JP4457859B2 - User authentication method, system, authentication server, and communication terminal - Google Patents

Description

  The present invention relates to user authentication when connecting to a network. More specifically, the present invention relates to a user authentication method and system in a roaming environment capable of communicating even when moving to a network different from a subscribed network, an authentication server used in the system, and a communication terminal.

  Normally, when a user connects to the network, the network provider checks whether or not the user is permitted to connect to the network, and if the user is permitted, In order to permit the use of a predetermined service every time and perform an appropriate billing process, an authentication server is installed and a user authentication process is performed by the authentication server. The authentication server is generally called an AAA (Authentication, Authorization, Accounting) server. The outline of the AAA server is defined in Non-Patent Document 1, and the communication protocol for realizing the AAA function is defined in Non-Patent Document 2, Non-Patent Document 3, and the like.

  Further, the authentication process may be periodically performed not only at the start of connection but also during communication in order to eliminate unauthorized connection.

  Communicate while selecting appropriate communication means, such as high-speed network services provided only in limited areas and mobile phone networks covering a wide area by improving wireless technologies such as wireless LAN and mobile phones. Such an environment is being prepared. In such a situation, it is considered that a user who subscribes to a certain network provider frequently roams and communicates with a network managed by another network provider.

  In an environment where roaming is possible, when a user connects from his / her home domain, that is, not from the network provider to which he / she is subscribed, but from an external domain, or a user who is connected from his / her home domain However, when switching to a connection from an external domain, user authentication is required for the roaming destination network provider to determine whether or not to permit the connection. In this case, authentication information such as passwords, information about services to be provided, etc. are managed by the subscribing network provider, so user authentication requests authentication processing from the home domain authentication server. This is done by sending. The home domain authentication server also performs periodic user authentication performed during communication.

  Although it is not the authentication performed by the authentication server when connecting to the network, in Non-Patent Document 4, a KDC (Key Distribution Center) is placed in each domain, and the client wants to receive a service from the server in the external domain In this case, the home domain KDC issues a TGT (Ticket Granting Ticket) for the external domain to be used, and presents the TGT to the KDC of the external domain to be used together with server information to be used for authentication. If there is no problem, the KDC in the external domain issues a ticket for using the server to the client, and the client further presents the ticket received from the KDC in the external domain to the server that wants to use and receives authentication. It is described .

“AAA Authorization Framework”, RFC 2904, August 2000 “Remote Authentication Dial In User Service (RADIUS)”, RFC 2865, June 2000 “Diameter Base Protocol”, RFC3588, September 2003 “The Kerberos Network Authentication Service (V5)”, RFC1510, September 1993

  As described above, performing authentication processing with an authentication server in the home domain in a roaming environment increases traffic across domains. Furthermore, when the network to be connected is switched by roaming, performing authentication processing with the authentication server in the home domain is an obstacle to high-speed handoff technology (technology for continuing communication while moving between networks at high speed).

  Provide authentication information such as passwords for all users in advance between network providers that perform roaming so that authentication processing is performed not by the home domain authentication server but by the external domain authentication server that is the roaming destination. It is not realistic to exchange information about the service or the like and to make necessary settings for the authentication server in each network provider due to cost, complexity of data management, safety, and the like.

  Even if the method described in Non-Patent Document 4 is applied to authentication by an authentication server in the external domain, before presenting the TGT to the authentication server in the external domain, the authentication that is the presentation destination is displayed in the authentication server in the home domain. Since it is necessary to request the issuance of a TGT for the server, traffic across domains cannot be reduced. Note that storing the TGT in the user's communication terminal in advance means that all external domain TGTs that can be roamed are stored in the user's communication terminal in advance. is not. This is because the method described in Non-Patent Document 4 does not consider that a user moves and connects to a network from an external domain. For example, a user who is fixedly connected to a home domain This is because the purpose is to receive a service from a server in an external domain.

  Therefore, the present invention allows authentication by the authentication server of the external domain and authentication by the authentication server of the home domain even when moving between domains without exchanging authentication information in advance by each provider. An object of the present invention is to provide a user authentication method and system, an authentication server used in the system, and a communication terminal that are not required as much as possible.

