Patent Grant
7882346
The present invention is directed to methods and apparatus for providing authentication, authorization and accounting services to mobile nodes which are located in a foreign network domain.
Internet AAA systems provide Authentication, Authorisation and Accounting (AAA) for Internet Service Providers (ISPs) so that End Nodes (ENs) and/or their users can be identified, and given access to a controlled set of service capabilities for which consumption can then be measured. End nodes may be, e.g., fixed devices such as desk top PCs or mobile devices such as PDAs and/or portable computers which may connect to a network via a wireless communications link. End nodes and their corresponding users are normally identified by a network access identifier (NAI). While in their home domain, Internet service is normally provided to an end node from a home ISP which uses a first, e.g., home, AAA system. The AAA system typically includes a AAA server that is used to provide AAA functionality.
The Internet AAA architecture has a roaming capability whereby a user outside his home domain can obtain service from a second, e.g., foreign, ISP who has a business relationship either with the home ISP or a third party broker/settlement system. The user is authenticated and authorized by the home ISP, so that the foreign ISP can generate accounting records and receive payment for the service provided to the roaming user. Roaming is facilitated by the user providing its Network Access Identifier (NAI), e.g., username@realm such as john_smith@home_ISP.com, to the foreign ISP. The second ISP uses the NAI realm for AAA routing, to identify the target AAA system of the home ISP and to then proxy the AAA request for the user authentication to the identified AAA system, potentially via a third AAA system corresponding to a broker. This AAA proxying relies on security associations that are in place between the home and foreign ISPs, or between the third settlement service and both the home and foreign ISPs, to secure the AAA transactions that flow between the home and foreign ISPs. For the purpose of authentication with the home AAA server, the user and its home AAA server share a secret that is used in combination with its NAI. The shared secret may be stored in the home AAA server and the user device and is accessed, as needed, for use in performing authentication and/or encryption/decryption functions.
Since the foreign AAA system has no knowledge of the user's NAI, it simply passes the Access_Request to the home AAA and receives back an access response (accept/reject). If the access response is accept, e.g., an Access_Accept, the response constitutes a commitment by the home AAA system that the charges incurred by the user will be met. Specifically, the user normally does not at any time have a user account created in the database of the foreign AAA (AAAF) and there is no need for the user and AAAF to have any form of shared secret. This is because the user requires only a single shot authorization provided by the home AAA system and is subsequently granted connectivity. This model however is insufficient if various additional services are to be consumed in the foreign domain by the user for which either unilateral or mutual authentication with the foreign domain is required. This is because in the described system a shared secret is only available in the home AAA system (AAAH) and is therefore unavailable in the AAAF, i.e. there is no shared secret present between the AAAF and the user device. For example, if link layer encryption keys need to be derived for security/privacy reasons then, with the existing model, these keys can only be derived by the home AAA system although the communication links used belong to the foreign AAA system where the user happens to be. Other security associations between the user and the foreign network may also be needed such as security associations with application specific servers like Session signalling servers, mobility agents, paging agents etc. The inability of the AAAF to perform authentication/authorization is limiting and can interfere with the ability to provide service to a node visiting a foreign domain.
We note here that if the foreign (or home) wireless network were to use a public key infrastructure for its security needs, then there would be no need for a shared secret between the user and the AAAF: instead, a certification authority would vouch for the public keys of the user and the AAAF. It is well known in the art that the public key system is computationally burdensome for power-limited wireless devices, and thus it is rarely employed in real-life wireless networks.
Based upon the above discussion, it is clear that a need exists for a better AAA system and method to satisfy the security needs of wireless networks, particularly concerning how security is handled between home and foreign domains during roaming.
The present invention is directed to methods and apparatus for supporting authentication, authorization and/or accounting operations in both home and foreign network domains. The methods and apparatus of the present invention are well suited for use with mobile devices, e.g., mobile end nodes, and cellular systems. The techniques of the present invention utilize security systems, e.g., AAA systems, in each of the home and foreign domains to avoid the need and overhead of a public key infrastructure to service the security needs associated with providing services to mobile devices.
A home AAA system is located in a home domain, e.g., home network, while a foreign AAA system is located in a foreign domain, e.g., foreign network. The home and foreign AAA systems are coupled together in a secure manner so that they can communicate in a reliable and secure manner.
Various features of the invention are directed to separating security between the user and the home AAA system from security between the user and a foreign AAA system, after an initial authentication operation involving the home AAA system. Following the initial authentication operation, the methods of the present invention provide the foreign AAA system and the user with a dynamically generated shared secret, from which other keys can be generated for communications in the foreign domain. The dynamically generated shared secret can be used by the foreign AAA system and visiting end node to support additional authentication and/or authorization operations which may take place in the foreign domain as additional services are requested. In accordance with one feature of the invention, a second NAI associated with the end node may be generated and assigned as part of the initial authentication and authorization process. The generated NAI is associated with the generated shared secret by both the user end node and the AAA system in the foreign network. The assigned NAI is used by the end node in the foreign domain when requesting additional services.
