MULTIPLE PANA SESSIONS

Abstract

The preferred embodiments provide a novel system and method for reducing authentication delay of a mobile node with a network that includes: employing two EAP runs concurrently to reduce an overall authentication delay. In some embodiments, the two EAP runs are employed for authenticating a particular device identifier of a PaC. In some illustrative embodiments, the two EAP runs are employed for authenticating a particular device identifier of a PaC in relation to connecting to multiple ISPs at the same time.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

The preferred embodiments of the present invention are shown by a way of example, and not limitation, in the accompanying figures, in which:

FIG. 1 is a diagram showing an illustration of PANA messages in a session;

FIG. 2 is a diagram showing an AVP header format;

FIG. 3 is a diagram showing a message sequences between a PaC and a PAA in relation to independent, dependent and parent sessions according to some illustrative embodiments:

FIG. 4 is a diagram showing an illustrative multi-homing use case with PANA sessions 1 and 2 to separate ISPs;

FIG. 5 is a diagram showing an illustrative multi-user use case with PANA sessions 1 and 2 with separate users; and

FIG. 6 is a diagram showing illustrative message sequences between a PaC and a PAA for the establishment of multiple PANA sessions, sessions A and B, according to some illustrative examples.

Claims

1. A method for reducing authentication delay of a mobile node with a network, comprising: employing two EAP runs concurrently to reduce an overall authentication delay.

2. The method of claim 1, wherein said two EAP runs are employed for authenticating a particular device identifier of a PaC.

3. The method of claim 2 wherein said two EAP runs are employed for authenticating a particular device identifier of a PaC in relation to connecting to multiple ISPs at the same time.

4. The method of claim 2, wherein said two EAP runs are employed for authenticating a particular device identifier of a PaC in relation to multiple users on a PaC.

5. The method of claim 1, wherein said two EAP runs are employed in NAP and ISP authentication to reduce the overall authentication delay.

6. The method of claim 1, further including establishing multiple PANA sessions between a PaC and a PAA for the same device identifier of the PaC, and creating a cryptographic binding among multiple PANA sessions.

7. The method of claim 1, further including establishing multiple PANA sessions between a PaC and a PAA for the same device identifier of the PaC, and generating a distinct PaC-EP-Master-Key for an EP for each of multiple independent PANA sessions.

8. The method of claim 7, further including establishing a distinct IKE Security Association for each of said independent PANA sessions between a PaC and a PAA, and creating an IPsec Security Association dedicated to each user for each independent session.

9. The method of claim 1, further including providing a new authentication-situation AVP for informing a peer a situation for the authentication.

10. The method of claim 1, further including providing a new authentication-situation Type Length Value in a PANA-start request (PSR).

11. The method of claim 10, wherein an S-flag in the PSR is not set to disable NAP and ISP separate authentication and wherein an N-flag is not set in the PSR and subsequent PANA messages.

12. The method of claim 1, further including having a PaC send a PANA PAA discover message to create a new session for a PAA, and assigning a new UDP source port number that is different from that assigned to other sessions for the PAA.

13. The method of claim 1, further including that when a PAA unsolicitly sends a PSR to create a new session for a PaC, a new UDP destination port number that is different from that assigned to other sessions for the PaC is assigned.

14. The method of claim 1, further including using different EAP authentication methods and credentials in different sessions.

15. The method of claim 1, further including providing a new result code related to PANA conditional success and a new AVP that contains one or more session ID AVP, and having a PANA bind request (PBR) for a dependent session carry said new result code.

16. The method of claim 15, further including that a PaC-EP-Master-Key for an EP is not derived from an AAA-Key of a dependent session.

17. The method of claim 15, further including having the PAA create a new session to cryptographically bind dependent sessions, and sending a PSR to the PAA after creating the new session.

18. The method of claim 17, further including after receiving a PANA start answer for the new session, the PAA immediately sends a PBR without PANA-Auth-Request/PANA-Auth-A exchanges.

19. A system for reducing authentication delay of a mobile node with a network, comprising a PANA authentication client that is configured to concurrently perform two PANA sessions with a PANA authentication agent to reduce overall authentication delay.

20. A system for reducing authentication delay of a mobile node with a network, comprising: a PANA authentication agent that is configured to concurrently perform two PANA sessions with a PANA authentication client to reduce overall authentication delay.