1. Field of the Invention
The present invention relates to a wireless access system, and more particularly to a pre-authentication method for an Inter-Radio Access Technology (Inter-RAT) handover managed by different administrative domains.
2. Discussion of the Related Art
A general handover procedure and an authentication procedure based on a Privacy and Key Management Sublayer (PKM) prescribed in the IEEE 802.16 standard will hereinafter be described in detail.
FIG. 1 is a flow chart illustrating a method for performing a handover and initial network entry process.
Referring to FIG. 1, a mobile station (MS) selects a cell to enter the initial network or to perform handover at steps S101 and S102. During this cell selection, the mobile station (MS) performs scanning or ranging for at least one base station in order to search for an appropriate base station for either a network connection or a handover. The mobile station (MS) may schedule a scan period or a sleep period to determine whether or not the mobile station (MS) can enter an initial network for the base station or a target base station.
When the mobile station (MS) enters the initial network, it can be synchronized with a serving base station simultaneously while acquiring downlink parameters from the serving base station (SBS) at step S103. In this case, the SBS may provide a service over the network desired by the MS. The MS establishes synchronization with the SBS, and then acquires uplink parameters for the SBS at step S104. The MS performs the ranging process with the SBS, and adjusts the uplink parameters along with the SBS at step S105. By the above-mentioned steps, the MS and the SBS form basic functions for communication at step S106. The SBS authorizes the mobile station (MS) and exchanges keys with this MS at step S107. So, the MS is registered in the SBS at step S108, and establishes an IP connection to the SBS at step S109.
The SBS transmits operation parameters to the MS, such that it can communicate with the MS at step S110. A connection between the MS and the SBS is established at step S111, such that the MS and the SBS can carry out normal operations at step S112. The MS can continuously search for a neighboring base station while the SBS performs normal operations at step S113. As the MS becomes distant from the SBS while in motion, a quality of service (QoS) provided from the SBS is gradually lowered, such that the mobile station (MS) must continuously search for the neighboring base station capable of providing better services. In this case, the neighboring base station providing a service better than that of the SBS is called a target base station (TBS), and the MS searches for the TBS, such that this MS can be handed over to the searched TBS.
Generally, the handover is carried out when the MS moves from the serving base station (SBS) to the target base station (TBS). Namely, the handover is carried out when a radio interface, service flow, and a network access point of the MS are shifted from the SBS to the TBS. If the MS, the SBS, or a network administrator decides the handover at step S114, the handover starts operation.
The MS selects the TBS at step S115, can establish synchronization with the TBS, and can also acquire downlink parameters from the TBS at step S116. The MS acquires uplink parameters from the TBS at step S117, performs the ranging process with the TBS, and adjusts the uplink parameters along with the TBS at step S118. In this case, if the MS has received an NBR-ADV message including an identifier of the TBS, a frequency, and uplink/downlink channel descriptors (UCD/DCD), the scanning process and the synchronization process can be simplified. If the TBS receives a handover notification message from the SBS over a backbone network, a non-competitive initial ranging opportunity may be provided to an Uplink MAP (UL-MAP).
By the above-mentioned procedure, the MS and the TBS form basic functions at step S119. The MS and the TBS perform the ranging process to start re-entering the network. Also, the MS is re-registered in the TBS, and establishes a re-connection to the TBS at step S120. So, the MS is registered in the TBS at step S121, and an IP connection from the TBS is re-established in the MS at step S122. As a result, the TBS serves as the SBS, such that it can provide the MS with necessary services.
The handover of FIG. 1 will hereinafter be described in detail. The MS re-selects the cell on the basis of neighboring base station information acquired by the scanning, and is handed over from the SBS to the TBS. Therefore, the MS establishes synchronization with the TBS and performs the ranging process with the TBS. Thereafter, the TBS performs reauthorization for the MS. Herein, the TBS can request information of the MS from the SBS over a backbone network.
The handover and network reentry process can be greatly simplified according to MS-associated information owned by the TBS. Some network entry processes may be omitted according to an amount of MS-associated information owned by the TBS.
FIG. 2 is a flow chart illustrating a method for allowing the IEEE 802.16 system to authenticate a mobile station (MS).
FIG. 2 shows a current authentication procedure, and represents an information transmission format and a flow of messages. However, these messages having transmission/reception (Tx/Rx) information of an MS 200, a base station (BS) 200, or an Authentication, Authorization, Accounting (AAA) server 240 may have a variety of formats.
Referring to FIG. 2, if the MS 200 desires to enter the network, the MS 200 acquires synchronization from the BS 220, and performs the ranging with the BS 220. Thereafter, the MS 200 negotiates with the BS 200 about their basic capabilities using an SBC-REG-/RSP message at step S201. Namely, the MS 200 and the BS perform the basic capability negotiation at step S201.
The following Table 1 shows an exemplary SBC-REG/RSP message for the basic capability negotiation between the MS and the BS.
