CN101447978B - Method for acquiring correct HA-RK Context by accessing AAA server in WiMAX network - Google Patents
Method for acquiring correct HA-RK Context by accessing AAA server in WiMAX network Download PDFInfo
- Publication number
- CN101447978B CN101447978B CN200810005981A CN200810005981A CN101447978B CN 101447978 B CN101447978 B CN 101447978B CN 200810005981 A CN200810005981 A CN 200810005981A CN 200810005981 A CN200810005981 A CN 200810005981A CN 101447978 B CN101447978 B CN 101447978B
- Authority
- CN
- China
- Prior art keywords
- authentication
- home agent
- vaaa
- information
- haaa
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention provides a method for acquiring correct home agent root key context information by accessing an AAA server in a WiMAX network. The method comprises the following steps: an access home agent acquires the home agent root key context information from a VAAA when a mobile IP is registered and acquires mobile node-home agent key information from an HAAA by the VAAA, the HAAA attaches identification information which is cached when the mobile node is authenticated to an authentication reply message; and the home agent root key context information assigned during user access authentication is searched according to the identification information carried in the reply message and an address of an access home agent when the VAAA receives the authentication reply message from the HAAA, and the home agent root key context information is attached to the authentication reply message and transmitted to the access home agent.
Description
Technical field
The present invention relates to micro-wave access global inter communication (Worldwide Interoperability forMicrowave Access; When abbreviation WiMAX) mobile IPv 4 inserted in the communication field, the visit aaa server obtained the method for correct home agent root secret key contextual information.
Background technology
The network work group of IETF has proposed the RFC2002 standard in October, 1996, has wherein set forth principle, realization and the various detailed problem of mobile IP in more detail.2003, IETF issued the new criteria RFC3344 of mobile IPv 4, has replaced RFC2002.Say that simply mobile IP can let mobile node when moving, not break off connection, and correct transceive data bag.
In the mobile IPv 4 agreement, each mobile node (Mobile Node is called for short MN) all has a unique home address, and its home address is constant when mobile node (MN) moves.Each mobile node also must have a home agent (HA) to safeguard current position information for it on the home network link, and this just needs to introduce Care-of Address.When mobile node (MN) was connected on the field network link, Care-of Address just was used for identifying the present residing position of mobile node (MN), so that carry out Route Selection.Uniting of the home address of mobile node (MN) and current Care-of Address is called mobility binding or is called for short binding.When mobile node (MN) obtains a new Care-of Address, register to home agent (HA) through binding, so that let home agent (HA) in time understand the mobile node (current location of MN.
The applied environment of mobile node (MN) maybe be very different with common cable network environment.Under many circumstances, mobile node will be connected to network through Radio Link.Such link is easy to receive passive eavesdropping, initiatively Replay Attack and other active attack to attack.Significant process in the mobile IPv 4 is exactly a registration process, and the authentication extension of registration process must be done thus.
The registration of mobile IPv 4 provides a kind of flexible mechanism to make mobile node be sent to its home agent (HA) to their current reachability informations.The method that mobile node (MN) uses is:
-service is transmitted in request when the visit field network,
-inform home agent (HA) to their present care-of address,
-the time arrives, registration again, and/or
-when coming back to hometown, remove and register.
Define among the RFC, each mobile node, Foreign Agent and home agent must be able to be supported the mobile security associating of mobile entity, by their Security Parameter Index (SecurityParameter Index is called for short SPI) and IP allocation index.Registration message between mobile node and its home agent (HA) must use Mobile-Home authentication extension (being called for short MN-HA AE) to carry out authentication.Foreign-Home authentication extension (being called for short FA-HAAE) is optional between the Mobile-Foreign authentication extension between mobile node and its Foreign Agent (being called for short MN-FA AE), Foreign Agent and home agent.
Mobile IPv 4 is exactly the framework that adopts RFC3344 in the WiMAX network, and explicitly calls in mobile IPv 4, and MN-HAAE and FA-HAAE are essential, and MN-FAAE is optional.
The FA-HA authentication extension key that FA-HA AE uses (being called for short FA-HA Key) is to be derived from by home agent root secret key contextual information (being called for short HA-RK Context); And HA-RK is by HAAA or visit authentication (VisitedAuthentication; Authorization; And Accounting is called for short VAAA) produce the random number of 20 bytes.WiMAX network work group related protocol regulation; During WiMAX terminal MN access authentication; If the AAA on ownership place and visit ground distributes the HA in its possession to MN, and in authentication answer message, the HA address and the HA-RK relevant information that issue distribution are given access service network ASN.ASN is registered to the HA that ownership place is still visited ground according to local policy decision user's mobile IP session.
