Taking Worldwide Interoperability for Microwave Access (WiMAX) for example, as a new 4G standard, the WiMAX has attracted much attention of telecommunications operators and equipment manufacturers all over the world and predominated in the wireless broadband field. FIG. 1 shows a diagram illustrating a composition architecture of an existing WiMAX network. As shown in FIG. 1, the WiMAX network mainly consists of a Mobile Terminal (MT), a Base Station (BS), an Access Gateway (AGW, not shown in FIG. 1), an authenticator and an Authentication Authorization Accounting (AAA) server and other network elements, wherein the AGW, the BS and the authenticator are located in an Access Service Network (ASN) and the AAA server is located in a Connection Service Network (CSN).
When an MS accesses a network initially, the network assigns an authenticator in the ASN to perform authentication, together with a Home AAA (HAAA) server, on the MS. Before the life cycle of some security parameters or a timer expires, the MS or a network side may initiate re-authentication, which may be accompanied by authenticator relocation, and accordingly, a new authenticator becomes an anchor authenticator of the MS.
Existing relocation of an anchor authenticator may be accompanied by re-authentication in some scenarios while the re-authentication may not occur in other scenarios, wherein in the anchor authentication relocation accompanied by the re-authentication, an old authenticator performs the re-authentication together with an HAAA sever on a new authenticator after confirming the new authenticator. After the re-authentication is ended, the new authenticator notifies the old authenticator that the authenticator relocation has been completed.
The existing anchor authenticator relocation accompanied by re-authentication has the following problems: a plurality of authenticator relocation processes may be initiated/occur at the same time for the same MS session; or a new authenticator relocation request may be initiated when a re-authentication process has not been completed; or a new re-authentication request may be initiated when authenticator relocation has not been completed. In such cases, not only the complexity of network element processing is increased, but also the potential safety hazard may be caused because a network element needs to deal with a plurality of processes and maintain multiple sets of contexts/information at the same time.
Currently, existing technologies are designed just for a re-authentication process; a new re-authentication request is refused through a re-authentication locked state on an anchor authenticator of an MS, in this way, when the re-authentication locked state is in a locked state and re-authentication of the MS is being performed, a network will refuse the new re-authentication request. However, according to the existing technologies, if there is a new authenticator relocation request, the network will not refuse it, thus the new authenticator relocation request is accepted in a process in which the re-authentication occurs. Or according to the existing technologies, when the MS is performing authenticator relocation and if there is a new authenticator relocation request, the network will not refuse the new authenticator relocation request, thus the new authenticator relocation request is accepted in a process in which the re-authentication occurs. Or according to the existing technologies, when the MS is performing authenticator relocation, and if there is a new re-authentication request, the network will not refuse the new re-authentication request, thus the new re-authentication request is accepted in a process in which the authenticator relocation occurs.
The problem also exists in other communication systems. In an LTE system for example, when relocation occurs but has not been completed in a Mobility Management Entity (MME) or a Serving Gateway (S-GW) corresponding to User Equipment (UE), the system should also avoid recurrence of the relocation on the MME or the S-GW of the same UE. As shown in FIG. 2, UE accesses a network via an Evolved Node B (eNB) in an LTE system, an MME is in charge of a UE-related control plane, and an S-GW is in charge of a UE-related user plane. Corresponding functions of an authenticator are realized on the MME.
Existing methods of processing an authenticator relocation request not only increase the complexity of network element processing, but also brings about potential safety hazard because a network element needs to deal with a plurality of processes and maintain multiple sets of contexts/information at the same time.