Methods and systems for authenticating a device with multiple network access identifiers
First Claim
1. A method, performed in a home agent, wherein the home agent is communicatively coupled to an authentication server and to a wireless communication device (WCD), and wherein the home agent contains a binding that associates a home address (HOA) with a first network access identifier (NAI), the method comprising:
- receiving, via a communication network from the WCD, a first registration request message, wherein the first registration request message contains at least the HOA and a second NAI, and wherein the WCD is seeking to maintain a session with the home agent;
responsive to receiving the first registration request message, determining that the first NAI and the second NAI are different;
responsive to determining that the first NAI and the second NAI are different, transmitting a first access request message to the authentication server to verify that the first NAI and the second NAI are both associated with the WCD;
receiving, from the authentication server, a first access accept message verifying that the first NAI and the second NAI are both associated with the WCD;
responsive to receiving the first access accept message, updating the binding to associate the HOA with the second NAI; and
transmitting, via the communication network to the WCD, a first registration reply message, thereby informing the WCD that the session with the home agent is maintained.
6 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and devices are presented that allow a wireless communication device (WCD) to use multiple access identifiers (NAIs) in conjunction with a communication session between the WCD and a home agent. The home agent may maintain a binding that reflects the state of the session. Accordingly, the binding may contain a home IP address (HOA) as well as a first NAI. The home agent may then receive a registration request message containing the HOA and a second NAI. In order to avoid potential hijacking attacks from entities other than the WCD, the home agent may, in conjunction with an authentication server, attempt to validate that that first NAI and second NAI are both associated with the WCD. If this is the case, the home agent may update the binding to reflect that the second NAI is associated with the session, and the home agent may maintain the session so that the WCD does not suffer an appreciable interruption in service.
-
Citations
20 Claims
-
1. A method, performed in a home agent, wherein the home agent is communicatively coupled to an authentication server and to a wireless communication device (WCD), and wherein the home agent contains a binding that associates a home address (HOA) with a first network access identifier (NAI), the method comprising:
-
receiving, via a communication network from the WCD, a first registration request message, wherein the first registration request message contains at least the HOA and a second NAI, and wherein the WCD is seeking to maintain a session with the home agent; responsive to receiving the first registration request message, determining that the first NAI and the second NAI are different; responsive to determining that the first NAI and the second NAI are different, transmitting a first access request message to the authentication server to verify that the first NAI and the second NAI are both associated with the WCD; receiving, from the authentication server, a first access accept message verifying that the first NAI and the second NAI are both associated with the WCD; responsive to receiving the first access accept message, updating the binding to associate the HOA with the second NAI; and transmitting, via the communication network to the WCD, a first registration reply message, thereby informing the WCD that the session with the home agent is maintained. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A home agent communicatively coupled to an authentication server and to a wireless communication device (WCD), the home agent comprising:
-
a memory containing at least a binding that associates a home address (HOA) with a first network access identifier (NAI); a first logical interface for communicating with the WCD; a second logical interface for communicating with the authentication server; a processor, capable of executing program logic, stored in the memory, to perform the functions of (1) receiving, via the first logical interface, a first registration request message containing at least the HOA and a second NAI, (2) responsive to receiving the first registration request message, determining that the first NAI and the second NAI are different, (3) responsive to determining that the first NAI and the second NAI are different, transmitting, via the second logical interface, a first access request message to verify that the first NAI and the second NAI are both associated with the WCD, (4) receiving, via the second logical interface, a first access accept message verifying that the first NAI and the second NAI are both associated with the WCD, (5) responsive to receiving the first access accept message, updating the binding to associate the HOA with the second NAI in the first memory, and (6) transmitting, via the first logical interface, a first registration reply message, thereby informing the WCD that the binding has been updated. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A communication system comprising:
-
a wireless communication device (WCD); an authentication server maintaining a profile of the WCD, wherein the profile contains a first network access identifier (NAI) and a second NAI; a home agent communicatively coupled to the WCD and the authentication server, wherein the home agent contains a binding between a home address (HOA) and the first NAI, wherein the WCD undergoes a handoff from a first wireless network to a second wireless network, wherein, in response to the handoff, the WCD transmits a registration request message, containing at least the HOA and a second NAI, to the home agent, seeking to maintain a session with the home agent, wherein the home agent, in response to receiving the registration request message, determines that the first NAI and the second NAI are different, wherein the home agent, in response to determining that the first NAI and the second NAI are different, transmits an access request message, containing at least the HOA and the second NAI, to the authentication server, wherein the authentication server verifies that the first NAI and the second NAI are both associated with the WCD, wherein the authentication server transmits an access accept message to the home agent, wherein, the home agent, in response to receiving the access accept message, updates the binding to associate the HOA with the second NAI, and wherein the home agent transmits a registration reply message to the WCD, thereby informing the WCD that the session with the home agent is maintained. - View Dependent Claims (18, 19, 20)
-
Specification