(12) United States Patent
`Cheng et al.
`
`US006418130B1
`(16) Patent N6.=
`US 6,418,130 B1
`(45) Date of Patent:
`Jul. 9, 2002
`
`(54) REUSE 0F SECURITY ASSOCIATIONS FOR
`IMPROVING HAND-OVER PERFORMANCE
`
`(75) Inventors: Yi Cheng, Solna; Lars Bjiirup,
`Stockholm; Martin Jakob Rinman,
`Taby; Karl Dan Gustav Jerrestam,
`Johanneshov, all of (SE)
`
`(73) Ass1gnee: Telefonaktlebolaget L M Erlcsson
`(publ), Stockholm (SE)
`
`W O
`
`9/1993 Malek et al.
`5,243,653 A
`3/1994 Dahlin et 41.
`5,293,423 A
`5,444,766 A * 8/1995 Farwell et al. ............ .. 455/437
`5,546,464 A
`8/1996 Raith et a1.
`5,778,075 A * 7/1998 Haartsen ................... .. 375/138
`6,253,321 B1 * 6/2001 Nikander et al. ......... .. 713/160
`
`FOREIGN PATENT DOCUMENTS
`W 0 0139538
`* 5/2001
`~~~~~~~~~~ u H 0 4 Q /7 B 8
`
`* Cited by examiner
`
`Primary Examiner—Hassan KiZou
`Assistant Examiner—Tim Spafford
`(74) Attorney, Agent, or Firm—Burns, Doane, SWecker &
`Mathis, L-LP.
`
`( * ) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C.154b b 0d .
`( ) y
`ays
`
`(21) Appl' NO" 09/234’512
`(22) Filed:
`Jan. 21, 1999
`
`Related US. Application Data
`(60) Provisional application NO- 60/115349: ?led on Jan- 8:
`
`1999.
`
`(51) Int. Cl.7 ............................................... .. H04M 1/66
`(52) US. Cl. ..................... .. 370/331; 455/411; 455/410;
`370/328; 370/338; 380/247
`(58) Field Of Search ............................... .. 370/328, 338,
`370/331; 455/410, 411; 380/247
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`ABSTRACT
`(57)
`In a radio telecommunication system, the performance of a
`mobile unit can be signi?cantly Improved during a hand
`over procedure by reusing existing security associations that
`correspond to the mobile unit. By reusing existing security
`associations, a mobile unit can begin secure communica
`tions immediately following the hand-(Wer- OtherWise, and
`in accordance With conventional practice, the mobile unit
`Will have to undertake the time consuming task of renego
`tiating the required security associations, before it can begin
`transmitting and receiving secure communications.
`
`5,081,679 A
`
`1/1992 Dent
`
`35 Claims, 5 Drawing Sheets
`
`101
`i
`
`105
`(
`
`MU
`
`------------ - --
`
`suk
`
`(i )
`
`l
`
`(2)
`
`(3)
`
`SUkH
`
`110
`
`IBM / Softlayer v. ZitoVault
`Ex. 1010 / Page 1 of 12
`
`

`
`U.S. Patent
`
`Jul. 9, 2002
`
`Sheet 1 0f 5
`
`US 6,418,130 B1
`
`FIG. 1
`
`101
`
`105
`
`MU
`
`__‘ - - - - - - - — — - -"-"
`
`(1)
`
`(2)
`
`(3)
`
`HO
`
`Ex. 1010 / Page 2 of 12
`
`

`
`U.S. Patent
`
`Jul. 9, 2002
`
`Sheet 2 0f 5
`
`US 6,418,130 B1
`
`5
`
`5
`
`E
`
`mg 5
`
`9N
`
`w
`
`25m 4
`
`
`
`
`
`5w .... ....... -- 32
`
`w M mom 5N
`
`m .oE
`
`Ex. 1010 / Page 3 of 12
`
`

`
`U.S. Patent
`
`Jul. 9, 2002
`
`Sheet 3 0f 5
`
`US 6,418,130 B1
`
`mom
`
`v
`
`m .OE
`
`
`45522 @252
`
`G! 298% awn:
`
`omu
`
`“my
`
`0:0 1.5m
`
`32
`
`Ex. 1010 / Page 4 of 12
`
`

`
`U.S. Patent
`
`Jul. 9, 2002
`
`Sheet 4 0f 5
`
`US 6,418,130 B1
`
`
`
`
`
`EmmES 3805K 8mm:
`
`w now
`
`v.01
`
`
`
`
`
`M50: 385% 8mm:
`
`
`
`mmménz wozmzOum
`
`umo
`
`
`
`mi! 298% SM:
`
`Amy
`
`0:.)
