IP-based mobile system includes at least one Mobile Node in a wireless communication system. The term “Mobile Node” includes a mobile communication unit, and, in addition to the Mobile Node, the communication system has a home network and a foreign network. The Mobile Node may change its point of attachment to the Internet through these other networks, but the Mobile Node will always be associated with a single home network for IP addressing purposes. The home network has a Home Agent and the foreign network has a Foreign Agent—both of which control the routing of information packets into and out of their network.
The Mobile Node, Home Agent and Foreign Agent may be called other names depending on the nomenclature used on any particular network configuration or communication system. For instance, a “Mobile Node” encompasses PC's having cabled (e.g., telephone line (“twisted pair”), Ethernet cable, optical cable, and so on) connectivity to the wireless network, as well as wireless connectivity directly to the cellular network, as can be experienced by various makes and models of mobile terminals (“cell phones”) having various features and functionality, such as Internet access, e-mail, messaging services, and the like.
And, a home agent may be referred to as a Home Agent, Home Mobility Manager, Home Location Register, and a foreign agent may be referred to as a Foreign Agent, Serving Mobility Manager, Visited Location Register, and Visiting Serving Entity. The terms Mobile Node, Home Agent and Foreign Agent are not meant to be restrictively defined, but could include other mobile communication units or supervisory routing devices located on the home or foreign networks. Foreign networks can also be called serving networks.
Registering the Mobile Node
Foreign Agents and Home Agents periodically broadcast an agent advertisement to all nodes on the local network associated with that agent. An agent advertisement is a message from the agent on a network that may be issued under the Mobile IP protocol (RFC 2002) or any other type of communications protocol. This advertisement should include information that is required to uniquely identify a mobility agent (e.g. a Home Agent, a Foreign Agent, etc.) to a mobile node. Mobile Nodes examine the agent advertisement and determine whether they are connected to the home network or a foreign network.
If the Mobile Node is located on its home network, information packets will be routed to the Mobile Node according to the standard addressing and routing scheme. If the Mobile Node is visiting a foreign network, however, the Mobile Node obtains appropriate information from the agent advertisement, and transmits a registration request message to its Home Agent through the Foreign Agent. The registration request message will include a care-of address for the Mobile Node. A registration reply message may be sent to the Mobile Node by the Home Agent to confirm that the registration process has been successfully completed.
The Mobile Node keeps the Home Agent informed as to its current location by registering a “care-of address” with the Home Agent. The registered care-of address identifies the foreign network where the Mobile Node is located, and the Home Agent uses this registered care-of address to forward information packets to the foreign network for subsequent transfer onto the Mobile Node. If the Home Agent receives an information packet addressed to the Mobile Node while the Mobile Node is located on a foreign network, the Home Agent will transmit the information packet to the Mobile Node's current location on the foreign network using the applicable care-of address.
Authentication, Authorization and Accounting (“AAA”)
In an IP-based mobile communications system, when a mobile node travels outside its home administrative domain, the mobile node may need to communicate through multiple domains in order to maintain network connectivity with its home network. While connected to a foreign network controlled by another administrative domain, network servers must authenticate, authorize and collect accounting information for services rendered to the mobile node. This authentication, authorization, and accounting activity is called “AAA”, and AAA servers on the home and foreign network perform the AAA activities for each network.
Authentication is the process of proving one's claimed identity, and security systems on a mobile IP network will often require authentication of the system user's identity before authorizing a requested activity. The AAA server authenticates the identity of an authorized user and authorizes the mobile node's requested activity. Additionally, the AAA server will also provide the accounting function including tracking usage and charges for use of transmissions links between administrative domains.
Another function for the AAA server is to support secured transmission of information packets by storing and allocating security associations. Security associations refer to those encryption protocols, nonces, and keys required to specify and support encrypting an information packet transmission between two nodes in a secure format. The security associations are a collection of security contexts existing between the nodes that can be applied to the information packets exchanged between them. Each context indicates an authentication algorithm and mode, a shared or secret key or appropriate public/private key pair, and a style of replay protection.
The current registration and authentication protocols are not efficient because they require the re-transmission of registration and authentication request messages in certain time-out situations. The re-transmission of the registration and authentication request messages may be unnecessary in these situations, and such a re-transmission of these messages may result in multiple request messages being transmitted onto the network when only one request message was needed.