Secured authenticated communication between an initiator and a responder
摘要
說明書
No matter the particular form or substance of the data 22S to be signed by the third party 18, successful authentication of the responder 14 to the initiator 12 based on the third party's signature may trigger or otherwise precede setup of a secure traffic channel (not shown) between the initiator 12 and the responder. In some embodiments, for instance, after the responder 14 is authenticated to the initiator 12, the initiator 12 and responder 14 may negotiate, on behalf of a security service, one or more security associations for a secure traffic channel between the initiator 12 and the responder 14. Where the security service is an IPSec service, for instance, such may facilitate the setup of an IPSec tunnel between the initiator 12 and the responder 14.
Consider an example context in which security for non-3GPP access by a user equipment (UE) to a 5G core network is achieved by a procedure using IKEv2 (e.g., as defined in RFC 7296) to set up one or more IPSec encapsulating security payload (ESP) security associations. In this context, the role of the initiator 12 (or client) is taken by the UE, and the role of the responder 14 (or server) is taken by a non-3GPP interworking function (N3IWF).
