KR20090076755A - Pre-Authentication method for Inter-RAT Handover - Google Patents

Abstract

A pre-authentication method for inter-RAT handover is provided to reduce the quality deterioration of a service and set a fast security connection for wire/wireless communication by performing an authentication procedure as a new connection point before the handover. A message including terminal information requiring pre-authentication is transmitted to a target network authentication server(S303). The security related information of the target network is received by using the terminal information from the target authentication server(S311). The pre-authentication is performed by generating the security related information which a terminal uses in the target network by using the security related information of the target network(S313). The security related information of the terminal is transmitted to the target network authentication server(S314). The handover is performed to the target network(S318).

Description

Pre-Authentication method for Inter-RAT Handover}

The present invention relates to a wireless access system, and more particularly, to a method of performing pre-authentication upon handover between heterogeneous networks operated by different management domains.

Hereinafter, a brief description will be given of a general handover procedure and an authentication procedure using a PKM (Privacy and Key Management Sublayer) defined in the IEEE 802.16 standard.

1 is a flowchart illustrating a handover and initial network entry procedure.

Referring to FIG. 1, a mobile station (MS) selects cells during handover and initial network entry (S101 and S102). Cell selection is a procedure in which a terminal performs scanning or ranging with one or more base stations to find a suitable base station for network connection or handover. The terminal may schedule a scan interval or a sleep interval to determine an initial network entry to the base station or a possibility of handover to the target base station.

The UE may acquire synchronization and downlink parameters with the serving base station when the initial network enters (S103). A serving base station (SBS) refers to a base station that provides a service in a network to which a terminal is currently entering. After acquiring synchronization with the serving base station, the terminal acquires an uplink parameter to the serving base station (S104), performs a ranging procedure with the serving base station, and adjusts the uplink parameter (S105). Through the above process, the terminal and the serving base station form a basic function for communication (S106). The serving base station authorizes the terminal and exchanges a key (S107). In this way, the terminal is registered with the serving base station (S108), and the IP connection is established (S109).

The serving base station transmits operating parameters to the terminal to perform the communication procedure of the terminal (S110). In addition, since a connection is established between the terminal and the serving base station (S111), the terminal and the base station may perform a normal operation (S112). The terminal may continue to search for neighboring base stations even while performing normal operation in the serving base station (S113). This is to search for a base station that can provide a better service because the quality of the service provided by the serving base station becomes weaker as the terminal moves away from the serving base station in the moving process. In this case, an adjacent base station that provides a better service than the service base station is called a target base station (TBS), and the terminal may perform handover by searching for the target base station.

In general, the handover occurs when the terminal moves the cell area from the serving base station to the target base station. Handover is when the terminal switches the air interface, service flow and network access point from the serving base station to the target base station. The handover begins with determining the handover in the terminal, the serving base station or the network manager (S114).

The terminal may select a target base station (S115), and acquire synchronization and downlink parameters with the target base station (S116). The terminal may acquire an uplink parameter of the target base station (S117), and adjust the ranging and uplink parameters with the target base station (S118). In this case, if the UE previously received an NBR-ADV message including the identifier, frequency, and uplink / downlink channel descriptor (UCD / DCD) of the target base station, the scanning process and the synchronization procedure may be simplified. If the target base station receives the handover notification from the serving base station through the backbone network, it may provide a non-competitive initial ranging opportunity to the UL-MAP.

Through the above procedure, the terminal and the target base station form a basic function (S119), and the terminal and the target base station perform ranging to start a network reentry procedure. In addition, the terminal is re-registered and reconnected to the target base station is set (S120). As a result, the terminal is registered in the target base station (S121), and the IP connection of the target base station is also reset in the terminal (S122). As a result, the target base station may serve as a serving base station and provide a service to the terminal.

Referring back to the case of performing a handover in FIG. 1, the terminal may reselect a cell based on information on neighboring base stations obtained through scanning, and perform handover from the serving base station to the target base station. Accordingly, the terminal performs a synchronization and ranging procedure with the target base station. Thereafter, re-authorization of the terminal is performed by the target base station. In this case, the target base station may request information on the terminal from the serving base station through a backbone network.

