Abstract: Networks consist of administrative domains each including an administrative server and at least one mobility agent deployed therein. The mobility agents offer connectivity to a mobile node via Advertisement messages in a form verifiable by the mobile node. Each Advertisement message is signed by a private key of the advertising mobility agent and accompanied by a certificate that contains a public key of the advertising mobility agent and is signed by a private key of the administrative server of the advertising mobility agent. Thus, if the mobile node has the public key of the administrative server, it can authenticate the Advertisement message. If the mobile node does not have the public key, it requests the public key when it registers with the mobility agent. The public key of the administrative server is sent in a certificate signed by the private key of the administrative server ultimately responsible for authentication of the mobile node.

Abstract: Networks consist of administrative domains each including an administrative server and at least one mobility agent deployed therein. The mobility agents offer connectivity to a mobile node via Advertisement messages in a form verifiable by the mobile node. Each Advertisement message is signed by a private key of the advertising mobility agent and accompanied by a certificate that contains a public key of the advertising mobility agent and is signed by a private key of the administrative server of the advertising mobility agent. Thus, if the mobile node has the public key of the administrative server, it can authenticate the Advertisement message. If the mobile node does not have the public key, it requests the public key when it registers with the mobility agent. The public key of the administrative server is sent in a certificate signed by the private key of the administrative server ultimately responsible for authentication of the mobile node.

Abstract: A solution to asynchronous security association between nodes by implementing a security association policy server for IPsec in third generation and beyond wireless mobile access, Internet protocol-based digital networks supporting Mobile IP is disclosed. The security association policy server stores data related to a communication and a security association between nodes in the network, and determines an security association management protocol for the security association. Employing the security association management protocol for the particular security association, the security association management server determines an appropriate combination of security association management factors to ensure synchronization between nodes.

Abstract: A method for implementing IPsec in third generation and beyond wireless, mobile access, Internet protocol-based digital networks supporting Mobile IP is disclosed. A sending node initiates establishment of a security association for a receiving node, rather than waiting for the receiving node to initiate security association establishment after receiving a packet from the sending node. Thus, the disclosed method greatly reduces packet delay introduced by required authentication and security association establishment processes. The IPsec may use the Kerberos key exchange method. The Kerberos key exchange method, since it requires less computational overhead, is a suitable IPsec method for mobile IP networks where less resourceful devices such as PDAs and cellular phones are primary network access devices. Since the Kerberos key exchange method requires less computational overhead, packet delay associated with authentication and security processes are further reduced.