METHOD, SYSTEM AND APPARATUS TO SUPPORT MOBILE IP VERSION 6 SERVICES

US 20070124592A1
Filed: 06/15/2004
Published: 05/31/2007
Est. Priority Date: 06/18/2003
Status: Active Grant

First Claim

Patent Images

1. A method of authentication and authorization support for Mobile IP version 6 (MIPv6), comprising:

Transferring between a mobile node in a visited network and a home network of the mobile node, MIPv6-related authentication and authorization information in an authentication protocol in an end-to-end procedure transparent to the visited network over an Authentication, Authorization and Accounting (AAA) infrastructure.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

For establishing a MIPv6 security association between the mobile node (10) roaming in a foreign network (20) and a home agent (36) and for simplifying MIPv6-related configuration, MIPv6-related information is transferred in an end-to-end procedure over an AAA infrastructure by means of an, preferably extended, authentication protocol. A preferred embodiment uses EAP as basis for the extended authentication protocol, creating EAP extensions by incorporating the MIPv6-related information as additional data in the EAP protocol stack, for example as EAP attributes in the EAP method layer of the EAP protocol stack or transferred in a generic container attribute on the EAP layer or the EAP method layer. A major advantage of the proposed MIPv6 authentication/authorization mechanism lies in the fact that it is transparent to the visited domain (20), allowing AAA client (22) and AAAv (24) to act as mere pass-through agents during the procedure.

Citations

50 Claims

1. A method of authentication and authorization support for Mobile IP version 6 (MIPv6), comprising:
- Transferring between a mobile node in a visited network and a home network of the mobile node, MIPv6-related authentication and authorization information in an authentication protocol in an end-to-end procedure transparent to the visited network over an Authentication, Authorization and Accounting (AAA) infrastructure.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The method of claim 1, wherein the authentication protocol is an extended authentication protocol.
  - 3. The method of claim 1, wherein the end-to-end procedure is between the mobile node and an AAA server in the home network and nodes in the visited network act as mere pass-through agents in the end-to-end procedure.
  - 4. The method of claim 3, further comprising transferring MIPv6-related information from the AAA server in the home network to a home agent.
  - 5. The method of claim 1, wherein the MIPv6-related information further comprises MIPv6 configuration information.
  - 6. The method of claim 5, wherein the MIPv6-related information is transferred over the AAA infrastructure for immediate or future establishment of a MIPv6 security association between the mobile node and the home agent.
  - 7. The method of claim 5, wherein the MIPv6-related information is transferred over the AAA infrastructure for establishing a binding for the mobile node in the home agent.
  - 8. The method of claim 2, wherein the extended authentication protocol is an extended Extensible Authentication Protocol (EAP) and the MIPv6-related authentication and authorization information is incorporated as additional data in the EAP protocol stack.
  - 9. The method of claim 8, wherein the MIPv6-related information is transferred in at least one EAP attribute in the EAP protocol stack.
  - 10. The method of claim 9, wherein the MIPv6-related information is transferred as EAP attributes of the method layer in the EAP protocol stack.
  - 11. The method of claim 10, wherein the EAP attributes are EAP TLV attributes.
  - 12. The method of claim 9, wherein the MIPv6-related information is transferred in a generic container attribute available for any EAP method.
  - 13. The method of claim 9, wherein the MIPv6-related information is transferred in a method-specific generic container attribute of the method layer in the EAP protocol stack.
  - 14. The method of claim 1, wherein the authentication protocol between the mobile node and an AAA client in the visited network is carried by a protocol selected from the group of PANA, IEEE 802.1X, and PPP.
  - 15. The method of claim 3, wherein the authentication protocol is carried by an AAA framework protocol application between the AAA client in the visited network and the AAA server in the home network.
  - 16. The method of claim 4, wherein the MIPv6-related information is transferred from the AAA server in the home network to the home agent in an AAA framework protocol application.
  - 17. The method of claim 16, wherein the home agent is a local home agent in the visited network and the MIPv6-related information is transferred from the AAA home server to the local home agent via an AAA server in the visited network.
  - 18. The method of claim 15, wherein the AAA framework protocol application is an application of a protocol selected from the group of Diameter, and RADIUS.
  - 19. The method of claim 4, further comprising assigning, at the AM home network server, a home agent to the mobile node;
    - and distributing credential-related data for security association establishment between the mobile node and the home agent from the AAA home network server to the mobile node and the home agent, respectively.
  - 20. The method of claim 3, further comprising assigning a home address to the mobile node at the AAA home network server.
  - 21. The method of claim 20, further comprising configuring the home address of the mobile node using the roundtrips of a selected EAP procedure.
  - 22. The method of claim 19, further comprising building, at the mobile node, a home address for the mobile node using at least a portion of the address of its assigned home agent;
    - and transferring the home address of the mobile node from the mobile node to the AAA home network server using around trip of a selected EAP procedure.
  - 23. The method of claim 20, further comprising transferring the home address of the mobile node from the AAA home network server to the home agent using an AM framework protocol application.

