-
公开(公告)号:EP1597904A2
公开(公告)日:2005-11-23
申请号:EP04709476.8
申请日:2004-02-09
发明人: CORSON, Scott, M. , LAROIA, Rajiv , PARK, Vincent , UPPALA, Sathyadev, Venkata , VANDERVEEN, Michaela
IPC分类号: H04M1/66
摘要: Signal, e.g., message, security techniques are described for wireless systems. A first signal is received by an access node via a wireless link. The signal includes a first authenticator that was generated by the transmitting device, e.g., wireless terminal. The access node determines from an attribute of the signal at least some information known to both the access node and transmitting device but which was not transmitted as part of the message content. The determined information was used by the wireless terminal in generating the first authenticator. The access node sends at least a portion of the first signal including the first authenticator and the determined information to another entity. The entity compares the first authenticator to a second authenticator it generates from the determined information and a secure key which it shares with the transmitting device to determine if the first and second authenticators match.
-
2.发明公开METHOD AND APPARATUS FOR PROVIDING AUTHENTICATION, AUTHORIZATION AND ACCOUNTING ROAMING NODES 审中-公开方法和设备提供认证,授权和计费的漫游KNOT
公开(公告)号:EP1556989A1
公开(公告)日:2005-07-27
申请号:EP03770757.7
申请日:2003-10-14
IPC分类号: H04L9/00
CPC分类号: H04W12/06 , H04L63/061 , H04L63/08 , H04L63/0869 , H04L63/0892 , H04W12/04
摘要: The invention proposes an integrated process of authorizing and securing at layer 2 (L2) followed by layer 3 (L3). The L3 process treats the wireless link as any normal IP access link, and the L3 authorisation provides L3 processing, but also includes the L2 terminal authentication identifiers so that the L2 security parameters can also be returned. This means that the wireless link and the IP layer are not secured until after the L3 authorisation has completed and therefore the first IP messages that trigger authorisation are sent insecurely. This invention also provides methods to avoid these insecure messages presenting any opportunities to an attack. This inventions include methods to enable L3 before L2 authorisation when a user is roaming in a foreign network (480). These enable different types of AAA servers (450) in the foreign domain (480) to work with different types of AAA servers (460) in the home domain (470) to provide dynamic assignment of foreign mobility agents and the associated security associations between home and foreign mobility agents, as well a temporary account in the foreign domain (480). These methods apply both to standard MIP as well as Nested MIP, and to different types of Mobile Node apparatus and a range of user, host and terminal authentication models.
摘要翻译: 本发明提出了一种用于AAA(认证,授权和计费)用顺序颠倒,由此L2 L3如下集成方法。 该L3过程将所述无线链路的任何正常IP接入链路,而L3授权提供L3处理,所以但包括L2终端认证标识符,以便DASS死因此可以返回L2安全参数。 此bedeutet,DASS无线链路和IP层不固定,直到L3授权完成后,并且因此所述第一IP消息那样触发授权是不安全的方式发送。 本发明因此提供方法来避免合成不安全消息在攻击者呈现任何机会。 最后,该发明包括方法L2授权之前,使L3当用户在外国网络中漫游。
-
搜索结果
2 条记录 (耗时 0.009 秒)
