CN101075870A

CN101075870A - Method for generating and distributing movable IP Key

Info

Publication number: CN101075870A
Application number: CN 200610094477
Authority: CN
Inventors: 梁文亮; 吴建军
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2006-05-16
Filing date: 2006-07-04
Publication date: 2007-11-21
Anticipated expiration: 2026-07-04
Also published as: CN101075870B

Abstract

The method comprises: during authentication process, the authentication, authorization and accounting (AAA) server sends the key information to the anchor authenticator; according to said key information, the authenticator gets the key between the mobile node and the external agent and the key between the external agent and the home agent; when receiving a broadcast message from the external agent, according to the address of the external agent, the terminal figures out the key between the mobile node and the external agent, and triggers the mobile IP registration request; the home agent processes the registration request, and after success of registration, returns the request confirmation; according to ht e received registration confirmation, said terminal gets the address of the home agent, and figures out the key between the mobile node and the home agent.

Description

A kind of generation of mobile IP cipher key and distribution method

Technical field

The present invention relates to network safety filed, relate to a kind of generation and distribution method of mobile IP cipher key concretely.

Background technology

Extensive use along with the flourish and wireless network of internet service, mobile subscriber's fail safe has proposed increasing requirement for wireless system: except device authentication, subscription authentication and authorization of service or the like, the foundation of the escape way between wireless user and access point (AP) or base station (BS), the exchange of security information, and BS and authentication person (Authenticator), secret passage between authentication person and the authentication server, exchange of security information or the like all be in the past in dedicated network do not need to consider and the problem that need be paid close attention in a large number at present.

Do not consider other internal units in the Access Network, we will adopt Fig. 1, WiMAX security network infrastructure system shown in Figure 2 (but technology provided by the present invention includes but not limited to the application in the WiMAX system) when technical description subsequently.

What Fig. 1 represented is centralized network architecture system, and under this framework, authentication person (Authenticator) is arranged in different physical entities with BS, has realized the function of authentication person and key publisher (Key Distributor) in authentication person.In BS, realized authentication relay (Authentication Relay) and key recipient's (Key Receiver) function.

What Fig. 2 represented is distributed network architecture system, under this structure, authentication person and BS are arranged in same physical entity, and this entity has been realized authentication person, authentication relay, key publisher (Key Distributor) and key recipient's (Key Receiver) function simultaneously.

The functional interpretation of each network element (comprising logical ne) is as follows among the figure:

BS：

-escape way of BS and terminal (MS) is provided, comprise the compression and the encryption of the data of eating dishes without rice or wine;

-exchange of the security information between BS and the MS is provided.

Authentication person:

-provide agent functionality for MS authentication function

-in same physical entity, realize authentication person's relaying with key publisher (Key Distributor):

The relaying of authentication request and response message in-the realization verification process

Key publisher:

-realize in same physical entity with authentication person, provide according to certificate server and MSS between the root key information of equity, produce the air interface key AK that shares between BS and the MSS, and be distributed on the key recipient (Key Receiver).

The key recipient:

-in BS, realize, be used to receive the air interface key AK that produces from key publisher, and derive from other key between BS and the MSS.

In addition, as a complete safe network architecture system, also should comprise the certificate server and the mobile terminal MS of back-end network.

Authentication and authorization charging (AAA) server:

-certificate server mainly is to finish to be MSS authentication function.And by and MSS between the key generting machanism of reaching exchange mutually and produce the key information necessary.Because these information exchanged before setting up escape way, the leakage that the key algorithm that adopts between certificate server and the MSS etc. all must guarantee information does not exert an influence to security mechanism.Major function comprises:

-finish and be MSS authentication function.

-generation and distribution root key information are to authentication person.

-change in user profile, in time notify authentication person and other net element informations to change the consequence that is produced.

MS：

-MS is a mobile subscriber equipment, in security architecture mainly is to initiate authentication, mandate; Produce the needed information of root key with the certificate server exchange; Oneself produces root key; The own generation according to root key eats dishes without rice or wine to go up other key informations of maintaining secrecy needed AK and deriving from.

MIP has following functional entity: mobile node (MN), external agent (FA) and home agent (HA).

MN initiates mobile IP (MIP) register requirement via FA to HA.HA receives after the MIP register requirement, and the Care-of Address of MN (CoA) address and home address (HoA) address are mapped, and all destination addresses that later HA receives are that the packet of HoA all is forwarded to the CoA address, are the address of FA among the MIPv4.In order to guarantee fail safe, generally can have authentication extension (AE) in the MIP message.The authentication extension MN-HA-AE between MN and the HA for example, when HA receives a MIP register requirement of carrying MN-HA-AE, HA just needs calculate a local authentication value according to the key information of knowing in advance, compares with the MN-HA-AE that packet carries then.If identical then authentication is passed through, and handle the MIP register requirement; Otherwise refusal is handled this MIP register requirement.

When not having key information in advance between MN and HA, MN can utilize the key information between MN and the AAA, authenticates MIP register requirement this time.

MIP has two kinds of forms in WiMAX: client mobile IP (CMIP) and proxy-mobile IP (PMIP).(as Fig. 3 a), work under the CMIP pattern, this moment, mobile node MN was exactly a portable terminal for the terminal of supporting the MIP agreement; On the contrary, do not support the terminal (as Fig. 3 b) of MIP agreement, create a PMIP-client (PMIP-client) entity by network side and replace MN to realize the function of MIP.

(1) key of PMIPv4 produces and distribution

In access authentication procedure, AAA produces EMSK (extendible master session key: Extended MasterSession Key), calculate mobile IP root key (MIP-RK) then, and derive MN-HA thus, key between MN-FA and the FA-HA (being respectively MN-HA-K, MN-FA-K and FA-HA-K).Then, MN-HA, the secret key encryption between MN-FA and the FA-HA sends to network access server (NAS) according to the method for RFC2868 the 3.5th joint.

Prior art has defined above MN-HA-K (but designate is MN-HA-MIP4-K in MIPv4) simultaneously, MN-FA-K, and the generation formula of FA-HA-K is relevant with following factor:

In the access proof procedure of MS, can produce a key EMSK between MS and the AAA.MS and AAA can go out MIP-RK by the function calculation that defines by EMSK.Key between MN and the HA (MN-HA-K) also can be come out by the function calculation that defines by the IP address (HA-IP) of MIP-RK and home agent; Key between MN and the FA (MN-FA-K) also can be come out by the function calculation that defines by MIP-RK and external agent's IP (FA-IP); Key between FA and the HA (FA-HA-K) also can be by MIP-RK, FA-IP, and HA-IP and a random number are come out by the function calculation that defines.Formula is as follows:

MN-HA-MIP4＝H(MIP-RK，“MIP4?MN?HA”|HA-IP)；

MN-FA＝H(MIP-RK，“MN?FA”|FA-IP)；

FA-HA＝H(MIP-RK，“FA?HA”|FA-IP|HA-IP|NONCE)。

In RFC3957, also stipulated following algorithm, can be by random number, the shared cipher key calculation between mobile node sign and mobile node and the AAA:

key＝HMAC-SHA1(AAA-key，{Nonce‖MN-ID})。

(2) key of CMIPv4 produces and distribution

In access authentication procedure, AAA produces EMSK, calculates MIP-RK then, and derives MN-HA thus, the key between MN-FA and the FA-HA.MN can calculate key between MN-FA and the MN-HA according to FA-IP and HA-IP; NAS then obtains MN-FA, the key between MN-HA and the FA-HA.The key that HA is relevant obtained to the AAA request in the MIP register requirement process in the first time.

