1. Field of the Invention
The present invention relates to a method and/or a system and/or a network node and/or a method for producing a message for updating a session path for a mobile node in a mobile communication network. The present invention relates in particular to a method and/or a system and/or a network node and/or a method for producing a message for updating a session path of an authentication, authorization and accounting session in a packet based mobile communication network during a handover process.
2. Related Prior Art
In recent years, wireless cellular communication networks are increasingly employed all over the world. In particular, packet based mobile communication networks are developed which uses packet based communication protocols, such as Mobile IP (IP: Internet Protocol) and the like.
As commonly known, one major requirement for using services and resources of wireless access networks is authentication (i.e. verifying the identity of an entity (user)) and authorization (i.e. determining whether a requesting entity (user) will be allowed to access to a resource) of a user, i.e. of the mobile terminal of the user. Wireless access network providers need to authenticate and authorize users, for example, for billing and accounting purposes. An access network usually comprises several access routers (AR) that route IP packets to and from a user's mobile node (MN).
For this purpose, an AAA (AAA: authentication, authorization and accounting) infrastructure is implemented which offers the providers this kind of service. By means of the AAA infrastructure, it is possible, for example, to decide whether to block access of the user to a local network in case of unauthorized users, or not.
The AAA infrastructure is used to authenticate and authorize the user for a so-called session. A session is a related progression of events devoted to a particular activity. The session controls packet filtering and thus a user's access to the network. In AAA infrastructure, a network access identifier (NAI) is used as the user's identity for network access. Sessions are identified with session-IDs, which are bound to the NAI and thus for a specific user. Each session normally has a certain lifetime and state that depends on a result code that the AAA infrastructure provides. For increasing the session lifetime, a re-authentication can be used.
A user's mobile node may change the access router during a single session, for example due to a handover. In such a situation the authentication and authorization of the user has to be ensured. Thus, re-establishment of access to the network from the new access router has to be provided. In “Context Relocation of AAA Parameters in IP Networks”, Dan Forsberg et al., draft-forsberg-seamoby-aaa-relocate-00.txt, Seamoby Working Group, internet draft, IETF, 22 Feb. 2002, there is proposed a way to maintain network access authentication and authorization in a handover situation by using context transfers between the access routers. The required network access control state is transferred from the previous access router to the current (new) access router. Thus, the packet filtering rules are rebuild in the new access router for the user without requiring extensive signaling over tie AAA infrastructure.
However, there might exist a requirement that AAA entities, such as AAA hosts or AAA servers are updated in the backbone about the MN's current location. For instance, the AAA server in the MN's home domain, i.e. the home AAA server (AAAH) being located in the administrative domain with which the user maintains an account relationship, may need to be informed if the MN changes the local domain AAA server (AAAL) which is located in the administrative domain providing currently services to a user.
Recently, there is developed a protocol to provide an AAA framework for applications such as network access or IP mobility which is known as Diameter base protocol. The specification of the Diameter base protocol is described, for example, in “Diameter Base Protocol”, Pat R. Calhoun et al., draft-ietf-aaa-diameter-12.txt, AAA Working Group, internet draft, IETF, July 2002. Diameter is intended to work both with local AAA and with roaming situations. The Diameter protocol allows peers to exchange a variety of messages and provides a variety of facilities, such as basic services necessary for applications, such as handling of user sessions or accounting (i.e. collecting information on resource usage for the purpose of capacity planning, auditing, billing or cost allocation). The data delivered by the Diameter protocol are in the form of an attribute value pair (AVP). In general, the Diameter protocol comprises a header followed by one or more AVPs. An AVP includes a header and is used to encapsulate protocol-specific data (e.g. routing information) as well as authentication, authorization or accounting information. AVPs are used by the base Diameter protocol to a plurality of features, for example transporting of user authentication information, for the purposes of enabling the Diameter server to authenticate the user, transporting of service specific authorization information, between client and servers, allowing the peers to decide whether a user's access request should be granted, exchanging resource usage information, which may be used for accounting purposes, capacity planning, etc., and relaying, proxying and redirecting of Diameter messages through a server hierarchy.
Assuming that a user intends to use resources of an access network, which is for example not located in the user's home domain, the access router (AR) being contacted by the user's mobile node initiates an authentication and/or authorization request and set up a Diameter session between the AR and the home AAA server (AAAH) which will last until session timeout or being stopped by termination request from the AR. For this purpose, a session path is established in the network. All Diameter packets with the same Session-Id are considered to be part of the same session. When a mobile node, for example, moves during a session, it may receive service from a plurality of ARs. The AAA parameters can be transferred between these ARs along with the handover signaling, for example as described in “Context Relocation of AAA Parameters in IP Networks”.
However, there is a problem that in the case that the handover is performed during the session, it may be necessary that the AAAH knows the current location (i.e. the session path) of the MN. For example, the AAAH may desire to re-authenticate the user, or to terminate the session, or to initiate any other request. This is difficult to achieve since the AAA parameters are transferred between ARs, while the session path registered in the AAAH points to the previous AR. By means of the context transfer itself such a dynamic Diameter user session between the new AR and the AAAH can not be maintained, because context transfer only involves the ARs and the MN, but the AAAH is not informed by the context transfer that the MN has moved away from the original (previous) AR.