1. Field of the Invention
Apparatuses and methods consistent with the present invention relate to a fast handover method, and in particular, to a fast handover method performing a wireless authentication for security in parallel with a mobile Internet Protocol (IP) registration at handover in a wireless communication environment.
2. Description of the Related Art
In recent years, the number of wireless Internet users using the mobile IP (MIP) is increasing because of rapid spread of the Internet, development of wireless communication technologies, and enhanced performance of mobile terminals such as portable computers, Personal Digital Assistants (PDAs) and so forth. A mobile terminal under a wireless Internet environment frequently moves to change its network connection location. Such a mobile terminal is referred to as a mobile node.
In addition, Internet service providers (ISP's) have built a next-generation internet network as a wired and wireless integrated network by interworking an existing wired Internet network with a Wireless Local Area Network (WLAN) for providing an Internet service using MIPs, and has thus tried to provide Internet services having fast speed such as electronic mail (E-mail), electronic commerce, Voice over IP (VoIP) and so forth as well as mobility.
However, due to the broadcasting property of WLAN technologies, it is required to improve measures against security vulnerability to ensure wireless data privacy, so that an Institute of Electrical and Electronics Engineers (IEEE) 802.1x standard has been proposed as a next-generation WLAN security technology.
The IEEE 802.1x is a port access protocol seeking security by controlling a network access in response to presence or absence of an authentication via an uncontrolled port as a virtual port. That is, when a mobile node is authenticated for a network access via an uncontrolled port of the IEEE 802.1x, a communication is permitted via a controlled port as a virtual port in an access point, but when the a mobile node is not authenticated, the communication via the control port is interrupted.
According to the IEEE 802.1x, when a supplicant requests an authentication from an authenticator for a network access, the authenticator receives a user credential from the supplicant to perform an authentication on an authentication server.
The supplicant is client equipment which requires a secured network access and includes a mobile terminal such as a laptop or a PDA, and the authenticator is intermediate equipment such as a wireless access point or a network switch. In addition, the authentication server is a server which performs network authentication using its user database or an external user database.
The authenticator is requested an authentication by the supplicant and subsequently requests an authentication service from the authentication server using a received user credential. The authenticator manages a connection port state of a corresponding user, and sets the port to an authentication state or a non-authentication state in response to an authentication result of the authentication server.
When the port is set to the authentication state, the mobile node as the supplicant performs communication using an address for the wireless Internet communication in the corresponding network. However, when the mobile node moves to a foreign network other than its home network, an address used in the home network, that is, the home address cannot be used because the mobile node is now in a corresponding foreign network.
Accordingly, in order to perform a communication in a foreign network using the home address in accordance with the Internet Engineering Task Force (IETF) Mobile IPv4/Mobile IPv6, a binding procedure in which an home agent in the home network is notified of a New Care of Address (NCoA) allocated from the foreign network along with the home address must be carried out. Hereinafter, such a binding procedure is referred to as an MIP registration.
Accordingly, the mobile node can communicate with a correspondent node (CN) using its home address via the home agent as a router having its registration information even when it moves to a foreign network.
FIG. 1 is a flowchart for explaining a general handover procedure in compliance with the IEEE 802.1x.
A mobile node as a supplicant connects to a foreign network where an access point as an authenticator is connected, and requests a connection to the network by transmitting an association request message for performing a communication (S10).
Accordingly, the access point communicates with the mobile node via an uncontrolled port, and performs an authentication by receiving user credential information for the mobile node and transmitting it to the authentication server (S20).
The authentication server receives an authentication request for the mobile node as the supplicant from the access point as the authenticator, and to this end, must have in advance credential information of the mobile node.
The IEEE 802.1x defines a general authentication mechanism among the supplicant, the authenticator, and the authentication server, and defines use of an extensible authentication protocol (EAP) at a media access control (MAC) layer between the supplicant and the authenticator.
The authentication server checks whether the supplicant is a user registered in a corresponding ISP in response to the received credential information, and notifies the authenticator of the authentication result.
When the authentication is successfully completed in response to the authentication result notified from the authentication server (S30), the authenticator opens a control port to permit a communication.
However, even when the communication is permitted in accordance with the IEEE 802.1x protocol, a home address cannot be used for a general data communication as described above when the supplicant is connected to a foreign network other than a home network, so that the supplicant should perform a binding procedure, that is, an MIP registration in which an NCoA allocated from the foreign network via the control port as well as the home address are bound to the home agent of the home network and a CN (S40).
When the MIP registration is completed (S50), the supplicant performs a data communication with the CN via the home agent using the NCoA (S60).
As described above, a delay time taken for the authentication, which is carried out according to the new address obtained from movement of the supplicant, and the binding update, which is carried out before the Internet service is normally resumed, is referred to as a handoff, and the supplicant cannot perform a general data communication during the handoff, so that a great amount of packets is lost.
The authentication procedure of the IEEE 802.1x is very complicated and requires as long a time as one second in completing the authentication of the supplicant. In addition, additional time is spent until the MIP registration is carried out in order to provide a service by means of the NCoA after the authentication is completed.
Accordingly, a series of the complex procedure for the authentication and the MIP registration causes a handoff to be delayed and resultant packets to be lost, and in particular, a seamless service for a real time transmission cannot be ensured to cause degradation of service quality, thereby creating a problem in supporting fast speed mobility of the mobile node.