GB2414144A - To set up a secure communications channel only the requesting node (not the receiving node) communicates with a trusted third party - Google Patents

To set up a secure communications channel only the requesting node (not the receiving node) communicates with a trusted third party Download PDF

Info

Publication number
GB2414144A
GB2414144A GB0408687A GB0408687A GB2414144A GB 2414144 A GB2414144 A GB 2414144A GB 0408687 A GB0408687 A GB 0408687A GB 0408687 A GB0408687 A GB 0408687A GB 2414144 A GB2414144 A GB 2414144A
Authority
GB
United Kingdom
Prior art keywords
node
certificate
message
encrypted
decrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0408687A
Other versions
GB2414144B (en
GB0408687D0 (en
Inventor
Seyed Tabatabaian
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Panasonic Holdings Corp
Original Assignee
Matsushita Electric Industrial Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Matsushita Electric Industrial Co Ltd filed Critical Matsushita Electric Industrial Co Ltd
Priority to GB0408687A priority Critical patent/GB2414144B/en
Publication of GB0408687D0 publication Critical patent/GB0408687D0/en
Priority to EP05732863A priority patent/EP1738555A1/en
Priority to KR1020067024202A priority patent/KR20070006913A/en
Priority to PCT/GB2005/001394 priority patent/WO2005101787A1/en
Priority to CNA2005800117673A priority patent/CN1943207A/en
Priority to BRPI0509969-2A priority patent/BRPI0509969A/en
Priority to JP2007508957A priority patent/JP2007533278A/en
Priority to RU2006140776/09A priority patent/RU2006140776A/en
Publication of GB2414144A publication Critical patent/GB2414144A/en
Application granted granted Critical
Publication of GB2414144B publication Critical patent/GB2414144B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0464Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • H04L9/0802
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3294
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Communication Control (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

A method of establishing a secure communication channel between two nodes in a wireless communications network using a private public key system is disclosed. Each node has a unique certificate used to certificate communications from that node, and the certificates are stored on a trusted third party (TTP) device. The initiating node (A) sends a request for communication with a receiving node (B) to the TTP. The TTP responds with a message for A to forward to B. The message includes the certificate of A encrypted such that only B can decrypt the part of the message containing the certificate of A and preferably also includes the certificate of B encrypted such that only A can decrypt the message containing the certificate of B after B has decrypted the certificate of A. As there is no need for the receiving node (B) to communicate directly with the TTP, the number of messages required in order to establish secure communication is reduced. Preferably the method is used to establish a symmetric session key, KAB.