According to the user authentication method of the present invention,
In a user authentication method in an external domain authentication server under a roaming environment, each authentication server stores a domain key that is an encryption key of a roamable domain, and the communication terminal to be authenticated is the home domain of the communication terminal. A ticket having authentication information encrypted with the domain key of the user is transmitted to the authentication server together with user identification information and home domain identification information, and the authentication server that has received the ticket stores the ticket based on the received home domain identification information. A domain key of a home domain of the communication terminal is determined, and authentication is performed by decrypting ticket authentication information using the determined domain key.

According to another embodiment of the user authentication method of the present invention,
The ticket includes ticket data including authentication information, a time stamp added by the communication terminal, and an authenticator. The authentication information includes a user authentication key that is a user-specific encryption key. The authentication server created using the authentication key and the ticket data and / or time stamp and receiving the ticket verifies the authenticator using the user authentication key included in the authentication information, and successfully authenticates the received ticket. One of the conditions is also preferable.

According to another embodiment of the user authentication method of the present invention,
The ticket has a stub that is not encrypted with a domain key.

Furthermore, according to another embodiment of the user authentication method of the present invention,
Information can be independently added to the ticket by the authentication server of the external domain that performed the transfer at the time of ticket issuance and at the time of past authentication. It is also preferable that one of the conditions for successful authentication is that there is information.

Furthermore, according to another embodiment of the user authentication method of the present invention,
The authentication information includes information related to a domain that is permitted to roam, and the authentication server that has received the ticket sets that its own domain is included in the domain permitted to roam as one of the conditions for successful authentication. It is also preferable to do.

Furthermore, according to another embodiment of the user authentication method of the present invention,
When the authentication server that has received the ticket cannot determine the success / failure of the authentication from the authentication information of the ticket, the authentication server of the home domain transfers the ticket, the user identification information, and the home domain identification information to the authentication server of the home domain. It is also preferable to authenticate with.

Furthermore, according to another embodiment of the user authentication method of the present invention,
The domain has a hierarchical structure, and if the authentication server that received the ticket cannot determine the success / failure of the authentication from the authentication information of the ticket, the ticket, user identification information, and home domain identification information are sent to the higher-level authentication server. It is also preferable to forward the data and authenticate it by the higher-level authentication server.

According to the authentication server of the present invention,
An authentication server that performs user authentication in a roaming environment stores a domain key, which is an encryption key of a roamable domain, and is authenticated from a communication terminal to be authenticated by the domain key of the home domain of the communication terminal When a ticket having information is received together with user identification information and home domain identification information, based on the received home domain identification information, a domain key of the stored home domain of the communication terminal is determined, and the determined The authentication is performed by decrypting the ticket authentication information using the domain key.

According to the communication terminal of the present invention,
In a roaming environment, a communication terminal that receives user authentication stores a ticket having authentication information encrypted with the domain key of the home domain of the communication terminal. The stored ticket, user identification information, and home domain identification information are transmitted to an authentication server of a certain domain.

According to the authentication system of the present invention,
In an authentication system in an environment where networks of a plurality of domains are connected to each other and can roam between the domains, the authentication server installed in each domain and the communication terminal having one domain as a home domain; It is characterized by having.

  Even if a ticket having authentication information encrypted with the domain key of the home domain is newly introduced for authentication, even if it is moved between domains, authentication is basically performed by the authentication server of the external domain. It can be done and does not generate traffic across domains for authentication. Further, since the authentication is completed by the authentication server in the external domain, the time required for the authentication process can be shortened, and the handoff time can be increased by combining with a high-speed handoff technique.

  In addition, if authentication is not possible in the external domain authentication server, the ticket is transferred to the home domain authentication server for authentication, but if authentication is successful, authentication was impossible. By adding its own information to the ticket, the server can authenticate itself without transferring the ticket to the home domain at the next authentication. In addition, it is possible to further reduce the necessity for the home domain authentication server to transfer and authenticate the ticket to the home domain authentication server by preliminarily describing the information of the domain that permits roaming in the authentication information.

  The authentication information of the ticket is encrypted with the domain key that is the encryption key of the home domain, so even the user who owns the ticket cannot know the contents, the security of the information is ensured, and the user's encryption key By using an authenticator generated with the user authentication key, unauthorized access can be prevented.

  In addition, the user can be notified of necessary information using a ticket stub.

  The best mode for carrying out the present invention will be described in detail below with reference to the drawings.