Handover and network reentry procedures may be greatly reduced according to information associated with a terminal held by the target base station. In addition, some network entry procedures may be omitted depending on the amount of information on the terminal possessed by the target base station.

2 is a flowchart illustrating an authentication procedure for a terminal of a general IEEE 802.16 system.

Figure 2 relates to the authentication process currently in use, showing a schematic message flow and information transmission form. However, the types of messages including information transmitted and received by the terminal (MS) 200, the base station (BS, 220) or the authentication server (AAA Server: Authentication, Authorization, Accounting Server, 240) may vary.

Referring to FIG. 2, when the terminal 200 intends to enter the network, the terminal 200 acquires synchronization with the base station 220 and performs ranging. Thereafter, the terminal 200 and the base station 220 perform a basic capability negotiation with each other through an SBC-REQ / RSP message (S201).

Table 1 below shows an example of the SBC-REQ / RSP message for negotiating the initial performance between the mobile station and the base station.

SBC-REQ / RSP {  Essential parameter  Physical Parameters Supported  Bandwidth Allocation Support  Optional parameters  Capabilities for construction and transmission of MAC PDUs  PKM Flow Control  Authorization Policy Support  Maximum Number of Supported Security Association  Security Negotiation Parameters  HMAC-CMAC Tuple }

In Table 1, a SBC-REQ (Subscribe Station Basic Request) message is transmitted by the terminal upon initialization. In addition, as a response, the base station transmits a SBC-RSP (Subscribe Station Basic Response) message to the terminal. The SBC-REQ / RSP message is a message for negotiating the basic capability between the terminal and the base station.

Basic capability negotiation is to inform the base station of its basic capabilities immediately after the end of ranging. In Table 1, the SBC-REQ / RSP message includes parameters that may be optionally included in addition to the parameters that must be included.

A security association (SA) refers to a collection of security information shared by a base station and one or more terminals to support secure communication over an IEEE 802.16 based network. As related to security association in Table 1, there are Authorization Policy Support field and Security Negotiation parameter.

The authorization policy support field is one of the fields included in the SBC-REQ / RSP message, and specifies an authorization policy to be negotiated and synchronized between the terminal and the base station. If the authorization policy support field is omitted, the terminal and the base station should use IEEE 802.16 security with X.509 certificate and RSA public key algorithm as authorization policy.

Table 2 shows examples of commonly used Authorization Policy Support fields.

type Length value domain One  Bit # 0: IEEE 802.16 Privacy Supported Bits # 1-7: Reserved, shall be set to zero SBC-REQ, SBC-RSP type Length value One  Bit # 0: RSA-Based Authorization at the Initial Network Entry Bit # 1: EAP-Based Authorization at Initial Network Entry Bit # 2: Authenticated EAP-based Authorization at the initial Network Entry Bit # 3: Reserved, set to 0 Bit # 4: RSA-Based Authorization at Reentry Bit # 5: EAP-Based Authorization at Reentry Bit # 6: Authentiacted EAP-Based Authorization Reentry Bit # 7: reserved, shall be set to 0

The security negotiation parameter field that may be included in Table 2 specifies whether to support security capabilities that must be negotiated before performing an initial authorization procedure or a reauthorization procedure.

Table 3 shows an example of a commonly used Security Negotiation parameter field.

type Length Contents domain 25 variable The Compound field contains the subattributes as defined in the table below SBC-REQ, SBC-SRP Subattribute Contents PKM Version Support Version of Privacy Sublayer Supported Authorization Policy Support Authorization Policy to Support Message Authentication code Mode Message Authentication Code to Support PN Window size Size Capability of the Receiver PN Window per SAID

Meanwhile, the PKM Version Support field of Table 3 specifies a PKM Version. That is, the terminal and the base station negotiate with each other to use one PKM version.

Table 4 shows an example of a commonly used PKM version support field.

type Length value 25.1 One  Bit # 0: PKM Version 1 Bit # 1: PKM Version 2 Bits # 2-7: Reserved value, set to 0

Referring back to FIG. 2, the terminal 200 requests an Extensible Authentication Protocol (EAP) to the authentication server 240 through the base station 220. In response, the authentication server 240 authenticates the user to the terminal 200 through the EAP authentication method (S202).