Description

1 2414144 Fast and secure connectivity for a mobile node This invention
relates to mobile wireless terminals communicating one with another via radio access networks through a secure communication channel in which only one node is in charge of obtaining and exchanging all parameters for a secure communication.
Introduction
l O Secure communication between mobile wireless terminals is presently managed in accordance with the IPsec protocol. With this protocol two terminals share secret data (keys) for the purpose ol authentication and/or encryption. Details of the IPsec protocol can be found in RFC 2401, RFC 2402 and RFC 2406. In brief, IPsec is a method of protecting IF datagrams. This protection takes the Iorm of data origin authentication, connectionless data integrity authentication, and data content confidentiality. IPsec make the use of protocols such as, the Encapsulating Security Payload (ESP) or the Authentication Header (AH). AH provides proof of data origin on received packets, data integrity, and anti-replay protection. ESP provides all that AH provides in addition to optional data 2() confidentiality.
The security services that IPsec provides require shared keys to perform authentication and/or confidentiality. A mechanism to manually add keys for these services is mandatory to implement. This ensures interoperability of the base IPsec protocols. A standard method of dynamically authenticating IPsec peers, negotiating security services, and generating shared keys is also defined.
This key management protocol is called IKE - the Internet Key Exchange.
The shared keys used with IPsec are for either a symmetric cipher when confidentiality is needed or for data integrity, or for both. IPsec must be last and existing public key technologies are too slow to operate on a packet-by packet basis. Presently, public key technology is limited to initial authentication during key exchange.
In many of today's commonly used methods of securing IP packets, establishment of a secure channel between two nodes requires both parties to make use of a protocol to exchange keys and agree on encryption algorithm type. This can be by achieved by IPsec protocol that in turn may deploy other protocols e.g. IKE or Public Key infrastructure (PKI).
At this point a brief reminder of the dii'l'erences between symmetric and asymmetric key systems is helpful. Consider a communications channel between two nodes, A and B. In a symmetric system, the same key will be used by each node to encrypt plain text and decrypt cipher text messages exchanged between the two nodes. In other words, a message sent by A to B will be encrypted by A using a key K and decrypted by B using the same key K. In an asymmetric system, different complimentary keys are used. Thus, a message sent by A to B will be encrypted by A using a key Kit and decrypted by B using a key K2. Keys Kit and K2 are mathematically related. Symmetric systems have the advantage of speed. However they are less flexible than asymmetric systems in terms of being able to add nodes.
The public key infrastructure (PKI) has been developed to protect the security of communications over the Internet. PKI provides the means for providing/generating session keys and keys that are used within public key cryptosystems used by the nodes (parties). It also presents nodes' certificate it' they are needed. Details for PKI may be found in "Internet X.509 Public Key Infrastructure: Roadmap"(http://www. ietf.org).
The IKE method used in IPsec is based on the Diffie-Hellman algorithm in which the two parties are not known to each other. In an other method, PKI is a trusted third party in the network that the two parties make contact with to obtain all required parameters and information for setting up a secure channel.
In the PKI system each communications node has two keys, namely a private key known only to the node itself and a public key known to the node but also available from the PKI. Thus, if a node does not already know the node with which it plans to communicate, it can obtain the public key of' that node from the PKI. Using the PKT, node A can encrypt messages with its private key for decryption by node B using node A's public key, or node A can encrypt message for node B with node B's public key to be decrypted with node B's private key.
Figure l shows a secure channel being established between two parties, node A and node B. where each of them has to contact a third party - PKT. The party who wishes to set up such a channel, here node A, sends a request message lo PKI, msg(l). PKI responds by sending the session key, additional information which includes type of encryption algorithm, and node B's certificate hack to node A, msg(2). Then, node A sends a message to node B requesting the establishment of a secure communication channel, msg(3). Upon receipt of such request node B sends a message to PKI requesting node A's certificate, msg(4). PKI responds by sending node A's certificate, session key and additional information back to node B. msg(5) . Node B uses the certil'icatc to verify node A's request, (msg3), and the session key to share the secure channel with node A. Finally, node B sends an acknowledgement back lo node A in order to inl'orm and to allow node A to start the secure communication, msg(6).
Assumptions made in Figure l are as follows: PKI has every node's public keys PKI provides key (KAB) for two nodes nodes know each others and PKI public keys both nodes contact PKI for verification of the other node and/or obtaining all required information info includes algorithm type etc All nodes and the PKI can make the use of public key systems Thus, all initial communications between the nodes and the PKI use the public key of the receiver and the private key of the sender tor encryption and signature respectively.
It can be seen that the establishment of a secure channel between two nodes using the PKI method requires the exchange of six messages. The number of exchange messages required by IKE method is even higher.
A further problem exists in relation to communications directed from a mobile terminal to a dormant node. A dormant node may be a mobile terminal not currently connected to the network for which a secure communication needs to he available at the next connection to the network. It means that when the dormant node becomes active it needs to contact PKI to obtain required information in order to reveal the encrypted message.
Related work includes [US 20030196084] that refers IO allowing wireless devices to participate in secure communications with secure networks without storing compromisable information on the wireless device. It allows wireless devices to participate in Public Key Infrastructure wherein no portion of the certificate, no information about the certificate, and no private key data are stored on the wireless device.
The Certificate Proxy Server (CPS) is used to hold all sensitive information about a wireless device. Once the user is authenticated, a secure channel is established between the device and the CPS, the user requests to access secure resources are then handled via the CPS, which presents the appropriate user's certificate on their behalf as required.
[US2002/0147820A1, DoCoMo Communications Lab. USAl describes a method of setting up a secure channel between two parties in an insecure network by deploying IPsec protocol in which the IPsec makes use of Kerberos protocol for authentication, exchange of keys and negotiating the security associations between the two parties. The method is based on Kerberos protocol for initial negotiation in order to allow two parties to share a session key for secure communication. A sending node initiates establishment ot a security association rather than waiting for the receiving node to initiate security association establishment alter receiving a packet from the sending node.
The benefit of using Kerberos in Ipsec is to allow faster establishment of a secure channel between two parties, but at the expense of losing the flexibility of the whole system as Kerberos protocol is based on symmetric system.
Moreover, the security of IPsec based on Kerberos is vulnerable to logon attacks.
