CA2760531C - Authentication and authorization for performing a secure handover between a mobile node and a target network - Google Patents

Authentication and authorization for performing a secure handover between a mobile node and a target network Download PDF

Info

Publication number
CA2760531C
CA2760531C CA2760531A CA2760531A CA2760531C CA 2760531 C CA2760531 C CA 2760531C CA 2760531 A CA2760531 A CA 2760531A CA 2760531 A CA2760531 A CA 2760531A CA 2760531 C CA2760531 C CA 2760531C
Authority
CA
Canada
Prior art keywords
media
handover
mobile devices
access network
authenticator
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CA2760531A
Other languages
English (en)
French (fr)
Other versions
CA2760531A1 (en
Inventor
Subir Das
Ashutosh Dutta
Yoshihiro Oba
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Toshiba Corp
Original Assignee
Toshiba Corp
Telcordia Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Toshiba Corp, Telcordia Technologies Inc filed Critical Toshiba Corp
Publication of CA2760531A1 publication Critical patent/CA2760531A1/en
Application granted granted Critical
Publication of CA2760531C publication Critical patent/CA2760531C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/005Control or signalling for completing the hand-off involving radio access media independent information, e.g. MIH [Media independent Hand-off]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/16Gateway arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
CA2760531A 2009-05-03 2010-05-03 Authentication and authorization for performing a secure handover between a mobile node and a target network Expired - Fee Related CA2760531C (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US17501609P 2009-05-03 2009-05-03
US61/175,016 2009-05-03
US22155109P 2009-06-29 2009-06-29
US61/221,551 2009-06-29
PCT/US2010/033415 WO2010129479A1 (en) 2009-05-03 2010-05-03 Proactive authentication

Publications (2)

Publication Number Publication Date
CA2760531A1 CA2760531A1 (en) 2010-11-11
CA2760531C true CA2760531C (en) 2016-06-28

Family

ID=43031277

Family Applications (2)

Application Number Title Priority Date Filing Date
CA2760531A Expired - Fee Related CA2760531C (en) 2009-05-03 2010-05-03 Authentication and authorization for performing a secure handover between a mobile node and a target network
CA2760522A Expired - Fee Related CA2760522C (en) 2009-05-03 2010-05-03 Media independent handover protocol security

Family Applications After (1)

Application Number Title Priority Date Filing Date
CA2760522A Expired - Fee Related CA2760522C (en) 2009-05-03 2010-05-03 Media independent handover protocol security

Country Status (6)

Country Link
US (2) US8341395B2 (https=)
EP (2) EP2427995B1 (https=)
JP (2) JP5771603B2 (https=)
CN (2) CN102461062B (https=)
CA (2) CA2760531C (https=)
WO (2) WO2010129475A2 (https=)

