The present invention relates to method of location update for a mobile node.
As is known, a mobile host may connect to a fixed communication network via one of a plurality of access points. Each access point has a defined area of geographic coverage and, as the mobile host moves, it is transferred from one access point to another when it passes from a geographic area served by one access point to the geographic area served by another access point. This process is referred to as “hand-off”. The mobile host may be a mobile consumer device such as a mobile telephone, a laptop computer, a Personal Digital Assistant etc.
It is desirable that the user of the mobile host does not experience any breakdown or interruption in communication when the mobile node is handed-off from one access point to another, and this requires that, when the mobile host is handed-off from one access point to another, other hosts are made aware of the new access point for the mobile host. Accordingly, when a mobile host is handed-off it sends a location update message to other hosts to inform them of its new location.
When a peer host receives a location update message it must verify that the mobile host is in the new location claimed in the location update message. If this is not done, the mobility protocol would become vulnerable to re-direction and Denial-of-Service (DoS) attacks.
In the hand-off process of
If, however, a peer host sends the reachability challenge to the new location of the mobile host claimed in the location update message but does not receive a satisfactory response, this indicates that the location update message may not have been genuine. The peer host may then choose to disregard the location update message.
The method of
A first aspect of the present invention provides a method of facilitating location update signalling within a communication network between a mobile node and an end host, the method comprising the steps of:
a) establishing a trust relationship between one or more end hosts and a proxy;
b) performing a location update between a mobile node and the proxy; and
c) sending a location update message from the proxy to end host(s) having the trust relationship with the proxy.
It can be seen that the conventional hand-off process of
The present invention provides a method in which one or more end hosts authorise a proxy to perform location update signalling on their behalf. A proxy may be authorised by multiple end hosts to perform location update signalling. When a mobile host is handed-off it performs location update signalling, preferably including a reachability test, with the proxy rather than with the one or more end hosts. Upon satisfactory completion of the location update signalling, the proxy sends the new location of the mobile host to the end host(s) that have authorised the proxy—the end host(s) can then exchange data with the mobile host at its new location. The present invention can thus reduce the number of location update signalling messages required since, if multiple end hosts authorise the same proxy, the mobile node is required to communicate with one proxy rather than with multiple end hosts.
The present invention provides the following advantages:
Step (b) may include the proxy performing a reachability test. Step (c) may includes sending the location update message only if the reachability test is concluded successfully.
Step (a) may include the proxy being authorised by the end host(s) to perform a reachability test upon their behalf.
The end host(s) may, before the location update is performed, inform the mobile host about the trust relationship.
The end host(s) may inform the mobile host by performing respective key exchanges with the mobile host.
The end host(s) may provide a public key of the proxy to the mobile host in the key exchanges.
The method may further comprise, before the location update is performed, establishing a security association between the mobile node and the proxy.
The proxy may provide the mobile node with evidence of its authorisation to perform the reachability test.
A second aspect of the invention provides a method of facilitating location update signalling for a mobile node within a communication network, the method comprising the steps of:
a) receiving, at a proxy, authorisation from one or more end hosts to perform location update signalling on their behalf;
b) receiving, at the proxy, a location update message from a mobile node; and
c) sending a location update message from the proxy to the end host(s).
The second aspect relates to the steps performed at the proxy.
The method may further comprise the proxy sending a reachability challenge message to the mobile node. Step (c) may comprises the proxy sending the location update message only if the proxy receives a successful response to the reachability challenge message.
Before step (b), a message may be sent from the proxy to the mobile node to establish a security association between the mobile node and the proxy.
The proxy may, before step (b), send to the mobile node evidence of its authorisation to perform a reachability test.
A third aspect of the present invention provides a method of facilitating location update signalling for a mobile node within a communication network, the method comprising the steps of:
a) transmitting, from an end host to a proxy, authorisation for the proxy to perform location update signalling on behalf of the end host;
b) transmitting, from the end host to a mobile node, a message informing the mobile host of the authorisation of the proxy; and
c) receiving, at the end host, a message from the proxy containing a location update for the mobile node.
The third aspect relates to the steps carried out at the end host.
Step (b) may comprise the peer host transmitting a public key of the proxy to the mobile node.