`
`32
`
`Ex. 1010 / Page 5 of 12
`
`

`
`U.S. Patent
`
`Jul. 9, 2002
`
`Sheet 5 of 5
`
`US 6,418,130 B1
`
`
`
`69:8mn_v_Im<_._
`
`
`
`C.2$<$_ozm_.2._o_.m_9__._m<_._
`
`
`
`.h2m.<9_ozm_szozm.
`
`:5.
`
`m.9“.
`
`Ex.1010/Page6 Of12
`
`Ex. 1010 / Page 6 of 12
`
`
`

`
`US 6,418,130 B1
`
`1
`REUSE OF SECURITY ASSOCIATIONS FOR
`IMPROVING HAND-OVER PERFORMANCE
`
`This application claims priority under 35 U.S.C. §§119
`and/or 365 to US. Provisional Application No. 60/115,349
`?led in the United States on Jan. 8, 1999; the entire content
`of Which is hereby incorporated by reference.
`
`FIELD OF THE INVENTION
`
`The present invention involves Wireless telecommunica
`tion systems and/or networks, such as Wireless local are a
`netWorks (LAN s) and Mobile Internet Protocol (IP) systems.
`More particularly, the present invention involves the reuse of
`security associations When a mobile unit or mobile terminal
`undergoes handover from one stationary unit in the netWork
`to another.
`
`10
`
`15
`
`BACKGROUND
`
`With the rapid development of Wireless and mobile com
`munication technologies, communication security issues,
`such as user authentication, traf?c privacy and message
`integrity have become important concerns. In response, a
`number of Internet Engineering Task Force (IETF) security
`protocol standards, such as the Internet Key Exchange (IKE)
`protocol, the Internet Security Association and Key Man
`agement Protocol (ISAKMP), and the Internet Protocol
`Security (IPSEC), are noW employed in various Wireless
`LAN and Mobile IP environments.
`The IKE protocol Was designed to provide a mechanism
`for tWo or more communicating parties, such as a mobile
`unit (MU) and a netWork stationary unit (SU), to negotiate
`various security services and security associations. A secu
`rity service is a method or means for providing protection for
`the communication betWeen the tWo or more parties,
`Whereas, a security association (SA) is a relationship
`betWeen the tWo or more communicating parties Which
`de?nes hoW the parties Will execute the agreed upon security
`services. A security association is actually de?ned by a set
`of attributes, such as an authentication algorithm, an authen
`tication key, an encryption algorithm, an encryption key, and
`a SA lifetime, Which represents the period of time during
`Which the corresponding SA is valid. As one skilled in the
`art Will appreciate, the SAs must be negotiated and in place
`before the tWo or more parties can begin secure communi
`cations the procedure for negotiating security services and
`SAs in accordance With the IKE protocol is accomplished in
`tWo phases. In a ?rst phase (i.e., phase 1), the communicat
`ing parties negotiate the ISAKMP SA. The ISAKMP SA is
`de?ned by a set of basic security attributes Which provide
`protection for subsequent ISAKMP exchanges. In a second
`phase (i.e., phase 2), and under the protection of the
`ISAKMP SA, the communicating parties negotiate the IPSEC
`
`SAs associated With the IPSEC authentication header protocol and/or the IPSEC encapsulating security payload
`(ESP) protocol. The IPSEC protocols provide security ser
`vices for communications at the IP layer. As is knoWn in the
`art, a speci?c IPSECSA is uniquely de?ned by a security
`parameter index (SPI), a destination IP address, and an IPSEC
`protocol (i.e., AH or ESP).