Families Citing this family (43)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8966610B2 (en) * 2008-11-05 2015-02-24 Apriva, Llc Method and system for securing data from a non-point of sale device over an external network
US20100115600A1 (en) * 2008-11-05 2010-05-06 Appsware Wireless, Llc Method and system for securing data from an external network to a point of sale device
US8732813B2 (en) * 2008-11-05 2014-05-20 Apriva, Llc Method and system for securing data from an external network to a non point of sale device
US20100114723A1 (en) * 2008-11-05 2010-05-06 Appsware Wireless, Llc Method and system for providing a point of sale network within a lan
US20100115127A1 (en) * 2008-11-05 2010-05-06 Appsware Wireless, Llc Method and system for securing data from a non-point of sale device over a lan
US20100115624A1 (en) * 2008-11-05 2010-05-06 Appsware Wireless, Llc Method and system for securing data from a point of sale device over a lan
US20100115599A1 (en) * 2008-11-05 2010-05-06 Appsware Wireless, Llc Method and system for securing data from a point of sale device over an external network
US8341395B2 (en) * 2009-05-03 2012-12-25 Kabushiki Kaisha Toshiba Media independent handover protocol security
MX2011012802A (es) * 2009-06-04 2012-03-29 Research In Motion Ltd Metodos y aparatos para su uso en facilitar la comunicacion de informacion de redes vecinas a una terminal movil con el uso de un protocolo compatible de radio.
KR101622174B1 (ko) * 2010-05-20 2016-06-02 삼성전자주식회사 컨텐츠 공유를 위한 가상 그룹에서의 단말, 홈 허브 및 방문 허브의 제어 방법
WO2012125758A1 (en) * 2011-03-14 2012-09-20 Qualcomm Atheros, Inc. Hybrid networking master passphrase
US9369448B2 (en) * 2011-06-01 2016-06-14 Broadcom Corporation Network security parameter generation and distribution
US8819435B2 (en) * 2011-09-12 2014-08-26 Qualcomm Incorporated Generating protocol-specific keys for a mixed communication network
US9906409B2 (en) 2011-12-12 2018-02-27 Siemens Aktiengesellschaft Method and devices for running push-button configuration sessions
KR20150011376A (ko) 2012-05-08 2015-01-30 세렌틱 엘티디. 통신과 작동의 승인을 위한 방법과 시스템
US9307470B2 (en) * 2012-07-10 2016-04-05 Futurewei Technologies, Inc. System and method for single radio handover
CN103596161B (zh) * 2012-08-14 2016-06-08 杭州华三通信技术有限公司 一种无线漫游方法和接入控制器
US9320049B2 (en) 2012-10-22 2016-04-19 Qualcomm Incorporated User admission for co-existence wireless systems
JP5898121B2 (ja) * 2013-04-24 2016-04-06 京セラ株式会社 無線通信装置、プロセッサ、及び通信制御方法
EP3039887B1 (en) * 2013-08-30 2025-07-23 InterDigital Patent Holdings, Inc. Methods for application specific access control
US20150237554A1 (en) * 2014-02-19 2015-08-20 Qualcomm Incorporated Systems, methods and apparatus for seamless handoff at the application layer between disparate networks for interactive applications
US20160380999A1 (en) * 2014-03-17 2016-12-29 Telefonaktiebolaget L M Ericsson (Publ) User Identifier Based Device, Identity and Activity Management System
EP3886397B1 (en) * 2014-03-21 2023-01-18 Sun Patent Trust Security key derivation in dual connectivity
CN104954327B (zh) * 2014-03-27 2019-02-22 东华软件股份公司 用于终端连接控制的服务器及方法、终端及方法、和系统
EP3125146B1 (en) * 2014-03-28 2018-11-28 Sony Corporation Information processing device, information processing method and program
US9998449B2 (en) * 2014-09-26 2018-06-12 Qualcomm Incorporated On-demand serving network authentication
US9491618B2 (en) * 2014-09-26 2016-11-08 Qualcomm Incorporated Serving network authentication
US10057766B2 (en) * 2014-10-21 2018-08-21 Qualcomm Incorporated Methods and systems for authentication interoperability
WO2016091630A1 (en) * 2014-12-08 2016-06-16 Koninklijke Philips N.V. Commissioning of devices in a network
US10397233B2 (en) 2015-04-20 2019-08-27 Bomgar Corporation Method and apparatus for credential handling
US9961112B2 (en) * 2015-04-20 2018-05-01 Bomgar Corporation Method and apparatus for enforcing realtime access controls for endpoints
US10229262B2 (en) 2015-04-20 2019-03-12 Bomgar Corporation Systems, methods, and apparatuses for credential handling
CN105871539B (zh) * 2016-03-18 2020-02-14 华为技术有限公司 一种密钥处理方法及装置
US10433163B2 (en) 2016-09-19 2019-10-01 Qualcomm Incorporated Techniques for deriving security keys for a cellular network based on performance of an extensible authentication protocol (EAP) procedure
WO2018103206A1 (zh) * 2016-12-09 2018-06-14 华为技术有限公司 建立热点连接的方法和终端设备
US10904740B2 (en) 2016-12-21 2021-01-26 Nec Corporation Method of inbound roamer detection for networks supporting service domain centralization in IMS
WO2019133769A1 (en) * 2017-12-29 2019-07-04 Idee Limited Single sign on (sso) using continuous authentication
CN112352409B (zh) * 2018-04-06 2023-06-27 日本电气株式会社 下一代网络中的通用api框架所用的安全过程
US10992474B2 (en) 2018-10-30 2021-04-27 EMC IP Holding Company LLC Proactive user authentication for facilitating subsequent resource access across multiple devices
US10887799B2 (en) * 2019-01-10 2021-01-05 Cisco Technology, Inc. SRv6 user-plane-based triggering methods and apparatus for session or flow migration in mobile networks
JP7273523B2 (ja) * 2019-01-25 2023-05-15 株式会社東芝 通信制御装置および通信制御システム
US11310273B2 (en) 2020-01-23 2022-04-19 Rockwell Collins, Inc. Secure network aggregation protocol
CN112492597B (zh) * 2020-12-14 2023-03-24 中国联合网络通信集团有限公司 一种认证方法及装置

