Method, system and apparatus to support mobile IP version 6 services

US 7,934,094 B2
Filed: 06/15/2004
Issued: 04/26/2011
Est. Priority Date: 06/18/2003
Status: Active Grant

First Claim

Patent Images

1. A method of authentication and authorization support for Mobile IP version 6 (MIPv6), comprising the steps of:

encrypting Extensible Authentication Protocol (EAP) authentication and authorization information in a mobile device operating in a visited network;

sending the encrypted EAP authentication and authorization information from the mobile device to a pass-through visited Authentication, Authorization, and Accounting (AAA) client in the visited network utilizing a protocol for carrying authentication information for network access;

forwarding the encrypted EAP authentication and authorization information from the pass-through visited AAA client to a pass-through visited AAA server in the visited network;

forwarding the encrypted EAP authentication and authorization information from the pass-through visited AAA server in the visited network to a home AAA server in the mobile device'"'"'s home network;

performing an analysis of the encrypted EAP authentication and authorization information by the home AAA server;

sending a MIPv6-related challenge message from the home AAA server to the mobile device via the pass-through visited AAA server and the pass-through visited AAA client in the visited network based on the analysis of the encrypted EAP authentication and authorization information;

sending a MIPv6-related challenge response message from the mobile device to the home AAA server via the pass-through visited AAA client and the pass-through visited AAA server in the visited network;

performing an analysis of the challenge response message contents by the home AAA server; and

sending a MIPv6-related authentication and authorization results message from the home AAA server to the mobile device reporting a result of the analysis of the challenge response message contents and providing session parameter information;

wherein the pass-through visited AAA client and the pass-through visited AAA server forward all messages in a pass-through manner in which information within Type and Type-Data fields after EAP layer headers is not examined by the pass-through visited AAA client and the pass-through visited AAA server;

whereby prior EAP encryption is applied between the mobile device and the home AAA server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

For establishing a MIPv6 security association between the mobile node (10) roaming in a foreign network (20) and a home agent (36) and for simplifying MIPv6-related configuration, MIPv6-related information is transferred in an end-to-end procedure over an AAA infrastructure by means of an, preferably extended, authentication protocol. A preferred embodiment uses EAP as basis for the extended authentication protocol, creating EAP extensions by incorporating the MIPv6-related information as additional data in the EAP protocol stack, for example as EAP attributes in the EAP method layer of the EAP protocol stack or transferred in a generic container attribute on the EAP layer or the EAP method layer. A major advantage of the proposed MIPv6 authentication/authorization mechanism lies in the fact that it is transparent to the visited domain (20), allowing AAA client (22) and AAAv (24) to act as mere pass-through agents during the procedure.

Citations

25 Claims

1. A method of authentication and authorization support for Mobile IP version 6 (MIPv6), comprising the steps of:
- encrypting Extensible Authentication Protocol (EAP) authentication and authorization information in a mobile device operating in a visited network;
  
  sending the encrypted EAP authentication and authorization information from the mobile device to a pass-through visited Authentication, Authorization, and Accounting (AAA) client in the visited network utilizing a protocol for carrying authentication information for network access;
  
  forwarding the encrypted EAP authentication and authorization information from the pass-through visited AAA client to a pass-through visited AAA server in the visited network;
  
  forwarding the encrypted EAP authentication and authorization information from the pass-through visited AAA server in the visited network to a home AAA server in the mobile device'"'"'s home network;
  
  performing an analysis of the encrypted EAP authentication and authorization information by the home AAA server;
  
  sending a MIPv6-related challenge message from the home AAA server to the mobile device via the pass-through visited AAA server and the pass-through visited AAA client in the visited network based on the analysis of the encrypted EAP authentication and authorization information;
  
  sending a MIPv6-related challenge response message from the mobile device to the home AAA server via the pass-through visited AAA client and the pass-through visited AAA server in the visited network;
  
  performing an analysis of the challenge response message contents by the home AAA server; and
  
  sending a MIPv6-related authentication and authorization results message from the home AAA server to the mobile device reporting a result of the analysis of the challenge response message contents and providing session parameter information;
  
  wherein the pass-through visited AAA client and the pass-through visited AAA server forward all messages in a pass-through manner in which information within Type and Type-Data fields after EAP layer headers is not examined by the pass-through visited AAA client and the pass-through visited AAA server;
  
