摘要 |
A communication system includes at least a mobile station, a base station, a gateway and a server, with the base station being configured for wireless communication with the mobile station, and the gateway being configured for connection between the base station and the server. The server stores information indicative of at least one established security capability of the mobile station, and sends at least a portion of that information to the gateway, possibly in conjunction with an authentication process for the mobile station. The gateway uses the information received from the server to verify that one or more security capabilities negotiated between the mobile station and the base station are consistent with the established security capability or capabilities of the mobile station. This can advantageously allow the gateway to prevent a bidding-down attack in which an attacker impersonates the mobile station to negotiate an inferior security capability with the base station.
|