After the success of MN access authentication; The session information of HAAA meeting cache user; Be used for follow-up mobile IP flow process, the information of its buffer memory comprises sign or the IP of the network access Identifier of MN, MN access service network, HA-RK information that HA address that it distributes to the user is relevant with this HA etc.If ASN selects the mobile IP session of MN is registered to the HA of ownership place; When this moment, ASN initiated the mobile IPv 4 registration, need carry out the authentication extension of FA-HA, relatively FA-HA authentication extension key; The HA-RK that ownership place HA distributes when HAAA obtains this authentification of user; This moment, HAAA can find user session information through the user's access service name in the HA request message, and the HA-RK relevant information that correctly issues the user is given HA, and this moment, ownership place HA can complete successfully the FA-HA authentication extension.
If the HA on visit ground is used in the ASN decision, this moment, ASN can send to the mobile IPv 4 register requirement HA on visit ground, and as describing the last period, visit ground HA also need carry out the FA-HA authentication extension, and this moment, visit ground HA need obtain its HA-RK relevant information to VAAA.And describe according to NWG, VAAA when access authentication of user, the buffer memory VAAA HA-RK Context information of distributing only, and with ASN network ID (NAS-ID or IP) and this HA address as index, do not preserve the user profile of non-AAA.With the WiMAX protocol description; Visit ground HA sends in the request message of VAAA and the response message that HAAA returns to VAAA; ASN network ID (NAS-ID or IP) when not comprising the user and inserting, so VAAA can not be according to the request message of visit ground HA and the HA-RK relevant information that the response message content retrieval goes out local cache.Present still unresolved this problem in the WiMAX network work group agreement, and still do not have related patent U.S. Patent No. solution is provided.
Summary of the invention
In view of the foregoing; The present invention proposes a kind of visit aaa server that in the WiMAX network, solves and obtain correct home agent root secret key contextual information (abbreviation HA-RKContext; Context comprises HA-RK, security association index, expiration parameter) and be handed down to home agent (the Home Agent of endpoint registration; Abbreviation HA) method is in order to improve the mobile IP registration flow process of WiMAX NWG.
According to a kind of method that aaa server obtains correct home agent root secret key contextual information of in the WiMAX network, visiting of the present invention, comprising:
In the mobile IP registration process; The visiting home agency obtains the home agent root secret key contextual information to VAAA; And obtain mobile node-home agent key information through VAAA to HAAA, HAAA identification information of buffer memory during additional mobile node authentication in authentication answer message; And
When VAAA receives the said authentication answer message from HAAA; According to the identification information that carries in the response message; And visiting home agency's address; The home agent root secret key contextual information that distributes when searching access authentication of user, and the home agent root secret key contextual information is attached to sends to visiting home agency in the authentication answer message.
Wherein, response message is RADIUS Access-Accept; Identification information comprises ASN sign or IP address information; And ASN identifies and said IP address information is respectively NAS-ID and NAS-IP parameter in the ASNRADIUS authentication message.
The present invention has remedied the deficiency of WiMAX network work group agreement according to the method for the invention; Described clearly when visit AAA allocation for home agents and root key; Move the IP session when being registered to visit ground HA the user; The HA-RK Context that how when visit ground HA correctly issues access authentication of user, distributes has solved unusual in the agreement.
Further, need not expand mobile IP protocol according to the method for the invention, minimal modification WiMAX network element only relates to the AAA network element and changes, and only needs expansion aaa authentication agreement, increases the WiMAX Custom Attributes and gets final product.
Other features and advantages of the present invention will be set forth in specification subsequently, and, partly from specification, become obvious, perhaps understand through embodiment of the present invention.The object of the invention can be realized through the structure that in the specification of being write, claims and accompanying drawing, is particularly pointed out and obtained with other advantages.
Description of drawings
Accompanying drawing is used to provide further understanding of the present invention, and constitutes the part of specification, is used to explain the present invention with embodiments of the invention, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the system construction drawing of the mobile IPv 4 function that the present invention relates to;
Fig. 2 be according to of the present invention in the WiMAX network visit aaa server obtain the flow chart of the method for correct home agent root secret key contextual information; And
Fig. 3 is the flow chart that obtains the method for correct home agent root secret key contextual information according to the visit aaa server in the WiMAX network of the embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing the preferred embodiments of the present invention are described, should be appreciated that preferred embodiment described herein only is used for explanation and explains the present invention, and be not used in qualification the present invention.
Fig. 1 is the system construction drawing of the mobile IPv 4 function that the present invention relates to, wherein:
Mobile node MN 11: be the WiMAX terminal that has or do not have mobile IP function.
