The invention relates to a mobile station (MS-GW), which is configured as a gateway for one or more mobile terminals (ME) to establish a connection between the mobile terminal or terminals (ME) and an access network (ASN). The invention also relates especially to such mobile stations which communicate, wirelessly with access networks (ASN) such as with WiMAX networks for example.
A protocol for an Inter-Proxy communication for Mobile IP is disclosed in US 2004/0114559 A1. When using Mobile IP a mobile node can communicate over the Internet through mediation of a home agent of its home network and a foreign agent of a visited network. A base station of the visited network is embodied to initiate a registration and deregistration of the mobile node at this point.
In EP 1 578 067 A1 a control unit for controlling a mobile network and a method for controlling the mobile network are disclosed. The control unit is assigned to a mobile router which features at least one interface to a base station of a global network and at least one interface to at least one mobile node. The mobile router and the mobile node connected thereto form a mobile network. The control unit allows the mobile router multi-homing and thus switchover to another of its interfaces, which features a path to the global network if the path to the global network via the currently used interface is interrupted.
T. Ernst, H-Y. Lach: “Network Mobility Support Terminology”, draft-ieff-nemo-terminology-04, NEMO Working Group Internet Draft, 24 Oct. 2005, discloses terminology for mobile networks.
C. W. Ng, T. Tanaka: “Usage Scenario and Requirements for AAA in Network Mobility Support”, draft-ng-nemo-aaa-use-00.txt, Internet-Draft, October 2002, discloses possible uses of AAA protocols and operations in mobile networks.
Networks which are to provide mobile terminals such as laptops, PDAs, etc. with access to the Internet for example, are subject to particular requirements regarding mobility management. The conventional Internet Protocol was not originally designed for mobile use. In stationary computers that exchange data or packets a fixed IP address can basically be assigned for the period of the connection. If these computers roam between different subnetworks, in accordance with the conventional IP standard the connection can no longer be maintained. There is also no provision for the network address itself to be changed within the course of a connection or if the change is made it results in the connection being aborted.
The DHCP (Dynamic Host Configuration Protocol) makes it possible to dynamically assign an IP address on the basis of a dedicated server and further configuration parameters to a terminal or a station in a network. Such a device, as soon as it is connected to a network, is automatically allocated a (still free) IP address by the DHCP protocol. If DHCP is installed on a mobile terminal, it merely needs to be in the area of a local network which supports configuration via the DHCP protocol. The DHCP protocol makes dynamic address allocation possible, i.e. a free IP address is automatically allocated for a specific time. After this time elapses the request must either be made again by the mobile computer or the IP address can be issued in some other way.
With DHCP a mobile terminal can be linked into a network without manual configuration. The only requirement is the availability of a DHCP server. In this way the mobile terminal can use services of the local network. If a mobile terminal or a mobile station offers services itself however, a potential service user cannot address this device in a suitable way, since its IP address changes in each network into which it is connected.
Despite DHCP the requirements for mobility are thus not fulfilled by the conventional Internet Protocol (IP). A special protocol, Mobile IP (MIP) has thus been created which takes account of the specific requirements. With Mobile IP a mobile terminal or a mobile station is given an IP address which it also retains when located in another network.
With conventional IP it would be necessary in such cases to adapt the IP address setting accordingly for the router involved. A constant adaptation of IP and routing configurations at the terminal is not practicable however. The MIP protocol (RFC 2002, RFC 2977, R. C., RFC3846, RFC3957, RFC3775, RFC3776, RFC4285) on the other hand supports the mobility of mobile terminals by assigning to the terminal two IP addresses, namely a permanent home address and a second, temporary care-of address. The care-of address is the IP address under which the mobile terminal is currently—e.g. in a network that it is visiting—accessible. The communication to the mobile terminal of information directed to the permanently available home address is effected by home and foreign agents.
The home agent is a proxy of the mobile terminal whenever the mobile terminal is not in the original home network. The home agent is constantly informed about the current location of the mobile computer. The home agent usually represents a component of a router in the home network (or an intermediate network) of the mobile terminal. If the mobile terminal is located outside the home network, the home agent provides a function whereby the mobile terminal can register. The home agent thereafter forwards data packets addressed to the mobile terminal into the current network of the mobile terminal.
A foreign agent is located in that network in which the mobile terminal is moving. The foreign agent forwards incoming data packets to the mobile terminal or to the mobile computer. In such cases the foreign agent likewise usually represents a component of a router and routes administrative mobile data packets between the mobile terminal and its home agent. The foreign agent unpacks the tunneled data packets sent by the home agent and forwards their data to the mobile terminal.
So that a mobile terminal can be linked into a network it must first ascertain whether it is in its home network or a foreign network. In addition the mobile terminal must ascertain which station is in the (if necessary) visited network of the home or foreign agent. This information is determined by an agent discovery.
Through a registration the mobile terminal can notify its current location to its home agent (HA). To do this the mobile terminal sends the home agent the current care-of-address—as part of a registration request to the home agent. The home agent (HA) responds with a registration response.
