The Extensible Authentication Protocol (EAP) covered by RFC 2284 is used to authenticate a client in order to enable the client to access the infrastructure of the operator and the services that the operator offers. This method of authenticating and managing access to services gives satisfactory results when the mobile node and an access point to the infrastructure of the operator are in direct communication, i.e. when the mobile node and the access point are within transmission range of each other.
A first implementation of EAP authentication is implemented on top of layer 2 of the OSI network reference model specified in IEEE standards 802.11i and 802.16. Access to the infrastructure of the operator for a given client is unlocked following successful authentication of the client. However, because EAP data is encapsulated in the data link layer, it is not possible at present for a mobile node to be authenticated when it is not within direct range of an access point.
A second implementation of EAP authentication is implemented on top of layer 3 of the OSI network reference model. It is known as the Protocol for carrying out Authentication for Network Access (PANA), and is being standardized by the IETF. The aim of this protocol is to enable authentication of clients for access to an infrastructure using the Internet Protocol (IP). Its implementation on top of the IP layer enables it to benefit from the routing protocol and consequently makes EAP authentication possible when the mobile node is not within direct range of an access point. In this situation, one or more other mobile nodes serve as relays to an access point. One of the other mobile nodes within transmission range of the requesting mobile node serves as an entry point to the network. To implement the authentication procedure, a particular role is assigned to the other mobile node, referred to below as the access controller. However, this implementation causes various problems in the context of vehicular networks. The access controller has access to the security parameters of the client. In a vehicular network, it is not necessarily a so-called trusted node. Moreover, the PANA protocol requires exchanges associated with implementing authentication and subsequent exchanges with the infrastructure to be effected via the access controller. If the nodes are highly mobile, an authenticated mobile node remains within transmission range of the access controller only for limited periods. Moreover, to route packets, an IP routing infrastructure is required in the vehicular network for managing routing tables and the topology of the network.
There is therefore a requirement for a technique that enables a moving node to be authenticated by a communications network access point independently of setting up routing and topology tables, with exchanges between the moving node and the access point possibly being effected via other nodes, that are also mobile.