Patent application number | Description | Published |
20090043901 | Bootstrapping Method For Setting Up A Security Association - In one embodiment, a method of the invention has the steps of: (A) establishing an access-layer security association (SA) between a mobile node (MN) and an authentication authorization accounting (AAA) server; (B) deriving a secondary key from an extended master session key (EMSK) corresponding to the access-layer SA; (C) providing the secondary key to a home agent; and (D) based on the secondary key, establishing an SA corresponding to an Open System Interconnection (OSI) layer higher than the access layer for securing communications between the home agent and a selected network node. In various embodiments, the selected network node can be (i) the MN, (ii) a proxy node configured on behalf of the MN, or (iii) a proxy node configured on behalf of the home agent. | 02-12-2009 |
20090233578 | Methods and apparatuses for dynamic management of security associations in a wireless network - Methods for dynamic management of security associations in a network are provided. According to one method, a security key management entity determines whether to apply a new security key as an active security key based on an existing active security key. Each of the new security key and the existing active security key are associated with a same home agent, and the existing active security key serves as a basis for an existing security association between the home agent and at least one other network element. | 09-17-2009 |
20100118832 | Method for connection termination in mobile IP - A method is provided for optimizing the sending of a Mobile IP Revocation Reply. According to the invention methodology, a Foreign Agent operating as the care-of address for a given mobile unit will send to the Home Agent for that mobile unit a Revocation Acknowledgement message immediately after receiving a Revocation message from the Home Agent, without awaiting the conclusion of the Foreign Agent's tear-down steps. After sending that immediate acknowledgement to the Home Agent, the Foreign Agent independently proceeds with its regular procedures of forwarding the Revocation message to the client (as needed), waiting for a response from the client (including retransmitting the request to the client on a timer if no response received), and tearing down the user plane. With the method of the invention, the latency of the latter procedures would not result in a delay in sending the Revocation Acknowledgement from the Foreign Agent to the Home Agent. | 05-13-2010 |
20100130168 | Prevention of a Bidding-Down Attack in a Communication System - A communication system includes at least a mobile station, a base station, a gateway and a server, with the base station being configured for wireless communication with the mobile station, and the gateway being configured for connection between the base station and the server. The server stores information indicative of at least one established security capability of the mobile station, and sends at least a portion of that information to the gateway, possibly in conjunction with an authentication process for the mobile station. The gateway uses the information received from the server to verify that one or more security capabilities negotiated between the mobile station and the base station are consistent with the established security capability or capabilities of the mobile station. This can advantageously allow the gateway to prevent a bidding-down attack in which an attacker impersonates the mobile station to negotiate an inferior security capability with the base station. | 05-27-2010 |
20100235890 | Communication of Session-Specific Information to User Equipment from an Access Network - In conjunction with establishment of a session between an access network and user equipment of a communication system, session-specific information is transmitted from the access network to the user equipment. The session-specific information transmitted from the access network to the user equipment comprises information to be utilized in an authentication protocol carried out between the user equipment and an authentication server of the system. For example, the session-specific information transmitted from the access network to the user equipment may comprise an identifier of a gateway coupled between the access network and the authentication server. | 09-16-2010 |
20100303238 | Session Key Generation and Distribution with Multiple Security Associations per Protocol Instance - A single instance of a session key generation protocol is executed in a manner that generates a plurality of security associations between user equipment and a first network element of a communication system. In one aspect, a first one of the security associations is utilized to secure data sent between the user equipment and the first network element in an ongoing communication. In conjunction with a handoff of the ongoing communication from the first network element to a second network element of the communication system, another one of the security associations is selected, and the other selected security association is utilized to secure data sent between the user equipment and the second network element in the ongoing communication. The security associations may comprise respective sets of session keys derived from a single pairwise master key. | 12-02-2010 |
20110077021 | PROVIDING A LAST-SEEN MOBILE UNIT LOCATION TO A LOCATION BASED SERVICE - The present invention provides a method involving a mobile unit, a location server, a location-based application client, and a location-based application server configured to provide location-based applications. The method includes receiving, at the location server and from the location-based application server, a request from location-based application client for a current location of the mobile unit and attempting, at the location server, to determine the current location of the mobile unit. The method also includes providing, from the location server to the location-based application server, information indicating a previous location of the mobile unit when the attempt to determine the current location of the mobile unit is unsuccessful. | 03-31-2011 |
20110077027 | METHOD AND APPARATUS FOR LOCATION-BASED MOBILE POWER CONTROL - A technique to extend location-based (e.g. GPS) mobile device battery lifetime by reducing the location-based (e.g. GPS) circuitry power consumption is provided. The technique defines and controls when to start power and when to stop power to the device in the context of a mobile terminating (MT) location request and/or a mobile originated (MO) location request that is either on-demand or periodic. | 03-31-2011 |
20110107085 | Authenticator relocation method for wimax system - A method is provided for Authenticator Relocation in a communication system applying an Extensible Authentication Protocol, or the like, which provides replay protection and mitigates the rogue ASN-GW problem during relocation of the Anchor Authentication, and without conducting re-authentication of the MS. The method of the invention optionally allows secure refresh of the MSK. | 05-05-2011 |