A fourth aspect of the present invention provides a method of facilitating location update signalling for a mobile node within a communication network, the method comprising the steps of:
a) receiving, at a mobile node, notification from an end host that it has authorised a proxy to perform location update signalling on its behalf; and
b) transmitting a location update message from the mobile node to the proxy.
Subsequent to step (a) but before step (b), the mobile host may initiate a key exchange with the proxy.
The mobile node may be a mobile host, or it may be a mobile router.
A fifth aspect of the present invention provides a proxy for facilitating location update signalling for a mobile node within a communication network, wherein the proxy is adapted to:
a) receive authorisation from one or more end hosts to perform location update signalling on their behalf;
b) receive a location update message from a mobile node; and
c) send, to the end host(s) a message containing a location update for the mobile node.
The proxy may be adapted to send a reachability challenge message to the mobile node, and may be adapted to send the message containing a location update for the mobile node only if a successful response to the reachability challenge message is received.
The proxy may be further adapted to, subsequent to receipt of the authorisation from the end host(s), send a message to the mobile node to establish a security association between the mobile node and the proxy.
The proxy may be further adapted to send, to the mobile node, evidence of its authorisation to perform location update signalling on behalf of the end host(s).
A sixth aspect of the present invention provides an end host adapted to:
a) transmit, to a proxy, authorisation for the proxy to perform location update signalling on behalf of the end host;
b) inform a mobile node of the authorisation of the proxy; and
c) receive a location update message from the proxy containing a location update for the mobile node.
The end host may be adapted to inform the mobile node of the authorisation of the proxy by transmitting a public key of the proxy to the mobile node.
A seventh aspect of the present invention provides a mobile node adapted to:
a) receiving notification from an end host that it has authorised a proxy to perform location update signalling on its behalf; and
b) transmit a location update message to the proxy.
The mobile node may be further adapted to, subsequent to receipt of the notification, initiate a key exchange with the proxy.
Preferred embodiments of the present invention will now be described with reference to the accompanying drawings, in which:
In the method of
The proxy may be, for example, an edge router at an operator's network or any other node that the end host trusts. The proxy 3 may be located, for example, on the border of a service provider so that it can serve a large number of end hosts. The proxy 3 authorised by an end host is not required to be on the end-to-end packet forwarding path between the mobile host and the end host.
The process of an end host 1 authorising a proxy 3 to perform location update signalling on its behalf is shown as step 1 in
The authorisation process may preferably include the step of the end host sending an authorisation certificate, that shows that the end host has authorised the proxy to perform location update signalling on its behalf, to the proxy 3.
Next in the method of
Upon completion of step 2, the mobile host 2 knows that end host 1 is behind proxy 3. The mobile host is able to use this information during location update signalling, as is described below.
In the method of
When the mobile host 2 receives information about the appointment of a proxy, it initiates an exchange of messages with the proxy and this is shown as step 3 in
The messages in step 3 may be implemented as a HIP base exchange between the mobile host 2 and the proxy 3. For example the proxy 3 may provide confirmation to the mobile host by using the registration extension of HIP messaging. The proxy 3 may, in one embodiment, include in the R1 message a parameter that provides information about the proxy services that it is providing for the peer host.
Upon the completion of step 3, therefore, the proxy 3 has been authorised by an end host 1, which is now a peer host to the mobile host, to perform location update signalling on its behalf, the end host has informed the mobile host 2 of this, and the mobile host 2 has confirmed that the proxy 3 does genuinely offer this proxy service.
Steps 1, 2 and 3 may be repeated for other end hosts, with other end hosts authorising a proxy to perform location update signalling on their behalf and informing the mobile host of this. In this case, following completion of step 2, the mobile host 2 knows which end hosts are behind a particular proxy 3 (and in step 3 the mobile host confirms that the proxy 3 does genuinely offer this proxy service for the end host(s) behind the proxy).
According to the invention multiple end hosts may authorise the same proxy to perform location update signalling on their behalf, but it is not necessary for every one of the end hosts to appoint the same proxy nor for every one of the end hosts to appoint a proxy.
