(a) Field of the Invention
The present invention relates to a subscriber station security-related parameter negotiation method in a wireless portable Internet system, and it more particularly relates to a subscriber station security-related parameter negotiation method for efficiently supporting and managing various authorization policies and message authentication schemes in a wireless portable Internet system.
(b) Description of the Related Art
A wireless portable Internet is a next-generation communication system to further support mobility in local area data communication such as in a conventional wireless local access network (LAN) that uses a fixed access point. Various wireless portable Internet standards have been proposed, and the international standard of the portable Internet has progressed on the IEEE 802.16e. The above-described IEEE 802.16 supports a metropolitan area network (MAN) representing an information communication network covering the LAN and the wide area network (WAN).
In authorization policies of such an IEEE 802.16 wireless MAN-based wireless portable Internet system, RSA (Rivest Shamir Adleman)-based authentication and EAP (Extensible Authentication Protocol)-based authentication are supported. In addition, a subscriber station and a base station perform a negotiation regarding these two authentication schemes through a subscriber station basic capability negotiation process performed during an initial network entry process. At this time, the subscriber station informs the base station of all available subscriber station-supportable authentication schemes, i.e., two authentication schemes in this case, by transmitting one of MAC (Message Authentication Code) messages of the IEEE 802.16 standard protocol, that is, a SBC-REQ (Subscriber station Basic Capability Request) message, to the base station. Here, the authentication includes subscriber station equipment authentication, base station equipment authentication, and user authentication.
Meanwhile, the base station receiving the SBC-REQ message performs a negotiation by comparing the subscriber station-informed authentication schemes with base station-supportable authentication schemes. Thereafter, the base station informs the subscriber station of the negotiated authentication schemes by transmitting a MAC message, that is, an SBC-RSP (Subscriber station Basic Capability Response) message. The subscriber station and the base station perform a subscriber station authentication function through the authentication scheme negotiated in such a manner.
However, according to the conventional method, either the only RSA-based authentication scheme or the only EAP-based authentication scheme is supported. Accordingly, it is necessary to more efficiently support various other authentication schemes that are not supported currently. In addition, such an authentication function must be omitted so as to enhance system performance according to a provider policy of the wireless portable Internet system. However, according to the conventional method, there is a problem in that the authentication function cannot be omitted.
Meanwhile, when the subscriber station authentication function is performed in the wireless portable Internet system, a message authentication function for all the control messages communicated between the subscriber station and the base station may be supported.
The subscriber station and the base station representatively use an HMAC (Hashed Message Authentication Code) and a CMAC (Cipher-based Message Authentication Code) so as to perform such a message authentication. The HMAC has various sizes to be used for authenticating control messages exchanged between the subscriber station and the base station when the subscriber station performs the network re-entry process or a handover process. However, the conventional wireless portable Internet system has a problem in that a method being capable of selecting various message authentication schemes or omitting a message authentication function is not defined.
The above information disclosed in this Background section is only for enhancement of understanding of the background of the invention and therefore it may contain information that does not form the prior art that is already known in this country to a person of ordinary skill in the art.