1. Field of the Invention
Methods and apparatuses consistent with the present invention relate to an authentication in a network environment, and more particularly, to an authentication in an Internet protocol (IP)-based network environment. An IP environment includes an IP version 4 (IPv4) environment and an IPv6 environment.
2. Description of Related Art
Protocol for carrying Authentication for Network Access (PANA) is an authentication protocol developed for network access by Internet Engineering Task Force (IETF). PANA is described in a request for comments (RFC) 4016, RFC 4058, and the like. PANA is a protocol for performing authentication in a network layer. PANA is designed to perform authentication regardless of a link-layer protocol in an Internet protocol (IP)-based environment, and may be applied to both multi-point access and point-to-point access.
FIG. 1 is a diagram illustrating a device authentication and a user authentication in a World Interoperability for Microwave Access (WiMAX) environment according to a conventional art.
Several network technologies including Wireless Broadband Internet (WiBro), WiMAX, and the like request the device authentication and the user authentication to be separately performed. As illustrated in FIG. 1, a mobile station (MS) 110 performs a device authentication 105 and a user authentication 125 with an access service network gateway (ASN GW) 130 via a base station (BS) 120. In this instance, a Privacy and Key Management version 2 (PKMv2) scheme may be used. The ASN GW 130 performs communication again by using an authentication, authorization, and account (AAA) server 140 in an ASN, and Remote Authentication Dial-In User Service (RADIUS) in order to perform a device authentication of the MS 110 (115). When an authentication by the AAA server 140 is successful, the ASN GW 130 performs a user authentication. The ASN GW 130 performs communication again by using an AAA server 150 in a home Connectivity Service Network (CSN), and RADIUS in order to authenticate a user of the MS 110 (135). When the authentication by the AAA server 150 is successful, enabling of full IP access is permitted to the MS 110 (145).
As described above, since the device authentication and the user authentication are previously only able to be performed sequentially in the WiMAX environment, a long initial establishment time is required until the MS 110 acquires a full IP access authority.
As another example, there is a case where a network access provider (NAP) authentication and an Internet service provider (ISP) authentication are separately performed. In this case, since the ISP authentication is performed after the NAP authentication is completed, a long total authentication time is required.
Accordingly, a PANA authentication system and method which can reduce total authentication time is required.