To gain network access, an end node needs to be authenticated to the network. In accordance with the present invention, sometimes it is considered to be the end node itself that authenticates and some other times it is considered to be the user of the end node that authenticates. In accordance with another feature of the invention, it is also possible that the user authentication information is placed in a given end node so that the end node can authenticate on behalf of the user automatically. Any of the various above discussed alternatives may be used in accordance with the present invention. The end node can be a fixed or a mobile node e.g.: a mobile terminal.
A home cellular operator can use its AAA system to authenticate an end node, e.g., a Mobile Terminal (MT), and authorise service capabilities. If the user is seeking access to the system, then the user sends some form of ‘connect’ message from the Mobile Terminal to the access node, e.g., an access router, which itself triggers an Access_Request message to the local AAA server. The ‘connect’ message includes the username and realm of that user in the form of a homeNAI to facilitate AAA routing. The Access_Request to the AAA should also include the access interface type and/or access router type, so that the AAA system understands what interface-specific home AAA processing to apply to that Access_Request and what specific parameters should be returned in the Access_Accept. When in a foreign domain the foreign AAA server proxies the Access_Request acting as an intermediary between the end node and the home AAA server.
The user and home AAA server share a root key, e.g., value, having a predetermined format, that is provided as part of service creation. This root key is not shared with the foreign AAA server. The root key can be used by the home AAA server for an Extensible Authentication Protocol (EAP)-based mutual authentication between the Mobile Terminal and the AAA server. The EAP based authentication is triggered by an Access_Request comprising of a username and access link type. During the EAP mutual authentication, the user device (end node) and the home AAA system (AAAH), e.g., server, generate a Home Session (HS) key that is subsequently used to undertake any additional security procedures with the AAAH during the lifetime of that session key. The HS key is used to derive subsequent keys, which can be used for security processes. The root key normally is not itself used directly for securing communications, in order to limit exposure of the root key, which would otherwise offer opportunities for security analysis, and hence the potential compromise of the root key over time.
The lifetime of the HS key may be pre-defined as a result of the root key length and/or entropy EAP method details, HS key usage and the threat model. The operator, through network management procedures, may adjust this lifetime and it is the responsibility of the MT to manage the HS key and refresh it as required by the MT usage of that key. Optionally/alternatively, some of the HS key management can be offloaded to the AAAH server, such as in the case where with each EAP mutual authentication, the AAAH forces the derivation of a new HS key.
An example of EAP-based mutual authentication procedure would employ a challenge, RandS, from the AAAH Server to which the Mobile Terminal replies with a response, RespM, and its own challenge, RandM. The AAAH then issues its response, RespS to the Mobile Terminal challenge, RandM. The Mobile Terminal and AAAH use the following algorithms to calculate the required responses and the resulting HS key, and to mutually authenticate each other.
HS=PRF{RandS|RandM,root key}
RespS,RespM=PRF{RandS|RandM,HS}
where the | indicates concatenation and the PRF is any keyed one-way pseudo-random function, e.g., HMAC, taking Msg and Key to produce Output=PRF (Msg, Key). If the user is in the home domain then the completion of the mutual authentication leads to the derivation of security parameters in the Home Authentication Server (potentially part of the AAAH) to secure the basic facilities to be used by the user such as the access link security and other keys.
If the user is in a foreign domain then it is the air-link and other facilities in the foreign domain that should be secured. The processes and protocols for undertaking this are a matter for the foreign domain and therefore should be conducted under the control of the foreign AAA system (AAAF), e.g., foreign AAA server. This is done so that multiple Mobile Terminals, air-link and fixed link technologies can be supported under the same overall authentication model. In accordance with the invention, the AAAF should, and is provided with, access to a secret shared with the Mobile Terminal so that subsequent security parameters can be securely and efficiently derived. The derivation of this shared secret is a matter for standardisation as it will be undertaken between AAA domains (foreign and home) and should be applicable to multiple access technologies. In this discussion of the invention, the shared secret, generated for use by the AAAF from information, e.g., the HS key, is called the Roaming Session (RS) key. In an exemplary embodiment, the RS key is derived indirectly from the HS key and has a lifetime no greater than, and often less than, the lifetime of the HS key from which it is generated.
The AAAH can determine whether or not the user is in the home domain by the originator and contents of an Access_Request. For example, the AAAH can determine if the Access_Request has been proxied by a AAAF and is from a AAAF providing a MT identifier used to indicate the mobile associated with the request. In one embodiment of this invention, if the MT is in a foreign domain, then the Access_Request will have traversed the AAAF and the AAAF will add a new Attribute—Value Pair AVP requesting a Roaming Session (RS) key. In an alternative embodiment, the AAAH returns an RS key to the AAAF when the Access_Request indicates a roaming user based on policy without the need for specific request for such a key. While roaming, mutual authentication of the MT and the AAAH should still take place. In one embodiment of the invention, if the MT is roaming, and the AAAH knows it supports RS key derivation, then during the subsequent EAP based mutual authentication between the MT and the AAAH, the MT and AAAH derive the RS key via the mutual authentication based on the HS key. This is the additional RS key in the equations below corresponding to an exemplary embodiment of the present invention.
