dynamic internet protocol security policy service

Also Published As

Publication number Publication date
US20030033518A1 (en) 2003-02-13
WO2003014935A1 (en) 2003-02-20
US7213144B2 (en) 2007-05-01

Similar Documents

Publication Publication Date Title
WO2003014935A8 (en) Efficient security association establishment negotiation technique
EP1178644A3 (en) Key management methods for wireless lans
EP1713289A4 (en) A method for establishing security association between the roaming subscriber and the server of the visited network
WO2003090041A3 (en) Method to provide dynamic internet protocol security policy services
EP1124396A3 (en) Mobile communications system and method thereof
WO2004001521A3 (en) Ad hoc networking of terminals aided by a cellular network
TW463510B (en) Method and apparatus for integrated wireless communications in private and public network environments
WO2004047469A3 (en) Seamless roaming between lan access points
WO2002068418A3 (en) Authentication and distribution of keys in mobile ip network
EP1124397A3 (en) Simplified security for handoff in wireless communications
WO2002001807A3 (en) Multi-mode controller
WO2002062024A3 (en) Method for adding a new device to a wireless network
WO2004014027A3 (en) Mobility managing method and mobile terminal
WO2002078316A3 (en) Method of providing network services
WO2004039042A8 (en) System and method for delivering data services in integrated wireless networks
IL173701A0 (en) Signaling gateway with the multiple imsi with multiple msisdn (mimm) service in a single sim for multiple roaming partners
WO2003100578A3 (en) Real-time tiered rating of communication services
IL146472A0 (en) Establishing a packet network call between a mobile terminal device and an inter-working function
CA2255285A1 (en) Enhanced subscriber authentication protocol
PL1794973T3 (en) Method and system for controlling mobility in a communication network, related network and computer program product therefor
WO2000007332A3 (en) System and method for routing a call using a communications network
BR9913768A (en) Method of operation of a telecommunications network node, and, a telecommunications network node to manage voice calls to and from mobile computing devices
CA2555312A1 (en) Method and communication system to allow barring a call of a roaming user after pdp context activation
CN101395932A (en) Access terminal for communicating packets using a home anchored bearer path or a visited anchored bearer path
CA2329478A1 (en) System and method for use of override keys for location services

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BY BZ CA CH CN CO CR CU CZ DE DM DZ EC EE ES FI GB GD GE GH HR HU ID IL IN IS JP KE KG KP KR LC LK LR LS LT LU LV MA MD MG MN MW MX MZ NO NZ OM PH PL PT RU SD SE SG SI SK SL TJ TM TN TR TZ UA UG UZ VN YU ZA ZM

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ UG ZM ZW AM AZ BY KG KZ RU TJ TM AT BE BG CH CY CZ DK EE ES FI FR GB GR IE IT LU MC PT SE SK TR BF BJ CF CG CI GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
CFP Corrected version of a pamphlet front page

Free format text: REVISED ABSTRACT RECEIVED BY THE INTERNATIONAL BUREAU AFTER COMPLETION OF THE TECHNICAL PREPARATIONS FOR INTERNATIONAL PUBLICATION

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP