Mobile IP enables a mobile node to move freely from one point of connection to another. During the movement of the mobile node from one connection point to another there should be no disruption of the TCP end-to-end connectivity. In order to extend Mobile IP for use by cellular telephone companies and check the mobile node's identity in the absence of a preconfigured security association with a foreign authority, an authentication, authorization, and accounting (“AAA”) mechanism may be used.
AAA may be used to provide the identity verification of a mobile node (“MN”) when mobile node is connected to the point of the agent on the foreign domain (foreign agent) by the requirement a security association existed between mobile node and its home domain AAA server. When the mobile node shares a security association with its home AAA server, it is possible to use that security association to create derivative security associations between the mobile node and its home agent, and again between the mobile node and the foreign agent.
AAA as is exists today, however, may be subject to hacking. For example, an AAA protocol may be subject to a man-in-the-middle attack or a replay attack. What is needed is a way to guard against a man-in-the-middle attack, or some other fraud, without unduly complicating an AAA protocol. It is with respect to these considerations and others that the present invention has been made.