[go: up one dir, main page]

HK1194587A - New diameter signaling for mobile ipv4 - Google Patents

New diameter signaling for mobile ipv4 Download PDF

Info

Publication number
HK1194587A
HK1194587A HK14107584.1A HK14107584A HK1194587A HK 1194587 A HK1194587 A HK 1194587A HK 14107584 A HK14107584 A HK 14107584A HK 1194587 A HK1194587 A HK 1194587A
Authority
HK
Hong Kong
Prior art keywords
mobile node
agent
foreign
home
network
Prior art date
Application number
HK14107584.1A
Other languages
Chinese (zh)
Other versions
HK1194587B (en
Inventor
M.哈利勒
A.穆罕纳
H.阿赫塔尔
Original Assignee
苹果公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 苹果公司 filed Critical 苹果公司
Publication of HK1194587A publication Critical patent/HK1194587A/en
Publication of HK1194587B publication Critical patent/HK1194587B/en

Links

Description

new DIAMETER signaling for mobile IPV4
This application is a divisional application of the invention patent application No.200880103369.8 entitled "new DIAMETER signaling for mobile IPV 4" filed on 12.8.2008.
Data on applications
This application relates to provisional patent application serial No. 60/955,533 filed on 13/8/2007 and provisional patent application serial No. 60/956,550 filed on 17/8/2007, and claims priority to earlier filed documents as described above according to 35u.s.c § 119 (e). Said provisional patent application is also incorporated by reference into the present patent application.
Technical Field
A system and method for an IP-based mobile system includes an IP-based mobile communication system having a home network, a foreign network, and a mobile node.
Background
An IP-based mobile system includes at least one mobile node in a wireless communication system. The term "mobile node" includes a mobile communication unit and the communication system has a home network and a foreign network in addition to the mobile node. The mobile node may change its point of attachment to the internet through these other networks, but for the purpose of IP addressing, the mobile node will always be associated with a single home network. The home network has a home agent and the foreign network has a foreign agent, both of which control the routing of information packets into and out of their networks.
The mobile node, home agent, and foreign agent may be referred to by other names depending on the nomenclature used in any particular network configuration or communication system. For example, a "mobile node" includes a personal computer having cable (e.g., telephone line ("twisted pair"), ethernet cable, fiber optic cable, etc.) connectivity to a wireless network, and wireless connectivity directly to a cellular network, which may be experienced through various makes and models of mobile terminals ("cell phones"), with various features and functions, such as internet access, email, messaging services, and so forth.
Also, the home agent may refer to a home agent, a home mobility manager, a home location register, and the foreign agent may refer to a foreign agent, a serving mobility manager, a visitor location register, and a visitor serving entity. The terms mobile node, home agent and foreign agent are not meant to be determined restrictively, but may include other mobile communication units or supervisory routing devices located on the home network or foreign network. The foreign network may also be called a serving network.
Registering a mobile node
The foreign agent and the home agent periodically broadcast agent advertisements to all nodes on the home network associated with the agent. Agent advertisements are messages from agents on the network that may be published in accordance with the mobile IP protocol (RFC 2002) or any other type of communications protocol. The advertisement should include information needed to uniquely identify the mobility agent (e.g., home agent, foreign agent, etc.) to the mobile node. The mobile node checks the agent advertisement and determines whether it is connected to a home network or a foreign network.
If the mobile node is located on its home network, information packets will be routed to the mobile node according to standard addressing and routing schemes. If the mobile node is visiting a foreign network, however, the mobile node obtains the appropriate information from the agent advertisement and transmits a registration request message to its home agent through the foreign agent. The registration request message will include a care-of address (care-of address) for the mobile node. A registration reply message may be sent by the home agent to the mobile node to confirm that the registration process was successfully completed.
The mobile node keeps the home agent informed of its current location by registering a "care-of address" with the home agent. The registered care-of address identifies the foreign network in which the mobile node is located, and the home agent uses the registered care-of address to forward information packets to the foreign network for subsequent delivery to the mobile node. If the home agent receives an information packet addressed to the mobile node while the mobile node is on the foreign network, the home agent will transmit the information packet to the mobile node's current location on the foreign network using the appropriate care-of address.
Authentication, authorization and accounting ("AAA")
