Claims
- 1. A method of implementing internet protocol security in a mobile IP network, comprising the steps of:
a. establishing a security association for a communication between a first node and a second node; b. storing, at the first node and at the second node, the security association; and c. synchronizing, with a security association policy server, the security association between the first node and the second node.
- 2. A method as recited in claim 1, wherein step (c) comprises:
a. establishing a communication between the first node and the security association policy server; b. storing, at the security association policy server, information associated with the communication between the first node and the second node, including a first node address, a second node address, a kind of protocol for the communication, a port number for the communication, and a security policy for the security association; c. selecting a security association management protocol based on the information associated with the communication between the first node and the second node; d. determining whether the security association stored at the first node is to be deleted according to the security association management protocol; and e. informing the first node to delete the security association when it is determined that the security association is not synchronized.
- 3. A method as recited in claim 2, wherein the step of establishing a security association management protocol comprises:
a. determining whether to delete the first security association stored at the first node according to priority of use of the first security association; b. determining whether to delete the first security association stored at the first node based on an overflow protection policy of a first node security association database; c. determining whether to delete the first security association stored at the first node based on keep-alive negotiation protocol; d. determining whether to delete the first security association stored at the first node based a deletion notification with a keep-alive negotiation protocol; and e. determining whether to delete the first security association stored at the first node based on re-key process protocol.
- 4. A method as recited in claim 1, wherein the first node is a mobile node.
- 5. A method as recited in claim 1, wherein the security association expires at the termination of a lifetime and is used over multiple sessions of communications between the first node and the second node.
- 6. A method as recited in claim 1, wherein the communication is a real-time interactive digital data communication.
- 7. A method as recited in claim 1, wherein the real-time interactive digital data communication is voice over Internet protocol.
- 8. A method as recited in claim 1, wherein the network complies with International Mobile Telecommunications-2000 standards.
- 9. An internet protocol network comprising:
a. a plurality of nodes configured to communicate with each other over the network, and to store security associations for communications the between plurality of nodes; b. at least one security association policy server provided in the network and in communication with the nodes, the at least one security association policy server configured to synchronize the security associations between the nodes according to a security association management protocol.
- 10. An internet protocol network as recited in claim 9, wherein the at least one security association policy server is configured to store information related to a communication between nodes, the information comprising:
a. a source address; b. a destination address; c. a kind of protocol; d. a port number; and e. a security policy for the communication.
- 11. An Internet protocol network as recited in claim 10, wherein the security association policy server establishes the security association management protocol based on the information related to a communication between nodes.
- 12. An internet protocol network as recited in claim 11, wherein the at least one security association policy server determines whether to a security association stored at a node is to be eliminated from storage, according to the security association protocol and a combination of security association management factors.
- 13. An internet protocol network as recited in claim 12, wherein the combination of security association management factors comprise:
a. priority of security associations stored at a node; b. security association database overflow; c. keep-alive negotiation; d. deletion notification during keep-alive negotiation; and e. re-key process.
- 14. An internet protocol network as recited in claim 9, wherein the communication is a real-time interactive digital data communication.
- 15. An internet protocol network as recited in claim 9, wherein the real-time interactive digital data communication is voice over Internet protocol.
- 16. An internet protocol network as recited in claim 9, wherein the network complies with International Mobile Telecommunications-2000 standards.
- 17. A method for synchronizing a security association for a node in an internet protocol network, comprising the steps of:
a. storing a security association at a mobile node for a communication between the mobile node and a second node in the network, the mobile node storing the security association for no more than a discrete lifetime; b. storing at a security association policy server, data related to the security association stored at the mobile node; and c. analyzing the data related to the security association according to a predetermined criteria to determine a whether the security association stored at the mobile node is eliminated prior to expiration of the lifetime.
CROSS-REFERENCE TO RELATED APPLICATIONS (35 U.S.C. § 120)
[0001] This application is a continuation-in-part application of co-pending U.S. patent application Ser. No. 09/827,632 filed on Apr. 6, 2001, and titled METHOD FOR IMPLEMENTING IP SECURITY IN MOBILE IP NETWORKS, by Aki Yokote (Attorney Docket No. 10745/6).
[0002] The descriptive matter of co-pending U.S. application Ser. No. 09/827,632 filed on Apr. 6, 2001, and titled METHOD FOR IMPLEMENTING IP SECURITY IN MOBILE IP NETWORKS, by Aki Yokote (Attorney Docket No. 10745/6) is incorporated by reference in its entirety, and is made part of this application.
Continuation in Parts (1)
|
Number |
Date |
Country |
Parent |
09827632 |
Apr 2001 |
US |
Child |
10114695 |
Apr 2002 |
US |