This invention relates to radio communications systems of which a wireless local area network (WLAN) is a non-limiting example. More specifically this invention relates to providing information security when a mobile terminal is handed-over from a first base station or access point (AP) to a second base station or access point (AP).
In a minimum configuration, a communication system is formed by a transmitting station and a receiving station that are interconnected by a communication channel. Communication signals generated by the transmitting station are transmitted upon the communication channel and received by the receiving station.
In a radio communication system at least a portion of the communication channel is formed by a portion of the electromagnetic spectrum. Increased mobility of communications is permitted in a radio communication system because a fixed or a hard-wired connection is not required between the transmitting and receiving stations.
A cellular communication system, of which a cellular telephone system is an example, is an example of a radio communication system. When the mobile terminal of a subscriber to a cellular communication system is physically positioned at almost any location throughout an area that is encompassed by the network infrastructure of the cellular communication system, the mobile terminal is able to communicate by way of the cellular communication system with another mobile terminal.
The network infrastructure of an exemplary wireless communication system includes physically spaced-apart base stations or access points (APs) which each include a transceiver. In such an exemplary system, each base station or AP defines a geographic area or cell of the communications system. As a first mobile terminal is used to communicate with a second mobile terminal, and as the first mobile terminal travels or moves between the cells of the system, uninterrupted communication is possible by handing-over communications from one base station to another base station. Such a communication handover is provided by a handover process.
A High Performance radio Local Area Network such as HIPERLAN type-2supports three kinds of handover. HIPERLAN/2 PROVIDES HIGH SPEED (typically 25 Mb/s data rate) communications between portable devices and broadband IP, ATM and UMTS networks, and is capable of supporting multiple media applications, with the typical application being indoors.
HIPERLAN/2 provides local wireless access to different infrastructure networks (e.g. IP, ATM and UMTS) by moving and stationary terminals that interact with access points which, in turn, usually are connected to an IP, ATM, or UMTS backbone. A number of access points are required to service the network. The wireless network as a whole supports handovers of connections between access points to provide mobility. Typical operating environments include business networks and domestic premises networks. An overview of HIPERLAN/2 access networks is provided by the European Telecommunications Standards Institute (ETSI) document DTR/BRAN-00230002, 1998, incorporated herein by reference.
Depending upon the mobile terminal""s handover decision, sector handover (inter-sector), radio handover (inter access point transceiver/inter access point handover), network handover (inter access point/inter network handover) or forced handover may occur in accordance with HIPERLAN/2.
Prior to the execution of a handover, the mobile terminal must gather relevant measurements on the frequency that is used by the current access point, as well as on the frequencies that are used by access points that are candidates for a handover. Measurements on the serving frequency can be carried out by the mobile terminal while it is synchronized to the current access point. However, in order to measure the frequency of neighboring access points, the mobile terminal must be temporarily absent from the current access point.
During a mobile terminal absent procedure the mobile terminal is temporarily disconnected from the current access point, in order that the mobile terminal can perform measurements on neighboring access points. During this time, no communication between the mobile terminal and the current access point is possible. As part of this absent procedure, the mobile terminal tells the current access point that it will be absent for n-frames. During this absent period, the mobile terminal cannot be reached by the current access point. After the absent period, the current access point may trigger a mobile terminal alive sequence to check if the mobile terminal is available.
During a sector handover the antenna sector of the access point is changed, and the same access point controls the entire handover. After a successful sector handover, the mobile terminal communicates via the new sector. A radio handover relates to access points having more than one transceiver per access point, for example two access point transceivers and one access point controller. Radio handover is performed when a mobile terminal moves from a coverage area of one access point to another coverage area that is served by the same access point. Since radio handover can be performed within the data link control (DLC) layer, higher layer protocols (HL) are not involved. When the mobile terminal detects the need for a handover to another access point controller, the mobile terminal may still synchronize to the current access point. In this case the mobile terminal may notify its access point controller that the mobile terminal will perform a handover to another access point controller. In the case of a radio handover all relevant information about on-going connections, security parameters, etc. are available in the access point, so that this information is not re-negotiated.
A network handover is carried out when a mobile terminal moves from one access point to another access point. Since the mobile terminal leaves the serving area of a radio control link (RLC) instance, a network handover involves the convergence layer (CL) and the HL (as may be needed), as well as DLCI. To maintain HL association and connections, specific signaling via the backbone may be needed. When the mobile terminal detects the need for handover to another (target) access point, the mobile terminal may still be synchronized to the current access point. In this case, the mobile terminal may notify the current access point that it will perform a handover to another access point. The notified access point shall then stop transmitting to that mobile terminal, but shall maintain association for a specified time, when indicated.
Forced handover gives a current access point the opportunity to order a certain mobile terminal to leave the current access point""s cell. A forced handover is initiated by the access point sending a Force_Handover signal to the mobile terminal. In one procedure the mobile terminal performs a normal handover and leaves its old cell, regardless of whether it finds a new cell. In a second procedure the mobile terminal has the opportunity to come back to the old access point if handover fails.
For further discussion of HIPLERLAN/2 features see the Broadband Radio Access Networks (BRAN); HIPERLAN type 2 Functional Specification; Radio Link Control (RLC) that are provided by the ETSI standardization organization, incorporated herein by reference.
Several types of wireless communication systems have been implemented, and others have been proposed, to encompass limited geographic areas, for example a limited area that is encompassed by a building or by an office workplace within a building. Wireless communication systems such as microcellular networks, private networks, and WLANs are exemplary of such systems.
Wireless communication systems are typically constructed pursuant to standards that are promulgated by a regulatory or a quasi-regulatory body. For instance, the IEEE 802.11 standard promulgated by the IEEE (Institute of Electrical and Electronic Engineering) is a wireless local area network (LAN) standard pertaining generally to the commercial 2.4 GHz wireless LAN. The 802.11 standard specifies an interface between a wireless terminal and a base station or access point, as well as among wireless terminals. Standards pertaining to a physical layer and a media access control (MAC) layer are set forth in such a standard. This standard permits automatic medium sharing between different devices that include compatible physical layers. Asynchronous data transfer is provided for in the standard, generally by way of the MAC layer, utilizing a carrier sense multiple access with collision avoidance (CSMA/CA) communication scheme.
While the IEEE 802.11 standard provides for wireless communications through the use of mobile terminals that are constructed to be mutually operable pursuant to such a standard, the standard does not adequately provide for real time wireless services. For instance, in an implementation of the standard a significant loss of quality is sometimes experienced during handover of communications from one AP to another AP. Excessive numbers of data frames are susceptible to being lost or delayed, resulting in the loss of communication quality, or even termination of communications. Operational modes different than that set forth in the IEEE 802.11 standard are therefore required, particularly for real time wireless services. Proprietary functions have been proposed which permit improved quality of communications as compared to operation pursuant to the existing IEEE 802.11 standard. APs and mobile terminals that are operable to perform such proprietary functions are referred to as being proprietary mode capable.
However, both ends of a communication pair, consisting of a mobile terminal and the AP through which the mobile terminal communicates, must be capable of operation in the proprietary mode. If both ends of the communication pair are not together operable pursuant to the proprietary mode, conventional operation pursuant to the IEEE 802.11 standard is required. Therefore, prior to permitting both ends of the communication pair to operate in the proprietary mode, a determination must be made of the ability of both ends of the communication pair together to be operable pursuant to the proprietary mode.
The above mentioned copending patent application provides apparatus that is operable to identify whether both ends of the communication pair are together operable in the proprietary mode, the apparatus operating to activate both ends of the communication pair to operate in the proprietary mode when it is determined that pair-compatibility exits, and the apparatus thereafter operating to maintain the proprietary mode operation during handover procedures should a mobile terminal physically move from a cell that is serviced by a first AP to a cell that is served by a second AP.
In addition to the valuable features that are provided by the apparatus of this copending application, it would be desirable to re-establish a security association as such an AP-to-AP handover occurs.
