Enhanced mobile communications networks, such as 3GPP Rel-8, Mobile WiMAX and 3GPP2, will support proxy mobile IPv6 protocol as one of the mobility solutions for packet-based data traffic. The proxy mobile IPv6 protocol involves a mobility access gateway (MAG) located in the access network, for providing access to user terminals, and a local mobility anchor (LMA) located in the home network acting as the first hop router and providing access to external networks such as the Internet. According to the proxy mobile IPv6 protocol, the mobility access gateway (MAG), and the local mobility anchor (LMA) share a security association (SA). This could, for example, be an IPSec SA. In each access network, there are usually several mobility access gateways (MAG). In conventional mobile IPv6, the security associations exist between a home agent and a user terminal. A difference between the proxy mobile IPv6 and the conventional mobile IPv6 is that in the conventional mobile IPv6, the user terminal belongs to a subscriber of the home operator, and the security association is checked, even in the roaming cases, during a normal checking of the customership. So the security association (SA) has to exist anyway. In the proxy mobile IPv6, the mobility access gateway does not belong to the home network operator, but to a roaming partner. SA is between MAG and LMA, not between the user terminal and LMA. A roaming terminal is authenticated and authorized towards the home operator prior to allowing it to attach to MAG, since LMA trusts every terminal accessing external networks from a MAG with which it has an SA.
One of the problems associated with the above arrangement is that, especially in roaming cases, management of the security associations is problematic. For example, if an operator has 100 MAG components and the home operator has 250 roaming partners, there have to be 25 000 security associations simply for roaming—in the worst case for every local mobility anchor (LMA). These SAs are in addition to normal subscription SAs that the home operator has with each of its subscribers. Technically, this is an administrative problem as well as a scalability problem, especially in the roaming cases. Each mobility access gateway (MAG) brought into the access network requires a new security association and verification over the roaming connection. In addition, if the operator adds, removes and/or changes MAG, the roaming partners have to agree on a new security association (SA) with the added, removed and/or changed MAG. Another disadvantage associated with the current solutions is that they require a number of static configurations. As each LMA-MAG connection involves a security association of its own, changes in the home network are soon reflected in the interconnecting and roaming partners. If something is changed, the security association has to be updated. Even if the creation of SA between MAG and LMA may be dynamic, in a roaming environment these kind of arrangements tend to be statically configured. In the case of a dynamically created SA (e.g. by using IKEv2 negotiation) the complexity of distribution of credentials still remains.