RS,RespS,RespM=PRF{RandS|RandM,HS}
The RS key has a lifetime equal to, or less than, that of the HS key and is securely transferred to the AAAF, using the AAAH-AAAF Security Association (SA), in a new and novel AVP containing both the RS key and its lifetime. In one embodiment of the invention the AAAH, may then discard the RS key. If the MT or AAAH is not capable, or willing, to derive the RS key then the AAAF is informed of this fact in the access response message sent back from the AAAH.
According to this present invention if an Access_Accept received by a AAAF includes an RS key and, optionally, lifetime information indicating the key lifetime, then the AAAF creates an account, e.g., a temporary account, for the roaming user in the AAAF database. The username@home realm is stored in the database along with the RS key and the profile of the MT also returned in the Access_Accept. The RS key is known to the AAAH. In one particular embodiment of this invention the AAAF considers it as being unsuitable, for policy reasons, to be used directly to secure the communication between service elements in the foreign domain. In such a case, the AAAF undertakes its own EAP-based mutual authentication with the Mobile Terminal, to derive a Foreign Session (FS) key from the RS shared key, both of which are now known to the Mobile Terminal and the AAAF. While the shared secret for the mutual authentication is the RS, the resulting FS key is not known to the AAAH making it suitable for use in the AAAF from a policy standpoint. In one embodiment of the invention, the EAP mutual authentication is the same as, or similar to, that conducted with the AAAH but with different RandM, RandS and root key inputs. The authentication may be as follows:
FS=PRF{RandS|RandM,RS}
RespS,RespM=PRF{RandS|RandM,FS}
In other embodiments of the invention, a different EAP method is used in the MT to AAAF EAP exchange used to generate the FS key from the RS key from the one used in a MT to AAAH EAP exchange.
In one embodiment of the invention, the FS key and lifetime are stored by the AAAF so that it can be used as a shared foreign secret for additional security processes in the foreign domain with the Mobile Terminal. The Mobile Terminal then has a shared secret with both the AAAH and the AAAF that is only known to each specific Authentication Server.
In an exemplary embodiment, the lifetime of the FS key is by default equal to that of the HS and RS keys and once the FS is derived then the RS key is no longer required and may be forgotten, e.g., deleted, by the AAAF and the Mobile Terminal. However, in some implementations the FS key lifetime is made to be significantly smaller than the HS or RS lifetimes so that the AAAF can force the MT to periodically, repeat the EAP mutual authentication with the AAAF. In such cases the RS key should be, and is, kept by the AAAF and mobile node.
A default lifetime of the temporary account for clean-up purposes, used to store the RS and/or FS keys, and the homeNAI and tempNAI, is the remaining lifetime of the RS or FS key. The account lifetime can be a fixed time under policy control of the AAAF with the remaining lifetime transferred to the access node, e.g. access router (AR) in the MT profile, or it can be as long as the current access session as required by the user, with temporary account clean-up being triggered by the session termination indication within a AAA message from an access node, e.g. AR. However, the default lifetime is still required to deal with the loss of such AAA messages due to, e.g., an access router failure for instance. The MT profile can include temporary account management information, which indicates how the AAAH wishes the AAAF to manage the users account. For example, the AAAH may wish the temporary account to last for a specific bounded period of time, a specific number of bytes, until a certain credit limit is reached or until an absolute date and time is passed. The MT profile can also include a maximal interval within the temporary account lifetime for which the MT profile does not need to be updated. This can be used to create medium term temporary accounts that avoid the repeated transfer of the MT profile and account management information when the Mobile Terminal is with a foreign operator for a sustained period of time, such as is likely with international roaming. Such management on the MT profile also avoids the need for the AAAF to incrementally transfer accounting records to the AAAH whilst the user is within accounting limits agreed between the AAAH and AAAF. This therefore ensures that the AAAH does not lose account control during the existence of the temporary account. The Mobile Terminal then simply needs to ensure it undertakes periodic mutual authentications, or on each access invocation, during the account lifetime to ensure that the HS and FS keys are valid. To deal with all these scenarios, the MT has knowledge of, e.g., shares, the account management policy in the AAAH, and the AAAF is able to return the account ‘lifetime’ to the access router and the MT via the Access_Accept message. The access router can then know when to terminate the access session and the MT can appreciate why and under what policy the access session and temporary account were terminated.
In either case, the FS key has a lifetime no greater than the lifetime of the home secret and therefore as the expiry of the HS key approaches then the Mobile Terminal should undergo a mutual authentication with the AAAH and regenerate the HS, RS and FS session keys using, e.g., the same procedure detailed above. In one embodiment of this invention this procedure is MT-initiated. In such an embodiment it is a MT message that triggers the start of the authentication task.
In some embodiments of this invention the foreign domain may not wish to generate the FS key. In such embodiments the RS key is used as the FS key. One or more foreign domain security keys may then be derived from the RS key which serves as the FS key.
