Mobile host devices attempting to shift between physical networking mediums and/or network access points within a network typically have to satisfy various security measures before the requesting device may be authorized and authenticated. Industry-wide development of stronger network security measures to ensure that unauthorized and incompliant devices are not allowed access to various network assets are currently motivated by, among other things, the proliferation of malware mechanisms (e.g., worms, viruses, Trojan horses, rootkits) which often propagate into corporate networks. In an endeavor to eliminate, isolate, and reduce the impact and/or effects of malware, various proprietary and/or standards-based solutions attempt to measure and to report various operational attributes of a mobile host device, which are evaluated by the network before allowing that mobile host device to connect to a protected network. Unfortunately, these client side solutions often require the assistance of the very operating system on the mobile host device that is attempting to be validated.
Mobile devices present additional difficult challenges to enterprise network security as these devices, by design, move, switch, and/or roam between multiple network access points. Unfortunately, many of the assumptions that may be attributed to fixed network devices to reduce the authentication and authorization process are unavailable to similarly configured mobile devices resulting in a protracted authentication and authorization process for each new network access point, especially when the mobile device switches between networking mediums, such as wired to wireless and vice versa. Moreover, current definitions of authentication frameworks require substantive exchange of platform state information on each connection attempt, placing an even greater authentication burden on a mobile client. In addition to the previously described authentication frameworks, there are wireless (e.g., the IEEE 802.11i standard, IEEE std. 802.11i-2004, published Jul. 23, 2004) and emerging wired (e.g., the IEEE 802.1af draft standard, IEEE P802.1af/D0.4, published Jan. 16, 2006 and/or the IEEE 802.1AE draft standard, IEEE P802.1AE/D5.1, published Jan. 19, 2006) security protocols, which often need to be executed after each authentication attempt, adding additional overhead on these devices.
Complete network re-evaluation of the requesting mobile platform during mobility connections bears a high cost in terms of latency, overhead, and power consumption. Each time a switch between network connections is desired, the mobile host device responds to various high overhead and protracted authentication and authorization checks solicited by the enterprise network before normal network operation can continue/begin. As such, current network access solutions make reliable multimedia delivery to mobile devices transitioning between multiple access points impractical and require far too much overhead for applications that consistently exchange high volumes of data with mobile devices, such as handheld digital devices and/or laptops.