Access service network ASN 12: realize foreign agent functionality FA and authentication device function, simultaneously for portable terminal provides access service, for the terminal that does not have mobile IP function, ASN provides the proxy-mobile IP function.The WiMAX protocol requirement; Authentication device sends access authentication/re-authentication request to authentication, mandate and accounting server; In the response message of receiving, comprise the HA of ownership place distribution and the HA and the association key of association key and the distribution of visit ground, ASN can select which HA the mobile IP session of MN is registered on according to local policy.In the method for the present invention, ASN is registered to the mobile IP session of MN the HA on visit ground.
Visit ground authentication, mandate and accounting server VAAA 13: the agency transmits MN access authentication and charging message; According to the WiMAX code requirement, VAAA can distribute the HA and its HA-RK contextual information (being labeled as vHA-IP and vHA-RK Context) on visit ground for the MN session.
Visiting home is acted on behalf of vHA 14: can accept the mobile IP login request that access server sends, and carry out the mobile IP registration response, cooperate the service that mobile IP is provided for portable terminal with access server.
Ownership place authentication, mandate and accounting server HAAA 15: for the user provides authentication, mandate and the service of chargeing.When request is inserted at the terminal of receiving the access server transmission, will carry out authentication to the terminal, and authorize accordingly.According to the WiMAX code requirement, HAAA carries ownership place HA and HA-RK context pass information (being labeled as hHA-P and hHA-RK Context) that HAAA distributes in authentication answer message after terminal authentication passes through.
Ownership place home agent hHA 16: can accept the mobile IP login request that access server sends, and carry out the mobile IP registration response, cooperate the service that mobile IP is provided for portable terminal with access server.
Fig. 2 be according to of the present invention in the WiMAX network visit aaa server obtain the flow chart of the method for correct home agent root secret key contextual information.As shown in Figure 2, wherein:
Step S202; In the mobile IP registration process; The visiting home agency obtains the home agent root secret key contextual information to VAAA; And obtain mobile node-home agent key information through said VAAA to HAAA, said HAAA identification information of buffer memory during additional mobile node authentication in authentication answer message.Promptly; Behind mobile node request access network authentication success; ASN sends to visit ground HA with the mobile node mobile IP login information, and visit ground HA obtains MN-HA Key and relevant information to HAAA in a RADIUS authentication is mutual; Obtain HA-RK Context to VAAA, be respectively applied for the checking of checking MN-HA authentication extension and FA-HA authentication extension.
Step 204; When said VAAA receives the said authentication answer message from said HAAA; According to the identification information that carries in the said response message; And visiting home agency's address, the said home agent root secret key contextual information that distributes when searching access authentication of user, and said home agent root secret key contextual information is attached to sends to said visiting home agency in the said authentication answer message.Promptly; VAAA receives the authentication request message (being RADIUS Access-Request) of transmitting visit ground HA to HAAA, and the HAAA authentication is passed through, and in response message, carries MN-HA Key and relevant information and gives VAAA; Because that MN uses is visit ground HA; This moment, HAAA need not issue the HA-RK Context of visit ground HA, and according to the WiMAX protocol requirement, the HA-RKContext of visit ground HA is handed down to this HA by VAAA.Sign or the IP address information (NAS-ID and NAS-IP parameter when HAAA inserts at the terminal in the ASN RADIUS authentication message of buffer memory) of the ASN of buffer memory when the HA that the VAAA when finding this MN authentication in order to ensure VAAA distributes, the present invention require HAAA in response message (being RADIUSAccess-Accept), to add this MN authentication.VAAA receives the response message RADIUSAccess-Accept of HAAA, according to carrying ASN sign or IP address in the message, adds the address of visit ground HA, and finding this access authentication of user is the HA-RK Context that distributes.Be attached to the HA that sends to visit ground among the authentication answer message RADIUS Access-Accept.