The shortcoming of prior art one is:

1) current prior art has just been described the generation formula of MIP key, but the not description of concrete key production process, in AAA process or MIP process; When key produces simultaneously, obtain mechanism and not definition of flow process that key produces needed input parameter in the various process;

2) process prescription is not accurate enough, and can not guarantee that the precondition of each step can both satisfy, and for example calculates MN-HA, during key between MN-FA and the FA-HA, needs the definition related entities how to obtain the process of relevant parameter.

3) under the FA migration situation, target FA can't obtain MN-FA and FA-HA key information, and HA can't upgrade the FA-HA key.

Summary of the invention

In view of this, the object of the present invention is to provide a kind of generation and distribution method of mobile IPv 4 key, with generation and the distribution flow that clearly provides the MIP key.

In order to realize described purpose, technical scheme of the present invention is:

A kind of generation of mobile IP cipher key and distribution method comprise:

In the authentication process, authentication and authorization charging server AAA issues key information to anchor authentication person;

Anchor authentication person directly obtains according to described key information or produces mobile IP cipher key based on the IP address computation;

Key MN-FA-K between shared mobile node of external agent FA and described anchor authentication person and the external agent and the key FA-HA-K between external agent and the home agent;

When mobile IP mode is the proxy-mobile IP pattern, key MN-HA-K between shared mobile node of mobile node MN and described anchor authentication person and the home agent and the key MN-FA-K between mobile node and the external agent;

When mobile IP mode is the client mobile IP pattern, mobile node obtains key MN-HA-K between mobile node and the home agent based on home agent IP address, and obtains key MN-FA-K between mobile node and the external agent based on external agent IP address;

The terminal of client mobile IP pattern or with described anchor authentication person altogether the proxy-mobile IP client of entity initiate mobile IP login request, this register requirement is carried the authentication extension MN-FA-AE between the authentication extension MN-HA-AE and mobile node and external agent between mobile node and the home agent;

The external agent verifies described MN-FA-AE, and is sent to home agent behind the authentication extension FA-HA-AE between additional external agency and the home agent;

Home agent obtains key MN-HA-K between mobile node and the home agent and the key FA-HA-K between external agent and the mobile node from authentication and authorization charging server, and verifies described MN-HA-AE;

If the mobile IP registration success, then home agent returns the mobile IP registration response, and is sent to described proxy-mobile IP client via the external agent.

Described key information comprises at least: key between mobile node-home agent and mobile IP external agent root key MIP-FA-RK, perhaps extended master session key EMSK, perhaps mobile IP root key MIP-RK; Wherein said extended master session key EMSK is in order to derive from mobile IP root key MIP-RK or mobile IP external agent root key MIP-FA-RK at least; Key reaches or mobile IP external agent root key described mobile IP root key between mobile IP functional entity in order to calculate; Described mobile IP external agent root key is in order to calculate external agent's association key.

Anchor authentication person is distributed hometown-agent-address or is obtained hometown-agent-address by the dynamic home agent address discovery process by described AAA;

The client mobile IP terminal is distributed hometown-agent-address or is obtained hometown-agent-address by the dynamic home agent address discovery process by described AAA.

The client mobile IP terminal obtains the external agent address by the broadcast that the external agent initiates;

Proxy mobile IP customer terminal obtains the external agent address by the external agent.

When the external agent need move:

Under the proxy-mobile IP pattern, target external agency to described anchor authentication person ask the key MN-TFA-K between mobile node and the target external agency and target external is acted on behalf of and home agent between cipher key T FA-HA-K, and after obtaining MN-TFA-K and TFA-HA-K, initiate new mobile IP registration by the described proxy-mobile IP client of proxy-mobile IP miscellaneous function body request, the target external agency is behind the MN-TFA-AE of checking MIP-RRQ, transmission is carried the MIP-RRQ of TFA-HA-AE and MN-HA-AE to home agent, if aaa server has issued MN-AAA-K to anchor authentication person, then described MIP-RRQ also carries MN-AAA-AE;

After home agent is received MIP-RRQ, by obtaining TFA-HA-K to the AAA request; After TFA-HA-AE checking was finished and succeeded in registration with MIP, home agent sent MIP-RRP to the external agent, sends to PMIP miscellaneous function body behind the target external proxy authentication TFA-HA-AE, by PMIP miscellaneous function body request PMIP customer authentication MN-HA-AE;

Perhaps,

Under the client mobile IP pattern, the client mobile IP terminal just can be target external agency calculating MN-TFA-K after the broadcast of receiving the target external agency, and by target external agent triggers MIP registration; The target external agency is behind the MN-TFA-AE of checking MIP-RRQ, and the MIP-RRQ that TFA-HA-AE and MN-HA-AE are carried in transmission is to home agent, and described MIP-RRQ can also carry MN-AAA-AE;

After home agent is received MIP-RRQ, by obtaining TFA-HA-K to the AAA request; After TFA-HA-AE checking and MIP succeed in registration, HA sends and carries the MIP-RRP of MN-HA-AE and TFA-HA-AE to FA, FA sends to the client mobile IP terminal after having verified TFA-HA-AE again, and the client mobile IP terminal has MN-HA-K and MN-TFA-K, the MIP-RRP that checking is received.

Under proxy-mobile IP pattern or the client mobile IP pattern, during the MN-TFA-AE of target external proxy authentication MIP-RRQ, directly ask MN-TFA-K and TFA-HA-K to anchor authentication person; Perhaps send complete MIP-RRQ and require checking to anchor authentication person, anchor authentication person provides the checking result and additional TFA-HA-AE on MIP-RRQ.

At home agent during, with target external agency's IP parameter as request to AAA request TFA-HA-K.

Home agent is each right＜external agent, portable terminal〉key information of maintenance.

In the authentication process, anchor authentication person sends the external agent address to described AAA;

The external agent is handed down in broadcast in the external agent address and authentication process of terminal, and FA informs that by anchor authentication person the external agent address to aaa server is consistent.

The external agent IP address of using terminal to see when calculating MN-FA-K and FA-HA-K; Perhaps

Calculate the external agent IP address that MN-FA-K and FA-HA-K use home agent to see; Perhaps

Terminal and anchor authentication person calculate MN-FA-K with the external agent IP address that terminal is seen; The FA-IP that AAA and anchor authentication person see with home agent calculates FA-HA-K.