This invention allows a smaller number of signalling messages to be used in order to establish a secure communication channel between two parties compared to IPsec based on IKE. The invention also allows only one node (party) to be responsible for the negotiation of all security parameters required to set up a secure communication channel hence when a dormant node becomes active it does not need to contact any party to decrypt the stored/received message. In addition, the invention allows mobile equipments with limited processing power to benefit lrom high level of security when it is needed as a trusted third party (PKI) can generate stronger keys.
The present invention provides a method of establishing a communication channel between two nodes in a communications network using an asymmetric key system in which each node has a unique certificate used to authenticate communications from that node, and the certificates are registered with a trusted third party (T), characterized in that: the initiating node (A) sends a request for communication with a receiving node (B) to the trusted third party (T), and T responds with a message for A to forward to B including the certificate of A encrypted such that only B can decrypt the part of the message containing the certificate of A. It will be appreciated from the foregoing that this method avoids the need for the receiving node to obtain A's certificate directly from the trusted third party, and hence the number of signals required is reduced. Having decrypted A's certificate which has been sent via A by T. B can then authenticate subsequent messages sent by A to which it A has attached its certificate.
The response from T would usually include a session key which is decrypted by A before being passed on to B. At this point A can begin sending packers to B without waiting for B to respond, which is particularly useful if B is dormant.
To complete two-way secure communications, the response from T would include the certificate of B. encrypted such that only A could open it al ter B has decrypted the certificate of A. B would then return this part of the message to A after extracting the certificate of A. Other preferred features of the invention will become apparent from the attached subsidiary claims.
An example of the invention will now be described with reference to the accompanying drawings in which like parts are designated like reference numerals and in which: Figure I schematically illustrates, a secure communication between two nodes when they both contact the PKI to obtain all required parameters for such a channel.
Figure 2 schematically illustrates, a secure communication between two nodes when only one node contacts the PK1 to obtain all required parameters for such a channel.
Figure 3 illustrates steps I to 4 of the signal flow diagram for a single node, node A, to obtain all required parameters needed for a secure communication link.
Figure 4 presents a flowchart that the flow of messages between nodes and the PKI as well as the recipient node are given t'or setti ng up a secure communication link.
Figure 2 shows an establishment of' a secure channel according to this invention whereby node A, the initiator node, sends a request message for eommuniealion with node B to PKI, msg(l). The reply message from PKI contains a session key, information which includes the encryption algorithm and node A and B certil'icates, msg(2). It should be pointed out that the two certificates are cryptographically compound which means these two certificates can be opened t'irst by node B to extract A's certificate although node A receives it first. When node A receives the response message from PKI, first it extracts and stores the session key, KAH, and any other required information for a secure data communication. Then, node A forwards the shared key, information and the certificates that all are encrypted and signed using node B public key and node A private key respectively. On receiving the encrypted message by node B. it 2() first extracts the shared session key, KAH, and type of the encryption algorithm.
Then pulls out the certificate of node A and verifies it by using its own private key and PKI's public key respectively. Node B which has all the information for a secure communication sends its own certificate to node A. The certificate is encrypted and signed by public key ol node A and private key of node B. It should be noted that node B's eertil'ieate that was sent by node A to node B could not be opened by node B. Node B uses it as proof ol'its authenticity and eertil'ies itself to node A. Finally, node A aeeepls the authenticity and certificate of node B by opening node B's message using node B public key, node A private key and PKI public key. Thus, the message must have been sent by node B because it is decrypted using node B public key. The message can only be decrypted by node A because node A's private key is required. The certificate must have been issued by PKI as PKI's public key is used to open it.
The process of figure 2 is based on the following assumptions: PKI has every node's public keys and certificates PKI provides key (KAB) for two nodes nodes know each others and PKI public keys only one node contacts PKI info includes algorithm type etc All nodes and the PKT could make the use of public key systems 1() In the event that A and B have previously communicated with each other it is reasonable to assume that each will know the public key of the other. Ti not, information sent form one to the other at steps 3 and 4 can include the public keys of A and B respectively.
The process of selling up a secure communication channel between two nodes using PKI occurs in a number of distinct steps whose timing is shown in Figure 3. Each step is now described in detail. The steps of figure 3 correspond to the messages of figure 2. The legend of figure 3 is: PubA: A's public key PrvA: A's private key CertA: A's certificate Prvx(): x's signature Pubx(): x's encryption function where x can be A, B or T (Trusted third party PKI).
It should be noted that in the following figure authentications are achieved implicitly as Public keys are known by all parties.
3() Step 1 - request message for secure communication with another node, node B. is initially being transferred from node A to PKI Step 2 - the PKI sends the session key, info that includes type of encryption algorithm and encrypted compound certificates of A and B nodes to the node A requesting information for the set up of a secure channel s Step 3 - node A passes on all the information as well as encrypted compound certificates of A and B nodes to node B which in turn extracts the session key and type ol encryption algorithm and verifies node A's certificate as node B is the first one that can decrypt this compound part of the message Step 4 - node B's acknowledge message (reply) is provided within the signed and encrypted node A's certificate message. This acknowledge message sent from node B is verified by node A as A is the only node that can decrypt node B's certificate ]5 This completes the distribution of key, type ol encryption algorithm and certificates steps. The same steps are illustrated in the flowchart ol figure 4.
This invention minimizes the number of messages used lo complete the initial agreement of setting up a secure channel. The invention also seeks to use only one node to set up a secure link as the verification of nodes is obtained by using encrypted compound certificates of the two nodes.
If desired, for example because node B is dormant, node A can begin sending packets to node B after step 3. After step 4, nodes A and B can commence symmetric communication using KAH [hereby benefiting from the increased speed which this allows.
It should be noted that most of the encryption in the method described above is done by the PKI, thereby reducing the effort required by the nodes. This is advantageous since the PKI would usually have greater processing power.
It will be appreciated that the communications link can be made even more secure by adding further protection in addition to that described above. s

