In recent years, wireless communication technologies have become more popular in our daily life. Although all wireless communication technologies provide wireless broadband connectivity, they have been optimized for different coverage and bandwidth limitations. To achieve more broadband services in more places, interworking between heterogeneous wireless networks is desirable. Nevertheless, in today's interworking environment, even when a full authentication has been performed between a mobile station (MS) and an Authentication, Authorization, Accounting (AAA) server in establishment of connectivity to one wireless network, another full authentication is required when the MS decides to handover from this wireless network to a heterogeneous wireless network. Authorization and key exchange procedures, however, are the most time-consuming operation in the network entry process. The redundant operations may therefore waste bandwidth and result in handover latency, which may consequently degrade the performance of a communications system.
FIG. 1 is a message flow of a conventional handover procedure from a WiMAX network (IEEE 802.16) to a WiFi network (IEEE 802.11) based on Extensible Authentication Protocol (EAP) authentication schemes. Establishment of the connectivity of the MS to the WiMAX network prior to being handed off to the WiFi network is illustrated in detail by FIG. 2. As shown in FIG. 2, a first EAP-based full authentication procedure is performed between the MS and an authentication server (e.g., the AAA server) via an appropriate WiMAX base station (BS) and access service network Gateway (ASN-GW). The full EAP-based authentication process includes exchanging of EAP-Req Identity (step S206) and EAP-Resp Identity (step S208) message pairs, and performing EAP-based method (step S210), and concludes with an EAP-Success or EAP-Failure message (step S212). After a successful execution of the EAP-based authentication method, a Master Session Key (MSK) is generated. Both the MS and the AAA server hold and use the MSK to derive other security keys, such as a pairwise master key (PMK), Authorization Key (AK) and Traffic Encryption Key (TEK). A secure wireless connection between the MS and the WiMAX BS may then be established using these security keys.
Referring back to FIG. 1, when the decision is made to handover from the WiMAX network to the WiFi network, a second EAP-based full authentication procedure is performed in the same manner as the first to generate security keys to support a secure connection between the MS and an authenticator in the WiFi network. Similar to the interworking from the WiMAX network to the WiFi network, when the decision is made to handover from the WiFi network to the WiMAX network, a full EAP-based authentication procedure would be similarly executed twice. One procedure would be executed when the MS enters the WiFi Network, and the other procedure would be executed when the MS hands off from the WiFi network to the WiMAX network.