A kind of generation of mobile IP cipher key and distribution method comprise:

Anchor authentication person is according to key between described key information acquisition mobile node and the external agent and the key between external agent and the home agent;

Receive external agent's broadcast when terminal, go out key between mobile node and the external agent according to external agent's address computation, and the triggering mobile IP login request, carry authentication extension between mobile node and the AAA and the authentication extension MN-FA-AE between mobile node and the external agent in this register requirement;

The external agent verifies mobile node and external agent's authentication extension MN-FA-AE, and sends register requirement to home agent, carries authentication extension and external agent and home agent authentication extension between mobile node and the AAA in the register requirement of this transmission;

Home agent receives described register requirement, and the key between AAA request external agent and home agent key and mobile node and home agent, after the authentication extension between described AAA good authentication mobile node and the AAA, return the key of request to home agent;

Home agent is handled described register requirement, and returns register requirement response after succeeding in registration, described terminal obtain hometown-agent-address according to the registration response that receives and calculate mobile node and home agent between key.

If mobile IP registration success is then returned and is carried that the mobile IP registration of authentication extension and external agent and home agent authentication extension responds to the external agent between mobile node and the home agent;

The external agent verifies between external agent and the home agent after the authentication extension, sends to carry between the local proxy of mobile node the responding to portable terminal of authentication extension between the authentication extension and mobile node and external agent.

When the external agent need move, the client mobile IP terminal just can be target external agency calculating MN-TFA-K after the broadcast of receiving the target external agency, and by target external agent triggers MIP registration; In the mobile IP login request that the client mobile IP terminal sends, carry MN-TFA-AE, go back portability MN-HA-AE and/or MN-AAA-AE simultaneously;

The target external agency sends and carries the MIP-RRQ of TFA-HA-AE and MN-HA-AE to home agent behind the MN-TFA-AE of checking MIP-RRQ;

After home agent is received MIP-RRQ, to HAAA request TFA-HA-K, and after TFA-HA-AE checking and MIP succeed in registration, home agent sends the mobile IP login request of carrying MN-HA-AE and TFA-HA-AE and responds MIP-RRP to the external agent, the external agent sends to the client mobile IP terminal after having verified TFA-HA-AE again, the client mobile IP terminal has MN-HA-K and MN-TFA-K, the MIP-RRP that checking is received.

Under the client mobile IP pattern, during the MN-TFA-AE of target external proxy authentication MIP-RRQ, directly ask MN-TFA-K and TFA-HA-K to anchor authentication person; Perhaps send complete MIP-RRQ and require checking to anchor authentication person, anchor authentication person provides the checking result and additional TFA-HA-AE on MIP-RRQ.

In the authentication process, anchor authentication person sends the external agent address to AAA;

The external agent is handed down in broadcast in the external agent address and authentication process of terminal, and FA informs that by anchor authentication person the external agent address to AAA is consistent.

Described key information comprises at least: key between mobile node and home agent and mobile IP external agent root key MIP-FA-RK, perhaps extended master session key EMSK, perhaps mobile IP root key MIP-RK; Wherein said extended master session key EMSK is in order to derive from mobile IP root key MIP-RK, mobile IP external agent root key MIP-FA-RK at least; Described mobile IP root key reaches or mobile IP external agent root key in order to calculate mobile IP inter-entity key; Described mobile IP external agent root key is in order to calculate external agent's association key.

The external agent IP address of using MS to see when calculating MN-FA-K and FA-HA-K; Perhaps

Calculate the external agent IP address that MN-FA-K and FA-HA-K use HA to see; Perhaps

Portable terminal and anchor authentication person calculate MN-FA-K with the external agent IP address that MS sees; AAA and anchor

Authentication person calculates FA-HA-K with the FA-IP that HA sees.

A kind of generation of mobile IP cipher key and distribution method comprise:

In the authentication process, authentication and authorization charging server AAA sends the IP address of key information and home agent to anchor authentication person;

The proxy-mobile IP client obtains key MN-HA-K between mobile node and the home agent and/or the key MN-AAA-K between mobile node and the aaa server from described anchor authentication person, and initiates mobile IP login request, is sent to home agent by the external agent; Described mobile IP login request is carried authentication extension MN-HA-AE between mobile node and the home agent and/or the authentication extension MN-AAA-AE between mobile node and the aaa server;

Described home agent is asked MN-HA-K to AAA, verifying the MN-HA-K that carries in the described mobile IP login request, and handles described register requirement;

If succeed in registration, then return the registration response to described proxy-mobile IP client.

Described key information comprises MIP-RK at least, or MN-HA-K, or EMSK.

Described key information also comprises MN-AAA-K.

Anchor authentication person is distributed hometown-agent-address or is obtained hometown-agent-address by the dynamic home agent address discovery process by described AAA.

A kind of generation of mobile IP cipher key and distribution method comprise:

In the authentication process, described authentication and authorization charging server AAA preserves EMSK or mobile IP root key information;

Portable terminal is by being issued the address of home agent or obtained hometown-agent-address by the dynamic home address discovery procedure by authentication and authorization charging server AAA in the described authentication process, and calculate key between mobile node and the home agent, and after receiving external agent's broadcast, initiate to carry the mobile IP login request of authentication extension between mobile node and the home agent, and send this by the external agent and ask to home agent;

The key of described home agent between AAA request mobile node and home agent, described AAA obtains the key between mobile node and the home agent and is back to home agent according to the key information of preserving;

Between mobile node that carries in the home agent checking mobile IP login request and the home agent after the authentication extension, handle described register requirement, and after succeeding in registration, return carry authentication extension between mobile node and the home agent mobile IP registration response to described portable terminal.

In the authentication process, authentication and authorization charging server AAA sends the IP address of home agent to anchor authentication person.

A kind of generation of mobile IP cipher key and distribution method comprise:

In the authentication process, authentication and authorization charging server AAA sends the IP address of home agent to anchor authentication person, and keeps EMSK or mobile IP root key information;

After portable terminal is received external agent's broadcast, initiate to carry the mobile IP login request of authentication extension between mobile node and the AAA;

Between mobile node that carries in the home agent checking mobile IP login request and the home agent after the authentication extension, handle described register requirement, and after succeeding in registration, return carry authentication extension between mobile node and the home agent mobile IP registration response to described portable terminal;

Described portable terminal obtains hometown-agent-address according to the mobile IP registration response that receives, calculate the key between mobile node and the home agent thus and verify mobile node and home agent between authentication extension.