20110158162 | Method for interworking among wireless technologies - A method is provided for interworking of mobility key management among access networks operating under different access technologies. The method is carried out by performing mobility key management by a core-network authentication server based on the access technology that a mobile terminal accessing a wireless network has selected for operation. The method of the invention defines authentication server behavior based on different access technologies and therefore solves the technology interworking issue seamlessly. The method of the invention also facilitates coexistence of more than two different access technologies without any need for each access technology to be modified in order to interwork with core network that is specified by another technology. | 06-30-2011 |
20120047558 | Method And Apparatus Of Automated Discovery In A Communication Network - An automated method is provided for mutual discovery between a network entity and a client entity that cooperate for providing a service in a machine-to-machine environment. In an embodiment, the network entity receives an identifier in a communication from a server on behalf of the client entity. At some point in time, the network entity receives a communication containing the identifier from the client entity. Before or after receiving the client entity communication, the network entity discovers itself to the client entity. Some time after receiving the client entity communication, the network entity authenticates the client entity, establishes a permanent security association with the client entity, and initiates the service. | 02-23-2012 |
20120272064 | DISCOVERY OF SECURITY ASSOCIATIONS - Techniques are disclosed for discovering security associations formed in communication environments. For example, a method for forming a discoverable security association between a first computing device (e.g., a first client) and a second computing device (e.g., a second client) comprises the following steps. The first computing device is provided with a seed that is used by the first computing device to generate a secret that is used by the first computing device to compute a key for use in securing communications with the second computing device. The secret is re-computable based on knowledge of the seed and the key is re-computable based on knowledge of the secret such that a third computing device (e.g., an intercepting server) can use the re-computed key to intercept communications between the first computing device and the second computing device unbeknownst to the first computing device and the second computing device. By way of example, the key may be a result of an identity based authenticated key exchange. | 10-25-2012 |
20120288092 | DISCOVERY OF SECURITY ASSOCIATIONS FOR KEY MANAGEMENT RELYING ON PUBLIC KEYS - Techniques are disclosed for forming a discoverable security association in communication environments and for lawfully discovering security associations formed in communication environments. For example, a method for forming a discoverable security association between a first computing device and a second computing device comprises the following steps. The first computing device obtains from a key management entity: (i) a first private key assigned to the first computing device, which is computationally associative with a first public key associated with the first computing device; and (ii) a first root key assigned to the first computing device. The first computing device chooses a first random value and generating a first nonce, wherein the first nonce is a result of an encryption of the first random value using the first root key. The first computing device generates a first key component based on the first random value. The first computing device encrypts the first nonce and the first key component with a second public key associated with the second computing device using an identity-based encryption process and sends the encrypted first nonce and the encrypted first key component to the second computing device so as to establish a security association with the second computing device. The security association is discoverable by a third computing device unbeknownst to the first computing device and the second computing device. | 11-15-2012 |
20130072156 | PREVENTION OF MISMATCH OF AUTHENTICATION PARAMETER IN HYBRID COMMUNICATION SYSTEM - Techniques include, in response to a first communication network of a hybrid communication system being aware of a potential for a mismatch of reported authentication parameters associated with a second communication network of the hybrid communication system, wherein the first communication network is used to transport the reported authentication parameters to the second communication network, the first communication network preventing the mismatch of the reported authentication parameters. In one example, the first communication network is an LTE network and the second communication network is a CDMA2000 network. | 03-21-2013 |
20130104247 | Verification Of Content Possession By An Announcing Peer In A Peer-To-Peer Content Distribution System - A tracker node verifies content possession by a peer node in a peer-to-peer content distribution system. Upon receiving an announcement that a peer node claims to possess a content item, the tracker node in one embodiment obtains the content item, selects a random portion of the content item; formulates a challenge based on the random portion of the content item and determines an expected challenge response. The challenge may comprise, for example, a request for a hash of the random portion (or alternatively, a hash of the random portion and a random seed value). The tracker node issues the challenge to the announcing node and verifies the announcing node's possession of the content item if the challenge response from the announcing node matches the expected challenge response. | 04-25-2013 |
20130104249 | Verification Of Integrity Of Peer-Received Content In A Peer-To-Peer Content Distribution System - Structures and methods are disclosed for verifying integrity of peer-supplied content in a peer-to-peer content distribution system, for example, to verify that content supplied from a sending peer node to a receiving peer node corresponds to the content that was requested by the receiving node. | 04-25-2013 |
20140004796 | DISCOVERING PROXIMITY DEVICES IN BROADBAND NETWORKS | 01-02-2014 |
20140254794 | SESSION KEY GENERATION AND DISTRIBUTION WITH MULTIPLE SECURITY ASSOCIATIONS PER PROTOCOL INSTANCE - A single instance of a session key generation protocol is executed in a manner that generates a plurality of security associations between user equipment and a first network element of a communication system. In one aspect, a first one of the security associations is utilized to secure data sent between the user equipment and the first network element in an ongoing communication. In conjunction with a handoff of the ongoing communication from the first network element to a second network element of the communication system, another one of the security associations is selected, and the other selected security association is utilized to secure data sent between the user equipment and the second network element in the ongoing communication. The security associations may comprise respective sets of session keys derived from a single pairwise master key. | 09-11-2014 |