  FIG. 1 is an example of a system configuration in which an authentication method according to the present invention is used. In the configuration of FIG. 1, domains H, X, and Y are connected to each other, and each domain has an AAA server that is an authentication server. The domain X has subdomains aX and bX, and each of the subdomains aX and bX has an AAA server that is an authentication server. Each authentication server holds information necessary for performing authentication processing on users belonging to the respective domains.

  The users belonging to the domains H, X, and Y can roam with each other, and the user M who belongs to the domain H and connects to the network from the communication terminal 1 moves between domains as an example. I will explain. In order to distinguish the authentication server of each domain, the authentication server of domain H is expressed in the form of “domain name” or “subdomain name” + AAA, such as hAAA for the authentication server of domain X and axAAA for the authentication server of subdomain aX of domain X. I do.

  Each domain has an encryption key called a domain key. This domain key is expressed as KD, and each domain key is expressed as KD + “domain name”, for example, the domain key of domain H is KDh. . Furthermore, each user also has a user-specific encryption key called a user authentication key, and this user authentication key is denoted as K. Each user authentication key is, for example, the user authentication key of the user M is Km, Expressed as K + "user name".

  The domain key KD is a secret key, distributed in advance between roamable domains by a secure method, and stored in each AAA server. In the configuration of FIG. 1, for example, the domain key KDh of domain H is stored not only in hAAA but also in xAAA, axAAA, bxAAA, and yAAA. As a key distribution method, a method of ensuring a secure communication path using IPsec and transmitting the key can be used. In addition, as for the delivery route in the case where the subdomain exists, the delivery route is not delivered directly to the subdomain such as the domain aX, but delivered only to the domain X even in the form of delivering directly from the hAAA to the authentication server of the subdomain. The domain X may be delivered to subdomains within the domain X. Further, the domain key KD of the subdomain is a form in which each subdomain uses a different domain key KD. For example, the domain key KDax of the domain aX and the domain key KDbx of the domain bX are replaced with the domain key KDx of the domain X. For example, the same key as the upper domain key may be used.

  Similarly, the user authentication key K is also distributed in advance to each user in a safe and reliable manner from the network provider of the domain to which the user belongs, that is, the home domain, and stored in the communication terminal of each user. It is also assumed that it is stored in the home domain authentication server. For example, when the user M joins the network, the network provider distributes the user authentication key Km to the user M by a known secure communication method such as a CD-ROM or SSL. 1, the user authentication key Km is stored. Furthermore, it is assumed that Km is also stored in hAAA which is the authentication server of the home domain of user M.

  The present invention is characterized in that the communication terminal 1 receives a user authentication by transmitting a ticket having authentication information to an authentication server in an external domain that is a roaming destination. As a method of acquiring a ticket from the beginning, the authentication method of the home domain issues the authentication method of the home domain authentication server and the authentication method of the home domain when the authentication is performed by a publicly known method. Then, there is a method of acquiring by transmitting to the communication terminal 1. FIG. 2 is a sequence diagram of ticket acquisition in the latter case. Here, the case where the communication terminal 1 is connected to the network from the domain aX will be described.

  The communication terminal 1 starts user authentication via a connection point to the network of the domain aX such as NAS (network access server) or AP (access point) of the domain aX to be moved. Since the communication terminal 1 does not have a ticket, authentication is performed by a known method such as PAP. The communication terminal 1 transmits a request that is an authentication request to start authentication to the NAS or AP of the domain aX, and the NAS or AP of the domain aX transfers the received request to the axAAA.

  The request is transmitted from the destination axAAA to the home domain authentication server hAAA via the xAAA according to a known method. When authentication with hAAA is successful by a known method, hAAA sends an accept to notify the communication terminal 1 of successful authentication. At this time, hAAA issues a ticket having authentication information managed by hAAA. The ticket issued to the communication terminal 1 is transmitted.

  The ticket sent by hAAA is sent to the communication terminal 1 through the reverse route to the request, but the information required when the terminal is connected in each domain in each authentication server operating as a proxy through the middle Add as necessary. The communication terminal 1 that has received the ticket stores the ticket.

  FIG. 3 is a diagram showing a format example of a ticket. The ticket includes a stub, ticket data, a time stamp, and an authenticator.