In an IP-based mobile communication system, when a mobile node travels outside its home administrative domain, the mobile node may need to communicate through multiple domains in order to maintain network connectivity with its home network. When connecting to a foreign network controlled by another administrative domain, the network server must authenticate, authorize, and collect billing information for the services provided to the mobile node. This authentication, authorization, and accounting activity is referred to as "AAA", and AAA servers on the home and foreign networks perform AAA activities for the respective networks.
Authentication is the process of verifying the self-asserted identity of an individual and security systems on mobile IP networks will often require authentication of the identity of the system user before authorizing the requested activity. The AAA server authenticates the identity of the authorized user and authorizes the activities requested by the mobile node. In addition, the AAA server will also provide accounting functions including tracking usage and charging for usage of transmission links between management domains.
Another function of the AAA server is to support secure transmission of information packets by storing and assigning security associations. Security associations refer to those encryption protocols, random numbers, and keys required to specify and support the transmission of encrypted packets of information in a secure format between two nodes. A security association is a collection of security contexts (collection) that exist between nodes that can be applied to packets of information exchanged between the nodes. Each context indicates a form of authentication algorithm and mode, a shared or secret key or appropriate public/private key pair, and playback protection.
Current registration and authentication protocols are not efficient because they require retransmission of registration and authentication request messages under certain timeout conditions. Retransmission of the registration and authentication request messages may not be necessary in these cases, and when only one request message is needed, such retransmission of these messages may result in multiple request messages being transmitted onto the network.
Disclosure of Invention
The present invention includes a new registration and authentication protocol for use between a mobile node and a home agent. The new protocol will use a novel sequence of messages to request registration, authentication and authorization of the mobile node when it is located on a foreign network, and will avoid some of the standard registration and authentication protocol messages in order to eliminate the problems associated with retransmission errors.
The initial sequence of messages in this protocol will be carried out between the mobile node, the foreign agent, the foreign AAA server and the home network AAA server before the registration request is allowed to be sent to the home agent. The initial registration request message is transmitted to the home agent only after the initial sequence of messages is successfully completed between other elements of the network. The home agent will exchange messages with its home agent AAA server to confirm authentication and authorization on the home network, and if successful, the home agent will respond to the registration request with a response sent back to the mobile node on the foreign network. The present invention may be implemented with new protocol applications or with messages modified from existing registered applications.
Drawings
The objects and features of the present invention will become more readily apparent from a reading of the following detailed description and appended claims taken in conjunction with the accompanying drawings in which like reference numerals identify like elements and in which:
fig. 1 is an IP-based mobile communication system used in the present invention;
FIG. 2 is a message sequence for a registration and authentication protocol used in the prior art; and
fig. 3-4 are message sequences of the present invention.
Detailed Description
In fig. 1, the overall structure of an IP-based mobile system is shown, having a mobile node 64, a home network 10, and a foreign network 40. As shown in fig. 1, local network 10 and foreign network 40 are coupled to the internet, represented by cloud 35. Local network 10 has a central bus line 20 coupled to a local agent 28 via a communication link 24. The bus line 20 is coupled to the AAA server 17 via a communication link 22. Local network 10 is coupled to the internet 35 via a communication link 30. A communication link refers to any connection between two or more nodes on a network or users on a network or administrative domain.
Foreign network 40 has a central bus line 50 coupled to foreign agent 58 via communication link 54. The bus line 50 is coupled to the AAA foreign network server 47 via a communication link 52. Foreign network 40 is coupled to internet 35 via communication link 37. The mobile node 64 is shown electronically coupled to the foreign network 40 via a wireless communication link 66 of the transceiver 60. Transceiver 60 is coupled to foreign network 40 via communication link 62. The mobile node 64 is capable of communicating with any transceiver or access network coupled to the foreign network 40.