The derivation, lifetime and use of the RS and FS keys from a protocol perspective are issues local to the foreign domain and may be of little or no concern to the home domain.
As already discussed, according to this present invention the AAAF may generate a temporary NAI for the user so that the user can trigger AAA functions both with its home and foreign domain. This tempNAI provides subsequent privacy to the user when included in protocol messages. In one embodiment of this invention, the username is a unique name in the whole of the foreign domain. In an exemplary embodiment, the unique user name is the unique link layer address of the MT (e.g.: its EUI64); in another embodiment it is the MT's home NAI coded (username%home_realm). Yet in another embodiment, it is a randomly generated username that includes a number, e.g., an increasing number, such as one representing time. In the above embodiments, the realm of the tempNAI is the realm of the foreign operator and hence the new user account is stored in the database of the foreign operator that can be accessed by any AAAF in the said operator domain.
In an alternative embodiment of the invention the username part of the tempNAI would be allocated out of a unique sequence number within each Foreign Authentication Server (AAAF) with each AAAF having its own unique realm within the foreign domain e.g.: <unique in AAAF number@AAAF specific realm>. It also provides a level of indirection and aggregation between the wide-range of home NAIs. Other more structured user namespaces can be envisaged to enable temporary users from the same corporate customer or Mobile Virtual Network Operator to have a username field that includes the ‘group’ name, plus a sequence number space for use by that group, and also to clearly identify the service level of the user. All that is required from the namespace is that uniqueness of the username and the realm in tempNAIs is assured, whilst providing flexibility to the foreign operator over the privacy and grouping features of the temporary namespace.
In one embodiment of this invention, the AAAF keeps both the home and tempNAIs in the temporary account to assist with AAA routing and fraud prevention, as well for account and fault correlation due to the re-use of tempNAIs between different homeNAIs overtime. In such an implementation, the AAAF system therefore also keeps the start and stop time of the temporary account, along with the matching homeNAI. This information can be transferred into off-line long-term storage when the account is closed or the information can be provided to the home AAA system for inter-operator billing.
In various embodiments, once generated, the tempNAI is also returned to the MT so it can use either the tempNAI or homeNAI in its service invocations and updates with the home or foreign domain where assistance from the AAA system is required. In other embodiments, the MT generates its tempNAI in the same manner that the AAAF system generates the tempNAI. In one embodiment of the invention the tempNAI is generated by the AAAF and delivered to the MT in the last EAP message of the EAP session between the MT and the AAAH. In this case, the AAAH returns the last EAP message encapsulated in the AAA Access_Accept and thus the AAAF intercepts it and adds the locally generated tempNAI. The Access_Accept is then sent to the Access Router which decapsulates the EAP message and the new tempNAI and delivers it to the MT.
In one embodiment of this invention, if the user includes its homeNAI in a message to the access router located in the foreign domain along with a MT-AAAH authenticator, then that triggers a AAAF request but the message will be onward routed through the AAAF to the AAAH. The AAAF compares the homeNAI to its roaming database entries to see if this is a new or existing roaming MT, and whether or not a new RS key needs to be derived. Note that having the RS and HS key lifetimes the same implies that the RS key derivation also triggers a HS key regeneration through the EAP mutual authentication with the AAAH. If the user instead includes the tempNAI and a newly defined MT-AAAF authenticator, then the AAA request will instead be handled by the AAAF, as if the MT was at home. If the MT includes the homeNAI but the access router needs AAA support from the AAAF, then the access router can add the tempNAI into the AAA message to enable the AAAF to process the message and avoid the routing via the AAAH. Additionally, if the MT includes the tempNAI but the AR or AAAF needs assistance from the AAAH then the AR or AAAF can add the homeNAI into the AAA request and forward to the AAAH before undertaking its own processing when the AAA reply returns from the AAAH.
In an alternative embodiment of this invention, if the MT requests access with the homeNAI, the whole process is repeated i.e.: an EAP session takes place between the MT and the AAAH, the RS key generated and returned to AAAF and a new account is generated in the AAAF domain. The old AAAF account for the user, if it still exists, will naturally timeout when the old RS key expires. If the tempNAI is used then the EAP exchange takes place between the MT and the AAAF and the AAAH is not involved provided that the RS key is still valid. If not, the AAAF rejects the access request and forces the MT to request access using the homeNAI and thus repeat the initial process and create a new account in the foreign domain.
Once the foreign secret key, e.g., the RS or FS key, is in place, then the AAAF is able to use that secret key, that is shared with the Mobile Terminal, to derive security keys for the foreign domain infrastructure and service elements.