Claims (12)

  1. Claims 1. A method of establishing a communication channel between two
    nodes in a communications network using an asymmetric key system in which each node has a unique certificate used to authenticate communications from that node, and the certificates are registered with a trusted third party (T), characterized in that: the initiating node (A) sends a request for communication with a receiving node (B) to the trusted third party (T), and T responds with a message for A to forward to B including the certificate of A encrypted such that only B can decrypt the part of the message containing the certificate of A.
  2. 2. A method as claimed in claim 1 in which the response message from T includes the certificate of B encrypted such that only A can decrypt the part ol' the message containing the certificate of B after B has decrypted the certificate of A.
  3. 3. A method as claimed in claim 2 in which B returns its encrypted certil'icate to A which then decrypts the certificate of B.
  4. 4. A method as claimed in claim 1, 2 or 3 in which each certificate is encrypted such that it can be identified as having originated from T.
  5. 5. A method as claimed in claim 1, 2, 3 or 4 in which the response from T includes a session key (KAB) to be used for the duration of the communication session.
  6. 6. A method as claimed in claim 5 in which the session key is decrypted by A bet'ore being decrypted by B.
  7. 7. A method as claimed in claim 6 in which the session key is encrypted by A and included with the message forwarded by A to B from T.
  8. 8. A method as claimed in claim 5, 6 or 7 in which node A begins sending packets to node B using the session key before waiting for a response from B.
  9. 9. A method as claimed in any of claims 5 to 8 in which following the decryption ol the certificate of B by A, the two nodes communicate in a symmetric manner using the session key to encrypt and decrypt messages.
  10. 10. A method as claimed in any preceding claim in which the message returned from T includes further information enabling messages exchanged between A and B to be decoded.
  11. 11. A method as claimed in claim 1 0 in which the further information includes a public key associated with A.
  12. 12. A method as claimed in claim 10 or 11 in which the further information is decrypted by A before being encrypted again and decrypted by B. 2()
GB0408687A 2004-04-19 2004-04-19 Fast and secure connectivity for a mobile node Expired - Fee Related GB2414144B (en)

Priority Applications (8)

Application Number Priority Date Filing Date Title
GB0408687A GB2414144B (en) 2004-04-19 2004-04-19 Fast and secure connectivity for a mobile node
CNA2005800117673A CN1943207A (en) 2004-04-19 2005-04-12 Fast and secure connectivity for a mobile node
KR1020067024202A KR20070006913A (en) 2004-04-19 2005-04-12 Fast and secure connectivity for a mobile node
PCT/GB2005/001394 WO2005101787A1 (en) 2004-04-19 2005-04-12 Fast and secure connectivity for a mobile node
EP05732863A EP1738555A1 (en) 2004-04-19 2005-04-12 Fast and secure connectivity for a mobile node
BRPI0509969-2A BRPI0509969A (en) 2004-04-19 2005-04-12 method for establishing a communication channel between two nodes in a communications network
JP2007508957A JP2007533278A (en) 2004-04-19 2005-04-12 Fast and secure connectivity for mobile nodes
RU2006140776/09A RU2006140776A (en) 2004-04-19 2005-04-12 POSSIBILITY OF QUICK AND PROTECTED CONNECTIONS FOR MOBILE UNIT

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0408687A GB2414144B (en) 2004-04-19 2004-04-19 Fast and secure connectivity for a mobile node

Publications (3)

Publication Number Publication Date
GB0408687D0 GB0408687D0 (en) 2004-05-19
GB2414144A true GB2414144A (en) 2005-11-16
GB2414144B GB2414144B (en) 2006-07-26