Fig. 3 is the flow chart that obtains the method for correct home agent root secret key contextual information according to the visit aaa server in the WiMAX network of the embodiment of the invention.As shown in Figure 3, wherein:
Step 301: mobile node request access authentication is perhaps asked authentication again behind the connecting system;
Step 302: after access service network authentication device (hereinafter to be referred as authentication device) is received the access request of mobile node, send and insert request message to visit authentication, mandate and accounting server VAAA;
Step 303:VAAA distributes the HA that visits ground according to local policy for this user conversation, produces vHA-RK Context information, is cached in this locality.VHA-RK Context information with the ID of vHA-IP and user ASN or IP (NAS-ID/IP) as search condition;
Step 304:VAAA is acting on behalf of the authentication request message of transmitting to ownership authentication, mandate and accounting server HAAA, and in authentication request message, appends the HA relevant information of its distribution, comprises visit ground HA address vHA-IP and vHA-RK Context information;
Step 305:HAAA authentication user legitimacy according to the HA of local policy for this user conversation distribution ownership place, produces hHA-RK Context information, is cached in this locality.VHA-RK Context information with the ID of vHA-IP and user ASN or IP (NAS-ID/IP) as search condition.HAAA is the relevant parameter of cache user authentication also, comprises moving other keys of IP etc.;
Step 306:HAAA sends authentication to VAAA and passes through response message; Carry the hHA relevant information that vHA relevant information that VAAA distributes and HAAA distribute in the message in request; Comprise HA-IP and HA-RKContext that visit ground and ownership place AAA distribute respectively, and authorize other mobile IP cipher keys and WiMAX service parameter;
Step 307:VAAA transmits authentication answer message and gives ASN, and ASN preserves the authorization parameter in the response message, comprises the HA relevant information that visit ground and ownership place distribute;
Step 308:ASN transmits authentication through message to MN, and authentication is passed through;
After step 309:MN access authentication passes through,, then directly initiate the mobile IP registration flow process if having the terminal of mobile IP capability.If the terminal does not have mobile IP capability, then initiate the DHCP flow process;
After step 310:ASN receives the mobile IP login request or dhcp discover message of MN, according to the local policy decision IP session is moved at the terminal and be registered on the HA that visits ground, then the Foreign Agent among the ASN is transmitted mobile IP login request message vHA with giving visit;
Step 311: visit ground vHA receives after the mobile IP login request message, according to the WiMAX protocol requirement, need do MN-HA authentication extension and FA-HA authentication extension, therefore need obtain MN-HA Key information to HAAA, obtains HA-RKContext information to VAAA.VHA sends RADIUS Access-Request authentication request to VAAA;
After step 312:VAAA received the RADIUS authentication request of vHA, the judges ownership place was transmitted message and is given HAAA;
Step 313:HAAA receives the authentication message that VAAA transmits, and carries out RADIUS authentication.After authentication was passed through, the present invention was buffered in NAS-ID/IP information, the MN-HA Key relevant information in the HAAA information when requiring HAAA to search this authentification of user according to user name, in authentication answer message (RADIUS Access-Accept), send to VAAA in the lump;
After step 314:VAAA receives the authentication answer message of HAAA, require VAAA to add the address of roaming place vHA according to the NAS-ID/IP in the message according to the present invention, indexing authentification of user is the HA-RK Context information of buffer memory;
Step 315:VAAA appends the HA-RK Context information that finds in the step 214 in authentication answer message, again response message is transmitted to vHA;
Step 316:vHA sends the mobile IP registration response message to ASN after accomplishing authentication extension and related resource distribution;
Step 317:ASN sends the mobile IP registration response message to MN, perhaps sends the DHCP flow to MN, finishes mobile IP registration; And
Step 318:MN moves IP session foundation or continues, and the terminal uses mobile IP technology to be linked in the network.
According to the method for the invention; Realizing under the situation that WiMAX network work group agreement is changed and influence is minimum that to having visit AAA issues home agent root secret key to visit ground HA problem among the mobile IP; The perfect deficiency of WiMAX network work group agreement has remedied the defective in the mobile IP flow process of WiMAX.
More than be merely the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various changes and variation.All within spirit of the present invention and principle, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (4)
1. in the WiMAX network, visit the method that aaa server obtains correct home agent root secret key contextual information for one kind, it is characterized in that, may further comprise the steps:
In the mobile IP registration process; The visiting home agency obtains the home agent root secret key contextual information to VAAA; And obtain mobile node-home agent key information through said VAAA to HAAA, said HAAA identification information of buffer memory during additional mobile node authentication in authentication answer message; And
When said VAAA receives the said authentication answer message from said HAAA; According to the identification information that carries in the said response message; And visiting home agency's address; The said home agent root secret key contextual information that distributes when searching access authentication of user, and said home agent root secret key contextual information is attached to sends to said visiting home agency in the said authentication answer message.
2. method according to claim 1 is characterized in that, said response message is RADIUS Access-Accept.
3. method according to claim 1 is characterized in that, said identification information comprises ASN sign or IP address information.