`Because the SAs (i.e., the ISAKMP SA and the IPSEC
`SAs) are bound to the negotiating parties, the SAs are
`renegotiated Whenever a mobile unit moves from one access
`point to another in a Wireless LAN environment, or from one
`foreign agent to another in a mobile IP context. HoWever, the
`IKE negotiation process is computationally intensive, par
`ticularly phase 1. This is especially troublesome in Wireless
`
`25
`
`35
`
`45
`
`55
`
`65
`
`2
`LAN and mobile IP applications Where the mobile unit is
`frequently undergoing hand-over from one SU to another
`and Where the MU has limited computational poWer. Under
`such conditions, overall system performance Will be excep
`tionally loW since a signi?cant amount of time must be spent
`renegotiating SAs rather than communicating.
`
`SUMMARY OF THE INVENTION
`
`It is an object of the present invention to provide a
`technique Which improves the performance of a mobile unit
`(MU) in a Wireless LAN or mobile IP environment, particu
`larly during hand-over. The present invention accomplishes
`this by reusing rather then renegotiating the security asso
`ciations (SAs) corresponding to the MU once the MU is
`handed-over. By reusing the SAs, less time is spent nego
`tiating SAs. Consequently, a MU can begin secure commu
`nications almost immediately upon being handed-over from
`one SU to a another SU.
`Accordingly, it is an objective of the present invention to
`provide a more ef?cient Way to utiliZe SAs during hand
`over.
`It is another objective of the present invention to reduce
`and/or minimiZe the latency period betWeen the time a MU
`is handed-over to a stationary unit and the time the MU can
`begin secure communications With that stationary unit.
`It is yet another objective of the present invention to
`generally improve the performance of a MU through seam
`less hand-over.
`It is still another objective of the present invention to
`maintain a required level of performance Without sacri?cing
`communication security.
`In accordance With one embodiment of the present
`invention, the above-identi?ed and other objectives are
`achieved through a method and/or an apparatus for accom
`plishing hand-over of a mobile unit from a ?rst stationary
`unit to a second stationary unit. The method involves
`disconnecting the mobile unit from the ?rst stationary unit,
`and thereafter, connecting the mobile unit to the second
`stationary unit. The method also involves reusing an existing
`security association to support the connection betWeen the
`mobile unit and the second stationary unit, Wherein the
`existing security association Was previously used to support
`the connection betWeen the mobile unit and the ?rst station
`ary unit.
`In accordance With another embodiment of the present
`invention, the above-identi?ed and other objectives are
`achieved With a method and/or an apparatus for accomplish
`ing hand-over of a mobile unit from a ?rst stationary unit to
`a second stationary unit. More speci?cally, the method
`involves disconnecting the mobile unit from the ?rst sta
`tionary unit, and thereafter, connecting the mobile unit to the
`second stationary unit. The method then involves reusing an
`existing security association to support the connection
`betWeen the mobile unit and the second stationary unit,
`Wherein the existing security association Was previously
`used to ensure secure communications for a connection
`betWeen the mobile unit and a third stationary unit, and
`Wherein the third stationary unit and the second stationary
`unit are associated With a ?rst administrative domain that
`employs a common security policy.
`In accordance With still another embodiment of the
`present invention, the above-identi?ed and other objectives
`are achieved With a method for reusing security associations
`to facilitate hand-over of a mobile unit betWeen stationary
`units that are associated With a common administrative
`domain, Wherein all of the stationary units associated With
`
`Ex. 1010 / Page 7 of 12
`
`

`
`US 6,418,130 B1
`
`3
`the common administrative domain are subject to the same
`security policy. The method involves negotiating a ?rst
`security association for a connection betWeen the mobile
`unit and a ?rst stationary unit associated With the common
`administrative domain. The mobile unit is then disconnected
`from the ?rst stationary unit, and thereafter, connected to a
`second stationary unit associated With the common admin
`istrative domain. A ?rst set of security association attributes,
`corresponding to the ?rst security association, is then trans
`ferred from the ?rst stationary unit to the second stationary
`unit. The ?rst security association can then be employed to
`ensure secure communications for the connection betWeen
`the mobile unit and the second stationary unit.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`The objects and advantages of the invention Will be
`understood by reading the folloWing detailed description in
`conjunction With the draWings in Which:
`FIG. 1 illustrates a ?rst exemplary embodiment of the
`present invention;
`FIG. 2 illustrates a second exemplary embodiment of the
`present invention;
`FIG. 3 illustrates a ?rst exemplary set of security asso
`ciation attributes being transferred in accordance With the
`present invention;
`FIG. 4 illustrates a second set of security association
`attributes being transferred in accordance With the present
`invention; and
`FIG. 5 illustrates the transfer of security association
`attribute information, in accordance With the present
`invention, using encryption and authentication techniques.