For EAP-TLS, it is possible to use X.509 certificates for EAP authentication, and for EAP-SIM, it is possible to use certain types of credit certificates such as Subscriber Identity Module (SIM). . However, depending on the requirements of the system, the RSA authentication method using a cryptographic algorithm using a public key cryptography may be used.

If authentication of the terminal (or user) is successfully completed in step S202, the authentication server 240 generates a master session key (MSK) through an EAP-based authentication scheme. The authentication server transmits the MSK to the terminal and the base station (S203, S204).

An authentication key (AK) may be generated at the terminal 200 and the base station 220 using PMK (EAP-based authentication method) (S205). The terminal 200 and the base station 220 may generate an AK using the MSK, and the AK is used to generate a traffic encryption key (TEK) for communication between the terminal 200 and the base station 220.

The terminal 200 and the base station 220 share the TEK through 3-Way handshaking (S206). 3-Way handshaking is performed through a three-step handshaking of SA-TEK challenge, SA-TEK request, and SA-TEK response. At this time, the terminal 200 and the base station 220 are shared by generating a TEK used to encrypt the actual data.

The base station 220 and the terminal 200 generating the AK by performing the authentication procedure share the TEK and then perform a network entry procedure (S207).

As described above, in the conventional mobile communication system, there is no description of security association in handover between heterogeneous radio access networks. For example, when a terminal using an IEEE 802.16 network makes a handover to another wireless access system, a method for setting authentication and security association for the wireless 802.1 transmission system is not defined.

In addition, in a general communication environment, when performing a handover between heterogeneous radio access networks of a multimode terminal, an authentication and encryption key acquisition procedure must be newly performed in the process of performing a new network and a second layer handover. This can result in significant delays in the provision of user services, and possibly data loss.

In addition, when a communication terminal moves from one radio access network to another radio access network and the access point is changed, the continuity of the service may be damaged due to the handover operation. Changes in access points can lead to changes in the administrative domain. This inevitably entails a new authentication procedure, and the delay in processing time caused by performing the authentication delays the termination of the handover procedure, which may seriously affect the multimedia session currently in service.

The present invention has been made to solve the problems of the general technology as described above. That is, the present invention proposes a method for establishing a security association through pre-authentication in an Inter-RAT handover operated by a plurality of management domains.

An object of the present invention is to provide a pre-authentication method for inter-RAT handover between communication networks operated by a plurality of management domains.

It is another object of the present invention to improve user experience by supporting handover between heterogeneous networks by allowing access between different access networks.

In order to solve the above technical problem, the present invention relates to a wireless access system, and relates to a method for performing pre-authentication upon handover between heterogeneous networks operated by different management domains.

According to an aspect of the present invention, a method for performing pre-authentication before handover to perform fast handover between heterogeneous networks includes: (a) transmitting a message including terminal information necessary for pre-authentication to a target network authentication server; b) receiving security related information of the target network generated by using the terminal information from the target authentication server; and (c) pre-authenticating by generating security related information to be used by the terminal by using the security related information of the target network. It may include the step of performing.

In the method, the terminal information preferably includes at least one of information specifying pre-authentication, a serving network identifier, a serving authentication server identifier, a target network identifier, a terminal identifier, and a medium access control address of the terminal.

In the above method, the security-related information of the target network may include at least one of random number (RAND), authentication token (AUTN), message authentication code, and protection anonymous information.

In the above method, the security related information of the terminal may be generated using the integrity key and the encryption key in the terminal.

In another aspect of the present invention, a method for performing pre-authentication before handover to perform fast handover between heterogeneous networks includes transmitting terminal information necessary for pre-authentication received from a terminal to a target network authentication server and target network authentication. Receiving the security-related information of the target network from the server and transmitting to the terminal and receiving and transmitting the security-related information of the terminal to the target authentication server.

In still another aspect of the present invention, a method for performing pre-authentication before handover to perform fast handover between heterogeneous networks includes: (a) receiving a message including terminal information and (b) receiving a target from a home subscriber server. Extracting authentication information used in the network; (c) generating security related information of the target network using the terminal information and authentication information; and (d) transmitting security related information of the target network to the terminal. can do.