The terms home agent and foreign agent may be as defined in the Mobile IP protocol (RFC 2002), but these agents are not limited to a separate protocol or system. In fact, the term home agent, as used herein, may refer to a local mobility manager, a local location register, a local serving entity, or any other agent on the local network 10 responsible for managing mobility-related functions of the mobile node 64. Also, the term foreign agent, as used herein, may refer to a serving mobility manager, a visitor location register, a visitor serving entity, or any other agent on the foreign network 40 responsible for managing mobility-related functions of the mobile node 64.
In the mobile IP communication system shown in fig. 1, the mobile node 64 is identified by a permanent IP address. When the mobile node 64 is coupled to its home network 10, the mobile node 64 receives information packets like any other fixed node on the home network 10. The mobile node 64 may also locate itself on the foreign network 40 when mobile. When located on the foreign network 40, the home network 10 sends data traffic to the mobile node 64 via "tunnel" communications to the foreign network 40.
The mobile node 64 keeps the home agent 28 informed of its current location or foreign network association by registering a care-of address with the home agent 28. Essentially, the care-of address represents the foreign network 40 where the mobile node 64 is currently located. If the home agent 28 receives an information packet addressed to the mobile node 64 while the mobile node 64 is located on the foreign network 40, the home agent 28 will "tunnel" the information packet to the foreign network 40 for subsequent transmission to the mobile node 64.
The foreign agent 58 participates in informing the home agent 28 of the mobile node 64's current care-of address. The foreign agent 58 also receives information packets for the mobile node 64 after the information packets have been forwarded by the home agent 28 to the foreign agent 58. Also, the foreign agent 58 acts as a default router for outgoing information packets generated by the Mobile node 64 while the Mobile node 64 is connected to the foreign network 40.
The mobile node 64 participates in notifying the home agent 28 of its current care-of address. When the mobile node 64 is visiting a foreign network 40, the mobile node 64 obtains appropriate information regarding the address of the foreign network 40 and/or foreign agent 58 from the agent advertisement. After obtaining this information, the mobile node 64 transmits the registration request to the foreign agent 58, and the foreign agent 58 prepares a registration request message for forwarding to the home agent 28.
The mobile IP protocol requires that the mobile node register a care-of address with the home agent 28 on the home network 10 after moving to the new foreign network 40. As part of the registration process, the mobile node 64 issues a registration request in response to power-up or receipt of an agent advertisement on the foreign network 40. A registration request message may be sent to the home network 10 that includes a care-of address for the mobile node 64. A registration reply is issued by the home network 10 confirming receipt of the registration request, confirming receipt of the care-of address for the mobile node 64, and indicating that the registration process is complete.
The care-of address identifies the foreign network 40 where the mobile node 64 is located, and is used by the home agent 28 to tunnel information packets to the foreign network 40 for subsequent delivery to the mobile node 64. After registration is complete, the home agent 28 receives the communication and tunnels the message to the mobile node 64 on the foreign network 40. The foreign agent 58 accepts the redirected communication and transmits the information packet to the Mobile node 64 via the transceiver 60. In this manner, information packets addressed to the mobile node 64 at its usual address on the home network 10 are redirected or forwarded to the mobile node 64 on the foreign network 40. The foreign agent 58 also acts as a router, depending on the selected delivery type, for outbound information packets generated by the Mobile node 64 while the Mobile node 64 is connected to the foreign network 40.
Fig. 2 shows a message sequence using a well-known protocol (RF 4004) for registration and authentication of a mobile node 64 on a foreign network. In step 210, a registration request RRQ is transmitted from the mobile node 64 to the foreign agent 58. A registration request RRQ message is received and the foreign agent 58 forms a new registration message AMR and, in step 220, the message is passed from the foreign agent 58 to the AAAF server 47 on the foreign network. The AMR message is conveyed from the AAAF server 47 to the AAAH server 17 in step 230, where a new registration request message HAR is generated and conveyed from the AAAH17 to the home agent 28 in step 240.
The home agent 28 analyses the HAR message before responding to it with a registration response message HAA, which is transmitted back to the AAAH server 17 in step 250. The AAAH server 17 forms a new registration response message AMA at the AAAH server 17 and transmits the new registration response message AMA to the AAAF server 47 in step 260. In step 270 the AAAF server 47 forwards the registration response message AMA to the foreign agent 58, wherein a new registration response message RRP is formed. The foreign agent 58 transmits the new registration response message RRP to the mobile node 64 in step 280.