  The ticket data includes authentication information and information necessary for connection, and as described above, each domain has information to be written as well as information to be written when the home domain issues. In order to distinguish the information written by each domain, the ticket data has a hierarchical structure corresponding to the hierarchical structure of the domain. FIG. 4 is a diagram for explaining the hierarchical structure of ticket data.

  As shown in FIG. 4A, the domain hierarchical structure is represented by the depth from the home domain, with the home domain being the highest layer, layer 0. That is, if another domain has a hierarchy 1, the other domain has a subdomain, the subdomain becomes a hierarchy 2, and if the subdomain in the hierarchy 2 further has a subdomain, it has a hierarchy 3.

  FIG. 4B shows a format example of a ticket data portion having a hierarchical structure. As shown in FIG. 4B, the ticket data is composed of a domain descriptor and domain information.

  The domain descriptor includes a domain hierarchy, a domain ID, a flag, a domain name, a parent domain, and a pointer. The domain ID is information for identifying a domain and is, for example, an IP address of an AAA server. The flag indicates whether or not the home domain. The parent domain is a domain ID of the hierarchy one level above, and is null or a self ID if the hierarchy is 0. The pointer is information indicating the position of ticket information in this hierarchy.

  Information described in the domain information is divided into basic information and general information. The basic information is information related to the authentication server in which the information is written. In the case of an authentication server in the home domain, the basic information includes authentication information related to the user. Basic information includes NAI, issue time, expiration date, last use time, maximum use count, current use count, user authentication key K, roaming permission domain, roaming non-permission domain, and the like. Note that NAI (Network Access Identifier) is expressed in the format of user name @ domain name and is defined in RFC2486. In the present invention, the NAI is used as an example of information having both information for identifying the user and information for identifying the home domain of the user. The NAI and the user authentication key K are included only in the domain information of layer 0, and a plurality of roaming permission domains and roaming non-permission domains can be specified.

In the general information, for example, information necessary for connection such as an IP address assigned when the communication terminal 1 makes a connection request via the domain is written. General information includes an assigned IP address, a netmask of the assigned IP address, a gateway router address, a DNS server address, a user name in the domain, a WEP key, and the like. In the ticket data, each authentication server may write the same information with different values into the domain information of each domain. In the user authentication according to the present invention, which information is used is determined by (1) using a value written by an upper layer for each information (2) using a value written by a lower layer (3) a domain requested for connection Is controlled by a method such as using a flag indicating that the value written by is used.

  The basic information and the general information may include items other than the items described above, and it is not necessary to include all the items described above. Also, it is a design matter which information is used as authentication information and which information is not used among the basic information written by the home domain.

  The ticket data is encrypted with the domain key KD of the user's home domain. The authentication server that has been notified of the domain key in advance can decrypt the ticket to obtain necessary information, and can add necessary information as described above. However, since the domain key is not known to the user who owns the ticket, the contents of the ticket cannot be known even if it is the ticket itself, and therefore the information can be concealed even if it is wiretapped by other users. .

  On the other hand, since the information of the ticket data cannot be decoded by the user himself / herself, for example, when the authentication server sets an address without using DHCP, or when setting the WEP key in IEEE802.1X, the information the authentication server wants to notify the user If there is, use a stub. The authentication server describes information to be notified directly to the user in the stub, and encrypts the stub with the user authentication key K described in the ticket data.

  As described above, the present invention is characterized in that the communication terminal 1 transmits a ticket to the roaming-destination authentication server and performs user authentication. In order to prevent illegal attacks such as spoofing, the ticket has a time stamp and an authenticator.

  The time stamp is the time when the communication terminal transmits the authentication request, and the communication terminal adds it to the ticket. The authenticator is, for example, a value of HMAC-MD5 using the user authentication key K for ticket data, time stamp, stub, or a combination thereof.

  The authentication server inspects tampering and spoofing with an authenticator, and checks with a time stamp a retransmission attack, that is, an attack that steals and stores a ticket and later sends the same to the authentication server. If the time stamp is significantly deviated from the current time, the user is informed that the time is too far with the authentication failure. The allowable difference between the time stamp and the current time may be about the worst case of the time required for the entire authentication procedure, for example. In addition, when the authentication server of the external domain, which will be described later, authenticates, and the ticket is transferred to the authentication server of the home domain, the authentication server that received the authentication request directly from the user confirms the time stamp, The server may be configured not to perform inspection.