More than various IP address-based mobile IP cipher keys produce and distribution method in, after terminal re-authenticates verification process, the key that mobile IP is correlated with will upgrade; Inform mobile IP cipher key information after the renewal by AAA Server proactive notification HA;

After HA receives mobile IP cipher key information after the renewal, upgrade the mobile IP cipher key context of preserving before it relevant with this MS;

After terminal re-authenticated authentication and finishes, for the CMIP pattern, terminal was all used new mobile IP cipher key information to generate the checking expansion in the heavy registration process of the mobile IP of follow-up generation and is carried in the mobile IP login request;

When terminal re-authenticate the authentication finish after, for the PMIP pattern, aaa server issues new mobile IP root key information behind the current anchor authentication person of this terminal, and anchor authentication person produces new mobile IP cipher key, and informs the Anchor PMIP Client and the current FA of MS of this terminal correspondence; Perhaps wait until when Anchor PMIP Client initiates new mobile IP registration, and after FA receives mobile IP login request, to this dead end anchor authentication person checking of getting here or request help.

HA will use the mobile IP cipher key context that upgrades to verify the legitimacy of the heavy registration process of mobile IP of follow-up generation;

The mobile IP of described follow-up generation is heavy, and registration process comprises that mobile IP goes registration process, and/or because the mobile IP weight registration process that the migration of FA causes.

The present invention is clear to have defined relevant key production process and the generation mechanism of MIP, and the distribution procedure of MIP key, guarantees the execution of MIP registration process.Under the FA migration situation, because anchor authentication person (Anchor-Authenticator) has MIP-FA-RK, so target FA and HA can ask to upgrade later MN-FA-K and FA-HA-K to anchor authentication person.

Description of drawings

Fig. 1 is a WiMAX security architecture system centralized in the prior art;

Fig. 2 is a distributed WiMAX security architecture system in the prior art;

Fig. 3 a is the complete safe network architecture system based on CMIP;

Fig. 3 b is the complete safe network architecture system based on PMIP;

Fig. 4 is that the key based on PMIPv4 of the present invention produces and the distribution flow schematic diagram;

But the key when Fig. 5 is issued to MSS for the HA-IP based on CMIPv4 of the present invention in extended authentication (EAP) produces and the distribution flow schematic diagram;

But the key when Fig. 6 is not issued to MSS for the HA-IP based on CMIPv4 of the present invention in extended authentication (EAP) produces and the distribution flow schematic diagram;

Fig. 7 divides the key of timing to produce and distribution flow figure for HA under the PMIPv4 pattern can't help HAAA;

Fig. 8 divides the key of timing to produce and distribution flow figure for HA under the CMIPv4 pattern can't help HAAA;

Fig. 9 is the generation and the distribution flow figure that do not produce the relevant safe key of FA with respect to the PMIPv4 of Fig. 4;

Figure 10 for respect to Fig. 5 based on CMIPv4 do not produce the FA association key time key produce and the distribution flow schematic diagram;

Figure 11 for respect to Fig. 6 based on CMIPv4 do not produce the FA association key time key produce and the distribution flow schematic diagram;

Figure 12-Figure 14 be respectively with respect to Fig. 4-Fig. 6 do not introduce MIP-FA-RK the time flow chart.

Embodiment

For making the purpose, technical solutions and advantages of the present invention clearer, specific embodiments of the invention are elaborated below in conjunction with accompanying drawing.

The present invention is intended to clearly define MIP relevant key production process and generation mechanism, and the distribution procedure of MIP key, guarantees the execution of MIP registration process, and provide in the FA transition process that related entities can both be upgraded key information safely.

Produce and distribution flow at key of the present invention under the different conditions below.

The present invention has also defined the root key of MIP-FA-RK for the special FA of derivation association key, to strengthen internet security.MIP-FA-RK be by EMSK directly or derive from indirectly be specifically designed to the root key that produces FA association key (MN-FA-K and FA-HA-K).The described EMSK that is meant indirectly derives MIP-RK earlier, derives from MIP-FA-RK by MIP-RK then.

The formula that derives from MIP-FA-RK can be as follows:

MIP-FA-RK=H (EMSK, " FA ROOT KEY "), wherein H is a Hash function; Perhaps

MIP-FA-RK=HMAC-SHA1 (EMSK, " FA ROOT KEY ") etc.

But functional form and parameter all are not limited thereto, to one skilled in the art, can be easy to obtain producing the root key of FA association key according to EMSK or MIP-RK, what emphasize in this present invention is to utilize MIP-FA-RK to produce FA association key itself, and does not emphasize its concrete form.

Because the IP address of FA may be different for different segment, the present invention is clear and definite calculates the FA-IP of MIP association key.If FA-IP has sent to AAA in the authentication process; Just can only comprise a CoA address (equaling the FA-IP of described transmission) in the FA broadcasting so; If in the authentication process, do not send FA-IP, in the MIP registration process, notify AAA so by HA.

In the authentication process, when using external agent IP address computation association key, because that the FA-IP that MS sees and HA see is possible different, anchor authentication person need distinguish.Following mode is arranged:

1. calculate the FA-IP that MN-FA-K and FA-HA-K use MS to see;

2. calculate the FA-IP that MN-FA-K and FA-HA-K use HA to see;

3.MS and anchor authentication person calculates MN-FA-K with the FA-IP that MS sees; Aaa server and anchor authentication person calculate FA-HA-K with the FA-IP that HA sees.

4. other account forms, as long as when calculating same key, used identical the getting final product of FA-IP parameter.

Embodiment 1:HA divides timing by AAA in the address

One, the key based on PMIPv4 produces and distribution

The precondition that this process need satisfies is: 1) the HA address is distributed by AAA; 2) authentication person knows FA-IP; 3) anchor authentication person and PMIP-client are in a physical entity together; 4) AAA keeps root key (MIP-FA-RK or MIP-RK or EMSK); 5) fail safe between the MN-FA guarantees.

Fig. 4 is that the key based on PMIPv4 of the present invention produces and the distribution flow schematic diagram.As shown in Figure 4, generation of the key of PMIPv4 and distribution comprise the steps:

0. in the authentication process, anchor authentication person sends to HAAA (ownership place AAA) to the FA-IP address by RADIUS (dial user's remote authentication business) message.

Because the HA address is distributed by HAAA, with MS authentication process in obtain EMSK after, HAAA just can calculate MIP-RK and MIP-FA-RK, and can by its derive from the MIP key (MN-HA-K, MN-FA-K, FA-HA-K).The FA-IP that the FA-IP that FA must guarantee to send to HAAA here and anchor authentication person are used for calculating the relevant MIP key of FA is identical.

1. in the subsequent process of authentication, HAAA is MIP key (MN-HA-K, MN-FA-K (optional), FA-HA-K (optional)), HA-IP, MIP-FA-RK and random number (being used for calculating FA-HA-K) send to network authentication server NAS (this moment, anchor authentication person was as NAS).Anchor authentication person has known the HA-IP address thus.The key of all transmissions all uses the method for 3.5 joints among the RFC2868 to encrypt.

Simultaneously, HAAA preserves MIP-FA-RK and described random number, can produce new FA-HA-K and inform HA when guaranteeing that follow-up FA upgrades; Aaa server can be deleted EMSK after preserving MIP-FA-RK.Certainly, HAAA also can keep EMSK or MIP-RK information, to be produced new FA-HA-K and informed HA when follow-up FA upgrades by EMSK or MIP-RK.HAAA need preserve the random number that issues simultaneously.