24. A system for authentication and authorization support for MIPv6, comprising means for transferring, between a mobile node in a visited network and a home network of the mobile node, MIPv6-related authentication and authorization information in an authentication protocol in an end-to-end procedure between a mobile node transparent to the visited network over an AAA infrastructure.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
- - 25. The system of claim 24, wherein the authentication protocol is an extended authentication protocol.
  - 26. The system of claim 24, wherein the end-to-end procedure is between the mobile node and an AAA server in the home network, and AAA components in the visited network act as mere pass-through agents in the end-to-end procedure.
  - 27. The system of claim 26, further comprising means for further transferring MIPv6-related information from the AAA server in the home network to a home agent.
  - 28. The system of claim 24, wherein the MIPv6-related information further comprises MIPv6 configuration information.
  - 29. The system of claim 28, wherein the means for transferring MIPv6- related information over the AAA infrastructure comprises means for immediate or future establishment of a MIPv6 security association between the mobile node and the home agent.
  - 30. The system of claim 28, wherein means for transferring MIPv6-related information over the AAA infrastructure comprises means for establishing a binding for the mobile node in the home agent.
  - 31. The system of claim 25, wherein the extended authentication protocol is an extended Extensible Authentication Protocol (EAP) and the MIPv6-related authentication and authorization information is incorporated as additional data in the EAP protocol stack.
  - 32. The system of claim 31, wherein the means for transferring the MIPv6-related information comprises at least one EAP attribute in the EAP protocol stack.
  - 33. The system of claim 32, wherein the means for transferring the MIPv6-related information comprises EAP attributes of the method layer in the EAP protocol stack.
  - 34. The system of claim 33, wherein the EAP attributes are EAP TLV attributes.
  - 35. The system of claim 32, wherein the means for transferring the MIPv6-related information comprises a generic container attribute available for any EAP method.
  - 36. The system of claim 32, wherein means for transferring the MIPv6-related information comprises a method-specific generic container attribute of the method layer in the EAP protocol stack.
  - 37. The system of claim 24, wherein the authentication protocol between the mobile node and an AAA client in the visited network is carried by a protocol selected from the group of PANA, IEEE802.1X, and PPP.
  - 38. The system of claim 26, wherein the authentication protocol is carried by an AAA framework protocol application between the AAA client in the visited network and the AAA server in the home network.
  - 39. The system of claim 27, wherein the MIPv6-related information is transferred from the AAA server in the home network to the home agent in an AAA framework protocol application.
  - 40. The system of claim 39, wherein the home agent is a local home agent in the visited network and the MIPv6-related information is transferred from the AAA home server to the local home agent via an AAA server in the visited network.
  - 41. The system of claim 38, wherein the AAA framework protocol application is an application of a protocol selected from the group of Diameter, and RADIUS.
  - 42. The system of claim 27, further comprising:
    - means for assigning, at the AAA home network server, a home agent to the mobile node; and
      
      means for distributing credential-related data for security association establishment between the mobile node and the home agent from the AAA home network server to the mobile node and the home agent, respectively.
  - 43. The system of claim 26, further comprising means for assigning a home address to the mobile node at the AAA home network server.
  - 44. The system of claim 43, further comprising means for configuring the home address of the mobile node using the roundtrips of a selected EAP procedure.
  - 45. The system of claim 42, further comprising:
    - means for building, at the mobile node, a home address for the mobile node using at least a portion of the address of its assigned home agent; and
      
      means for transferring the home address of the mobile node from the mobile node to the AAA home network server using a roundtrip of a selected EAP procedure.
  - 46. The system of claim 43, characterized by means for transferring the home address of the mobile node from the AAA home network server to the home agent using an AAA framework protocol application.

47. An AAA home network server for authentication and authorization support for Mobile IP version 6(MIPv6), comprising:
- means for assigning a home agent to a mobile node; and
  
  means for distributing credential-related data for security association establishment between the mobile node and the home agent to the mobile node and the home agent, respectively.
- View Dependent Claims (48, 49, 50)
- - 48. The server of claim 47, further comprising means for assigning a home address to the mobile node.
  - 49. The server of claim 48, further comprising means for configuring the home address of the mobile node using the roundtrips of a selected EAP procedure.
  - 50. The server of claim 48, further comprising means for transferring the home address of the mobile node to the home agent using an AM framework protocol application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Oyama, Johnson

Granted Patent

US 7,934,094 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0892   by using authentication-aut...

H04L 63/164   at the network layer

H04W 12/062   Pre-authentication

H04W 12/069   using certificates or pre-s...

H04W 8/04   Registration at HLR or HSS ...

H04W 80/04   Network layer protocols, e....

H04W 84/00   Network topologies

METHOD, SYSTEM AND APPARATUS TO SUPPORT MOBILE IP VERSION 6 SERVICES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

50 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD, SYSTEM AND APPARATUS TO SUPPORT MOBILE IP VERSION 6 SERVICES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

50 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links