`
`10
`
`15
`
`25
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`
`35
`
`4
`administrative domain, and thus under the control of a
`common security policy, are managed in an identical manner
`With respect to the SAs that are employed to protect the
`communication betWeen the MU and the various SUs.
`Accordingly, the set of SAs that are established betWeen the
`MU and any one of the various SUs belonging to that
`administrative domain can be reused by any one of the other
`SUs associated With that administrative domain, if and When
`the MU is handed-over to one of these other SUs. As
`previously stated, reuse of the previously established SAs
`Will improve the performance of the MU during hand-over,
`Without sacri?cing communication security. HoWever,
`depending upon the extent to Which MU performance
`improvement is desired, tWo exemplary embodiments of the
`present invention are described herein beloW.
`In accordance With a ?rst exemplary embodiment of the
`present invention, herein referred to as the partial SA reuse
`embodiment, a previously established Internet Security
`Association and Key Management Protocol (ISAKMP) SA
`is reused each time the MU is handed-over to another SU
`(i.e., SUk+1) in the administrative domain. More speci?cally,
`When the MU establishes a connection With a SU in the
`administrative domain for the ?rst time, the Internet Key
`Exchange (IKE) phase 1 negotiation, Which is used for
`establishing the ISAKMP SA, and the IKE phase 2
`negotiation, Which is used for establishing the IPSEC SAs,
`are carried out in accordance With the various standards set
`forth by the Internet Engineering Task Force (IETF).
`HoWever, as the mobile unit moves about, and is handed
`over to another SU (i.e., SUk+1) associated With the same
`administrative domain, the previously established ISAKMP
`SA is reused by the MU and SUk+1. Nevertheless, the MU
`and SUk+1 still must conduct an IKE phase 2 negotiation;
`that is, the MU and SUk+l must renegotiate the IPSEC SAs.
`Because the IKE phase 1 SA negotiation process is far more
`time consuming relative to the IKE phase 2 negotiation
`process, the reuse of the ISAKMP SA greatly improves the
`performance of the MU during hand-over.
`In accordance With a second exemplary embodiment of
`the present invention, herein referred to as the full SA reuse
`embodiment, the previously established ISAKMP SA and
`the previously established IPSEC SAs are reused each time
`the MU undergoes hand-over from one SU (i.e., SUk) to
`another SU (i.e., SUk+1) in the administrative domain. As
`stated above, When a MU connects With a SU in the
`administrative domain for the ?rst time, the ISAKMP SA
`and the IPSEC SAs are established in accordance With the
`IKE phase 1 and the IKE phase 2 negotiation processes
`respectively. HoWever, unlike the partial SA reuse embodi
`ment described above, subsequent hand-overs result in the
`reuse of both the previously established ISAKMP SA and
`the previously established IPSEC SAs. Thus, the entire IKE
`SA negotiation process, including phase 1 and phase 2, is
`avoided. Therefore, the MU and SUk+1 can begin commu
`nicating With each other almost immediately after the
`ISAKMP SA and the IPSEC SAs are transferred from SUk to
`SUk+1. Consequently, the hand-over procedure is accom
`plished in a seamless or near seamless fashion.