The known protocol uses 3 different registration messages and 3 different registration response messages, all messages being transmitted consecutively in 8 steps between 5 elements. Delays may occur at any stage of the protocol sequence and if a registration request or registration response message is delayed to a large extent, the mobile node 64 may reissue its registration request assuming that the prior registration request has been lost or failed to be transmitted. The re-issuance and re-transmission of the registration request may be unnecessary and may cause the network to densely distribute registration messages that should not otherwise be issued and transmitted. The present invention eliminates the possibility of such problems by simplifying the sequence of request and response messages used for registration and authentication.
Fig. 3 illustrates a message sequence for registration and authentication of a mobile node 64 on a foreign network using the present invention. In step 310, a registration request RRQ is transmitted from the mobile node 64 to the foreign agent 58. The registration request RRQ message is received and a new registration message AMR is formed by foreign agent 58 and the AMR message is conveyed from foreign agent 58 to AAAF server 47 on the foreign network in step 320. In step 330, the AMR message is transmitted from the AAAF server 47 to the AAAH server 17.
Instead of allowing the request message to be passed directly to the home agent, the initial message sequence first requires AAAH17 to analyze the request message AMR and then to prepare a response message AMA which is passed from AAAH17 to AAAF47 in step 340. The AAAF47 transmits the response message AMA to the foreign agent 58 in step 350. In step 350, the initial sequence of messages ends with the receipt of the AMA message.
After the AMA response message received by the foreign agent confirms that the registration request has been approved and authenticated by the AAAF17, the foreign agent forwards the registration request RRQ message originally received from the mobile node 64 directly to the home agent 28 in step 360. The home agent transmits an AMR request message to the AAAH17 upon receipt of the request message RRQ in step 370, and the AAAH17 responds to the AMR request message with the transmission of a registration response AMA message in step 380. By receiving the AMA message in step 380, the home agent 28 confirms the capabilities of the registered mobile node 64.
After authentication and registration at the home agent 28, the home agent 28 transmits a registration response message RRP to the foreign agent 58 at step 390, and the foreign agent 58 forwards the registration response message to the mobile node 64 at step 395. The registration and authentication protocol ends with the mobile node 64 receiving a registration response message RRP. This protocol uses a reduced number of different message formats (4 formats) compared to prior art protocols, which helps to reduce the occurrence of delays and the likelihood that these delays will initiate retransmission of the registration request message.
Fig. 4 illustrates a message sequence for registration and authentication of a mobile node 64 on a foreign network using the present invention. In step 405, the initial message sequence is specified by EAP authentication communicated between the mobile node 64, foreign agent 58, LAAA147 (corresponding to AAAF 47), and HAAA 17. The EAP authentication 405 allows the mobile node 64 to be authenticated by the HAAA17 through an initial message sequence. Rather than allowing the request message to be passed directly to the home agent, the initial message sequence first requires AAAH17 to parse the request message and return an element confirmation authentication on foreign network 40.
After step 405, the registration request RRQ is transmitted from the mobile node 64 to the foreign agent 58 in step 410. After confirming that the registration request has been approved and authenticated by AAAH17 through EAP authentication 405, the foreign agent forwards the registration request RRQ message originally received from the mobile node 64 directly to the home agent 28 in step 420. The home agent transmits an AMR request message to the AAAH17 based on the reception of the request message RRQ in step 430, and the AAAH17 responds to the AMR request message with transmitting a registration response AMA message in step 440. With the AMA message received in step 440, the home agent 28 confirms the capabilities of the registered mobile node 64.
After authentication and registration at the home agent 28, the home agent 28 transmits a registration response message RRP to the foreign agent 58 at step 450, and the foreign agent 58 forwards the registration response message to the mobile node 64 at step 460. The registration and authentication protocol ends with the mobile node 64 receiving the registration response message RRP. This protocol uses a reduced number of different message formats (4 formats) compared to prior art protocols, which helps to reduce the occurrence of delays and the likelihood that these delays will initiate retransmission of the registration request message.
Having described the invention, we claim:

