In a communication system (network) that abides by Internet Protocol (IP) standards and recommendations an IP address assigned to a particular computing device is typically used to identify the computing device and corresponding IP packets originating from the computing device. Historically, this method of identification was not a problem because computing devices were assumed to remain fixed relative to an Access Point (AP) for the duration of an IP session. Thus, each computing device could be expected to maintain a single unique IP address for the duration of an IP session; and, accordingly, the unique IP address could be used as an identifier.
However, in a mobile computing and communication environment a mobile computing device (mobile unit) may be reassigned a different IP address each time the mobile unit moves from a coverage area of one access point into another coverage area (possibly serviced by another access point) during a single IP session. Similarly, an IP address assigned to a mobile unit is likely to change when the mobile unit moves (roams) from one network domain into another network domain. Thus, there is a problem for other devices in a system trying communicate with a particular mobile unit, since the other devices cannot easily identify the common origin of multiple IP packets (originating from the same mobile unit) that may each have different IP addresses.
The problem is further complicated when the mobile computing device has established a secure IP connection to a private network, Virtual Private Network (VPN) or server, using for example IPSec which is a commonly known standard used to add security to TCP/IP-based communications. Secure IP connections can be used to safeguard the right to access information transferred between two or more parties (typically the term “secure IP connection” refers to encryption at the network layer (OSI layer 3)). However, a secure IP connection in a mobile environment is broken when a mobile unit having established the secure IP connection using a first IP address is forced to change to a second IP address. The secure IP connection is lost because the private network (or VPN) will no longer recognize IP packets from the mobile unit as belonging to (or originating from) the mobile unit because: i) recognition is based on the IP address of a mobile unit; and ii) the second IP address assigned to the mobile unit is different from the first IP address that was used to establish the secure IP connection.
Typically when a secure IP connection is lost all IP packets sent from a mobile unit to a private network (or VPN) are dropped or ignored. Consequently, a new communication channel must be re-established. This procedure is typically time consuming and inconvenient. The result is that the efficiency advantages of the mobile environment that arise from allowing a user to be mobile are curbed by the inability of present mobile computing and communication environments to effectively provide seamless handoffs of non-secure and secure IP connections between coverage areas and between network domains.
There have been prior solutions proposed to minimize the effects of this problem, such as Mobile IP and Tunnelling. However, the prior solutions typically require additional hardware to be added to the communication system and overhead to be added to IP packets. Moreover, the complexity of the previous solutions limit, and often degrade, the performance and efficiency of the communication systems that they are integrated into.