  whereby prior EAP encryption is applied between the mobile device and the home AAA server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, further comprising transferring MIPv6-related information from the home AAA server in the home network to a home agent.
  - 3. The method of claim 2, wherein the MIPv6-related information is transferred from the home AAA server in the home network to the home agent in an AAA framework protocol application.
  - 4. The method of claim 3, wherein the home agent is a local home agent in the visited network and the MIPv6-related information is transferred from the home AAA server to the local home agent via the visited AAA server in the visited network.
  - 5. The method of claim 3, wherein the AAA framework protocol application is an application of a protocol selected from the group of Diameter and RADIUS.
  - 6. The method of claim 2, further comprisingassigning, by the home AAA server, a home agent to the mobile device;
    - anddistributing by the home AAA server to the mobile device and the home agent, credential-related data for establishing a security association between the mobile device and the home agent.
  - 7. The method of claim 6, further comprisingbuilding, at the mobile device, a home address for the mobile device using at least a portion of the address of its assigned home agent;
    - andtransferring the home address of the mobile device from the mobile device to the home AAA server in the home network using a round trip of a selected EAP procedure.
  - 8. The method of claim 1, wherein the MIPv6-related challenge and response messages are incorporated as additional data in an EAP protocol stack.
  - 9. The method of claim 8, wherein MIPv6-related information is transferred in at least one EAP attribute in the EAP protocol stack.
  - 10. The method of claim 9, wherein the MIPv6-related information is transferred as EAP attributes of the EAP method layer in the EAP protocol stack.
  - 11. The method of claim 10, wherein the EAP attributes are EAP Type-Length-Value (TLV) attributes.
  - 12. The method of claim 9, wherein the MIPv6-related information is transferred in a generic container attribute available for any EAP method.
  - 13. The method of claim 9, wherein the MIPv6-related information is transferred in a method-specific generic container attribute of the EAP method layer in the EAP protocol stack.
  - 14. The method of claim 1, wherein the protocol for carrying authentication information for network access is selected from the group of the Protocol for carrying Authentication for Network Access (PANA), IEEE 802.1x, and Point-to-Point Protocol (PPP).

15. A system for authentication and authorization support for Mobile IP version 6 (MIPv6), comprising a mobile device operating in a visited network, a pass-through Authentication, Authorization, and Accounting (AAA) visited client in the visited network, a pass-through visited AAA server in the visited network, and a home AAA server in the mobile device'"'"'s home network, wherein the system performs the steps of:
- the mobile device encrypting Extensible Authentication Protocol (EAP) authentication and authorization information;
  
  the mobile device sending the encrypted EAP authentication and authorization information to the pass-through visited AAA client in the visited network utilizing a protocol for carrying authentication information for network access;
  
  the pass-through visited AAA client forwarding the encrypted EAP authentication and authorization information to the pass-through visited AAA server in the visited network;
  
  the pass-through visited AAA server forwarding the encrypted EAP authentication and authorization information to the home AAA server in the mobile device'"'"'s home network;
  
  the home AAA server performing an analysis of the encrypted EAP authentication and authorization information;
  
  the home AAA server sending a MIPv6-related challenge message to the mobile device via the pass-through visited AAA server and the pass-through visited AAA client in the visited network based on the analysis of the encrypted EAP authentication and authorization information;
  
  the mobile device sending a MIPv6-related challenge response message to the home AAA server via the pass-through visited AAA client and the pass-through visited AAA server in the visited network;
  
  the home AAA server performing an analysis of the challenge response message contents; and
  
  the home AAA server sending a MIPv6-related authentication and authorization results message to the mobile device reporting a result of the analysis of the challenge response message contents and providing session parameter information;
  
  wherein the pass-through visited AAA client and the pass-through visited AAA server forward all messages in a pass-through manner in which information within Type and Type-Data fields after EAP layer headers is not examined by the pass-through visited AAA client and the pass-through visited AAA server;
  
  whereby prior EAP encryption is applied between the mobile device and the home AAA server.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 16. The system of claim 15, wherein the MIPv6-related challenge and response messages are incorporated as additional data in an EAP protocol stack.
  - 17. The system of claim 16, wherein MIPv6-related information is carried in at least one EAP attribute in the EAP protocol stack.
  - 18. The system of claim 17, wherein the MIPv6-related information is carried in EAP attributes of the EAP method layer in the EAP protocol stack.
  - 19. The system of claim 18, wherein the EAP attributes are EAP Type-Length-Value (TLV) attributes.
  - 20. The system of claim 17, wherein the MIPv6-related information is carried in a generic container attribute available for any EAP method.
  - 21. The system of claim 17, wherein the MIPv6-related information is carried in a method-specific generic container attribute of the EAP method layer in the EAP protocol stack.
  - 22. The system of claim 15, wherein the protocol for carrying authentication information for network access is selected from the group of the Protocol for carrying Authentication for Network Access (PANA), IEEE 802.1x, and Point-to-Point Protocol (PPP).
  - 23. The system of claim 15, wherein MIPv6-related information is transferred from the home AAA server in the home network to a home agent in an AAA framework protocol application.
  - 24. The system of claim 23, wherein the home agent is a local home agent in the visited network and the MIPv6-related information is transferred from the home AAA server to the local home agent via the visited AAA server in the visited network.
  - 25. The system of claim 24, wherein the AAA framework protocol application is an application of a protocol selected from the group of Diameter and RADIUS.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Oyama, Johnson
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
PHAM, LUU T

Application Number

US10/595,019
Publication Number

US 20070124592A1
Time in Patent Office

2,506 Days
Field of Search

713/171
US Class Current

713/168
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0892   by using authentication-aut...

H04L 63/164   at the network layer

H04W 12/062   Pre-authentication

H04W 12/069   using certificates or pre-s...

H04W 8/04   Registration at HLR or HSS ...

H04W 80/04   Network layer protocols, e....

H04W 84/00   Network topologies

Method, system and apparatus to support mobile IP version 6 services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method, system and apparatus to support mobile IP version 6 services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links