1. Field of the Invention
The present invention relates generally to a method and system for authenticating a Mobile Terminal (MT) in a communication system, and more particularly, to a method and system for minimizing message exchange during an MT reauthentication procedure following a handover in a wireless communication system.
2. Description of the Related Art
In various mobile wireless network architectures (e.g., Worldwide Interoperability for Microwave Access (WiMAX), 3rd Generation Partnership Project 2 (3GPP2), and Wireless Fidelity (WiFi)), Extensible Authentication Protocol (EAP) is used for the authentication of MTs for network access. EAP carries out a cryptographic authentication method between a subscriber, e.g., an MT, that wants to access the network and an authenticator in a subscriber's home domain (i.e., a network that the subscriber is registered to).
For example, EAP is executed between the MT and the subscriber's home Authentication, Authorization, and Accounting (AAA) server via the currently serving access network. The entity that resides in the access network and handles the forwarding of EAP packets between the MT and the home AAA server is called an authenticator. Typically, the authenticator is co-located with an access gateway (e.g., an Access Service Network GateWay (ASN GW) in WiMAX, and an access controller in WiFi).
FIG. 1 illustrates a call flow for an MT performing EAP authentication during network entry in a wireless communication system according to the conventional art. Here, EAP represents a protocol for encapsulating and transmitting an authentication method for real authentication, such as Message Digest number 5 (MD5), Transport Layer Security (TLS), Secure Remote Password (SRP), etc.
Referring to FIG. 1, an MT 100 completes a physical layer attachment with an authenticator 110 in step 131, and then initiates a link-layer entry procedure with the authenticator 110. In step 133, the authenticator 110 transmits an EAP request message (EAP Request/Link-layer) for requesting identity information for the authentication of the MT 100, to the MT 100. The MT 100 and the authenticator 110 exchange a signal through a Base Station (BS) located between the MT 100 and the authenticator 110. Here, the EAP Request/Link-layer is defined as PKMv2 PKM-REQ/EAP-Transfer in the Institute of Electrical and Electronics Engineers (IEEE) 802.16 standards.
In step 135, the MT 100 sends the authenticator 110 an EAP response message (EAP Response/Link-Layer) including its own identity information, in response to the EAP Request/Link-layer. Here, the EAP Response/Link-Layer is defined as PKM-RSP/EAP-Transfer in the IEEE 802.16 standards.
In step 137, the authenticator 110 includes information of the EAP Response/Link-Layer in an AAA request message (EAP Response/AAA Request) and sends the EAP Response/AAA Request to a home AAA server 120.
The home AAA server 120 determines an EAP authentication method using identity information of the MT 100 identified through the EAP Response/AAA Request. Thereafter, in steps 139 and 141, the home AAA server 120 transmits the determined EAP authentication method information to the MT 100 via the authenticator 110, through an EAP Request/AAA Response and an EAP Request/Link-layer.
The MT 100 identifies the EAP authentication method determined by the AAA home server 120, through the EAP Request/Link-layer received from the authenticator 110. In steps 143 and 145, the MT 100 transmits information necessary for the EAP authentication method to the AAA home server 120 via the authenticator 110, through an EAP Response/Link-layer and an EAP Response/AAA Request. In steps 139 to 145, in preparation for packet loss, the AAA home server 120, the authenticator 110, and the MT 100 repeatedly perform transmission/reception of the EAP authentication method information and the information necessary for the EAP authentication method.
The AAA home server 120 identifies the authentication or non-authentication of the MT 100 using the information of the MT 100 necessary for the EAP authentication method included in the EAP Response/AAA Request received from the authenticator 110. If the AAA home server 120 can authenticate the MT 100, in steps 147 and 149, the AAA home server 120 transmits an authentication success message to the MT 100 via the authenticator 110, through an EAP Success/AAA Response and an EAP Success/Link-layer.
Accordingly, the MT 100 completes link-layer attachment with the authenticator 110 in step 151. In step 153, when the MT 100 completes the link-layer attachment with the authenticator 110, the AAA home server 120 starts accounting for the authenticator 110.
The MT 100 authenticated by the AAA home server, through the aforementioned authentication procedure, achieves successful link-layer entry and receives a network service.
However, the call flow illustrated in FIG. 1 presents a time-consuming procedure that involves a good deal of messaging between the authenticator 110 and the AAA home server 120. Additionally, two Network Elements (NEs) may be very far away from each other. Further, the messaging in steps 139, 141, 143, and 145, between the authenticator 110 and the AAA home server 120, may be repeated several times. Consequently, a delay caused by the EAP authentication can be as great as two to three seconds. Because the EAP authentication delay is in the critical path of the network entry procedure, the EAP authentication delay can block the network entry of the MT 100.
Additionally, when the MT 100 performs a handover to another access network, the EAP authentication delay may be caused by the handover, affecting dropped calls, fixed video stream, etc., in the course of real-time data communication.
Thus, there is a need for a method and system for minimizing EAP authentication latency upon handover in a wireless communication system.