TABLE 1SBC-REQ/RSP{ Requisite Parameter Physical Parameters Supported Bandwidth Allocation Support Selective Parameter Capabilities for construction and transmission of MAC PDUs PKM Flow Control Authorization Policy Support Maximum Number of Supported Security Association Security Negotiation Parameters HMAC-CMAC Tuple}
In Table 1, a Subscribe Station Basic Request (SBC-REQ) message is transferred by the mobile station (MS) during the initialization. In response to the SBC-REQ message, the base station (BS) transmits a Subscribe Station Basic Response (SBC-RSP) message to the mobile station (MS). The SBC-REQ/RSP messages are used for the basic capability negotiation between the MS and the BS.
The basic capability negotiation is carried out after the ranging process, such that the MS can transfer its own basic capabilities to the BS by this basic capability negotiation. In Table 1, the SBC-REQ/RSP messages may include not only mandatory parameters but also optional parameters.
A security association (SA) is indicative of an aggregate of security information units shared between the BS and at least one MS in order to provide the IEEE 802.16-based network with security communication. In association with the security association (SA) of Table 1, an Authorization Policy Support field and a security negotiation parameter may be used.
The Authorization Policy Support field is one of fields contained in the SBC-REG/RSP messages, and describes an authorization policy which must be negotiated between the MS and the BS, and synchronization of the authorization policy must be established between the MS and the BS. If the Authorization Policy Support field is omitted, the MS and the BS must use the IEEE 802.16 security having an X.509 certificate and an RSA public key algorithm.
The following Table 2 shows an example of a general Authorization Policy Support field.
TABLE 2TypeLengthValueField1Bit #0: IEEE 802.16 Privacy SupportedSBC-REQ,Bits #1-7: Reserved, shall be set to zeroSBC-RSPTypeLengthValue1Bit #0: RSA-Based Authorization at the InitialNetwork EntryBit #1: EAP-Based Authorization at Initial NetworkEntryBit #2: Authenticated EAP-based Authorization at theinitial Network EntryBit #3: Reserved, set to 0Bit #4: RSA-Based Authorization at ReentryBit #5: EAP-Based Authorization at ReentryBit #6: Authenticated EAP-Based Authorization ReentryBit #7: Reserved, shall be set to 0
The Security Negotiation parameter field indicates whether or not the security capabilities, which must be negotiated before the initial Authorization procedure or the reauthorization procedure, are supported.
The following Table 3 shows an example of a general Security Negotiation parameter field.
TABLE 3TypeLengthContentsField25variableThe Compound field contains theSBC-REQ,subattributes as definedSBC-SRPin the table belowSub-AttributesContentsPKM Version SupportVersion of Privacy Sublayer SupportedAuthorization Policy SupportAuthorization Policy to SupportMessage AuthenticationMessage Authentication Code to Supportcode ModePN Window sizeSize Capability of the Receiver PNWindow per SAID
In the meantime, the PKM Version Support field of Table 3 describes a PKM version. Namely, the mobile station (MS) and the base station (BS) negotiate with each other to use only one PKM version.
The following Table 4 shows an example of a general PKM Version Support field.
TABLE 4TypeLengthValue25.11Bit #0: PKM Version 1Bit #1: PKM Version 2Bit #2-7: Reserved value, set to 0
Referring back to FIG. 2, the MS 200 requests an Extensible Authentication Protocol (EAP) from the AAA server 240 via the BS 220. In response to this request from the MS 200, the AAA server 240 performs user authentication by applying the EAP authentication method to the MS 200 at step S202.
The EAP-TLS may use the X.509 Certificate as an example of the EAP authentication method. The EAP-SIM may use a credit guarantee having a specific format such as a Subscriber Identity Module (SIM). However, an RSA authentication method, which uses an encryption algorithm based on a public key algorithm, may also be used according to system requirements.
At step S202, if the MS authentication (or the user authentication) has been successfully carried out, the AAA server 240 generates a Master Session Key (MSK) using the EAP-based authentication method. The AAA server transmits the MSK to the MS and the BS at steps S203 and S204.
An authorization key (AK) may be generated from the MS 200 and the BS 220 according to the PMK scheme (i.e., EAP-based authentication scheme) at step S205. The MS 200 and the BS 220 may generate the AK using the MSK, and the AK may be used to generate a Traffic Encryption Key (TEK) for communication between the MS 200 and the BS 220.
The MS 200 and the BS 220 share the TEK by a 3-way handshaking at step S206. This 3-way handshaking is carried out by a three-step handshaking, which is composed of an SA-TEK challenge step, an SA-TEK request step, and an SA-TEK response step. In this case, the TEK used for encrypting actual data is generated such that the MS 200 and the BS 220 share the generated TEK.
The BS 220 and the MS 200, which has generated the AK using the authentication procedure, share the TEK and then perform the network entry procedure at step S207.