In addition, the method includes the steps of (e) receiving security related information of the terminal created using the security related information of the target network, and (f) transmitting a message including the security related information of the target network to the target network authenticator. And (g) preferably further comprises the step of performing a handover with the terminal.

In addition, the message and the security-related information may be transparently delivered to the terminal through the target network authenticator. In this case, the message and the security-related information may be delivered to the terminal through a target network authenticator and a serving authenticator.

According to the present invention has the following effects.

First, when the mobile terminal performs a handover between heterogeneous networks, a time-consuming authentication procedure is performed before handover to a new access point to set up a fast security association for wired and wireless communication, and reduce the quality of service. Can be reduced.

Second, the present invention performs pre-authentication and security key when multi-mode mobile terminal moves from IEEE-based network to other IEEE-based network or performs handover between heterogeneous networks to non-IEEE-based network such as 3GPP network. Provides a method of obtaining Keying Materials. Therefore, it is possible to provide a seamless service from the user's point of view by supporting to perform the handover procedure quickly.

Embodiments of the present invention to be described below are related to a wireless access system and to a method for performing pre-authentication upon handover between heterogeneous networks operated by different management domains.

The following embodiments combine the components and features of the present invention in a predetermined form. Each component or feature may be considered to be optional unless otherwise stated. Each component or feature may be embodied in a form that is not combined with other components or features. In addition, some components and / or features may be combined to form an embodiment of the present invention. The order of the operations described in the embodiments of the present invention may be changed. Some components or features of one embodiment may be included in another embodiment or may be replaced with corresponding components or features of another embodiment.

In the present specification, embodiments of the present invention have been described based on data transmission / reception relations between a base station and a terminal. Here, the base station has a meaning as a terminal node of the network that directly communicates with the terminal. The specific operation described as performed by the base station in this document may be performed by an upper node of the base station in some cases.

That is, it is obvious that various operations performed for communication with a terminal in a network composed of a plurality of network nodes including a base station may be performed by the base station or other network nodes other than the base station. A 'base station' may be replaced by terms such as a fixed station, a Node B, an eNode B (eNB), an access point, and the like. In addition, the term "terminal" may be replaced with terms such as a user equipment (UE), a mobile station (MS), a mobile subscriber station (MSS), and the like.

Embodiments of the invention may be implemented through various means. For example, embodiments of the present invention may be implemented by hardware, firmware, software, or a combination thereof.

In the case of a hardware implementation, the method according to embodiments of the present invention may include one or more application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs). Field programmable gate arrays (FPGAs), processors, controllers, microcontrollers, microprocessors, and the like.

In the case of an implementation by firmware or software, the method according to the embodiments of the present invention may be implemented in the form of a module, a procedure, or a function that performs the functions or operations described above. The software code may be stored in a memory unit and driven by a processor. The memory unit may be located inside or outside the processor, and may exchange data with the processor by various known means.

Specific terms used in the following description are provided to help the understanding of the present invention, and the use of the specific terms may be modified in other forms without departing from the technical spirit of the present invention.

In the embodiments of the present invention, when the terminal performs inter-RAT handover, a service currently provided by performing authentication in advance before completing the handover at the target access point and link layer to perform the handover. It relates to a pre-certification method that has as little impact on quality as possible.

In a homogeneous communication environment operated by a single management domain, handover support without using an authentication server is possible. However, in a heterogeneous communication environment operated by a plurality of management domains, the authentication server must pass through a handover. This is because different authentication results may be generated depending on the type of authenticator and the capability of the authentication server. For example, when handover occurs between an IEEE 802.11 network and an IEEE 802.16 network employing EAP-based authentication, when two access networks are operated by a single management domain, there is no problem in handover. However, when heterogeneous networks are operated by a plurality of management domains, there cannot be a handover mechanism that does not go through the authentication server of each management domain. Therefore, there is a need for the definition of a flexible and efficient authentication mechanism for the case where heterogeneous networks are operated by a plurality of administrative domains.

