Method, system and apparatus to support mobile IP version 6 services
First Claim
1. A method of authentication and authorization support for Mobile IP version 6 (MIPv6), comprising the steps of:
- encrypting Extensible Authentication Protocol (EAP) authentication and authorization information in a mobile device operating in a visited network;
sending the encrypted EAP authentication and authorization information from the mobile device to a pass-through visited Authentication, Authorization, and Accounting (AAA) client in the visited network utilizing a protocol for carrying authentication information for network access;
forwarding the encrypted EAP authentication and authorization information from the pass-through visited AAA client to a pass-through visited AAA server in the visited network;
forwarding the encrypted EAP authentication and authorization information from the pass-through visited AAA server in the visited network to a home AAA server in the mobile device'"'"'s home network;
performing an analysis of the encrypted EAP authentication and authorization information by the home AAA server;
sending a MIPv6-related challenge message from the home AAA server to the mobile device via the pass-through visited AAA server and the pass-through visited AAA client in the visited network based on the analysis of the encrypted EAP authentication and authorization information;
sending a MIPv6-related challenge response message from the mobile device to the home AAA server via the pass-through visited AAA client and the pass-through visited AAA server in the visited network;
performing an analysis of the challenge response message contents by the home AAA server; and
sending a MIPv6-related authentication and authorization results message from the home AAA server to the mobile device reporting a result of the analysis of the challenge response message contents and providing session parameter information;
wherein the pass-through visited AAA client and the pass-through visited AAA server forward all messages in a pass-through manner in which information within Type and Type-Data fields after EAP layer headers is not examined by the pass-through visited AAA client and the pass-through visited AAA server;
whereby prior EAP encryption is applied between the mobile device and the home AAA server.
1 Assignment
0 Petitions
Accused Products
Abstract
For establishing a MIPv6 security association between the mobile node (10) roaming in a foreign network (20) and a home agent (36) and for simplifying MIPv6-related configuration, MIPv6-related information is transferred in an end-to-end procedure over an AAA infrastructure by means of an, preferably extended, authentication protocol. A preferred embodiment uses EAP as basis for the extended authentication protocol, creating EAP extensions by incorporating the MIPv6-related information as additional data in the EAP protocol stack, for example as EAP attributes in the EAP method layer of the EAP protocol stack or transferred in a generic container attribute on the EAP layer or the EAP method layer. A major advantage of the proposed MIPv6 authentication/authorization mechanism lies in the fact that it is transparent to the visited domain (20), allowing AAA client (22) and AAAv (24) to act as mere pass-through agents during the procedure.
-
Citations
25 Claims
-
1. A method of authentication and authorization support for Mobile IP version 6 (MIPv6), comprising the steps of:
-
encrypting Extensible Authentication Protocol (EAP) authentication and authorization information in a mobile device operating in a visited network; sending the encrypted EAP authentication and authorization information from the mobile device to a pass-through visited Authentication, Authorization, and Accounting (AAA) client in the visited network utilizing a protocol for carrying authentication information for network access; forwarding the encrypted EAP authentication and authorization information from the pass-through visited AAA client to a pass-through visited AAA server in the visited network; forwarding the encrypted EAP authentication and authorization information from the pass-through visited AAA server in the visited network to a home AAA server in the mobile device'"'"'s home network; performing an analysis of the encrypted EAP authentication and authorization information by the home AAA server; sending a MIPv6-related challenge message from the home AAA server to the mobile device via the pass-through visited AAA server and the pass-through visited AAA client in the visited network based on the analysis of the encrypted EAP authentication and authorization information; sending a MIPv6-related challenge response message from the mobile device to the home AAA server via the pass-through visited AAA client and the pass-through visited AAA server in the visited network; performing an analysis of the challenge response message contents by the home AAA server; and sending a MIPv6-related authentication and authorization results message from the home AAA server to the mobile device reporting a result of the analysis of the challenge response message contents and providing session parameter information; wherein the pass-through visited AAA client and the pass-through visited AAA server forward all messages in a pass-through manner in which information within Type and Type-Data fields after EAP layer headers is not examined by the pass-through visited AAA client and the pass-through visited AAA server; whereby prior EAP encryption is applied between the mobile device and the home AAA server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for authentication and authorization support for Mobile IP version 6 (MIPv6), comprising a mobile device operating in a visited network, a pass-through Authentication, Authorization, and Accounting (AAA) visited client in the visited network, a pass-through visited AAA server in the visited network, and a home AAA server in the mobile device'"'"'s home network, wherein the system performs the steps of:
-
the mobile device encrypting Extensible Authentication Protocol (EAP) authentication and authorization information; the mobile device sending the encrypted EAP authentication and authorization information to the pass-through visited AAA client in the visited network utilizing a protocol for carrying authentication information for network access; the pass-through visited AAA client forwarding the encrypted EAP authentication and authorization information to the pass-through visited AAA server in the visited network; the pass-through visited AAA server forwarding the encrypted EAP authentication and authorization information to the home AAA server in the mobile device'"'"'s home network; the home AAA server performing an analysis of the encrypted EAP authentication and authorization information; the home AAA server sending a MIPv6-related challenge message to the mobile device via the pass-through visited AAA server and the pass-through visited AAA client in the visited network based on the analysis of the encrypted EAP authentication and authorization information; the mobile device sending a MIPv6-related challenge response message to the home AAA server via the pass-through visited AAA client and the pass-through visited AAA server in the visited network; the home AAA server performing an analysis of the challenge response message contents; and the home AAA server sending a MIPv6-related authentication and authorization results message to the mobile device reporting a result of the analysis of the challenge response message contents and providing session parameter information; wherein the pass-through visited AAA client and the pass-through visited AAA server forward all messages in a pass-through manner in which information within Type and Type-Data fields after EAP layer headers is not examined by the pass-through visited AAA client and the pass-through visited AAA server; whereby prior EAP encryption is applied between the mobile device and the home AAA server. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
Specification