This invention is related in general to networks and more specifically relates to systems and methods for enhancing network authentication functionality for authenticating and reauthenticating network clients.
Systems and methods for authenticating and reauthenticating network clients are employed in various demanding applications including cellular networks, WiFi networks (e.g. IEEE 802.11 networks), Unlicensed Mobile Access (UMA) or Generic Access Networks (GANs), combinations thereof, and so on. Such networks often service clients, such as wireless phones or portable computers, called mobile stations. The mobile stations are first authenticated to ensure they are genuine and then authorized in order to verify what network services, if any, the clients are allowed to employ or capable of employing. Reauthentication is often performed when a wireless phone or other client momentarily looses the connection to the network, or when a validity period of previous credentials has expired.
Cellular, WiFi, and UMA or GAN networks often employ one or more Authentication, Authorization, and Accounting (AAA) servers in communication with one or more Home Location Registers (HLRs) to facilitate client authentication and reauthentication. The HLR often maintains information pertaining to clients, also called subscribers, including International Mobile Subscriber Identity (IMSI) numbers, current location, subscribed services, and so on. The AAA server may facilitate retrieving identification information from a client of the IP network and comparing the retrieved identification information with corresponding records in the HLR to determine whether to authorize the client to use certain network services.
Authentication processes are often relatively time-consuming and resource-intensive, consuming network resources at the AAA server and the HLR. Consequently in certain situations, such as when a client network connection is lost, more efficient reauthentication techniques are employed to reauthenticate a client.
An AAA server often communicates encrypted reauthentication information to a mobile station via an associated GAN or UMA within a RADIUS Extensible Authentication Protocol (EAP)—Subscriber Identity Module (EAP-SIM) message. If the mobile station loses a connection with the GAN or UMA, the mobile station may employ the reauthentication information to reauthenticate relatively quickly if done so within a predetermined time interval. Unfortunately, existing systems and methods for implementing reauthentication remain undesirably time consuming and network-resource intensive.