  Next, user authentication using a ticket will be described. FIG. 5 is a sequence diagram of user authentication in the case where the user M who has acquired a ticket in the procedure shown in FIG. 2 connects to the network via the domain aX from the communication terminal 1 storing the ticket. The communication terminal 1 transmits the ticket and its own NAI to the connection point of the network of the domain aX, for example, NAS or AP, and the NAS or AP transmits the ticket and NAI to the axAAA. The axAAA determines the domain key KDh of the home domain of the communication terminal 1 stored based on the domain identification information included in the NAI, and decrypts the received authentication information of the ticket using the domain key KDh.

  After decryption, first, it is checked whether or not the information added by itself exists in the ticket data. Since the ticket transmitted by the communication terminal 1 includes information added by axAAA, the following is further examined. The case where no information exists will be described later.

  First, using the user authentication key Km included in the ticket data, the authenticator is checked and the time stamp is checked. This is to detect falsification of a ticket or a replay attack. If there is fraud, an authentication failure message is transmitted or no response is made.

  Further, the user name included in the NAI is matched with the user name in the ticket data, the expiration date is exceeded, etc. If there is a problem, an authentication failure message is sent or no response is received. And

  If there is no problem, “accept” is transmitted to the communication terminal 1 in order to notify that the authentication is successful, that is, the user authentication is normally completed. At this time, the axAAA can change the information included in the ticket data received from the communication terminal 1, which can be rewritten by itself, such as the last use time and the expiration date, and can add a new item. The changed and / or added ticket is transmitted to the communication terminal 1. The communication terminal 1 stores the received ticket.

  Note that when the authentication failure message is received or when no response is received at a predetermined time, the communication terminal 1 discards the ticket, performs authentication by a known method, and acquires a new ticket. Do.

  FIG. 6 is a sequence diagram of user authentication in a case where the user M who has acquired a ticket in the procedure shown in FIG. 2 connects to the network via the domain Y from the communication terminal 1 storing the ticket. (a) is a sequence diagram in the case where domain Y is written as roaming-permitted domain information in the roaming permission / non-permission domain information of the ticket, and (b) is a roaming permission / non-permission domain information written in the ticket. FIG.

  In any case, first, the communication terminal 1 transmits the ticket and its own NAI to the connection point of the network of the domain Y, for example, NAS or AP, and the NAS or AP transmits the ticket and NAI to yAAA. . The yAAA decrypts the ticket received using the domain key KDh from the domain information included in the NAI.

  After decryption, it is first checked whether or not the information added by itself exists in the ticket data. However, since the information added by yAAA does not exist in the ticket transmitted by the user terminal 1, the user M himself / herself does not have the information added by yAAA. It cannot be determined whether or not the user is permitted to connect in the domain. Therefore, it is checked whether or not the domain permission / non-permission information exists in the ticket data, and if it exists, whether or not the own domain is permitted. If the domain permission / denial information exists and the own domain is permitted, the other information described in the explanation of FIG. 5 is checked. If there is no problem, the communication terminal 1 notifies the authentication success. Send accept. At this time, the yAAA can add information to the ticket data received from the communication terminal 1 as necessary.

  If the domain permission / denial information does not exist, the authentication information of the ticket determines the success / failure of the authentication. Since it cannot be determined whether or not the user M is a user who is permitted to connect in the own domain, the ticket and the NAI are transferred to the hAAA that is the authentication server of the home domain. The hAAA checks the ticket in the same manner, and if there is no problem with the ticket itself and the user M can roam to the yAAA, the hAAA transmits an accept to the yAAA to notify that the user authentication has been completed normally. At this time, hAAA can add or change ticket data. The yAAA that has received the accept from the hAAA adds ticket data and transmits the accept to the communication terminal 1.

  It should be noted that if domain authorization / non-permission information exists, but the own domain is not authorized, if it is determined that the user M does not have the authority to connect from yAAA in the authentication with hAAA, the authentication failure Send a message or make no response.

  FIG. 7 is a sequence diagram of user authentication in the case where the user M who has acquired a ticket in the procedure shown in FIG. 2 connects to the network via the domain bX from the communication terminal 1 storing the ticket.

  In the ticket transmitted by the communication terminal 1, the information added by bxAAA does not exist, but the information added by the parent domain xAAA exists, and therefore, it can be handled differently from FIG. 6 and will be described below.