Family Cites Families (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7114175B2 (en) * 2001-08-03 2006-09-26 Nokia Corporation System and method for managing network service access and enrollment
US7738871B2 (en) * 2004-11-05 2010-06-15 Interdigital Technology Corporation Wireless communication method and system for implementing media independent handover between technologically diversified access networks
US7496364B2 (en) * 2004-11-05 2009-02-24 Freescale Semiconductor, Inc. Media-independent handover (MIH) method featuring a simplified beacon
JP4713881B2 (ja) * 2004-12-16 2011-06-29 パナソニック電工株式会社 トンネル自動設定装置、トンネル自動設定方法及びトンネル自動設定プログラム
US7813319B2 (en) * 2005-02-04 2010-10-12 Toshiba America Research, Inc. Framework of media-independent pre-authentication
US20060221899A1 (en) * 2005-03-31 2006-10-05 Feder Peretz M Triggers for media independent handover
US8565185B2 (en) * 2005-04-13 2013-10-22 Toshiba America Research, Inc. Framework of media-independent pre-authentication support for PANA
US7885231B2 (en) * 2005-04-14 2011-02-08 Lg Electronics Inc. Method of reconfiguring an internet protocol address in handover between heterogeneous networks
US7738882B2 (en) * 2005-06-13 2010-06-15 Toshiba America Research, Inc. Framework of media-independent pre-authentication improvements: including considerations for failed switching and switchback
US20060285519A1 (en) * 2005-06-15 2006-12-21 Vidya Narayanan Method and apparatus to facilitate handover key derivation
CN101288273A (zh) * 2005-07-14 2008-10-15 株式会社东芝 独立于介质的预验证改进的框架
US7716721B2 (en) * 2005-10-18 2010-05-11 Cisco Technology, Inc. Method and apparatus for re-authentication of a computing device using cached state
CN101001460A (zh) * 2006-01-11 2007-07-18 华为技术有限公司 异构网络中实现切换处理的方法
WO2007088451A2 (en) * 2006-02-03 2007-08-09 Nokia Corporation Encapsulation techniques for handling media independent handover (mih) information services messages
US20070189218A1 (en) * 2006-02-11 2007-08-16 Yoshihiro Oba Mpa with mobile ip foreign agent care-of address mode
US7773628B2 (en) * 2006-05-19 2010-08-10 Interdigital Technology Corporation Methods and apparatus for media independent messaging over the internet
KR20080007289A (ko) * 2006-07-15 2008-01-18 엘지전자 주식회사 이기종망간 핸드오버를 위한 정보 획득 방법
JP4864797B2 (ja) * 2006-09-11 2012-02-01 Kddi株式会社 P−cscf高速ハンドオフシステム及びp−cscf高速ハンドオフ方法
JP5018315B2 (ja) * 2006-09-14 2012-09-05 ソニー株式会社 無線通信システム、無線通信装置、無線通信装置の認証方法、および、プログラム
US20080095114A1 (en) * 2006-10-21 2008-04-24 Toshiba America Research, Inc. Key Caching, QoS and Multicast Extensions to Media-Independent Pre-Authentication
CN101179839A (zh) * 2006-11-07 2008-05-14 华为技术有限公司 异构网络切换方法、系统、终端及网络
US8583923B2 (en) * 2006-12-08 2013-11-12 Toshiba America Research, Inc. EAP method for EAP extension (EAP-EXT)
CN101212393B (zh) * 2006-12-29 2010-10-13 华为技术有限公司 介质无关切换消息的传输方法、系统及设备
US8817990B2 (en) * 2007-03-01 2014-08-26 Toshiba America Research, Inc. Kerberized handover keying improvements
US20100142478A1 (en) * 2007-03-07 2010-06-10 Nokia Corporation Neighbor network advertisement
US8005224B2 (en) * 2007-03-14 2011-08-23 Futurewei Technologies, Inc. Token-based dynamic key distribution method for roaming environments
WO2008139707A1 (ja) * 2007-04-27 2008-11-20 Panasonic Corporation 移動通信端末及び通信装置
KR20100038123A (ko) * 2007-05-25 2010-04-12 인터디지탈 테크날러지 코포레이션 무선 통신에서 액세스 모빌리티를 위한 프로토콜 아키텍쳐
US8036176B2 (en) * 2007-06-08 2011-10-11 Toshiba America Research, Inc. MIH pre-authentication
KR101061899B1 (ko) * 2007-09-12 2011-09-02 삼성전자주식회사 이종망간 핸드오버를 위한 빠른 인증 방법 및 장치
CN101400089A (zh) * 2007-09-29 2009-04-01 华为技术有限公司 一种异构无线网络之间进行切换的方法、网络实体及终端
KR101467780B1 (ko) * 2007-10-17 2014-12-03 엘지전자 주식회사 이기종 무선접속망간 핸드오버 방법
US20090257400A1 (en) * 2008-04-11 2009-10-15 Interdigital Patent Holdings, Inc. Method and apparatus for handover between a network supporting proxy mobile ip and a network supporting mobile ip
US8145195B2 (en) * 2008-04-14 2012-03-27 Nokia Corporation Mobility related control signalling authentication in mobile communications system
US8228861B1 (en) * 2008-09-12 2012-07-24 Nix John A Efficient handover of media communications in heterogeneous IP networks using handover procedure rules and media handover relays
US8341395B2 (en) * 2009-05-03 2012-12-25 Kabushiki Kaisha Toshiba Media independent handover protocol security