The present invention defines the purpose of MIP-FA-RK for can control anchor authentication person, mainly is cast anchor authentication person's authority of CMIP pattern, to improve internet security.

In addition, the HAAA key that is issued to anchor authentication person can also comprise the key MN-AAA-K between mobile node MN and the aaa server.

HAAA also can not introduce MIP-FA-RK but directly issues MIP-RK (or EMSK) to anchor authentication person in this step 1, and in this case, the MIP key can not be issued to anchor authentication person.

2. notify PMIP-client operable MN-HA-K and MN-FA-K in follow-up MIP process by anchor authentication person, and MN-AAA-K (optional).

Because anchor authentication person, PMIP-client and FA initially are positioned on the same physical entity, and what these keys can be safe between them shares.Dotted line represents that the key information on this same entity is shared among the figure.

If aaa server is not with MN-FA-K before this, FA-HA-K is issued to anchor authentication person, is then derived from according to the MIP-FA-RK that obtains from aaa server by anchor authentication person, because anchor authentication person this moment has known the HA-IP of this MS correspondence, FA-IP; And anchor authentication person sends to FA (anchor authentication person and FA are in same physical entity in initial access process) with MN-FA-K and the FA-HA-K that produces.

3.PMIP-client (mobile node MN under the PMIP pattern) triggers MIP login request message MIP-RRQ (carry MN-HA-AE and MN-FA-AE, if issued MN-AAA-K in the step 1, go back portability MN-AAA-AE this moment).After FA received this MIP-RRQ, checking MN-FA-AE also was transmitted to HA (affix FA-HA-AE).

4. work as HA and received MIP-RRQ, HA can be by RADIUS message (as Access-Req) to HAAA request FA-HA-K and MN-HA-K.FA-IP can be used as required parameter.If HA is positioned at visited network, then this request message is transmitted by VAAA (visit ground AAA).HAAA sends to HA to the key of being asked, if carry MN-AAA-AE in the request message (as Access-Req), then HAAA needs checking earlier, returns the key of request again to HA.HA can set up a charting key information, as long as know MS sign and FA address, and the MIP key information that can obtain being correlated with by this form just.In the later register requirement process of initialization MIP register requirement, HA receives the index information that needs to obtain this form after the MIP register requirement from login request message, be MS sign and FA address, promptly HA is each right＜FA, MS〉key information of maintenance.

5.HA the MN-HA-AE on the MIP-RRQ that checking is received, processing register request then.

If succeed in registration, HA returns MIP registration reply message MIP-RRP (carrying MN-HA-AE and FA-HA-AE) and gives FA.FA-HA-AE on the FA checking MIP-RPP also transmits MIP-RRP (carrying MN-HA-AE and MN-FA-AE) to PMIP-client.So far, all MIP entities have all had necessary key.

6. if FA needs migration, anchor authentication person can be apprised of target FA (TFA) address, and calculates MN-TFA-K and TFA-HA-K.Like this, PMIP client just can be by sharing these keys with anchor authentication person.

7.PMIP auxiliary entity (PMIP-Assist-Entity) is initiated mobile IP login request message MIP-RRQ to the PMIP-client requests.

PMIP-client constructs a complete MIP-RRQ (carry MN-TFA-AE, MN-HA-AE if issued MN-AAA-K in the step 1, goes back portability MN-AAA-AE this moment).Target FA has two kinds of selections in the MN-TFA-AE of checking MIP-RRQ.One, directly ask MN-TFA-K and TFA-HA-K (as shown in Figure 4) to anchor authentication person, the external agent adds TFA-HA-AE and is forwarded to HA behind the MN-TFA-AE of checking MIP-RRQ on MIP-RRQ; Two, transmit complete MIP-RRQ and require checking for anchor authentication person, anchor authentication person provides the checking result and add TFA-HA-AE on MIP-RRQ then, and is forwarded to HA.

8.HA after receiving MIP-RRQ (carry TFA-HA-AE and MN-HA-AE, if issued MN-AAA-K in the step 1, can also comprise MN-AAA-AE this moment), just to HAAA request TFA-HA-K, target FA-IP can be used as the parameter of request.If HA is positioned at visited network, then this request message is transmitted by VAAA.HAAA sends to HA to the key of being asked (if carry MN-AAA-AE in the request message, then HAAA needs checking earlier, returns the key of request again to HA), if HA has computing capability, HAAA also can issue root key and required random number to HA, calculates the HA association key by HA.After TFA-HA-AE checking was finished and succeeded in registration with MIP, HA sent mobile IP registration report message MIP-RRP to FA, is transmitted to PMIP-AE behind the target FA checking TFA-HA-AE.So far, all MIP entities have all had necessary key.PMIP-AE request PMIP customer authentication MN-HA-AE.

Two, the key based on CMIPv4 produces and distribution

The precondition that this process need satisfies is: 1) the HA address is distributed by AAA; 2) authentication person knows FA-IP; 3) AAA keeps MIP-FA-RK; 4) fail safe between the MN-FA guarantees.

Satisfying under the CMIPv4 pattern of this condition, can be divided into two kinds of situations again: a kind of situation is that HA-IP is issued to MS in the EAP process; Another kind of situation is that HA-IP is not issued to MS in the EAP process.Explanation respectively below.

When (one), HA-IP is issued to MS in the EAP process

But the key when Fig. 5 is issued to MSS for the HA-IP based on CMIPv4 of the present invention in extended authentication (EAP) produces and the distribution flow schematic diagram.Described flow process specifically comprises:

0. in the authentication process, anchor authentication person sends to HAAA to the FA-IP address by RADIUS message.Because the HA address is distributed by HAAA, HAAA just can calculate MN-HA-K, MN-FA-K and FA-HA-K.FA-IP in the FA-IP that FA must guarantee to send to HAAA here and the step 4 in the FA broadcast is identical.

1. in the subsequent process of authentication, HAAA is the MIP key, HA-IP, and MIP-FA-RK and random number (being used for calculating FA-HA-K) send to anchor authentication person.If it is the CMIP terminal that network is known current MS, just can not send MN-HA-K to anchor authentication person.The key of all transmissions all uses the method for 3.5 joints among the RFC2868 to encrypt.So anchor authentication person has known the HA-IP address.

Simultaneously, HAAA preserves MIP-FA-RK and described random number, can produce new FA-HA-K and inform HA when guaranteeing that follow-up FA upgrades.

2.MS after (mobile node MN under the CMIP pattern) learnt HA-IP, MS just can calculate MN-HA-K by the MIP-RK that is derived from by EMSK.MS also can calculate MIP-FA-RK simultaneously.

3. after the authentication process, anchor authentication person just can calculate MN-FA-K and FA-HA-K.Because anchor authentication person and FA initially are positioned on the same physical entity, what these keys can be safe between them shares.Dotted line represents that the key information on this same entity is shared among the figure.