Home identity information 330 (331, 332) is used to identify the end node when requesting access to a network via an access node like the one depicted in
Foreign user records 113′ include similar information to the information included in the home user records 113, but they are created dynamically in accordance with the present invention as described below. Foreign user records 113′ include a plurality of information about foreign users, e.g., visiting mobile terminals. In the exemplary AAA server 100 of
Interconnectivity between the access nodes 410, 410′ is provided through network links 404, 405 and an intermediate network node 415. The intermediate network node 415 also provides interconnectivity via link 411 to a AAA Server 450, serving as a AAA server for the foreign domain 480. AAA Server 450 is a simplified version of the AAA Server 100 depicted in
Home network 490 in the home domain 470 is connected to foreign network 480 via link 412 and node 415. In particular, home network 490 includes network node 425 connected to link 412. Home Network 430 further includes AAA Server 460 operating as Home AAA server of domain 470 connected to network node 425 via link 413. In
End node 430 is identified with a home network access identifier (NAI_home) which includes a username part and a realm part. The NAI_home may be in the form username@home_realm where home_realm is the realm of the home domain 470 of
Access node 410 checks in its memory 210 of
On reception of access request message 504, AAAF 450 checks the realm part of NAI_home included in message 504 and recognizes the realm part of said NAI_home as not belonging to its own domain. Using AAA routing, e.g., a lookup table with routing information for realms other than domain 480, the AAAF 450 forwards access request message 506 to the AAA server responsible for the realm part of the NAI_home, in this case AAAH 460.
On reception of access request message 506, AAAH 460 checks the realm part of NAI_home included in message 506 and recognizes the realm part of said NAI_home as belonging to its own domain. AAAH 460 sends read message 507 to its database 462 including NAI_home from message 506 and receives the end node's record in read response message 508 from database 462. The record, typically includes the required security procedures for authenticating an end node as well as an authorization profile for said end node. For illustration purposes, we assume that the Extensible Authentication Protocol (EAP) is used to authenticate the end node but this invention does not depend on the use of EAP and other protocols could be used. Thus, AAAH 460 initiates EAP message exchange with appropriate EAP method. The EAP exchange between AAAH 460 and end node 430 is represented by double-sided arrow 510.
In an alternative embodiment of the invention, the EAP method is initiated by the message 504 from the access node which includes the identity (NAI_home) of the end node.
According to this present invention, at the end of a successful EAP exchange 510, the end node 430 is successfully authenticated to AAAH 460, and vice versa if mutual authentication was used, and at least one key, a roaming session (RS) key, was generated by both ends of the EAP exchange for the purpose of being shared between end node 430 and the visited/foreign domain 480 of
AAAH 460 generates and sends Access_Accept message 512 to the originating AAAF 450 including NAI_home of end node 430, the authorization profile of said end node and at least the RS key to be shared between end node 430 and AAAF 450. Message 512 also includes lifetime information which indicates the lifetime assigned to the RS key after which the RS key is invalid and, if still needed, should be re-generated. Length of the RS key lifetime is based on policy and security requirements of AAAH 460 but is normally no longer than the lifetime of the session shared secret from which the RS key was generated by the AAAH.
According to this invention on reception of message 512 AAAF 450, extracts the NAI_home, the authorization profile and the RS key from message 512 and creates a record in its database 452, e.g., a new foreign user record 154 of the type shown in
The new foreign user record is created with write message 513 being sent to the AAAF's database 452. The message 513 includes the NAI_foreign, the RS key, the NAI_home and the authorization profile. The database 452 responds with write accept message 514 which is sent to AAAF 450. Message 514 confirms the creation of the record corresponding to NAI_foreign.
In an alternative embodiment of this invention, the AAAF 450 modifies the authorization profile of the user received from AAAH 460 in message 512 before including it in message 513 to the database 452. Said modifications reflect local policy in terms of what a roaming end node like, e.g., end node 430 is authorized to do in domain 480 of
On reception of message 514, AAAF 450 sends access accept message 515 to access node 410. Message 515 includes the NAI_foreign assigned to end node 430. In one embodiment of the invention, message 515 includes a code indicating that authentication was successful, but end node 430 should assume a new identity indicated by NAI_foreign.
On reception of message 515, access node 410 sends a connect granted message 516 to end node 430 including said code and NAI_foreign from message 515. This message 516 confirms that authentication was completed successfully and that end node 430 should now assume a new identity using the assigned foreign network identifier NAI_foreign, in order to access services in the foreign domain.
According to this invention on reception of message 516, end node 430 extracts and stores the NAI_foreign in its foreign identity record 330′ together with the RS key derived earlier.
At this stage and according to this present invention, end node 430 has a new identity, i.e.: NAI_foreign, in visited/foreign domain 480 of
The description below, based on
In one embodiment of this invention, end node 430 sends a new connect request message 522 including its new identifier, NAI_foreign, requesting access to the network. The process, as described previously above, restarts, but due to the new identity, the process continues somewhat differently.
Specifically, on reception of message 522, access node 410 checks in its memory 210 of
On reception of Access_Request message 524, AAAF 450 checks the realm part of NAI_foreign included in message 504 and recognises the realm part of said NAI_home as belonging to its own domain.