`In general, the full SA reuse embodiment provides greater
`MU performance enhancement during hand-over than does
`the partial SA reuse embodiment. That is because the MU
`and SUk+1 need not renegotiate any SAs. Why then might a
`netWork administrator opt to implement the partial SA reuse
`embodiment over the full SA reuse embodiment? One
`reason might be that the netWork administrator does not
`Want the various SUs associated With an administrative
`domain to share the same session keys (i.e., encryption and
`
`For a better understanding of the invention, the folloWing
`detailed description refers to the accompanying draWings,
`Wherein preferred exemplary embodiments of the present
`invention are illustrated and described. In addition, the
`reference numbers used to identify key elements of the
`invention in the draWings are consistent throughout this
`description.
`The present invention involves a technique Which
`improves the performance of a mobile unit or mobile
`terminal (herein referred to as a “MU”) in a radio telecom
`munication system, particularly during hand-over, Wherein
`the MU becomes disconnected from a ?rst stationary unit
`(herein referred to as “SUkk”) and connected to another
`stationary unit (herein referred to as “SUk+l”) and Wherein
`SUk and SUk+1 belong to a common administrative netWork
`domain that is under the control of a common security
`policy. The present invention accomplishes this by reusing
`one or more previously established security associations to
`support the neWly formed connection betWeen the MU and
`SUk+1. By reusing these previously established security
`associations, the MU and SUk+1 need not go through the
`time consuming task of renegotiating the security associa
`tions (herein referred to as “SA”s) each time the MU
`changes it’s point of connection (e.g., undergoes hand-over)
`Within the administrative domain. The present invention is
`of particularly importance Where the communicating entities
`(e.g., the MU and SUk+1) exhibit loW to medium level
`computational poWer, and Where the MU is especially
`mobile and frequently undergoing hand-over.
`In accordance With the present invention, each of a
`number of stationary units (SUs) associated With the same
`
`45
`
`55
`
`65
`
`Ex. 1010 / Page 8 of 12
`
`

`
`US 6,418,130 B1
`
`10
`
`15
`
`25
`
`5
`authentication keys) as speci?ed by the IPSEC SAs. If, for
`example, all the SUs associated With the administrative
`domain share the same session keys and just one of the SUs
`is compromised, an attacker can probably compromise com
`munications betWeen the MU and any of the SUs associated
`With the administrative domain.
`As stated previously, a speci?c IPSEC SA is uniquely
`identi?ed by a security parameter indeX (SPI), in combina
`tion With a destination IP address, and a particular security
`protocol (e.g., the authentication header protocol or the
`encapsulating security payload protocol). As such, a com
`mon IP address is needed for all SUs in the administrative
`domain, in order to reuse an IPSEC SA. In accordance With
`the full SA reuse embodiment, this common IP address may
`be assigned to each SU as an alias IP address. HoWever,
`under certain circumstances, a netWork administrator may
`not Want to assign a common IP address to each SU. If this
`is the case, the netWork administrator is likely to opt the
`partial SA reuse embodiment rather than the full SA reuse
`embodiment.
`When a MU is handed-over from one SU (e.g. SUk) to
`another SU (e.g. SUk+1), the SA attributes corresponding to
`the ISAKMP SA and the SA attributes corresponding to the
`IPSEC SAs, depending upon Whether the partial SA reuse
`embodiment or the full SA reuse embodiment is being
`employed, must be transferred from SUk to SUk+1. This
`transfer of SA attributes from SUk to SUk+1 may be accom
`plished in accordance With any one of a number of eXem
`plary techniques.
`FIG. 1 illustrates one such technique herein referred to as
`the direct transfer technique. According to the direct transfer
`technique, a MU 101 undergoes a hand-over from SUk 105
`to SUk+1 110 , as illustrated by the directional arroW marked
`“1”. Next, SUk+1 110 contacts SUk 105 by sending a SA
`35
`request message, as illustrated by the directional arroW
`marked “2”. The SA request message speci?cally requests
`those SAs associated With the MU 101. Accordingly, the SA
`request message must contain an identi?er code for the MU
`101. SUk 105 then replies to the SA request message by
`sending the appropriate SA attributes to SUk+1 110, as
`illustrated by the directional arroW marked “3”.
