NETWORK ARCHITECTURE AND SECURITY WITH ENCRYPTED NETWORK REACHABILITY CONTEXTS

摘要

In an aspect, a network supporting a number of client devices may include a network device that establishes a security context and generates a client device context. The client device context includes network state information that enables the network to communicate with the client device. The network device generates one or more encrypted network reachability contexts based on the client device context, and transmits the one or more encrypted network reachability contexts to a network entity. The one or more encrypted network reachability contexts enable the network device to reconstruct the context for the client device when the network device receives a message to be transmitted to the client device from the network entity. As a result, the network device can reduce an amount of the context for the client device maintained at the network device in order to support a greater number of client devices.

主权项

1. A method for a network device comprising:
establishing a security context for a connection with a client device, wherein the security context includes at least an encryption algorithm, an encryption key, an integrity protection algorithm, an integrity protection key, or combinations thereof; generating a context for the client device, the context including network state information associated with the client device, the network state information including at least the encryption algorithm, the encryption key, the integrity protection algorithm, the integrity protection key, or combinations thereof; generating one or more encrypted network reachability contexts based on the context; and transmitting the one or more encrypted network reachability contexts to a network entity, wherein the one or more encrypted network reachability contexts serve to reduce an amount of the context maintained at the network device and enable reconstruction of the context for the client device when the network device receives a message to be transmitted to the client device from the network entity.