AAAF 450 sends read message 525 to its database 452 including NAI_foreign from message 524 and receives the end node's record in read response message 526 from database 452. The record, typically includes the required security procedures for authorizing an end node as well as an authorization profile for said end node. For illustration purposes we will assume that the Extensible Authentication Protocol (EAP) is used to authenticate the end node 430. Thus, AAAF 450 initiates EAP message exchange with appropriate, for the foreign domain 480 of
At the end of a successful EAP exchange 530 the end node 430 is successfully authenticated by AAAF 450, and vice versa if mutual authentication was used. AAAF 450 sends an access accept message 532 to access node 410. Message 532 includes the NAI_foreign assigned to end node 430 and the authorization profile for said end node.
On reception of message 532, access node 410 extracts and stores in its memory 210 information 212, including the end node identifier, NAI_foreign, and the authorization profile of end node 430 included in said message 532. Access node 410 also sends a connect granted message 534 to end node 430 confirming that authentication was successful and that access was granted.
The foreign network access identifiers used to identify end nodes when in a foreign domain may be generated in a plurality of ways. In one embodiment of this invention the NAI_foreign is generated by making a user part, e.g., a user name, equal to the whole of the NAI_home (username@home_realm) of end node 430 but replacing the character @ to another character such as % so that the new username is username%home_realm. Then, appending this username with the realm of the foreign domain 480 of
In an alternative embodiment, the NAI_foreign is derived by amending the foreign_realm to a concatenation of an identifier used to identify AAAF Server 450 and a sequence number of sufficient size incremented for each new account created by said AAAF 450. The resulting NAI_foreign is:
AAAF-ID_Number@foreign_realm
In another embodiment of this invention, the NAI_foreign is derived by amending the foreign_realm to a pseudorandom string generated out of a keyed one way hash function using the RS key and a locally generated challenge, e.g.: a random or pseudo random number.
Username=PRF (challenge, RS)
In this case the NAI_foreign is not returned to end node 430. Instead, only the challenge and the realm_foreign are returned. End node 430 then applies the PRF with the RS key and the received challenge to recreate the username part of the NAI_foreign.
In various embodiments nodes described herein are implemented using one or more modules to perform the steps corresponding to one or more methods of the present invention, for example, signal processing, message generation and/or transmission steps. Thus, in some embodiments various features of the present invention are implemented using modules. Such modules may be implemented using software, hardware or a combination of software and hardware. Many of the above described methods or method steps can be implemented using machine executable instructions, such as software, included in a machine readable medium such as a memory device, e.g., RAM, floppy disk, etc. to control a machine, e.g., general purpose computer with or without additional hardware, to implement all or portions of the above described methods, e.g., in one or more nodes. Accordingly, among other things, the present invention is directed to machine-readable medium including machine executable instructions for causing a machine, e.g., processor and associated hardware, to perform one or more of the steps of the above-described method(s).