`In addition to the procedural steps described above, the
`direct transfer technique illustrated in FIG. 1, might also
`involve the step of verifying that SUk belongs to the same
`administrative domain as SUk+1. To accomplish this, each
`SU associated With the administrative domain might main
`tain a list containing all IP addresses associated With the
`administrative domain. SUk+1can then perform the required
`veri?cation by simply checking to see if the IP address
`associated With SUk is on the list. Alternatively, if admin
`istrative domain corresponds With an IP netWork or subnet,
`SUk+1 can simply compare the netWork identi?cation por
`tion of SUk’s IP address With the netWork identi?cation
`portion of it’s oWn IP address. If they match, SUk+1 has
`veri?ed that SUk, in fact, belongs to the same administrative
`domain. If SUk+1 determines that SUk does not belong to the
`same administrative domain, then the MU and SUk+1 may be
`required to renegotiate the ISAKMP SA and the IPSEC SAs,
`unless the attributes associated With the ISAKMP SA and the
`IPSEC SAs Were stored, for eXample, in a database, as
`illustrated in FIG. 2, during a previous connection betWeen
`the MU and any one of the SUs associated With the admin
`istrative domain to Which SUk+1 belongs.
`FIG. 2 illustrates an alternative technique for transferring
`the appropriate SA attributes. This alternative technique is
`herein referred to as the intermediate storage technique. The
`
`6
`intermediate storage technique may be preferable Where the
`netWork con?guration makes it dif?cult to identify SUk, or
`When direct communication betWeen SUk and SUk+1 is
`dif?cult or undesirable. In accordance With this alternative
`technique, as shoWn in FIG. 2, a MU 201 undergoes a
`hand-over from SUk 205 to SUk+1 210, as illustrated by the
`directional arroW marked “1”. Prior to, simultaneous to, or
`if necessary, subsequent to the hand-over, SUk transfers the
`appropriate SAs associated With the MU 201 to a database
`(DBS) 215, as indicated by the directional arroW marked
`“2”. SUk+1 210 then sends a SA request message to the DBS
`215, as illustrated by the directional arroW marked “3”. As
`in the direct transfer technique, the SA request message
`contains an identi?er code that speci?cally identi?es the MU
`201. Thus, the DBS 215 can reply to the SA request message
`by sending the appropriate SAs, associated With the MU
`201, to SUk+1 210, as illustrated by the directional arroW
`marked “4”.
`As one skilled in the art Will readily appropriate, the SAs
`contain sensitive information (e.g., session keys).
`Accordingly, the SA information that is transferred from
`SUk to SUk+1, using the direct transfer or the intermediate
`storage technique, should be protected. Therefore, encryp
`tion and authentication mechanisms might be employed to
`ensure con?dentiality and authenticity for this information.
`FIG. 3 illustrates, more speci?cally, the SA attributes that
`might be transferred from SUk to SUk+1, if the partial SA
`reuse embodiment is employed. As illustrated, SUk 105,
`upon receiving a SA request message from SUk+1 110, as
`indicated by the directional arroW marked “2”, sends a reply
`message 305 to SUk+1 110, Wherein the reply message 305
`contains the information necessary to de?ne the folloWing
`ISAKMP SA attributes: the ISAKMP SA lifetime; the
`ISAKMP session keys, including the ISAKMP session key
`for authentication and the ISAKMP session key for encryp
`tion; keying material, Which is required for deriving the
`IPSEC session keys; the last IKE phase 1 CBC (i.e., cipher
`block chaining) output block for generating an initialiZation
`vector Which, in turn, is needed for the encryption of the ?rst
`IKE phase 2 message. Although FIG. 3 indicates that the SA
`attributes are being transferred in accordance With the direct
`transfer technique described above, it Will be readily appar
`ent to one skilled in the art that the intermediate storage
`technique may be employed in the alternative.
