A wireless device (“mobile node”) may be capable of data network connectivity using Internet protocol (IP) datagrams. Some networks may utilize mobile-IP structures including those described in Internet Engineering Task Force (IETF) Request for Comments (RFC) 3344 “IP Mobility Support for IPv4” (August 2002) and related RFCs. These structures may include protocol enhancements designed to simplify network configuration and enhance security for a mobile node while roaming between networks. The mobile node may maintain a network address associated with a home network even while connected to a visited network. A roaming mobile node may register a “care-of” address with the home network to be used to forward data traffic to the roaming mobile node while connected to the visited network. The data traffic may be tunneled between the home network and the visited network to provide a path while the mobile node roams. Other security features may include authentication mechanisms to establish trust between the mobile node and the visited network, between the visited network and the home network, and between the mobile node and the home network.
A roaming mobile node may register directly with the home network using a mobile-IP networking stack on the mobile node. Alternatively, a proxy agent residing on a visited network node may contain the mobile-IP stack and perform the registration on behalf of the mobile node in a process referred to herein as “proxy mobile-IP.” Proxy mobile-IP may be deployed within an enterprise access network (e.g., in the home network) wherein the access network and a registration agent in the enterprise network (the “proxy agent”) belong to the same administrative domain or organization. The mobile node may roam between access points or base stations comprising nodes on the enterprise network. The mobile node may trust the enterprise access network in such situations. Mobile-IP registrations may thus be securely issued by a proxy agent on behalf of the mobile node in a context of this network architecture.
The security assumptions underlying proxy mobile-IP may be invalid, however, when the mobile node roams into foreign or “visited” access networks under the control of a different administrative domain than that of the home network. That is, the mobile node may not trust the visited access network to issue mobile-IP registrations on its behalf. Proxy mobile-IP signaling across administrative domains may expose unacceptable security relationships between the visited access network and a home agent in the mobile node's home network. Manually configuring security associations between domains with different security infrastructures may be problematic due to factors related to scalability and lack of predictability in a roaming environment.