4. received the broadcast of FA as MS, MS just can calculate MN-FA-K from MIP-FA-RK.Then, MS just triggers MIP-RRQ (carrying MN-HA-AE, MN-FA-AE and MN-AAA-AE (optional)).After FA received this MIP-RRQ, checking MN-FA-AE also was transmitted to HA (affix FA-HA-AE).The MIP-RRQ that is forwarded to HA also can carry MN-AAA-AE.

5. work as HA and received MIP-RRQ, HA can be by RADIUS message to HAAA request FA-HA-K and MN-HA-K.If HA is positioned at visited network, then this request message (as Access-Req) is transmitted by VAAA (visit ground AAA).HAAA sends to HA to the key of being asked, if carry MN-AAA-AE in the request message, then HAAA needs checking earlier, returns the key of request again to HA.

6.HA the MN-HA-AE on the MIP-RRQ, processing register request are then received in checking.If succeed in registration, HA returns MIP-RRP (carrying MN-HA-AE and FA-HA-AE) and gives FA.FA-HA-AE on the FA checking MIP-RPP also transmits MIP-RRP (carrying MN-HA-AE and MN-FA-AE).So far, all MIP entities have all had necessary key.

7. if FA needs migration, MS just can calculate MN-TFA-K for target FA after the broadcast of receiving target FA.Like this, MS just can trigger the MIP registration by target FA, and carry MN-TFA-AE in the mobile IP login information this moment, goes back portability MN-HA-AE and/or MN-AAA-AE in addition.

8. target FA has two kinds of selections in the MN-TFA-AE of checking MIP-RRQ.One, directly ask MN-TFA-K and TFA-HA-K (as shown in Figure 5) to anchor authentication person, dotted line represents that fail safe is guaranteed by the cipher key delivery agreement, the external agent adds TFA-HA-AE and is forwarded to HA behind the MN-TFA-AE of checking MIP-RRQ on MIP-RRQ; Two, transmit complete MIP-RRQ and require checking for anchor authentication person, anchor authentication person provides the checking result and add TFA-HA-AE on MIP-RRQ then, and is forwarded to HA.

9.HA after receiving MIP-RRQ (carrying TFA-HA-AE and MN-HA-AE), just to HAAA request TFA-HA-K, target FA-IP is as the parameter of request message.After TFA-HA-AE checking and MIP succeeded in registration, HA sent MIP-RRP (carrying MN-HA-AE and TFA-HA-AE) and gives FA.FA is transmitted to MS after having verified TFA-HA-AE again.MS has MN-HA-K and MN-TFA-K, so can verify the MIP-RRP that receives.

When (two), HA-IP is not issued to MS in the EAP process

Key when Fig. 6 is not issued to MS for HA-IP under the CMIPv4 pattern in the EAP process produces and distribution flow figure, and it comprises:

1. in the subsequent process of authentication, HAAA is MIP key (MN-HA-K, MN-FA-K (optional), FA-HA-K (optional)), HA-IP, and MIP-FA-RK and random number key informations such as (being used for calculating FA-HA-K) sends to anchor authentication person.So anchor authentication person has known the HA-IP address.If it is the CMIP terminal that network is known current MS, just can not send MN-HA-K.The key of all transmissions all uses the method for 3.5 joints among the RFC2868 to encrypt.Simultaneously, HAAA preserves MIP-FA-RK and described random number, can produce new FA-HA-K and inform HA when guaranteeing that follow-up FA upgrades.

2. because MS does not know HA-IP,, only need derive MIP-FA-RK so can not calculate MN-HA-K.

4. received the broadcast of FA as MS, MS just can calculate MN-FA-K from MIP-FA-RK.Then, MS just triggers MIP-RRQ (carrying MN-AAA-AE and MN-FA-AE).After FA received this MIP-RRQ, checking MN-FA-AE also was transmitted to HA (affix FA-HA-AE).

5. work as HA and received MIP-RRQ, HA can be by RADI US message to HAAA request FA-HA-K and MN-HA-K.If HA is positioned at visited network, then this request message is transmitted by VAAA (visit ground AAA).HAAA just sends to HA to the key of being asked after being proved to be successful.

6.HA handle the MIP register requirement.If succeed in registration, HA returns MIP-RRP (carrying MN-HA-AE and FA-HA-AE) and gives FA.FA-HA-AE on the FA checking MIP-RPP also transmits MIP-RRP (carrying MN-HA-AE and MN-FA-AE).

7. after MS had received MIP-RRP, MS just can know HA-IP and calculate MN-HA-K.So far, all MIP entities have all had necessary key.

8. after this, flow process is middle consistent with situation ().

Embodiment 2: distribute the invalid situation of HA for prerequisite AAA

One, for the PMIPv4 pattern

Fig. 7 divides the key of timing to produce and distribution flow figure for HA can't help HAAA, is different from the flow process that the HA address is distributed at AAA under the PMIPv4 pattern among Fig. 4:

(1) there is a dynamic HA discovery procedure between the step 2/3, by the IP of FA notice anchor authentication person HA.Have only after anchor authentication person has known the HA address and could calculate MN-HA-K and FA-HA-K.

(2) HA-IP is by selected HA notice AAA to AAA request key the time, and AAA is according to HA address computation association key then.

Two, for the CMIPv4 pattern

Fig. 8 divides the key of timing to produce and distribution flow figure for HA under the CMIPv4 pattern can't help HAAA, is different from the flow process that the HA address is distributed at AAA under the CMIPv4 pattern among Fig. 5:

(1) there is a dynamic HA discovery procedure between the step 2/3, by the IP of FA notice anchor authentication person HA.Could calculate MN-HA-K and FA-HA-K after having only the MS of working as and anchor authentication person to know the HA address.

Embodiment 3: do not produce the relevant safe key of FA

Aforementioned multiple situation considers that all the fail safe between MN-FA and the FA-HA is guaranteed by MN-FA-K and FA-HA-K.Fail safe between MN-FA and FA-HA need not to consider, perhaps under the situation about being guaranteed by other modes, the preceding flow process of telling can correspondingly be simplified.Flow process after the simplification is as follows, and this moment, the migration of FA can not influence flow process, because need not to produce again the relevant key of FA.

(1) key of PMIPv4 produces and distribution

Fig. 9 is the generation and the distribution flow figure that do not produce the relevant safe key of FA of PMIPv4, and as shown in Figure 9, idiographic flow is:

1.MIP-RK (perhaps MN-HA-K, perhaps EMSK) sends to anchor authentication person (being illustrated as the former) together with HA-IP in the authentication process, also can comprise MN-AAA-K.

2., then calculate generation by MIP-RK and HA-IP if anchor authentication person does not have MN-HA-K.

3.PMIP-client trigger MIP login request message MIP-RRQ (carrying MN-HA-AE and/or MN-AAA-AE) and be forwarded to HA via FA.