Family

ID=32321075

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0408687A Expired - Fee Related GB2414144B (en) 2004-04-19 2004-04-19 Fast and secure connectivity for a mobile node

Country Status (8)

Country Link
EP (1) EP1738555A1 (en)
JP (1) JP2007533278A (en)
KR (1) KR20070006913A (en)
CN (1) CN1943207A (en)
BR (1) BRPI0509969A (en)
GB (1) GB2414144B (en)
RU (1) RU2006140776A (en)
WO (1) WO2005101787A1 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007085175A1 (en) * 2006-01-24 2007-08-02 Huawei Technologies Co., Ltd. Authentication method, system and authentication center based on end to end communication in the mobile network
JP4983165B2 (en) 2006-09-05 2012-07-25 ソニー株式会社 COMMUNICATION SYSTEM AND COMMUNICATION METHOD, INFORMATION PROCESSING DEVICE AND METHOD, DEVICE, PROGRAM, AND RECORDING MEDIUM
US8116243B2 (en) 2006-10-05 2012-02-14 Electronics And Telecommunications Research Institute Wireless sensor network and adaptive method for monitoring the security thereof
KR100879982B1 (en) 2006-12-21 2009-01-23 삼성전자주식회사 Security system and method in mobile WiMax network system
US8341410B2 (en) * 2007-10-08 2012-12-25 Microsoft Corporation Efficient certified email protocol
JP6058514B2 (en) * 2013-10-04 2017-01-11 株式会社日立製作所 Cryptographic processing method, cryptographic system, and server
JP6977635B2 (en) * 2018-03-15 2021-12-08 大日本印刷株式会社 Vehicle key distribution system and general purpose scanning tool

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010052071A1 (en) * 1997-08-22 2001-12-13 Michiharu Kudo Encryption system with time-dependent decryption

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5999711A (en) * 1994-07-18 1999-12-07 Microsoft Corporation Method and system for providing certificates holding authentication and authorization information for users/machines
US20020150253A1 (en) * 2001-04-12 2002-10-17 Brezak John E. Methods and arrangements for protecting information in forwarded authentication messages
GB2384403B (en) * 2002-01-17 2004-04-28 Toshiba Res Europ Ltd Data transmission links

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010052071A1 (en) * 1997-08-22 2001-12-13 Michiharu Kudo Encryption system with time-dependent decryption

Also Published As

Publication number Publication date
GB2414144B (en) 2006-07-26
RU2006140776A (en) 2008-05-27
WO2005101787A1 (en) 2005-10-27
GB0408687D0 (en) 2004-05-19
KR20070006913A (en) 2007-01-11
EP1738555A1 (en) 2007-01-03
JP2007533278A (en) 2007-11-15
CN1943207A (en) 2007-04-04
BRPI0509969A (en) 2007-10-02

Similar Documents

Publication Publication Date Title
EP2561663B1 (en) Server and method for providing secured access to services
EP1540878B1 (en) Linked authentication protocols
US7269730B2 (en) Method and apparatus for providing peer authentication for an internet key exchange
JP4002035B2 (en) A method for transmitting sensitive information using unsecured communications
EP1490995B1 (en) End-to-end protection of media stream encryption keys for voice-over-IP systems
RU2554532C2 (en) Method and device for secure data transmission
US20020025046A1 (en) Controlled proxy secure end to end communication
US20100031042A1 (en) Method and System for Secure Session Establishment Using Identity-Based Encryption (VDTLS)
US7222234B2 (en) Method for key agreement for a cryptographic secure point—to—multipoint connection
EP1374533B1 (en) Facilitating legal interception of ip connections
WO2009076811A1 (en) A method, a system, a client and a server for key negotiating
WO2000062507A1 (en) Key management between a cable telephony adapter and associated signaling controller
US20080137859A1 (en) Public key passing
EP1738555A1 (en) Fast and secure connectivity for a mobile node
CN114422205B (en) Method for establishing network layer data tunnel of special CPU chip for electric power
WO2016134631A1 (en) Processing method for openflow message, and network element
WO2002043427A1 (en) Ipsec connections for mobile wireless terminals
Sithirasenan et al. EAP-CRA for WiMAX, WLAN and 4G LTE Interoperability
Dao et al. Prefetched asymmetric authentication for infrastructureless D2D communications: feasibility study and analysis
US20240129115A1 (en) Generating post-quantum pre-shared keys
Badra et al. Flexible and fast security solution for wireless LAN
CN117280651A (en) Apparatus and method for decision making
Schwiderski-Grosche et al. Public key based network access
CN117527752A (en) NAT penetration method based on third party assisted TLS protocol
Argyroudis et al. Towards flexible authorization management

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20080419