The registration is safeguarded by an authentication conducted beforehand. Thereafter the mobile terminal and the home agent have common secret keys available to them for example. The task of authentication is undertaken by an authentication server, also called an AAA server (AAA: Authentication, Authorization and Accounting) assigned to the home agent in the Home Connectivity Serving Network of the mobile terminal. If the home agent is in a visited Connectivity Serving Network (CSN) it is provided in this network with a proxy authentication server. The home agent and the authentication server or its proxy can be modules on one and the same computer.
Mobile data networks are as a rule implemented by radio connections. The messages must then cover longer distances over air interfaces and are thus easily accessible to potential attackers. With mobile and wireless data networks security aspects thus have a particular role to play. A mobile terminal thus mostly possesses as a first point of departure in a visited network an access network (Access Serving Network, ASN), which includes the base station for wireless transmission. As well as the agreement of keys for communication with the authentication servers and the home agents, further keys are thus also required for radio data communication.
In addition to the known WLAN (Wireless Local Area Network, Standard IEEE 802.11) technology, as wireless access for mobile stations, in the recent past a much more promising wireless access technology has become known, which also achieves greater ranges of up to 30 km or more (line of sight) with high data throughput rates of 75 Mb/s: WiMAX (Worldwide Interoperability for Microwave Access). Because of its restricted transmit power, WLAN reaches speeds at distances of 100 m (direct line of sight) of 54 Mb/s. Whereas with WLAN hotspots can thus only be implemented within buildings, with WiMAX entire areas of towns can be selected as Metrospots allocated (around 800-1000 m radius). Three frequency bands around 2.6 GHz, 3.5 GHz and 5.8 GHz with bandwidths of 100-200 MHz are provided for WiMAX.
WiMAX supports two variants of Mobile IP, with which a macro mobility management is made possible: Proxy—Mobile IP and Client—Mobile IP (based on Mobile IPv4 or v6).
With Client-MIP (CMIP) the mobile terminals or the mobile stations have mobile functionality. In particular the terminal or the station is provided with its own IP address and with that of its home agent and possesses a corresponding key for communication. The terminal or the station then has so-called terminal-based mobility management available to it.
With Proxy MIP (PMIP) the MIP client functionality is implemented by the WiMAX access network (WiMAX-ASN) instead of through the mobile station itself. The functionality provided in the access network (ASN) is referred to as the Proxy Mobile Node (PMN) or as PMIP-Client. With this configuration such a terminal can also gain access to connectivity serving and home networks that Mobile IP does not currently support. The PMIP-Client takes over the MIP signaling as a proxy for the actual client, the mobile terminal. The mobile terminal then draws benefit from a so-called network-based mobility management, which is provided for it by the PMIP-Client.
Mobility management or macro mobility management (macro MM) are taken here to mean the method of operation during the handover of a mobile stations or of a mobile terminal which switches between two access networks (ASN) or between networks of two network providers (NAP, Network Access Provider). Macro MM is also referred to in WiMAX as R3 mobility or Inter-ASN mobility.
In both cases the home network (HN), i.e. the service provider of the user at the distant end from the mobile terminal or CMIP/PMIP client must likewise support Mobile IP in order to make communication possible. Thus, in any registration following authentication for example, the home agent (HA) requests security parameters from the authentication server (AAA-MS) of the mobile station (MS). These parameters are needed so that only an authorized client can register with the home agent (HA).
Also in accordance with Mobile IP the CMIP or PMIP client is allocated the address of the home agent (HA). The home agent (HA) can be located in such cases in the home network (HN) or also in the connectivity serving network (CSN). These basic functionalities must be preserved.
Proxy-Mobile IP supports the mobility of non-MIP-enabled mobile terminals (ME). The corresponding PMIP client is located in such cases in a gateway (GW), which is positioned in the access network (ASN) with which the mobile terminals (ME) communicate wirelessly via a base station (BS).
If however the mobile terminals are now to be assigned to other network access providers (NAP) (different subscriptions for roaming), a not inconsiderable outlay arises for that network operator that operates the gateway in the access network in order to map this expanded functionality in the PMIP client in the gateway of the access network. He must then namely also provide in the access network ASN the AAA infrastructure required there for network registration.
In the case of WLAN networks DSL gateways are often used in the home area and not on a network provider side. Behind such gateways—seen from the viewpoint of the network providers—mobile terminals are accessible. In this case only the subscription with the one network provider himself who has provided the gateway is possible. The mobile terminals do not possess any subscription.
In public WLAN networks, such as hotspots as wireless hotel networks etc., on the other hand subscriptions with other network providers are fully provided. The requirement is merely that the hotspot provider has concluded a contract with the third-party network provider and accordingly establishes connections for the mobile terminals in the hotspot.
An EAP-based authentication (EAP: Extensible Authentication Protocol, RFC 3748) is actually provided both for the gateway and also for the terminals, if the gateway provides an authenticator functionality. However the gateway here possesses no functionality for determination of the respective home network of the mobile terminals.
To this end the gateway must namely at least be in possession of the address and a common key with the relevant responsible authentication server of the home network of a mobile terminal.
Furthermore with these WLAN scenarios the mobile terminals and also the gateway itself do not possess any mobility; they are for example dependent on the location of the hotel.