Authentication And Secure Channel Setup For Communication Handoff Scenario
Abstract
Persistent communication layer credentials generated on a persistent communication layer at one network may be leveraged to perform authentication on another. For example, the persistent communication layer credentials may include application-layer credentials derived on an application layer. The application-layer credentials may be used to establish authentication credentials for authenticating a mobile device for access to services at a network server. The authentication credentials may be derived from the application-layer credentials of another network to enable a seamless handoff from one network to another. The authentication credentials may be derived from the application-layer credentials using reverse bootstrapping or other key derivation functions. The mobile device and/or network entity to which the mobile device is being authenticated may enable communication of authentication information between the communication layers to enable authentication of a device using multiple communication layers.
Claims
exact text as granted — not AI-modifiedWhat is claimed:
1 . A method for a mobile device to continue receiving services from a network application server during a transition of communications from a first network to a second network, the method comprising:
establishing a persistent communication credential that is shared with a network server, wherein the persistent communications credential is utilized to establish secure communications between the mobile device and the first network; receiving the services over the secure communications with the first network; discovering the second network; deriving, based on the persistent communications credential, a credential for establishing secure communications with the second network; establishing secure communications with the second network; and receiving the services via the secure communications with the second network.
2 . The method of claim 1 , wherein the services are uninterrupted during the transition from the first network to the second network.
3 . The method of claim 1 , further comprising:
deriving or receiving an identity suitable for identifying the mobile device to the second network at a physical layer, data link layer, network layer, or application layer.
4 . The method of claim 3 , wherein:
the identity includes routing information to enable discovery of the network server associated with the persistent communications credential.
5 . The method of claim 1 , further comprising:
deriving or receiving a credential suitable for authenticating the mobile device to the second network at a physical layer, data link layer, network layer, or application layer and for establishing secure communications with the second network.
6 . The method of claim 1 , wherein the persistent communications credential is independent of the first network and the second network.
7 . The method of claim 1 , wherein:
the first network is an access network independent of the second network, which is also an access network; and first network access layer credentials used to secure communications with the first network are independent of second network access layer credentials used to secure communications with the second network.
8 . The method of claim 1 , wherein:
the first network is an access network independent of the second network, which is also an access network; the network server is independent from the first and second networks; and the network application server that provides the-services is independent from the first network, the second network, and the network server.
9 . The method of claim 1 , wherein:
the secure communications are established at a physical layer, data link layer, network communications layer, or an application layer.
10 . The method of claim 1 , the method further comprising:
receiving and maintaining the services over the first network until authentication and secure communications have been established with the second network.
11 . A device comprising a processor and a memory bearing computer-executable instructions which, when executed by the processor of the mobile device, cause the mobile device to perform operations comprising:
establishing a persistent communication layer that is shared with a network server, wherein the persistent communications credential is utilized to establish secure communications between the device and a first network; receiving services over the secure communications with the first network; discovering a second network; deriving, based on the persistent communications credential, a credential for establishing secure communications with the second network; establishing secure communications with the second network; and receiving the services via the secure communications with the second network.
12 . The device of claim 11 , wherein the services are uninterrupted during the transition from the first network to the second network.
13 . The device of claim 11 , wherein the computer-executable instructions cause the mobile device to perform further operations comprising:
deriving or receiving an identity suitable for identifying the mobile device to the second network at a physical layer, data link layer, network layer, or application layer.
14 . The device of claim 13 , wherein:
the identity includes routing information to enable discovery of the network server associated with the persistent communications credential.
15 . The device of claim 11 , wherein the computer-executable instructions cause the mobile device to perform further operations comprising:
deriving or receiving a credential suitable for authenticating the mobile device to the second network at a physical layer, data link layer, network layer, or application layer and for establishing secure communications with the second network.
16 . The device of claim 11 , wherein the persistent communications credential is independent of the first network and the second network.
17 . The device of claim 11 , wherein:
the first network is an access network independent of the second network, which is also an access network; and first network access layer credentials used to secure communications with the first network are independent of second network access layer credentials used to secure communications with the second network.
18 . The device of claim 11 , wherein:
the first network is an access network independent of the second network, which is also an access network; the network server is independent from the first and second networks; and the network application server that provides the-services is independent from the first network, the second network, and the network server.
19 . The device of claim 11 , wherein:
the secure communications are established at a physical layer, data link layer, network communications layer, or an application layer.
20 . The device of claim 11 , wherein the computer-executable instructions cause the mobile device to perform further operations comprising:
receiving and maintaining the services over the first network until authentication and secure communications have been established with the second network.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.