With the development of communications technologies, modern communications impose higher requirements for mobile communications. In current mobile communications, a mobile node (MN) should be able to carry out normal communications in a mobile or a roaming scenario.
In the mobile scenario, inevitably, the MN hands over, that is, the network attachment point of the MN changes with the movement of the MN. The handover may be categorized into Layer 2 handover and Layer 3 handover according to the relative position of the network attachment point before and after the handover. Layer 3 handover may be further categorized into intra-domain handover (that is, the old network attachment point and the new network attachment point are in the same jurisdiction of an authentication, authorization and accounting (AAA) server) and inter-domain handover (that is, the old network attachment point and the new network attachment point are in different jurisdictions of the AAA server). A complete Layer 3 handover process includes the following steps: 1. The MN leaves the old network attachment point and hands over to a new network attachment point to perform new network access authentication; 2. The MN establishes a corresponding configuration relationship on the new network attachment point.
It takes a certain time for the MN to hand over from the old network attachment point to the new network attachment point. During this period of time, the communication may be interrupted or delayed. For some services with high real-time requirements (for example, instant messaging service), this interruption or delay is desired to be as short as possible. However, in actual applications, the current authentication method requires multiple rounds of interactions between the MN and the AAA server. In addition, when the MN is roaming, the MN still needs to be authenticated on the home network. Thus, the new network access authentication takes a long time, so that the interruption or delay during the handover exceeds the upper limit of the instant messaging service.
In the prior art, a fast re-authentication method is adopted to reduce the interruption or delay. By using the fast re-authentication method, the authorization or configuration information generated in the previous authentication is inherited during the mutual authentication. Because the authorization and configuration information does not need to be re-generated, the fast re-authentication method needs fewer interactions and less processing than the ordinary authentication method, thus saving the authentication time. The fast re-authentication is mainly applied in Layer 3 intra-domain handover. The specific process is as follows:
1. When the MN performs network access authentication for the first time, the MN and the home AAA (HAAA) server (that is, the AAA server on the home network of the MN) generate information for fast re-authentication, where the information may include an ID and a key dedicated for the fast re-authentication.
2. The HAAA server sends the fast re-authentication information to the visited AAA (VAAA) server (that is, the AAA server on the visited network where the MN is located).
3. When the MN enters the visited network, the MN provides the VAAA server with fast re-authentication information through a new network attachment point; the VAAA server re-authenticates the MN according to the fast re-authentication information sent from the HAAA server.
By using the fast re-authentication method, when the MN performs handover between the VAAA server and the HAAA server, the overheads of the VAAA server and the HAAA server on the link and the number of interactions between the VAAA server and the HAAA server are reduced. However, the fast re-authentication method requires a security relationship between the MN and the VAAA server. In an inter-domain handover scenario, no security relationship exists between the new VAAA server and the MN. Thus, the fast re-authentication method is not applicable to Layer 3 inter-domain handover.
During the implementation of the present application, the inventor discovers at least the following problems in the prior art:
When the MN performs inter-domain handover, the VAAA server after handover is required to perform authentication on the HAAA server, thus generating a long handover delay.