Also Published As

Publication number Publication date
EP2428019A4 (en) 2015-01-28
EP2428019A2 (en) 2012-03-14
EP2427995A1 (en) 2012-03-14
JP2012526454A (ja) 2012-10-25
US8341395B2 (en) 2012-12-25
JP5694296B2 (ja) 2015-04-01
WO2010129479A1 (en) 2010-11-11
JP5771603B2 (ja) 2015-09-02
US20100281249A1 (en) 2010-11-04
CN102461062A (zh) 2012-05-16
JP2012526455A (ja) 2012-10-25
WO2010129475A3 (en) 2012-04-05
US20100281519A1 (en) 2010-11-04
CA2760531A1 (en) 2010-11-11
US8505076B2 (en) 2013-08-06
EP2427995B1 (en) 2018-07-11
CA2760522A1 (en) 2010-11-11
EP2427995A4 (en) 2015-07-01
CA2760522C (en) 2015-07-14
CN102461062B (zh) 2015-09-02
CN102687537B (zh) 2016-03-09
CN102687537A (zh) 2012-09-19
WO2010129475A2 (en) 2010-11-11

Similar Documents

Publication Publication Date Title
CA2760531C (en) Authentication and authorization for performing a secure handover between a mobile node and a target network
CN101542967B (zh) Mih预先认证
US20080062926A1 (en) Mih protocol state machine
CA2693413C (en) Architecture for multiple mih users
WO2005072183A2 (en) Mobility architecture using pre-authentication, pre-configuration and/or virtual soft-handoff
EP2151132A2 (en) Data type encoding for media independent handover
CA2683460C (en) Systems and methods for currency querying

Legal Events

Date Code Title Description
EEER Examination request
MKLA Lapsed

Effective date: 20220503