When the mobile host 2 makes a hand-off it has to ensure that the end hosts 1 are informed of its new location. When an end host 1 has appointed a proxy 3 to handle location update signalling, the mobile host does not, in the method of the present invention, send a location update message direct to the end host. Instead, the mobile host informs an end host of its new location by sending a location update message to the proxy 3 authorised by the end host, and this is shown as step 4 in
For the reasons explained with reference to
The mobile host 2 trusts the proxy 3, because the end host 1 has informed the mobile host that it (ie, the end host) has authorised the proxy 3 to run the reachability test on its behalf. Accordingly, when the mobile host 2 receives the reachability test challenge from the proxy 3, it responds by sending a response to the proxy, as shown at step 6 of
If the response received at the proxy in step 6 is a satisfactory response to the reachability challenge sent in step 5, this indicates that the location update message received from the mobile host is genuine. In this case, the proxy 3 then informs the end host(s) that have authorised the proxy to perform location update signalling of the mobile host's new, verified location. This is step 7 in
The message sent in steps 4, 5 and 6 may be the same as those in the legacy system of
The end host(s) 1 may then exchange payload traffic with the mobile host 2 at its new location, and this is shown as step 8 in
The first outgoing payload traffic sent from a end host 1 to the mobile host 2 serves as an acknowledgement message for the reachability response message sent by the mobile host 2 at step 6. However, if desired, a separate acknowledgement message may be sent from an end host 1, and this is shown as step 9 of
It can be seen that, when the mobile host is handed-off, it is required to exchange three messages with the proxy 3, in steps 4, 5 and 6 of the method of
Although
In the method of
In a modified embodiment of the method of
In step 1 of
At step 2, the end host 1 informs the mobile host 2 that it has authorised the proxy 3 to perform location update signalling on its behalf. This corresponds to step 2 of the method of
The method of
In the method of
Steps 3, 4 and 5 of the method of
If desired, the end host may send an acknowledgment message in response to the location update massage received from the signalling proxy—if present, this would correspond to step 9 of
The method of
In the method of
As explained above, the number of signalling messages required in the method of
In the methods of
In the method of
The mobile host runs an end-to-end update exchange with the end host 1, and this is shown in step 2 of
Upon hand-off, the mobile host 2 initiates a chain of authorisation exchanges, with the chain starting from the mobile host 2, passing through one or more mobile routers (two mobile routers 5a, 5b are shown in
When the mobile node is handed-off, it sends a location update message to the end hosts' side signalling proxy 3 (step 4), and the end hosts' side signalling proxy 3 performs a reachability test (step 5). If the results of the reachability test are satisfactory, the end hosts' side signalling proxy 3 informs the end host(s) that have authorised the end hosts' side signalling proxy 3 of the new location of the mobile node (step 6). Step 4 of
The method of
When the mobile router 5b is handed-off, it sends a location update message to the mobile host's side signalling proxy 6, and this is shown as step 7 in
The mobile host's side signalling proxy also sends a location update message to the end hosts' side signalling proxy 3, and this is shown as step 9 in
The reachability tests of steps 8 and 10 are synchronised such that the mobile host's side signalling proxy 6 does not reply to the challenge message that it receives from the end hosts' side signalling proxy 3 until it has validated the new location of the mobile router 5b—that is, the mobile host's side signalling proxy 6 waits until it has received a satisfactory response to the challenge message that it sent to the mobile router 5b before it responds to the challenge message from the mobile hosts' side signalling proxy 3.
The method of the mobile host 2 appointing the signalling proxy 6 is described in more detail in U.S. provisional patent application No. 60/812,621, U.S. patent application Ser. No. 11/738,819 and PCT application PCT/IB 2007/052091, the disclosure of which is hereby incorporated by reference.
In the method of
In the embodiments described above, it has been assumed that the end host(s) are static hosts. The invention is not however limited to this. An end host may be connected to the network by a mobile router, to provide network mobility at the end host side.
Number | Date | Country | Kind |
---|---|---|---|
0716823.0 | Aug 2007 | GB | national |
Filing Document | Filing Date | Country | Kind | 371c Date |
---|---|---|---|---|
PCT/EP08/61050 | 8/22/2008 | WO | 00 | 2/18/2010 |