When a mobile terminal intends to access a wireless network that supports an extensible authentication protocol (EAP) authentication manner, for example in a worldwide interoperability for microwave access (Wimax) network, an EAP authentication process needs to be performed first. After the authentication is passed, a master session key (MSK) and an extended MSK (EMSK) are respectively generated on the mobile terminal side and an authorization, authentication, and accounting (AAA) server side.
Further, a mobile IP-root key (MIP-RK) is calculated according to the EMSK respectively on the mobile terminal side and the AAA server side. Various mobile-related keys are derived through calculation by combining the root key with addresses of a home agent (HA), a foreign agent (FA) and so on, including a mobile IP key between the mobile terminal and the AAA server (MN-AAA), a mobile IP key between the mobile terminal and the HA (MN-HA), mobile IP key between the mobile terminal and the FA (MN-FA), and a mobile IP key between the FA and the HA (FA-HA). By using these keys, the security of mobile IP registration is achieved.
After the initial authentication is finished, the mobile terminal initiates a mobile IP registration process, in other words, the mobile terminal sends a mobile IP registration request message protected by using the MN-HA. Since the HA does not have the MN-HA after receiving the mobile IP registration request message for the mobile terminal from the FA, the message cannot be authenticated. Thus, the HA requests the MN-HA from the AAA server so as to authenticate the mobile IP registration request message.
At present, mobile IP type of the mobile terminal can be categorized into proxy mobile IP (PMIP) and client mobile IP (CMIP) based on the location of a management entity from a perspective of the mobile terminal. When the mobile terminal performs an initial access registration and initiates a mobile IP registration request, or the mobile terminal initiates a mobile IP registration request due to the key update of the mobile terminal, the keys used during the registration process may vary according to different mobile IP types. For the generation of the MN-HA in IPv4, a PMIP mobile terminal and a CMIP mobile terminal are respectively considered, and calculation formulas are as follows:MN-HA-CMIP4=H(MIP-RK,“CMIP4 MN HA”|HA-IP)  (1)MN-HA-PMIP4=H(MIP-RK,“PMIP4 MN HA”|HA-IP)  (2)
“MIP-RK” in the above formulas refers to a mobile IP-root key, “CMIP4 MN HA” or “PMIP4 MN HA” refers to a type of the mobile terminal, and “HA-IP” refers to an IP address of the HA.
For example, regarding the PMIP mobile terminal, it may obtain a real and meaningful HA address allocated to the mobile terminal by the AAA server during the initial authentication process. Therefore, when the PMIP mobile terminal initiates a mobile IP registration request message, content of an HA address field in the mobile IP registration request can be an IP address of a real HA, the HA address value is used to generate the MN-HA (namely formula 2), and the mobile IP registration request message is protected by using the generated MN-HA. Regarding the CMIP mobile terminal, it may not obtain the real and meaningful HA address during the initial authentication process, in this case, the content of the HA address field in the mobile IP registration request is defaulted all 0 (HA address: 0.0.0.0) or all 1 (HA address: 255.255.255.255). Thus, the MN-HA (namely formula 1) is generated by using default values of all 0 or all 1, and the mobile IP registration request message is protected by using the generated MN-HA.
Further, the HA requests the MN-HA of the mobile terminal from the AAA server after receiving the mobile IP registration request from the mobile terminal (either the PMIP mobile terminal or the CMIP mobile terminal). It can be seen that, in the prior art, a mobile IP key of the mobile terminal that initiates the mobile IP registration request cannot be determined correctly, neither the mobile IP type of the mobile terminal that initiates the mobile IP registration request can be obtained correctly.