Claims (16)

1. A method for registration and authentication of a mobile node on a foreign network, comprising:
at least one authentication, authorization, and accounting (AAA) server of a home network of the mobile node performs authentication of the mobile node in response to a request from a foreign agent on the foreign network, wherein after sending the request, the foreign agent is configured to receive a registration request from the mobile node and send the registration request to the home agent of the home network;
the at least one AAA server receiving a query from the home agent to confirm the authentication of the mobile node with the home agent;
in response to the query from the home agent, the at least one AAA server provides a response to the home agent confirming authentication of the mobile node with the home agent, wherein after confirming authentication of the mobile node, the home agent is configured to send a registration response to the foreign agent, wherein the foreign agent is configured to send the registration response to the mobile node.
2. The registration method of claim 1, wherein the request from the foreign agent is received via a first AAA server on the foreign network.
3. The registration method of claim 1, further comprising:
the at least one AAA server provides a response to the foreign agent after performing authentication of the mobile node.
4. The registration method of claim 1, wherein receiving the query and providing the response comprises a sequence of messages between the home agent and the at least one AAA server.
5. The registration method of claim 4, wherein the sequence of messages comprises a registration request message transmitted from the home agent to the at least one AAA server.
6. The registration method of claim 4, wherein the sequence of messages includes a registration response message transmitted from the at least one AAA server to the home agent.
7. The registration method of claim 1, further comprising:
establishing security parameters with respect to the foreign agent.
8. The registration method of claim 7, wherein the security parameters include one or more security keys for performing secure communications.
9. A local network, comprising:
at least one authentication, authorization and accounting AAA server; and
a home agent coupled to the at least one AAA server;
wherein the first AAA server is configured to:
performing authentication of a mobile node in response to a request from a foreign agent on a foreign network, wherein after sending the request, the foreign agent is configured to receive a registration request from the mobile node and send the registration request to the home agent of the home network;
receiving a query from the home agent to confirm authentication of the mobile node with the home agent;
providing a response to the home agent in response to the query from the home agent, confirming authentication of the mobile node with the home agent, wherein after confirming authentication of the mobile node, the home agent is configured to send a registration response to the foreign agent, wherein the foreign agent is configured to send the registration response to the mobile node.
10. The home network of claim 9, wherein the request from the foreign agent is received via a first AAA server on the foreign network.
11. The home network of claim 9, wherein the at least one AAA server is further configured to:
after performing authentication of the mobile node, providing a response to the foreign agent.
12. The home network of claim 9, wherein receiving the query and providing the response comprises a sequence of messages between the home agent and the at least one AAA server.
13. The home network of claim 12, wherein the sequence of messages comprises a registration request message transmitted from the home agent to the at least one AAA server.
14. The home network of claim 12, wherein the sequence of messages includes a registration response message transmitted from the at least one AAA server to the home agent.
15. The home network of claim 9, wherein the at least one AAA server is further configured to:
establishing security parameters with respect to the foreign agent.
16. The local network of claim 15, wherein the security parameters include one or more security keys for performing secure communications.
HK14107584.1A 2007-08-13 2014-07-25 New diameter signaling for mobile ipv4 HK1194587B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US60/955,533 2007-08-13
US60/956,550 2007-08-17

Publications (2)

Publication Number Publication Date
HK1194587A true HK1194587A (en) 2014-10-17
HK1194587B HK1194587B (en) 2018-03-23

Family

ID=

Similar Documents

Publication Publication Date Title
JP4723158B2 (en) Authentication methods in packet data networks
Hess et al. Performance evaluation of AAA/mobile IP authentication
US20040157585A1 (en) Mobile communication network system and mobile terminal authentication method
US8615658B2 (en) Dynamic foreign agent—home agent security association allocation for IP mobility systems
US9871793B2 (en) Diameter signaling for mobile IPv4
HK1194587A (en) New diameter signaling for mobile ipv4
HK1194587B (en) New diameter signaling for mobile ipv4
HK1194589A (en) New diameter signaling for mobile ipv4
HK1194589B (en) New diameter signaling for mobile ipv4
HK1194588A (en) New diameter signaling for mobile ipv4
EP1986387A1 (en) Methods, system, apparatuses and related computer program product for secure support of multiple mobile IP sessions
MX2008004841A (en) Wireless terminal methods and apparatus for establishing connections