4. method according to claim 3 is characterized in that, said ASN sign and said IP address information are respectively NAS-ID and NAS-IP parameter in the ASN RADIUS authentication message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810005981A CN101447978B (en) | 2008-02-20 | 2008-02-20 | Method for acquiring correct HA-RK Context by accessing AAA server in WiMAX network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810005981A CN101447978B (en) | 2008-02-20 | 2008-02-20 | Method for acquiring correct HA-RK Context by accessing AAA server in WiMAX network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101447978A CN101447978A (en) | 2009-06-03 |
| CN101447978B true CN101447978B (en) | 2012-09-05 |
Family
ID=40743380
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810005981A Expired - Fee Related CN101447978B (en) | 2008-02-20 | 2008-02-20 | Method for acquiring correct HA-RK Context by accessing AAA server in WiMAX network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101447978B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011134134A1 (en) * | 2010-04-26 | 2011-11-03 | 华为技术有限公司 | METHOD, DEVICE AND SYSTEM FOR INTERWORKING BETWEEN WiFi NETWORK AND WiMAX NETWORK |
| CN113099449B (en) * | 2019-12-19 | 2022-11-18 | 中国电信股份有限公司 | Authentication method and system of distributed core network and home subscriber server |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101114958A (en) * | 2006-07-24 | 2008-01-30 | 华为技术有限公司 | Method for implementing mobile IP cipher key update in WiMAX system |
| CN101123815A (en) * | 2007-07-20 | 2008-02-13 | 中兴通讯股份有限公司 | Method for microwave to access home agent root secret key synchronization in global intercommunication mobile IPv4 |
-
2008
- 2008-02-20 CN CN200810005981A patent/CN101447978B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101114958A (en) * | 2006-07-24 | 2008-01-30 | 华为技术有限公司 | Method for implementing mobile IP cipher key update in WiMAX system |
| CN101123815A (en) * | 2007-07-20 | 2008-02-13 | 中兴通讯股份有限公司 | Method for microwave to access home agent root secret key synchronization in global intercommunication mobile IPv4 |
Non-Patent Citations (1)
| Title |
|---|
| C. Perkins, Ed..IP Mobility Support for IPv4.《Request for Comments: 3344》.2002,第1-99页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101447978A (en) | 2009-06-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101401605B1 (en) | Method and system for providing an access-specific key | |
| US9686669B2 (en) | Method of configuring a mobile node | |
| JP4965671B2 (en) | Distribution of user profiles, policies and PMIP keys in wireless communication networks | |
| CN101300889B (en) | Method and server for providing a mobile key | |
| US7984486B2 (en) | Using GAA to derive and distribute proxy mobile node home agent keys | |
| KR101196100B1 (en) | Authentication method in a communication system and apparatus thereof | |
| US8150317B2 (en) | Method and system for managing mobility of an access terminal in a mobile communication system using mobile IP | |
| US20070136590A1 (en) | Network system and communication methods for securely bootstraping mobile IPv6 mobile node using pre-shared key | |
| US8331287B2 (en) | Method and system for managing mobility in a mobile communication system using mobile internet protocol | |
| CN101330719B (en) | Method for selecting mobile management mode in wireless network | |
| CN1795656B (en) | Method of safety initialization users and data privacy | |
| US20070140196A1 (en) | System for preventing IP allocation to cloned mobile communication terminal | |
| CN101447978B (en) | Method for acquiring correct HA-RK Context by accessing AAA server in WiMAX network | |
| CN101123815B (en) | Method for microwave to access home agent root secret key synchronization in global intercommunication mobile IPv4 | |
| Laurent-Maknavicius et al. | Inter-domain security for mobile Ipv6 | |
| CN101119594B (en) | Method of implementing home agent root key synchronization between home agent and foreign agent | |
| CN101227458B (en) | Mobile IP system and method for updating local agent root key | |
| KR100687721B1 (en) | Method for extending of diameter AAA protocol supporting mobile IPv6 | |
| CN101179845B (en) | Key management method and system between local proxy and foreign proxy | |
| Hassan et al. | One-time key and diameter message authentication protocol for proxy mobile IPv6 | |
| KR101266931B1 (en) | Protocol-based, secure authentication methods using the establishment of isas |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20170912 Address after: Shangcai County, Zhumadian City, Henan province 463800 Cai Gou Xiang Meng Zhuang Cun Shui Gou Zhang Village No. 08220 Patentee after: Zhang Yuemei Address before: 518057 Nanshan District science and Technology Industrial Park, Guangdong high tech Industrial Park, ZTE building Patentee before: ZTE Corporation |
|
| TR01 | Transfer of patent right | ||
| CB03 | Change of inventor or designer information |
Inventor after: Zhang Yuemei Inventor before: Zhu Ge Inventor before: Huo Yuzhen |
|
| CB03 | Change of inventor or designer information | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120905 Termination date: 20180220 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |