The present invention relates to mobile internet access and in particular to a method and apparatus for sending a security key to a mobile host for use in internet access.
Corporate users have traditionally accessed the internet from a fixed location within a Local Area Network (LAN), a user""s LAN often being referred to as his xe2x80x9chomexe2x80x9d network (HN). The user interface to the internet is typically a personal computer (the xe2x80x9chostxe2x80x9d). As is illustrated in FIG. 1, the home network is connected to an internet service provider which routes internet data, so-called xe2x80x9cdatagramsxe2x80x9d, between the home network and the internet, the internet in turn comprising other routers and service providers which route data to and from other xe2x80x9cforeignxe2x80x9d networks (FN).
In order to be able to transmit and receive datagrams to and from the internet, a host requires an internet address. A corporate home network is typically allocated a set of internet addresses by a national authority and the home network can assign these either fixedly or dynamically to hosts attached to the home network (using for example the Dyriamic Host Configuration Protocol DHCP). The allocated set of internet addresses comprise a common prefix portion which identifies the home network, whilst a suffix portion identifies the destination host. When a datagram is received by a home network, a router (R) of the home network polls the attached hosts to determine which host corresponds to the internet address conveyed with the datagram. The datagram is then forwarded by the router to the identified host.
With the recent rapid advances in mobile communication technology, and in particular of wireless technologies, there has come a desire to gain internet access from mobile hosts or terminals, for example a laptop computer coupled to a cellular telephone. At present, this is available via certain digital telephone networks (e.g. GSM). As with conventional fixed line internet access, a mobile host may have a fixedly or dynamically assigned internet address, allocated by a service provider who is usually the cellular telephone network operator. In the case of mobile internet access, a communication channel between the mobile host and the network is reserved for the duration of the call. Internet data destined for the mobile host is received by the network and is sent to the host over the reserved channel.
This system works satisfactorily whilst a mobile host remains within one homogeneous network. However, it does not provide for xe2x80x9croamingxe2x80x9d between different types of networks or between networks operated by different operators. When a mobile host xe2x80x9cde-registersxe2x80x9d with one network and registers with a new network, there is no mechanism for forwarding internet datagrams, addressed to the old network, to the new network as the communication channel between the mobile host and the old network no longer exists. It is therefore necessary to open a new communication channel between the mobile host and the new network. All datagrams addressed to the old network and not yet received by the mobile host are lost as a result of this channel change.
The desire for roaming is likely to increase in the near future as the provision of corporate wireless LANs becomes commonplace. A corporate user will have the opportunity to make wireless voice and data calls from a mobile terminal via the corporate LAN whilst he is inside the coverage area of that LAN. When the user leaves that area, he will then be able to connect to a digital cellular telephone network. In addition, so-called xe2x80x9chot-spotxe2x80x9d LANs are likely to be provided in areas where high data capacity is required, e.g. airports, shopping centres. In all probability, hot-spot LANs will be operated by the cellular network operators although they may of course be operated by the property owners themselves.
A mobile internet access protocol which provides for roaming is currently being standardised by the Internet Engineering Task Force (IETF). This protocol is known as RFC2002. A mobile internet protocol is also described in EP556012. These protocols make use of a xe2x80x9chome agentxe2x80x9d, located in a mobile host""s home network, to keep track of the host when it leaves the home network. A mobile host is fixedly allocated an internet address corresponding to the home network.
When a mobile host is registered to its home network, the functionality of the network""s home agent is off for that host (i.e. the host is xe2x80x9cderegisteredxe2x80x9d with the home agent) so that the home agent does not alter the flow of datagrams from the internet to the network""s router and the mobile host (as indicated by reference numeral 1 in FIG. 2). When the mobile host leaves its home network and contacts a foreign network (FN), the host is registered with a foreign agent (FA) of that network. The foreign agent then transmits to the mobile host an internet address of the foreign agent, and the mobile host in turn transmits the received internet address to the home network""s home agent, together with a registration instruction. The home agent registers the new status of the mobile host and records the newly allocated internet address as a xe2x80x9ccare-of-addressxe2x80x9d for the host. Whenever the mobile host registers with a new foreign network, a new care-of-address is sent to the home network""s home agent to replace the previously registered care-of-address.
It will be appreciated that, as a mobile host has a fixed internet address allocated to it, datagrams destined for the host will always be sent to the home network. If a mobile host has an active internet connection when it passes from its home network to a foreign network, and a datagram destined for the host subsequently arrives at the home network, the home agent determines that the mobile host is registered with a foreign agent and forwards the datagrams to the registered care-of-address. A communication channel will have been reserved between the mobile host and the foreign agent, and the redirected datagram can be sent to the mobile host over this channel. Similarly, if a mobile host initiates a new internet access when registered with a foreign network, the host continues to use its allocated internet address. The home agent has already received the care-of-address and can again forward datagrams destined for the mobile host to the foreign agent for transfer to the host.
In some cases, the foreign network may dynamically assign an internet address to a visiting mobile host, e.g. if the foreign network does not have a foreign agent. This address is sent to the mobile host which in turn sends it to the home network""s home agent as a care-of-address. Rather than just merely redirecting datagrams to the care-of-address, the home agent actually replaces the old internet address contained in the datagram with the co-located care-of-address before retransmitting the datagram. This particular form of care-of-address which identifies the mobile host as the xe2x80x9ctunnelxe2x80x9d end-point for the redirected datagrams, rather than a foreign agent, is known as a xe2x80x9cco-located care-of-addressxe2x80x9d. It is noted however, that when the mobile host is accessing the internet via the foreign network, it still uses its fixedly allocated internet address. It will therefore be appreciated that regardless of whether the home agent receives a care-of-address or a co-located care-of-address all datagrams directed to a mobile host pass through the home network""s home agent (as indicated by reference numeral 2 in FIG. 2).
In a modification to the mobile internet access protocol described above, roaming of a mobile host from a home to a foreign network may be achieved by assigning a new internet address, in said second network, to the mobile host when the host leaves the home network for the foreign network. This new address is then transmitted from the mobile host to the home network""s home agent where the new address is registered as a care-of-address or co-located care-of-address for the mobile host. Datagrams addressed to the new internet address are sent directly to the mobile host via the foreign network""s xe2x80x9cforeignxe2x80x9d agent. On the other hand, datagrams addressed to an internet address previously assigned to the mobile host in the home network are forwarded, using the registered care-of-address or co-located care-of-address, from that network""s home agent to the mobile host via the foreign network""s foreign agent. This protocol is described below with reference to FIG. 3.
Current proposals for mobile internet access protocols have in common the feature that a care-of-address (or co-located care-of-address) must be sent from a mobile host to the host""s home network when the host registers with a foreign network. The care-of-address is sent via the internet, together with authentication data generated from an authentication key and the care-of-address itself (or some other component of the registration message), where the secret authentication key is known to the mobile host and to the host""s home network. A separate encryption key may also be used to encrypt other data sent between the mobile host and the home network.
A problem with this approach is that the internet is not necessarily a secure network and it is possible for third parties to intercept internet traffic. If a third party can also determine the authentication/encryption key then it may be possible for them to decrypt intercepted data. It may also be possible for a third party to send a false registration request and care-of-address to a mobile host""s home network causing datagrams intended for that mobile host to be redirected to some other terminal.
A possible way to improve security is to allocate new authentication/encryption keys to a mobile host on a regular basis, e.g. every time the mobile host makes a new internet access request. However, as the new authentication/encryption key is sent via the internet, the possibility remains that each new key may be intercepted and determined.
It is an object of the present invention to overcome or at least mitigate the above noted disadvantages. In particular, it is an object of the present invention to provide for the secure transmission of security keys, for use in mobile internet access, between a mobile host and a home network of the mobile host, particularly when the mobile host is registered with a foreign network.
These and other objects are met by sending security keys, from a mobile host""s home network to the mobile host, using a point-to-point packet switched service of a cellular radio telephone network.
According to a first aspect of the present invention there is provided a method of communicating data between a mobile host and a remote station over the internet, where both the mobile host and the remote station are registered with the same or different cellular radio telephone networks, the method comprising the steps of:
sending a security key, from the remote station to the mobile host, over the cellular radio telephone network(s) using a point-to-point packet switched service of the network(s);
receiving said security key at the mobile host, and using the received key to ensure the security of subsequent data transmissions between the mobile host and the remote station over the internet.
The present invention avoids the use of the internet to distribute a security key to a mobile terminal. Furthermore, distribution is achieved using a cellular radio telephone network messaging service which is inherently more secure than the internet.
In one embodiment of the present invention, the remote station is connected to a Local Area Network (LAN), the LAN being connected to the internet. The LAN is assigned as the home network of the mobile host, such that said remote terminal is the home agent of the mobile host. In accordance with mobile internet protocol (Mobile IP), when the mobile host is registered with a cellular radio telephone network which provides access for the mobile host to the internet, a care-of-address is sent from the mobile host to the home agent over the internet. The present invention is advantageously used to secure the transmission of said care-of-address. However, the present invention may also be used to encrypt and transmit other data between the mobile host and the home network.
In other embodiments of the present invention, the remote host is the home agent of a cellular telephone network, and that home agent is the home agent of the mobile host.
Preferably, the or each cellular radio telephone network is a GSM network and said point-to-point packet switched service is that known as the Short Message Service (SMS). In other embodiments of the present invention, said point-to-point packet switched service may be an Unstructured Supplementary Data (USSD) service or may be provided by way of a packet data channel (e.g. in a General Packet Radio Service GPRS).
Security keys which may be distributed by way of the present invention include, for example, authentication keys and encryption keys.
According to a second aspect of the present invention there is provided data communication apparatus comprising:
a mobile host arranged for connection to the internet and to a cellular radio telephone network and having first signal processing means for encrypting and decrypting data sent to and received from the internet;
a remote station arranged for connection to the internet and to a cellular radio telephone network, and having second signal processing means for securing data sent to and received from the internet, the remote station further comprising means for providing a security key and for sending the security key to the mobile host over the cellular radio telephone network(s) using a point-to-point packet switched service of the network(s);
the mobile host further comprising means for receiving said transmitted security key, wherein said security key may be used to secure subsequent data transmissions between the mobile host and the remote station over the internet.