4.HA to AAA request MN-HA-K (if HA is positioned at visited network, then request message is transmitted by VAAA).

5.HA the MN-HA-AE that checking MIP-RRQ carries handles the MIP register requirement then, returns MIP-RRP (carrying MN-HA-AE) at last to PMIP-client.

When (two) HA-IP is issued to MS under the CMIPv4 pattern in the EAP process

The generation and the distribution flow figure that do not produce the relevant safe key of FA of correspondence when Figure 10 is issued to MS for the HA-IP of CMIPv4 in the EAP process, as shown in figure 10, concrete flow process comprises:

1.HA-IP in the authentication process, send to anchor authentication person and MS.

2.MS can calculate MN-HA-K, the MIP-RRQ of transmission (carrying MN-HA-AE and/or MN-AAA-AE) is forwarded to HA via FA.

3.HA to AAA request MN-HA-K (if HA is positioned at visited network, then request message is transmitted by VAAA), HAAA sends to HA (if carry MN-AAA-AE in the request message, then HAAA need verify earlier) to the key of being asked.

4.HA the MN-HA-AE that checking MIP-RRQ carries handles the MIP register requirement then, returns MIP-RRP (carrying MN-HA-AE) at last.Thus, mobile IP entity has just had necessary key.

When (three) HA-IP is not issued to MS under the CMIPv4 pattern in the EAP process

The generation and the distribution flow figure that do not produce the relevant safe key of FA of correspondence when Figure 11 is not issued to MS for the HA-IP of CMIPv4 in the EAP process, as shown in figure 11, concrete flow process comprises:

1.HA-IP in the authentication process, send to anchor authentication person, but be not handed down to MS.

2.MS temporarily can not calculate MN-HA-K, receive after the FA broadcasting, send MIP-RRQ (carrying MN-AAA-AE) and be forwarded to HA via FA.

4.HA the MN-HA-AE that checking MIP-RRQ carries handles the MIP register requirement then, returns MIP-RRP (carrying MN-HA-AE) at last.After receiving MIP-RRP, MS has just obtained HA-IP, can calculate MN-HA-K thus and verify MN-HA-AE.

Below only divide the situation of timing to be illustrated by HAAA, but be equally applicable to the situation that HAAA does not distribute HA, do not describe in detail at this at HA under PMIPv4 pattern and the CMIPv4 pattern.

Embodiment 4: to not introducing the situation of MIP-FA-RK

Do not introduce the situation of MIP-FA-RK, difference only is: the function that is specifically designed to the MIP-FA-RK that produces the FA association key is originally substituted by MIP-RK, promptly do not distinguish the father's key that produces different MIP keys, originally two keys on level are merged into one.Embodiment on flow process just is: MIP-RK is sent to anchor authentication person, rather than MIP-FA-RK.No matter MN-FA, MN-HA still are the key of FA-HA, all produce with MIP-RK, promptly can in the authentication process, not be issued to anchor authentication person, and calculate by anchor authentication person by the MIP key that MIP-RK derives from.Other flow processs are consistent with the situation of introducing MIP-FA-RK.Figure 12-Figure 14 be respectively with respect to Fig. 4-Fig. 6 do not introduce MIP-FA-RK the time flow chart, this situation is equally applicable to the situation that HAAA does not distribute HA, and not as limit.

EMSK is father's key of MIP-RK/MIP-FA-RK, has known that promptly EMSK just can calculate MIP-RK/MIP-FA-RK.Therefore also can in the authentication process, be issued to anchor authentication person to EMSK.Than the situation of not introducing MIP-FA-RK, do not have only and need calculate MIP-RK/MIP-FA-RK one time by EMSK with anchor authentication person.

More than various IP address-based mobile IP cipher keys produce and distribution method in, after terminal re-authenticates verification process, the key that mobile IP is correlated with will upgrade; The HA of AAA Server proactive notification simultaneously informs the mobile IP cipher key information after the renewal;

After HA receives mobile IP cipher key information after the renewal, will upgrade mobile IP cipher key context relevant of preserving before it with this MS;

After terminal re-authenticated authentication and finishes, for the CMIP pattern, terminal was all used new mobile IP cipher key information to generate the checking expansion in the heavy registration process of the mobile IP of follow-up generation and is carried in the mobile IP login request message;

When terminal re-authenticate the authentication finish after, for the PMIP pattern, AAA Server issues new mobile IP root key information behind the current anchor authentication person of this terminal, and anchor authentication person produces new mobile IP cipher key, and informs the Anchor PMIP Client and the current FA of MS of this terminal correspondence; Perhaps wait until when Anchor PMIPClient initiates new mobile IP registration, and after FA received mobile IP login information, authentication person got here to this dead end anchor, checking perhaps requests help.

HA will use the mobile IP cipher key context that upgrades to verify the legitimacy of the heavy registration process of mobile IP of follow-up generation simultaneously;

In sum, the present invention is clear to have defined relevant key production process and the generation mechanism of MIP, and the distribution procedure of MIP key, guarantees the execution of MIP registration process.Under the FA migration situation, because anchor authentication person has MIP-FA-RK, so target FA and HA can ask to upgrade later MN-FA-K and FA-HA-K to anchor authentication person.

Above embodiment only is used to illustrate the present invention, but not is used to limit the present invention.Within the spirit and principles in the present invention all, any modification of being made, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims

1. the generation of a mobile IP cipher key and distribution method is characterized in that:

Mobile node is initiated mobile IP login request, and this register requirement is carried the authentication extension MN-FA-AE between the authentication extension MN-HA-AE and mobile node and external agent between mobile node and the home agent;

2. method according to claim 1 is characterized in that:

3. method according to claim 1 is characterized in that:

4. method according to claim 1 is characterized in that:

The proxy-mobile IP client obtains the external agent address by the external agent.

5. method according to claim 1 is characterized in that, when the external agent need move:

Under the proxy-mobile IP pattern, target external agency to described anchor authentication person ask the key MN-TFA-K between mobile node and the target external agency and target external is acted on behalf of and home agent between cipher key T FA-HA-K, and after obtaining MN-TFA-K and TFA-HA-K, initiate new mobile IP registration by the described proxy-mobile IP client of proxy-mobile IP miscellaneous function body request, the target external agency is behind checking MN-TFA-AE, transmission is carried the MIP-RRQ of TFA-HA-AE and MN-HA-AE to home agent, if aaa server has issued MN-AAA-K to anchor authentication person, then described MIP-RRQ also carries MN-AAA-AE;

Perhaps:

Under the client mobile IP pattern, the client mobile IP terminal just can be target external agency calculating MN-TFA-K after the broadcast of receiving the target external agency, and by target external agent triggers MIP registration; The target external agency sends and carries the MIP-RRQ of TFA-HA-AE and MN-HA-AE to home agent behind the MN-TFA-AE of checking MIP-RRQ;

6. method according to claim 5 is characterized in that:

Under proxy-mobile IP pattern or the client mobile IP pattern, the target external agency verifies MN-TFA-AE in the following way:

Directly ask MN-TFA-K and TFA-HA-K to anchor authentication person; Perhaps

Send complete MIP-RRQ and require checking to anchor authentication person, anchor authentication person provides the checking result and additional TFA-HA-AE on MIP-RRQ.

