In a communication network, network nodes exchange data using network communication protocols. Internet Protocol (IP) is an example of a network communication protocol that facilitates packetized data communication between network nodes. Mobile IP is an example of a protocol that facilitates the use of mobile computing devices in packet-based networks. In other words, Mobile IP protocol enables node mobility in the network. Examples of mobile computing devices that can run Mobile IP protocol include: laptop computers; personal digital assistants (PDA); data terminals; data collection devices; other computing devices; and mobile phones, such as cellular phones and satellite phones.
Mobile IP can enable a mobile device to send and receive packets associated with packet-based communication applications such as web browsing, email, messaging or the like. Packet-based networks typically make use of network addresses, such as IP addresses in the case of the Internet, to identify the devices in the network. Data is routed to and from the devices based on these IP addresses. Mobile devices, however, can move to different locations in the network. For this reason, Mobile IP allows packets to be rerouted to the mobile device's current point of attachment via a tunneling process.
In mobile IP, the mobile device is assigned a home agent (HA), which is typically a router or another entity on the mobile device's home sub-network. When the mobile device is away from home, it can be assigned a foreign agent (FA). A foreign agent is typically a router on the mobile device's visited sub-network that provides routing services to the mobile device when it is attached to the visited sub-network.
Information sent to the mobile device's home address can be rerouted to the mobile device, through the foreign agent, via a process referred to as tunneling. In particular, the HA tunnels the packets to the FA once the mobile device has registered through the FA. The FA can then deliver the packets to the mobile device. In particular, when the FA receives a registration reply (RRP) from a mobile device, it updates its routing table by reading the Home Address field of the RRP packet. In this manner, packets tunneled from the HA to the FA can be properly delivered to the mobile device. In addition, the foreign agent may serve as a default router for sending packets from the mobile device to other devices attached to the network.
An AAA (authentication, authorization and accounting) server refers to a server computer that performs authentication, authorization and accounting functions. AAA servers are typically maintained by an Internet service provider (ISP). In Mobile IP, the AAA server may authenticate and authorize a mobile device to access the network, and can provide accounting information for billing purposes.
In a network in accordance with industry specification IS-835 published by the Telecommunications Industry Association/Electronics Industry Association (TIA/EIA), in order to access the network, the mobile device sends the FA a registration request (RRQ) formed using a key. In particular, the key can be used to authenticate the user of the mobile device. For example, the mobile device may transmit the key according to a password authentication protocol (PAP). Alternatively, in an insecure system, the mobile device may generate an authenticator value formed using the key. For example, the mobile device may generate a response to a challenge handshake authentication protocol (CHAP) using the key.
In any case, after the mobile device sends the RRQ formed using the key, the FA translates the RRQ to an access request (ARQ) and sends the ARQ to an AAA server. The FA then forwards the registration request to the HA if the AAA authorizes access. Packet tunneling can then be used to deliver packets from the HA to the FA, and the FA can deliver the packets to the mobile device.
In certain instances, it may be desirable to change the key of a mobile device. For example, if a maverick device gains access to the key, the maverick device may be able to access the packet-based network as an unauthorized user. In this disclosure a “maverick device” refers to a device that accesses or attempts to access a network using the key of another device. If successful, the maverick device may be able to impersonate the other device. Worse yet, the maverick device may use the key to access the Internet under the guise of another user, and perform cyber-crime, cyber-terrorism, or the like. Therefore, it is often desirable to change the key of a mobile device, such as in response to a known maverick threat, or on a periodic basis to anticipate and thwart potential maverick threats.