The present invention generally relates to mobile communications systems and more particularly to a scalable system and method for ensuring real-time, end-to-end security in a multimedia mobile network.
Internet Protocol Security (IPSec) VPN has become one of the most efficient technologies for protecting end-to-end transmission security across public networks such as Internet Protocol based multimedia mobile networks. However this VPN implementation suffers from several disadvantages. Most significantly, when roaming between different VPN subnets, a current session may be terminated.
Prior art systems and methods for addressing this problem include providing a flat subnet for supporting thousands of wireless users. This solution is clearly not scalable. Furthermore, it is cumbersome to propagate a single subnet everywhere across a campus. With large subnets, performance is impacted adversely due to a significant number of-broadcasts in each domain. For real-time applications in particular, small CPU-powered devices may be broadcast intensive and too many users in one VLAN will quickly degrade performance and increase latency leading to poor quality stream communication.
Another prior art solution includes the implementation of a proxy Mobile IP. This solution is complex to configure, requiring changes to the LAN routing infrastructure. Furthermore, Mobile IP suffers from problems with network discovery and timing causing breaks that can last several seconds and result in loss of session persistence which ultimately harms real time applications.
A further prior art solution includes the deployment of a wireless switch/gateway within the wireless network. While this solution may solve the issue of secure handoffs to roaming mobile devices, additional burdens to existing VPN concentrators and congestion of network traffic make this solution disadvantageous. Furthermore, this solution may produce significant amounts of delay and prevent the deployment of time-sensitive applications such as voice, video, and real-time data.
While the systems and methods of the prior art provide solutions to the problems associated with roaming between different VPN subnets, there continues to be a need for a system and method that reduces latency and that ensures the security and session continuity as mobile devices roam between different VPN subnets. Such a system and method preferably does not require any changes to the network infrastructure.