7. method according to claim 5 is characterized in that:

At home agent during to AAA request TFA-HA-K, with the parameter of target external Agent IP as request.

8. method according to claim 1 is characterized in that:

9. method according to claim 1 is characterized in that:

The external agent is handed down in broadcast in the external agent address and authentication process of terminal, and the external agent informs that by anchor authentication person the external agent address to aaa server is consistent.

10. method method according to claim 1 is characterized in that:

11. method according to claim 1 is characterized in that:

After terminal re-authenticates verification process, the key that mobile IP is relevant will upgrade; Inform mobile IP cipher key information after the renewal by the described home agent of AAA proactive notification.

12. method according to claim 1 is characterized in that, after terminal re-authenticates verification process:

For the client mobile IP pattern, terminal is all used new mobile IP cipher key information to generate the checking expansion in the heavy registration process of the mobile IP of follow-up generation and is carried in the mobile IP login request; Perhaps

For acting on behalf of mobile Internet Protocol PMIP pattern, AAA issues new mobile IP root key information behind the current anchor authentication person of this terminal, anchor authentication person produces new mobile IP cipher key, and informs the anchor PMIP client and the current external agent of terminal of this terminal correspondence; Perhaps wait until when anchor PMIP client is initiated new mobile IP registration, and after the external agent receives mobile IP login request, to this dead end anchor authentication person checking of getting here or request help.

13. method according to claim 11 is characterized in that:

After described home agent is received mobile IP cipher key information after the renewal, upgrade the mobile IP cipher key context of preserving before it relevant with this mobile node; Described home agent will use the mobile IP cipher key context that upgrades to verify the legitimacy of the heavy registration process of mobile IP of follow-up generation.

14. method according to claim 13 is characterized in that:

Described mobile IP is heavy, and registration process comprises that mobile IP goes registration process, and/or because the mobile IP weight registration process that external agent's migration causes.

15. the generation of a mobile IP cipher key and distribution method is characterized in that:

Receive external agent's broadcast when terminal, go out key between mobile node and the external agent according to external agent's address computation, and the triggering mobile IP login request, carry authentication extension MN-AAA-AE between mobile node and the AAA and the authentication extension MN-FA-AE between mobile node and the external agent in this register requirement;

The external agent verifies mobile node and external agent's authentication extension MN-FA-AE, and sends register requirement to home agent, carries authentication extension and external agent and home agent authentication extension between mobile node and the AAA in this register requirement;

Home agent receives described register requirement, and sends request to AAA, to obtain the key between external agent and home agent key and mobile node and the home agent, after described AAA is proved to be successful, returns the key of request to home agent;

16. method according to claim 15 is characterized in that:

17. method according to claim 15 is characterized in that:

When the external agent need move, client moves I P terminal just can be target external agency calculating MN-TFA-K after the broadcast of receiving the target external agency, and by target external agent triggers MI P registration; Carry MN-TFA-AE in the mobile IP login request that the client mobile IP terminal sends, and carry MN-HA-AE and/or MN-AAA-AE;

The target external agency adds TFA-HA-AE, and sends to home agent behind the MN-TFA-AE of checking MIP-RRQ on mobile IP login request;

After home agent is received MIP-RRQ, to HAAA request TFA-HA-K, and after TFA-HA-AE checking and MIP succeed in registration, home agent sends the mobile IP login request of carrying MN-HA-AE and TFA-HA-AE and responds MI P-RRP to the external agent, the external agent sends to the client mobile IP terminal after having verified TFA-HA-AE again, the client mobile IP terminal has MN-HA-K and MN-TFA-K, the MIP-RRP that checking is received.

18. method according to claim 17 is characterized in that:

Under the client mobile IP pattern, the target external agency verifies MN-TFA-AE in the following way:

Directly ask MN-TFA-K and TFA-HA-K to anchor authentication person; Perhaps

Send MIP-RRQ and require checking to anchor authentication person, anchor authentication person provides the checking result and additional TFA-HA-AE on MIP-RRQ.

19. method according to claim 17 is characterized in that:

20. method according to claim 15 is characterized in that:

The external agent is handed down in broadcast in the external agent address and authentication process of terminal, and the external agent informs that by anchor authentication person the external agent address to AAA is consistent.

21. method according to claim 15 is characterized in that:

22. method according to claim 15 is characterized in that:

23. method according to claim 15 is characterized in that:

Terminal and anchor authentication person calculate MN-FA-K with the external agent IP address that terminal is seen; AAA and anchor

The FA-IP that authentication person sees with home agent calculates FA-HA-K.

24. method according to claim 15 is characterized in that:

25. method according to claim 15 is characterized in that, after terminal re-authenticates verification process:

26. method according to claim 24 is characterized in that:

27. method according to claim 26 is characterized in that:

28. the generation of a mobile IP cipher key and distribution method is characterized in that:

29. method according to claim 28 is characterized in that:

Described key information comprises MIP-RK at least, or MN-HA-K, or extended master session key EMSK.

30. method according to claim 28 is characterized in that:

31. method according to claim 28 is characterized in that:

32. method according to claim 28 is characterized in that, after terminal re-authenticates verification process:

For acting on behalf of mobile Internet Protocol PMIP pattern, AAA issues new mobile IP root key information behind the current anchor authentication person of this terminal, anchor authentication person produces new mobile IP cipher key, and informs the anchor PMIP client and the current external agent of terminal of this terminal correspondence; Perhaps wait until when anchor PMIP client is initiated new mobile IP registration, and after the external agent received mobile IP login request, authentication person got here to this dead end anchor, checking perhaps requests help.

33. method according to claim 31 is characterized in that:

34. method according to claim 33 is characterized in that:

35. the generation of a mobile IP cipher key and distribution method is characterized in that:

36. method according to claim 35 is characterized in that:

37. method according to claim 35 is characterized in that:

38. method according to claim 35 is characterized in that, after terminal re-authenticates verification process:

39., it is characterized in that according to the described method of claim 37:

After described home agent is received mobile IP cipher key information after the renewal, upgrade the mobile IP cipher key context of preserving before it relevant with this mobile node; Described home agent will use the mobile I P cryptographic key context that upgrades to verify the legitimacy of the heavy registration process of mobile IP of follow-up generation.

40., it is characterized in that according to the described method of claim 39:

41. the generation of a mobile IP cipher key and distribution method is characterized in that:

42., it is characterized in that according to the described method of claim 41:

43. according to the described method of claim 41, it is characterized in that, after terminal re-authenticates verification process:

44., it is characterized in that according to the described method of claim 42:

45., it is characterized in that according to the described method of claim 44: