Along with the flourish development of Internet Service and the widely application of Wireless Networks, more and more requirements on Wireless Networks are proposed with respect to demand on security of the mobile users. Expect for Device Authentication, User Authentication, Service Authentication, the problems issues that are not considered in Private Networks, such as building a security channel and exchanging security information between a wireless user and an Access Point (AP) or a Base Station (BS), between a BS and an Authenticator, between an Authenticator and an Authentication Server, need to be focused now.
Illustrated by the example of WiMAX security network infrastructure, excluding other internal devices that are accessed to the network, FIG. 1 illustrates a centralized network infrastructure while FIG. 2 illustrates a distributed network infrastructure.
In the infrastructure shown in FIG. 1, an Authenticator and a BS locate in different Physical Entities. The Authenticator implements an Authenticator Function and a Key Distributor Function, and the BS implements an Authentication Relay Function and a Key Receiver Function.
In the infrastructure shown in FIG. 2, an Authenticator and a BS locate in a same Physical Entity and the entity implements an Authenticator Function, a Key Distributor Function, an Authentication Relay Function and a Key Receiver Function.
Functions of each net element (including logic net elements) in FIG. 1 and FIG. 2 are interpreted as follows:                BS:        Providing a security channel between a BS and a Mobile Station (MS), including compression and encryption of Air Interface Data.        Providing exchange of information between the BS and the MS.        
Authenticator:                Providing proxy function of authentication, authorization and accounting of a MS.        Implemented in the same physical entity with a Key Distributor.        
Authentication Relay:                Implementing relay of an Authentication Request and a response message during an authentication process.        
Key Distributor:                Implemented in the same physical entity as an Authenticator, generating an Air Interface Key (AK) that is shared by a BS and an MS according to root key information peered with the MS from an Authentication Server, and distributing the AK to a Key Receiver.        
Key Receiver:                Implemented in a BS, receiving an AK generated by a Key Distributor and deriving other security keys between the BS and an MS. Furthermore, as a complete Security Network Infrastructure, an Authentication Server on back network and a Mobile Station (MS) shall also be included.        
Authentication, Authorization, Accounting (AAA) Server:                An AAA Server implements authentication, authorization and accounting of an MS. The AAA server exchanges with an MS necessary information for generating security keys based on a negotiated security key generation mechanism. Because such information is exchanged before a security channel is built, a security key algorithm between the AAA Server and the MS must ensure that the security mechanism is not affected even information is leaked. Main functions of the AAA Server include:        Generating and distributing a root security key to an Authenticator.        When user information changes, informing the Authenticator and other network elements result of the change.        
MS:                An MS is a mobile user device, initiates authentication and authorization in the security infrastructure, exchanges with an AAA Server necessary information for generating a root security key, generates a root security key by itself, and generates, according the root security key, an AK and other derived security key information that is required by Air Interface Encryption.        
Mobile Internet Protocol (MIP) involves the following entities: Mobile Node (MN), Foreign Agent (FA) and Home Agent (HA). An MN initiates a MIP Registration Request with a HA via a FA. The HA associates a Care-of-Address (CoA) with a Home Address (HoA) of the MN when the HA receives the MIP Registration Request. All of the data packets with HoA destination addresses that are received by the HA are forwarded to the CoA addresses, the FA address is in the Mobile Internet Protocol version 4 (MIPv4). For further ensuring security, MIP messages usually carry Authentication Extension (AE). Illustrated by the example of an AE between an MN and a HA, the MN-HA-AE, when the HA receives a MIP Registration Request that carries an MN-HA-AE, the HA needs to compute a local authentication value based on security key information that is known in advance, the HA compares the local authentication value with a corresponding parameter in the MN-HA-AE carried by the data packet. If the local authentication value equals to the corresponding parameter, the MIP Registration Request is processed; otherwise, the MIP Registration Request is denied.
When there is no security key information that is known in advance between the MN and the HA, the MN can use security key information between the MN and the AAA Server to authenticate the MIP Registration Request.
Formula for computing MIP Registration Key in existing WiMAX are as follows:MN-HA-K: H (MIP-RK, “MIP4MN HA”, HA-IP);MN-FA-K: H (MIP-RK, “MN FA”, FA-IP);FA-HA-K: H (MIP-RK, “FA HA”, FA-IP, HA-IP, nonce);In RFC3957, following algorithm is provided based on random numbers, MN Identifier, and a shared security key between an MN and an AAA Server:Key=HMAC-SHAI (AAA-Key, {Nonce∥MN-ID}).
MIP has two types in WiMAX: Client Mobile IP (CMIP) and Proxy Mobile IP (PMIP). For an MS that supports MIP, it works in CMIP Mode, and an MN works as the MS. In contrary, for an MS that does not support MIP, network side creates a PMIP-Client Entity in substitution of the MS to implement the MIP Function. FIG. 3a shows a security network infrastructure based on CMIP Mode, and FIG. 3b shows a security network infrastructure based on PMIP Mode.
(1) Generation and Distribution of PMIPv4 security key
During an access and authentication process, an AAA Server generates Extended Master Session Key (EMSK), computes Mobile Internet Protocol Root Key (MIP-RK), and derives security keys between MN-HA, MN-FA and FA-HA (being MN-HA-K, MN-FA-K and FA-HA-K respectively). Then the security keys between MN-HA, MN-FA and FA-HA are transmitted in encryption to a Network Authentication Server (NAS).
The FA-HA-K may be generated directing for a specified HA and FA group by the AAA Server rather than being derived from the EMSK.
The prior art defines that the generation formula for the above MN-HA-K (may be called MN-HA-MIP4-K in MIPv4), MN-FA-K, FA-HA-K are associated with the following factors:
During an access and authentication process of a MS, an EMSK is generated between the MS and an AAA Server. The MS and the AAA Server can compute a MIP-RK via a function defined by the EMSK. A security key between an MN and a HA (MN-HA-K) can be computed based on the MIP-RK and Home Agent IP Address (HA-IP) via a defined function (by the AAA Server in PMIP Mode). A security key between the MN and a FA (MN-FA-K) can be computed based on the MIP-RK and Foreign Agent IP Address (FA-IP) via a defined function. A security key between the FA and the HA (FA-HA-K) can be computed based on the MIP-RK, FA-IP, HA-IP and a random number via a defined function. The formula are as follows:MN-HA-MIP4=H (MIP-RK, “MIP4 MN HA”|HA-IP)MN-FA=H (MIP-RK, “MN FA”|FA-IP)FA-HA=H (MIP-RK, “FA HA”|FA-IP|HA-IP|NONCE)
(2) Generation and Distribution of CMIPv4 security key
During an access and authentication process, an AAA Server generates an EMSK, computes a MIP-RK, and derives security keys between MN-HA, MN-FA and FA-HA (optional). An MN can compute the security keys between MN-FA and MN-HA according to a FA-IP and a HA-IP. A NAS acquires the security keys between MN-HA, MN-FA and FA-HA. A security key associated with a HA is obtained by requesting from the AAA Server in the first MIP Registration Request process.
However, prior arts only describe the generation formula of MIP security keys, it is not provided how will the FA and HA process the existent security keys and the existent security association (the security association includes: MIP security keys, lifetime of the security keys, Safety Parameter Index (SPI) and algorithms used for parameters associated with Authentication Extension) after Re-Authentication. Thus, when an MS uses new security keys for MIP Registration, if a FA and a HA on network side still use old security keys to perform authentication, the MIP Registration Request initiated by the MS after Re-Authentication is possibly be always denied.