`FIG. 4 illustrates the SA attributes that might be trans
`ferred from SUk 105 to SUk+1 110, in addition to the SA
`attributes identi?ed in FIG. 3, if the full SA reuse embodi
`ment is employed. As illustrated in FIG. 4, SUk 105, upon
`receiving a SA request message from SUk+1 110, as indi
`cated by the directional arroW marked “2” sends a reply
`message 405 to SUk+1 110, Wherein the reply message 405
`contains the information necessary to de?ne the ISAKMP
`SA attributes identi?ed above in FIG. 3, and the information
`necessary to de?ne the folloWing IPSEC SA attributes: the
`IPSEC SA lifetime; the IPSEC protocols being used, that is,
`the authentication header and/or encapsulating security pay
`load protocols; the IPSEC protocol mode, that is, the trans
`port mode or the tunnel mode; the security parameter
`indeX(es); the IPSEC session keys, including the session keys
`for authentication and encryption, as Well as their respective
`algorithms; the last CBC output block prior to hand-over,
`Which is used as the initialiZation vector for encryption of
`the ?rst IP packet subsequent to hand-over; and the value of
`the sequence number, in accordance With the authentication
`header protocol or the encapsulating security payload
`protocol, just prior to hand-over, as this value plus 1 Will be
`the initial value of the sequence number after hand-over for
`
`45
`
`55
`
`65
`
`Ex. 1010 / Page 9 of 12
`
`

`
`US 6,418,130 B1
`
`10
`
`25
`
`35
`
`7
`anti-relay checking purposes. As Was the case in FIG. 3, the
`transfer of SA attributes in FIG. 4 is accomplished in
`accordance With the direct transfer technique described
`above. HoWever, it Will be understood that the SA attributes
`may be transferred in accordance With the intermediate
`storage technique, also described above.
`As stated previously, the ?rst time a MU connects to any
`SU in a given administrative domain, an IKE phase 1
`negotiation and an IKE phase 2 negotiation must be
`accomplished, thereby establishing the ISAKMP SA and the
`IPSEC SAs respectively. HoWever, in accordance With
`another aspect of the present invention, the SA attributes
`associated With the ISAKMP SA and the IPSEC SAs may be
`stored for a period of time, for example, a period of time
`equivalent to the ISAKMP SA lifetime and the IPSEC SA
`15
`lifetime respectively. The SA attributes might be stored in a
`database, such as the database 215 illustrated in FIG. 2. By
`storing the SA attributes, the MU might avoid having to
`renegotiate the ISAKMP SA and the IPSEC SAs if the MU
`becomes disassociated With the administrative domain, for
`example, by being handed-over to a SU Which is not
`associated With the administrative domain, and then the MU
`becomes reassociated With the administrative domain, for
`example, by being handed back-over to a SU associated With
`the administrative domain, before the aforementioned period
`of time expires. In accordance With this aspect of the
`invention, the transfer of SA attributes to SUk+1 might be
`accomplished in much the same Way as the intermediate
`storage technique illustrated in FIG. 2, but for the fact that
`the MU is handed-over to a SU associated With another
`administrative domain during an interim period betWeen the
`time the MU is connected to SUk and the time the MU is
`connected to SUk+1.
`FIG. 5 illustrates a procedure for transferring SA attribute
`control messages, in accordance With an exemplary embodi
`ment of the present invention, using encryption and authen
`tication techniques to protect the SA attributes during trans
`fer. While the procedure illustrated in FIG. 5 involves the
`intermediate storage technique, described above With refer
`ence to FIG. 2, one skilled in the art Will readily appreciate
`that a similar procedure could be applied to the direct
`transfer technique, described above With reference to FIG. 1.
