Mobile security protocol negotiation

摘要

A security gateway/home agent controller HAC is used to assign one home agent HA from a plurality of HAs and to identify at least one security protocol that is common between a mobile node MN and the assigned HA. Establishment of a security association between the MN and the assigned HA is enabled according to the identified security protocol and utilizing bootstrapping parameters provided over a secure connection between the security gateway/HAC and the MN. The bootstrapping parameters include at least a home address for the MN, an address of the assigned HA and security credentials and security parameters for the identified at least one security protocol. In an exemplary embodiment the home address for the MN may be an IPv6 home address and the MN may have certain capabilities with respect to security protocols and ciphering suites which the MN sends to the security gateway.

主权项

1. A method comprising:
assigning, by a security gateway one home agent from a plurality of home agents, that has more than one security protocol and cipher suite for use with mobile IPv6 and dual stack mobile IPv6, that is common to a security protocol capability of a mobile node, in which the assigning comprises comparing, by the security gateway, a list of more than one security protocol and cipher suite of the mobile node indicated in signaling to the security gateway, to multiple different security protocols and cipher suites supported by the plurality of home agents to identify the one home agent with the common more than one security protocol and cipher suite, wherein different ones of the more than one security protocol and cipher suite are identified for controlling signaling and user data transfer, respectively, between the mobile node and the one home agent, in which the list signaled to the security gateway is from a security server, and in which the comparing comprises comparing the list to a list, that is stored in a local memory of the security gateway, of the multiple different security protocols and cipher suites supported by each of the plurality of home agents; sending, by the security gateway, to the mobile node over a secure connection bootstrapping parameters, an identity of the assigned home agent, and an indication of the identified more than one security protocol and cipher suite and the different ones of the more than one security protocol and cipher suite assigned for the control signaling and the user data transfer, respectively, wherein the identified more than one security protocol and cipher suite comprises one common security protocol and cipher suite for the control data and another for the user data for simultaneous use between the mobile node and the assigned home agent; sending, by the security gateway, to the assigned home agent an identity of the mobile node, and more than one security protocol and cipher suite of the list that is common to both the mobile node and the assigned home agent; and enabling, by the security gateway, establishment of a security association between the mobile node and the assigned home agent, for the use with mobile IPv6 and dual stack mobile IPv6, according to the identified more than one security protocol and cipher suite, comprising utilizing the bootstrapping parameters provided over the secure connection between the security gateway and the mobile node, in which the bootstrapping parameters comprise at least an IPv6 home address for the mobile node, and an address of the assigned home agent and security credentials and security parameters for the identified more than one security protocol and cipher suite to enable the establishment of the security association.