US2017171184A1PendingUtilityA1

Authentication And Secure Channel Setup For Communication Handoff Scenario

50
Assignee: INTERDIGITIAL PATENT HOLDINGS INCPriority: Dec 30, 2010Filed: Feb 28, 2017Published: Jun 15, 2017
Est. expiryDec 30, 2030(~4.5 yrs left)· nominal 20-yr term from priority
H04L 63/08H04L 63/10H04L 63/0209H04W 36/0038H04L 63/0815H04W 12/04H04W 12/06H04W 12/08H04L 63/0892H04L 63/18H04W 12/0431
50
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Persistent communication layer credentials generated on a persistent communication layer at one network may be leveraged to perform authentication on another. For example, the persistent communication layer credentials may include application-layer credentials derived on an application layer. The application-layer credentials may be used to establish authentication credentials for authenticating a mobile device for access to services at a network server. The authentication credentials may be derived from the application-layer credentials of another network to enable a seamless handoff from one network to another. The authentication credentials may be derived from the application-layer credentials using reverse bootstrapping or other key derivation functions. The mobile device and/or network entity to which the mobile device is being authenticated may enable communication of authentication information between the communication layers to enable authentication of a device using multiple communication layers.

Claims

exact text as granted — not AI-modified
What is claimed: 
     
         1 . A method for a mobile device to continue receiving services from a network application server during a transition of communications from a first network to a second network, the method comprising:
 establishing a persistent communication credential that is shared with a network server, wherein the persistent communications credential is utilized to establish secure communications between the mobile device and the first network;   receiving the services over the secure communications with the first network;   discovering the second network;   deriving, based on the persistent communications credential, a credential for establishing secure communications with the second network;   establishing secure communications with the second network; and   receiving the services via the secure communications with the second network.   
     
     
         2 . The method of  claim 1 , wherein the services are uninterrupted during the transition from the first network to the second network. 
     
     
         3 . The method of  claim 1 , further comprising:
 deriving or receiving an identity suitable for identifying the mobile device to the second network at a physical layer, data link layer, network layer, or application layer.   
     
     
         4 . The method of  claim 3 , wherein:
 the identity includes routing information to enable discovery of the network server associated with the persistent communications credential.   
     
     
         5 . The method of  claim 1 , further comprising:
 deriving or receiving a credential suitable for authenticating the mobile device to the second network at a physical layer, data link layer, network layer, or application layer and for establishing secure communications with the second network.   
     
     
         6 . The method of  claim 1 , wherein the persistent communications credential is independent of the first network and the second network. 
     
     
         7 . The method of  claim 1 , wherein:
 the first network is an access network independent of the second network, which is also an access network; and   first network access layer credentials used to secure communications with the first network are independent of second network access layer credentials used to secure communications with the second network.   
     
     
         8 . The method of  claim 1 , wherein:
 the first network is an access network independent of the second network, which is also an access network;   the network server is independent from the first and second networks; and   the network application server that provides the-services is independent from the first network, the second network, and the network server.   
     
     
         9 . The method of  claim 1 , wherein:
 the secure communications are established at a physical layer, data link layer, network communications layer, or an application layer.   
     
     
         10 . The method of  claim 1 , the method further comprising:
 receiving and maintaining the services over the first network until authentication and secure communications have been established with the second network.   
     
     
         11 . A device comprising a processor and a memory bearing computer-executable instructions which, when executed by the processor of the mobile device, cause the mobile device to perform operations comprising:
 establishing a persistent communication layer that is shared with a network server, wherein the persistent communications credential is utilized to establish secure communications between the device and a first network;   receiving services over the secure communications with the first network;   discovering a second network;   deriving, based on the persistent communications credential, a credential for establishing secure communications with the second network;   establishing secure communications with the second network; and   receiving the services via the secure communications with the second network.   
     
     
         12 . The device of  claim 11 , wherein the services are uninterrupted during the transition from the first network to the second network. 
     
     
         13 . The device of  claim 11 , wherein the computer-executable instructions cause the mobile device to perform further operations comprising:
 deriving or receiving an identity suitable for identifying the mobile device to the second network at a physical layer, data link layer, network layer, or application layer.   
     
     
         14 . The device of  claim 13 , wherein:
 the identity includes routing information to enable discovery of the network server associated with the persistent communications credential.   
     
     
         15 . The device of  claim 11 , wherein the computer-executable instructions cause the mobile device to perform further operations comprising:
 deriving or receiving a credential suitable for authenticating the mobile device to the second network at a physical layer, data link layer, network layer, or application layer and for establishing secure communications with the second network.   
     
     
         16 . The device of  claim 11 , wherein the persistent communications credential is independent of the first network and the second network. 
     
     
         17 . The device of  claim 11 , wherein:
 the first network is an access network independent of the second network, which is also an access network; and   first network access layer credentials used to secure communications with the first network are independent of second network access layer credentials used to secure communications with the second network.   
     
     
         18 . The device of  claim 11 , wherein:
 the first network is an access network independent of the second network, which is also an access network;   the network server is independent from the first and second networks; and   the network application server that provides the-services is independent from the first network, the second network, and the network server.   
     
     
         19 . The device of  claim 11 , wherein:
 the secure communications are established at a physical layer, data link layer, network communications layer, or an application layer.   
     
     
         20 . The device of  claim 11 , wherein the computer-executable instructions cause the mobile device to perform further operations comprising:
 receiving and maintaining the services over the first network until authentication and secure communications have been established with the second network.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.