Accordingly, embodiments of the present invention to be described below are handovered to other IEEE 802 series wireless access networks such as WLANs in which a terminal belonging to an IEEE 802.16 wireless access network adopting EAP as an authentication framework accommodates a similar EAP-based authentication framework. When performing a handover to a non-IEEE-based wireless access network (eg, 3GPP network) that does not adopt EAP as the basic authentication framework, the terminal may perform a handover before completing the link layer handover to the target network access point. Define how to perform authentication and set up keying material for communication. That is, when the terminal performs the handover between heterogeneous networks, it defines a method for establishing a fast security association for communication by performing a time-consuming authentication procedure before entering a new access point.

The basic concept of pre-authenticate is that the terminal requests authentication from neighboring access points as well as the current access point before performing the handover, and receives the authentication from a plurality of access points in advance. In other words, the pre-authentication method proposed by the present invention extends the conventional concept and, when a handover between heterogeneous networks occurs, is authenticated in advance in the current access network and the adjacent target access network. Through this, in the final stage of pre-authentication, the target access network may obtain keying materials related to the corresponding terminal. In addition, the terminal can also obtain key materials while pre-authenticating to the target access network that may be handed over.

The pre-authentication method described in the embodiments of the present invention is for inter-RAT handover between networks operated by a plurality of management domains. In other words, the serving network and the target network for which handover is expected are based on different access technologies by different management domains. Therefore, the serving network and the target network should basically support handover operation between heterogeneous networks.

The pre-authentication method is based on the premise that the terminal is previously authenticated before accessing the target network, and all related access technologies essentially support EAP. In case of access technologies that do not support the EAP authentication framework, the use of an AAA server to relay it is essential, and not only the AAA server in the serving network but also the AAA server in the target network must support the pre-authentication procedure.

In the embodiments of the present invention, the heterogeneous network includes not only an IEEE 802 family of networks that accepts an EAP authentication framework including an IEEE 802.16 network, but also links specified in non-IEEE networks such as 3GPP and 3GPP2. In addition, the multi-mode used in the terminal means a state in which a plurality of radio standards are provided and support connection to one or more radio interfaces at the same time.

 The IEEE 802.16m system must satisfy the requirements for inter-network handover support. In this case, the type or related information of the neighbor network to perform handover may be grasped by the multimode terminal having a plurality of radio interfaces. Based on this information, the terminal may request pre-authentication to the target network for which handover is expected, and if pre-authentication is successful, the terminal may acquire key materials available in the corresponding network.

The basic capability negotiation process of the IEEE 802.16e system is performed by the terminal and the base station exchanging SBC-REQ and SBC-RSP messages after ranging is completed. In this case, the UE may inform the serving network of its basic capability through an SBC-REQ message. In addition, the base station may inform the terminal about the part of the common capability of the base station and the terminal through the SBC-RSP message in response to this.

In order to perform the pre-authentication method proposed by the present invention, the SBC-REQ and SBC-RSP messages may further include Inter-RAT Re-Authorization Policy Support parameters.

Table 5 below shows examples of modified SBC-REQ and SBC-RSP messages used in the embodiment of the present invention.

SBC-REQ / RSP {  Essential parameter  Physical Parameters Supported  Bandwidth Allocation Support  Optional parameters  Capabilities for construction and transmission of MAC PDUs  PKM Flow Control  Authorization Policy Support Inter - RAT Pre - Authorization Policy Support  Maximum Number of Supported Security Association Security Negotiaiton Parameters  HMAC-CMAC Tuple }

In Table 5, the heterogeneous network grant policy support parameter added to the SBC-REQ and SBC-RSP messages is a grant policy that the terminal and the network need to negotiate and synchronize when the terminal performs handover to a different radio access network in another management domain. Define. The heterogeneous network grant policy support parameter is a field included in the encoding of SBC-REQ and SBC-RSP messages as in the conventional grant policy support.