Numerous additional variations on the methods and apparatus of the present invention described above will be apparent to those skilled in the art in view of the above description of the invention. Such variations are to be considered within the scope of the invention. The methods and apparatus of the present invention may be, and in various embodiments are, used with CDMA, orthogonal frequency division multiplexing (OFDM), and/or various other types of communications techniques which may be used to provide wireless communications links between access nodes and mobile nodes. In some embodiments the access nodes are implemented as base stations which establish communications links with mobile nodes using OFDM and/or CDMA. In various embodiments the mobile nodes are implemented as notebook computers, personal data assistants (PDAs), or other portable devices including receiver/transmitter circuits and logic and/or routines, for implementing the methods of the present invention.
The present application claims the benefit of U.S. Provisional Patent Application Ser. No. 60/418,526 filed Oct. 15, 2002 titled “METHODS AND APPARATUS TO SECURE A COMMUNICATIONS ACCESS LINK AND MOBILITY SESSION IN A FOREIGN NETWORK” which is hereby expressly incorporated by reference.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4679244 | Kawasaki et al. | Jul 1987 | A |
| 4833701 | Comroe et al. | May 1989 | A |
| 4901307 | Gilhousen et al. | Feb 1990 | A |
| 5056109 | Gilhousen et al. | Oct 1991 | A |
| 5095529 | Comroe et al. | Mar 1992 | A |
| 5128938 | Borras | Jul 1992 | A |
| 5200952 | Bernstein et al. | Apr 1993 | A |
| 5210787 | Hayes et al. | May 1993 | A |
| 5229992 | Jurkevich et al. | Jul 1993 | A |
| 5247516 | Bernstein et al. | Sep 1993 | A |
| 5251209 | Jurkevich et al. | Oct 1993 | A |
| 5267261 | Blakeney, II et al. | Nov 1993 | A |
| 5325432 | Gardeck et al. | Jun 1994 | A |
| 5333178 | Norell | Jul 1994 | A |
| 5369781 | Comroe et al. | Nov 1994 | A |
| 5387905 | Grube et al. | Feb 1995 | A |
| 5420909 | NG et al. | May 1995 | A |
| 5426395 | Cygan | Jun 1995 | A |
| 5450405 | Maher et al. | Sep 1995 | A |
| 5461645 | Ishii | Oct 1995 | A |
| 5463617 | Grube et al. | Oct 1995 | A |
| 5465391 | Toyryla | Nov 1995 | A |
| 5473605 | Grube et al. | Dec 1995 | A |
| 5491835 | Sasuta et al. | Feb 1996 | A |
| 5511232 | O'Dea et al. | Apr 1996 | A |
| 5513381 | Sasuta | Apr 1996 | A |
| 5542108 | Sasuta | Jul 1996 | A |
| 5566366 | Russo et al. | Oct 1996 | A |
| 5572528 | Shuen | Nov 1996 | A |
| 5590175 | Gallant et al. | Dec 1996 | A |
| 5590396 | Henry | Dec 1996 | A |
| 5594948 | Talarmo et al. | Jan 1997 | A |
| 5625882 | Vook et al. | Apr 1997 | A |
| 5627882 | Chien et al. | May 1997 | A |
| 5634197 | Paavonen | May 1997 | A |
| 5694433 | Dent | Dec 1997 | A |
| 5806007 | Raith et al. | Sep 1998 | A |
| 5884196 | Lekven et al. | Mar 1999 | A |
| 5898922 | Reininghaus | Apr 1999 | A |
| 5901362 | Cheung et al. | May 1999 | A |
| 5903559 | Acharya et al. | May 1999 | A |
| 5953653 | Josenhans et al. | Sep 1999 | A |
| 5987323 | Huotari | Nov 1999 | A |
| 6011969 | Vargas et al. | Jan 2000 | A |
| 6021123 | Mimura | Feb 2000 | A |
| 6021326 | Nguyen | Feb 2000 | A |
| 6043707 | Budnik | Mar 2000 | A |
| 6055236 | Nessett et al. | Apr 2000 | A |
| 6078575 | Dommety et al. | Jun 2000 | A |
| 6092111 | Scivier et al. | Jul 2000 | A |
| 6134226 | Reed et al. | Oct 2000 | A |
| 6144671 | Perinpanathan et al. | Nov 2000 | A |
| 6160798 | Reed et al. | Dec 2000 | A |
| 6161008 | Lee et al. | Dec 2000 | A |
| 6195705 | Leung | Feb 2001 | B1 |
| 6225888 | Juopperi | May 2001 | B1 |
| 6256300 | Ahmed et al. | Jul 2001 | B1 |
| 6275712 | Gray et al. | Aug 2001 | B1 |
| 6285251 | Dent et al. | Sep 2001 | B1 |
| 6308080 | Burt et al. | Oct 2001 | B1 |
| 6308267 | Gremmelmaier | Oct 2001 | B1 |
| 6353616 | Elwalid et al. | Mar 2002 | B1 |
| 6366561 | Bender | Apr 2002 | B1 |
| 6366577 | Donovan | Apr 2002 | B1 |
| 6389008 | Lupien et al. | May 2002 | B1 |
| 6400703 | Park et al. | Jun 2002 | B1 |
| 6400722 | Chuah et al. | Jun 2002 | B1 |
| 6430213 | Dafesh | Aug 2002 | B1 |
| 6434134 | La Porta et al. | Aug 2002 | B1 |
| 6445922 | Hiller et al. | Sep 2002 | B1 |
| 6446127 | Schuster et al. | Sep 2002 | B1 |
| 6463055 | Lupien et al. | Oct 2002 | B1 |
| 6466964 | Leung et al. | Oct 2002 | B1 |
| 6477150 | Maggenti et al. | Nov 2002 | B1 |
| 6487170 | Chen et al. | Nov 2002 | B1 |