  In FIG. 7A, since information added by the parent domain exists, authentication is performed by checking other ticket data with bxAAA regardless of whether domain permission / denial information is present in the ticket data. FIG.

  FIG. 7 (b) forwards the request as in FIG. 6 (b), but in this case, because of a problem in the permitted domain X, the domain is not the domain server hAAA of the home domain. FIG. 11 is a sequence diagram in which authentication is confirmed by transferring to xAAA, which is an authentication server in the upper hierarchy of bX. When the xAAA authentication is completed without any problem, the bxAAA adds necessary information to the ticket data and transmits the ticket to the communication terminal 1 as in FIG. 6B.

It is an example of the system configuration | structure by which the authentication method by this invention is used. It is a sequence diagram of ticket acquisition in the user authentication of the present invention. It is a figure which shows the example of a format of a ticket. It is a figure explaining the hierarchical structure of ticket data. It is a sequence diagram of user authentication of the present invention. In the user authentication of the present invention, it is a sequence diagram when there is no information of itself in the ticket. In the user authentication of the present invention, it is another sequence diagram when there is no information of its own in the ticket.

Explanation of symbols

1 Communication terminal

Claims (10)

In the roaming environment, in the user authentication method with the authentication server of the external domain,
Each authentication server stores a domain key that is an encryption key of a roamable domain,
The communication terminal to be authenticated transmits a ticket having authentication information encrypted with the domain key of the home domain of the communication terminal, together with user identification information and home domain identification information, to the authentication server,
The authentication server that receives the ticket determines the domain key of the stored home domain of the communication terminal based on the received home domain identification information, and decrypts the authentication information of the ticket using the determined domain key And performing user authentication. The ticket includes ticket data including authentication information, a time stamp added by the communication terminal, and an authenticator,
The authentication information includes a user authentication key that is a user-specific encryption key,
The authenticator is created using a user authentication key and ticket data and / or a time stamp,
The authentication server that has received the ticket checks an authenticator using a user authentication key included in the authentication information, and uses the validity of the received ticket as one of the conditions for successful authentication. User authentication method.   3. The user authentication method according to claim 1, wherein the ticket includes a stub that is not encrypted with a domain key. In the ticket, the authentication server of the external domain that transferred the ticket at the time of ticket issuance and past authentication can add information independently,
The user authentication method according to any one of claims 1 to 3, wherein the authentication server that has received the ticket uses one of the conditions for successful authentication that there is information written by itself in the past. The authentication information has information about the domain that is allowed to roam,
5. The authentication server which has received the ticket sets one of the conditions for successful authentication that the own domain is included in the domain permitted for roaming. The user authentication method described.   When the authentication server that has received the ticket cannot determine the success / failure of the authentication from the authentication information of the ticket, the authentication server of the home domain transfers the ticket, the user identification information, and the home domain identification information to the authentication server of the home domain. 6. The user authentication method according to claim 1, wherein authentication is performed by the authentication method.   The domain has a hierarchical structure, and if the authentication server that received the ticket cannot determine the success / failure of the authentication from the authentication information of the ticket, the ticket, user identification information, and home domain identification information are sent to the higher-level authentication server. 7. The user authentication method according to claim 1, wherein the authentication is performed by the authentication server of the higher hierarchy. In an authentication server that performs user authentication in a roaming environment,
Save the domain key that is the encryption key of the roamable domain,
When a ticket having authentication information encrypted with the domain key of the home domain of the communication terminal is received together with user identification information and home domain identification information from the communication terminal to be authenticated,
Based on the received home domain identification information, a domain key of the stored home domain of the communication terminal is determined, and authentication is performed by decrypting the authentication information of the ticket using the determined domain key. Authentication server to do. In a communication terminal that receives user authentication in a roaming environment,
Storing a ticket having authentication information encrypted with the domain key of the home domain of the communication terminal;
A communication terminal characterized by transmitting the stored ticket, user identification information, and home domain identification information to an authentication server of a connected domain when authentication is performed in the connected domain. In an authentication system in an environment where networks of multiple domains are connected to each other and roaming between domains is possible,
An authentication system comprising: the authentication server according to claim 8 installed in each domain; and the communication terminal according to claim 9 having one domain as a home domain.

Images