`The procedure illustrated in FIG. 5 initially begins With
`the MU undergoing a hand-over procedure from the station
`ary unit SUk to the stationary unit SUk+1, as indicated by the
`directional arroW marked “1”, Wherein SUk and SUk+1 are
`associated With the same administrative domain. Therefore,
`SUk and SUk+1 are subject to the same security policy. Then,
`at some point during the hand-over procedure, SUk transfers
`the SA attribute control message to the DBS, as indicated by
`the directional arroW marked “2”. As shoWn, the SA attribute
`control message contains a MU identi?cation code (ID MU);
`the SA attributes (ENCKSA), Which are encrypted using an
`encryption key KSA; a time stamp (T); and a Hash value
`(HASHKDB). The purpose of the MU identi?cation code
`(IDMU) is to identify the SA attributes (i.e., ENCKSA) as
`being associated With the MU. The purpose of the time
`stamp (T) is inform the DBS as to the period of time that has
`elapsed since the SUK sent the SA control message. If a
`signi?cant period of time has elapsed, the DBS may be
`designed to reject the SA attribute control message to protect
`against unauthoriZed replay. While the MU identi?cation
`code a (IDMU) and the time stamp
`are not typically
`encrypted, the SA attributes are encrypted using an encryp
`tion key KSA, Which is shared by each of the SUs associated
`With the administrative domain. The Hash value
`(HASHKDB) is used for authentication purposes, and it is
`
`65
`
`45
`
`55
`
`8
`derived using an authentication key KDE and as a function
`of the MU identi?cation code (IDMU), the SA attributes
`(ENCKSA) and the time stamp
`The authentication key
`KDB, like the encryption key KSA, is shared by each of the
`SUs associated With the administrative domain. In addition,
`it is shared by the DBS.
`As stated, SUk transfers the SA attribute control message,
`containing the MU identi?cation code (ID MU), the encrypted
`SA attributes (ENCKSA), the time stamp (T), and the Hash
`value (HASHKDB), to the DBS. Upon receiving the SA
`attribute control message, the DBS recalculates the Hash
`value as a function of the received values for the MU
`identi?cation code (ID MU), the SA attributes (ENCKSA), and
`the time stamp (T), and based on the authentication key KDB.
`Then DBS then compares the recalculated Hash value With
`the received Hash value. If the tWo values are equal (i.e., if
`the tWo values match), the DBS authenticates SUk, and
`accepts the SA attribute control message. The DBS then
`stores the encrypted SA attributes (ENCSKA) along With the
`MU identi?cation code (IDMU).
`Further in accordance With the procedure illustrated in
`FIG. 5, SUk+1 noW issues a SA attribute request message to
`the DBS, as indicated by the directional arroW marked “3”,
`Wherein the SA attribute request message contains the MU
`identi?cation code (ID MU). In response, the DBS transfers to
`SUk+1 the encrypted SA attributes (ENCKSA) that correspond
`to the MU identi?cation code (IDMU) contained in the SA
`attribute request message. By applying the encryption key
`KSA to the SA attributes (ENCKSA), SUk+1 can decipher the
`encrypted SA attributes.
`The present invention has been described With reference
`to a preferred embodiment. HoWever, it Will be readily
`apparent to those skilled in the art that it is possible to
`embody the invention in speci?c forms other than as
`described above Without departing from the spirit of the
`invention. The preferred embodiments are illustrative and
`should not be considered restrictive in any Way. The scope
`of the invention is given by the appended claims, rather than
`the preceding description, and all variations and equivalents
`Which fall Within the range of the claims are intended to be
`embraced therein.
`What is claimed is:
`1. In a radio telecommunication system, a method for
`accomplishing hand-over of a mobile unit from a ?rst
`stationary unit to a second stationary unit, said method
`comprising the steps of:
`disconnecting the mobile unit from the ?rst stationary
`unit;
`connecting the mobile unit to the second stationary unit;
`and
`reusing an existing security association to support the
`connection betWeen the mobile unit and the second
`stationary unit, Wherein the existing security associa
`tion Was previously used to support the connection
`betWeen the mobile unit and the ?rst stationary unit.
`2. The method of claim 1 further comprising the step of:
`transferring a number of security association attributes,
`associated With the security association, from the ?rst
`stationary unit to the second stationary unit.
`3. The method of claim 2, Wherein the security association
`attributes are transferred from the ?rst stationary unit
`directly to the second stationary unit.
`4. The method of claim 2, Wherein said step of transfer
`ring the number of security association attributes, associated
`With the security association, from the ?rst stationary unit to
`the second stationary unit comprises the steps of:
`
`Ex. 1010 / Page 10 of 12
`
`