Many customers, and particularly business environments, require a high degree of data security, and this data security cannot be compromised by use of a WLAN installation. Since access to the WLAN cannot be restricted physically, it is customary to use crytographical methods to protect transmitted data and network elements. Current IEEE 802.11 and ITEF Internet standards offer two complementary mechanisms for providing secure data communications over a wireless link, i.e. Internet Protocol Security (IPSEC). IPSEC is an IP-based security protocol that provides FOR secure communication between two IP hosts. A common use of the IPSEC protocol is in the building of Virtual Private Networks (VPNs).
In WLAN systems the IPsec protocol can be used to provide end-to-end security for data packets, this security being provided by authenticating and/or encrypting the transmitted data packets. IPsec uses symmetric cryptography that requires use of the same encryption and/or authentication key at both ends of a communication link. Sealable key management protocols such as IKE can be used to generate the symmetric keys for an IPsec stack.
While the Internet Key Exchange (IKE) key management protocol is useful for the establishment of an IP level security association during an initial mobile-terminal/access-point association, when the need for a communication handover occurs, the use of IKE or other similar protocols inflicts a considerable time delay on accomplishing the handover since such protocols require the exchange of multiple messages, the their use of public key encryption requires very heavy computation. Since a handover of the payload traffic can be resumed only after an active security association has been established between the new-AP and the mobile terminal, the use of the IKE key management protocol or other such protocols presents problems during the handover.
When any security protocol with a dynamic encryption key, i.e. a session-dependent dynamic key, is applied between a mobile terminal and an AP, it is desirable to find a mechanism for the transfer of an active security association from one AP to another AP, as the mobile terminal moves within the coverage that is provided by the wireless radio network or system.
It is in light of this background information that the present invention provides a low or short delay method/apparatus for the key management and security association re-establishment during a WLAN communication handover, wherein there is no need to modify the end-to-end security association during handover (e.g. IPsec payload connections between the mobile terminal and a server), and wherein the handover affects only the security functions between the mobile terminal and the new and old APs.
This invention relates to radio communications, to the IEEE 802.11 2.4 GHz WLAN standard, to high performance radio local area networks (HIPERLANs), to the ETSI HIPERLAN type 2 standard, and to IPSEC level security association between a wireless terminal and network elements. The invention finds utility in any IP based wireless network, examples of which include ETSI BRAN and IEEE 802.11. In addition the invention finds utility when a mobile terminal moves between two IPSEC router entities where a wireless terminal communicates with an endpoint that is not a wireless access point.
The present invention provides an efficient method/apparatus for re-establishing an existing security association when a handover event occurs in a radio communications system such as an IEEE 802.11 or a HIPERLAN. Operation of this invention increases handover performance, and minimizes the delay that is associated with re-negotiating an security association between a new AP and a mobile terminal.
The invention provides an efficient way to maintain an established security association between a mobile terminal and the wireless communication network when a handover occurs within the network. An example of the utility of the invention is a WLAN having Internet Protocol Security (IPsec) based security association between the APs and the mobile terminals that are within the WLAN. However, the invention also finds utility for maintaining any type of dynamic security association, such as HIPERLAN/2 radio level security functions.
In accordance with the invention, authentication of a mobile terminal during a handover event is achieved by a challenge/response procedure. In accordance with this challenge/response procedure the new AP sends a challenge to the mobile terminal, whereupon the mobile terminal (MT) responds by sending a response to the new AP.
An authentication key for both ends of the communication pair that is made up of a mobile terminal and an AP is originally generated by a scaleable key management protocol, for example Internet Key Exchange (IKE). Security associations are transferred between the various APs that are within the wireless communication system in order to avoid the need for a new and different key exchange during each handover.
The keys and their related information are requested by a new AP during a handover process, and the keys and other information are transferred from the old AP to the new AP in one or more handover messages that pass between the old AP and the new AP. The exchange of authentication challenges and the responses thereto are integrated into handover signaling that occurs between the new AP and the mobile terminal that is involved in the handover.
In accordance with a feature of the invention, the messages are medium access control (MAC) messages.
It is to be noted that this invention""s feature of providing access point authentication is a desirable but an optional feature.
While a secure connection is preferred between access points, such a feature is not required by the spirit and scope of the invention.