| 6487407 | Goldberg et al. | Nov 2002 | B2 |
| 6490564 | Dodrill et al. | Dec 2002 | B1 |
| 6496505 | La Porta et al. | Dec 2002 | B2 |
| 6496704 | Yuan | Dec 2002 | B2 |
| 6498934 | Muller | Dec 2002 | B1 |
| 6505047 | Palkisto | Jan 2003 | B1 |
| 6510144 | Dommety et al. | Jan 2003 | B1 |
| 6512754 | Feder et al. | Jan 2003 | B2 |
| 6519254 | Chuah et al. | Feb 2003 | B1 |
| 6539225 | Lee | Mar 2003 | B1 |
| 6546252 | Jetzek et al. | Apr 2003 | B1 |
| 6563919 | Aravamudhan et al. | May 2003 | B1 |
| 6567416 | Chuah | May 2003 | B1 |
| 6567664 | Bergenwall et al. | May 2003 | B1 |
| 6571095 | Koodli | May 2003 | B1 |
| 6571289 | Montenegro | May 2003 | B1 |
| 6578085 | Khalil et al. | Jun 2003 | B1 |
| 6584093 | Salama et al. | Jun 2003 | B1 |
| 6611506 | Huang et al. | Aug 2003 | B1 |
| 6611547 | Rauhala | Aug 2003 | B1 |
| 6615236 | Donovan et al. | Sep 2003 | B2 |
| 6631122 | Arunachalam et al. | Oct 2003 | B1 |
| 6631254 | Wilson et al. | Oct 2003 | B1 |
| 6636498 | Leung et al. | Oct 2003 | B1 |
| 6650901 | Schuster et al. | Nov 2003 | B1 |
| 6654363 | Li et al. | Nov 2003 | B1 |
| 6668166 | Kanabar | Dec 2003 | B1 |
| 6678735 | Orton et al. | Jan 2004 | B1 |
| 6680943 | Gibson et al. | Jan 2004 | B1 |
| 6690936 | Lundh | Feb 2004 | B1 |
| 6708031 | Purnadi et al. | Mar 2004 | B2 |
| 6724267 | Kim | Apr 2004 | B2 |
| 6731932 | Rune et al. | May 2004 | B1 |
| 6754482 | Torabi | Jun 2004 | B1 |
| 6763007 | La Porta et al. | Jul 2004 | B1 |
| 6785256 | O'Neill | Aug 2004 | B2 |
| 6879690 | Faccin et al. | Apr 2005 | B2 |
| 6917605 | Kakemizu et al. | Jul 2005 | B2 |
| 6947401 | El-Malki et al. | Sep 2005 | B2 |
| 6954442 | Tsirtsis et al. | Oct 2005 | B2 |
| 6965946 | Inoue et al. | Nov 2005 | B2 |
| 6970445 | O'Neill et al. | Nov 2005 | B2 |
| 6990339 | Turanyi et al. | Jan 2006 | B2 |
| 6992994 | Das et al. | Jan 2006 | B2 |
| 6996379 | Khorram | Feb 2006 | B2 |
| 7068640 | Kakemizu et al. | Jun 2006 | B2 |
| 7096014 | Haverinen et al. | Aug 2006 | B2 |
| 7110727 | Dekker | Sep 2006 | B2 |
| 7116646 | Gustafson et al. | Oct 2006 | B1 |
| 7123599 | Yano et al. | Oct 2006 | B2 |
| 7133456 | Feher | Nov 2006 | B2 |
| 7139548 | Hayashi et al. | Nov 2006 | B2 |
| 7161913 | Jung | Jan 2007 | B2 |
| 7187928 | Senn et al. | Mar 2007 | B1 |
| 7257402 | Khalil et al. | Aug 2007 | B2 |
| 7269145 | Koo et al. | Sep 2007 | B2 |
| 7292592 | Rune | Nov 2007 | B2 |
| 7333452 | Lim | Feb 2008 | B2 |
| 7336753 | Hasson et al. | Feb 2008 | B2 |
| 20010036164 | Kakemizu et al. | Nov 2001 | A1 |
| 20010041571 | Yuan et al. | Nov 2001 | A1 |
| 20010046223 | Malki et al. | Nov 2001 | A1 |
| 20020015396 | Jung | Feb 2002 | A1 |
| 20020018456 | Kakemizu et al. | Feb 2002 | A1 |
| 20020026527 | Das et al. | Feb 2002 | A1 |
| 20020068565 | Purnadi et al. | Jun 2002 | A1 |
| 20020089958 | Feder et al. | Jul 2002 | A1 |
| 20020114469 | Faccin et al. | Aug 2002 | A1 |
| 20020136226 | Christoffel et al. | Sep 2002 | A1 |
| 20020161927 | Inoue et al. | Oct 2002 | A1 |
| 20020186679 | Nakatsugawa et al. | Dec 2002 | A1 |
| 20020191593 | O'Neill et al. | Dec 2002 | A1 |
| 20030012179 | Yano et al. | Jan 2003 | A1 |
| 20030051140 | Buddhikot et al. | Mar 2003 | A1 |
| 20030060199 | Khalil et al. | Mar 2003 | A1 |
| 20030071417 | Nakatsugawa et al. | Apr 2003 | A1 |
| 20030092441 | Taha | May 2003 | A1 |
| 20030117969 | Koo et al. | Jun 2003 | A1 |
| 20030137961 | Tsirtsis et al. | Jul 2003 | A1 |
| 20030137991 | Doshi et al. | Jul 2003 | A1 |
| 20030176188 | O'Neill | Sep 2003 | A1 |
| 20030228868 | Turanyi et al. | Dec 2003 | A1 |
| 20040037264 | Khawand | Feb 2004 | A1 |
| 20050014509 | Semper et al. | Jan 2005 | A1 |
| Number | Date | Country |
|---|---|---|
| 1553741 | Dec 2004 | CN |
| 1244261 | Sep 2002 | EP |
| 9512297 | May 1995 | WO |
| 9627993 | Sep 1996 | WO |
| 9712475 | Apr 1997 | WO |
| PCTUS9847302 | Oct 1998 | WO |
| 2006020105 | Feb 2006 | WO |
| Number | Date | Country | |
|---|---|---|---|
| 20040073786 A1 | Apr 2004 | US |
| Number | Date | Country | |
|---|---|---|---|
| 60418526 | Oct 2002 | US |