If the heterogeneous network grant policy support parameter is omitted, the terminal and the serving network do not support the pre-authentication method. In this case, since the terminal and the base station do not perform the pre-authentication method, it performs a general authorization method. That is, the terminal and the base station use X.509 certificate and RSA public key encryption algorithm or IEEE 802.16 security using EAP as the basic authorization policy. Therefore, when performing a handover to an access network other than the IEEE 802.16 network, the terminal should perform authentication with the authentication server of the target network from the beginning and obtain security-related key materials.

Table 6 below shows TLVs (types, lengths, and values) of Inter-RAT Pre-Authorization Policy Support parameters used in the embodiments of the present invention.

Type Length Value Scope One Bit 0: IEEE 802.16m Privacy Supported Bit 1-7: Reserved, shall be set to zero SBC-REQ, SBC-RSP

Meanwhile, in Table 5, the Security Negotiation parameter field should include a security capability to be negotiated before the authorization procedure when the terminal performs handover to heterogeneous networks. Therefore, the security negotiation parameter field may be modified as shown in Table 7 below.

Table 7 below shows TLVs of security negotiation parameters used in an embodiment of the present invention.

Type Length Value Scope 25 variable The compound field contains the subattributs as defined in the table below SBC-REQ, SBC-RSP Subattribute Contents PKM Version Support Version of Privacy Sublayer Supported Authorization Policy Support Authorization Policy to Support Inter - RAT Pre - Authorization Policy Support Inter - RAT Pre - Authorization Policy to Support Message Authentication Code Mode Message Authentication Code Support

Table 8 below shows the TLVs of the modified Inter-RAT Authorization Policy Support field.

Type Length Value One Bit # 0: RSA-Based Pre-Authorization at Inter-RAT Handover Bit # 1: EAP-Based Pre-Authorization at Inter-RAT Handover Bits # 2-# 7: Reserved, shall be set to 0

Referring to Table 8, the modified authorization policy support field may indicate whether a pre-license policy is supported based on RSA when handover between heterogeneous networks, or may indicate whether a pre-license policy is supported based on EAP.

Table 9 below shows a TLV of a PKM (Privacy Key Management) version support (PKM Version Support) field included in Table 7.

Type Length Value 25.1 One Bit # 0: PKM Version 1 Bit # 1: PKM Version 2 Bit # 2: PKM Version 3 Bit # 3-7: Shall be set to 0

The type or information of the neighbor network to which the terminal intends to perform handover is made by scanning. The timing and period of scanning can vary depending on the actual network implementation or operation policy. In the present invention, since the multimode support of the terminal is assumed, the terminal may simultaneously accommodate a plurality of radio standards. Accordingly, the terminal may establish a connection with one or more air interfaces.

There are several security requirements for carrying out the embodiments of the present invention. For example, a multi-mode terminal should be able to utilize information for 3GPP network other than IEEE 802.16 network by loading UICC / USIM as well as information for interworking with IEEE 802.16 network for supporting handover between heterogeneous networks. In addition, in the case of heterogeneous networks (3GPP) other than the IEEE 802.16 network, security contexts such as a secret key shared by the terminal and the network for a long time should be stably stored in the SIM card or the UICC card of the terminal. In addition, non-IEEE networks such as 3GPP networks should be able to be associated with EAP-based AAA servers that can support the success or failure of protected authentication. In addition, the IEEE 802.16 network should have a roaming agreement for interworking with 3GPP networks or other heterogeneous networks. In addition, protection should be provided for the success / failure of authentication or security contexts exchanged between the authentication server of the serving network and the authentication server of the target network. That is, authorization-related information should be able to be exchanged securely between authentication servers through AAA protocol. In addition, for the protection of user identifiers (eg IMSI, TMSI), the user identifiers should not be exposed.

PKM messages such as PKM-REQ (PKM Request) and PKM-RSP (PKM Response) may be used to perform the pre-authentication procedure in the handover between heterogeneous networks proposed by the present invention.

Tables 10 to 12 show examples of PKM messages.

Table 10 below shows an example of a PKM MAC message used in embodiments of the present invention.

Type Value Message Name Message Description 9 PKM-REQ Privacy Key Management Request [SS-> BS] 10 PKM-RSP Privacy Key Management Response [BS-> SS}

Referring to FIG. 10, the PKM-REQ message is for requesting a PKM from the terminal SS to the base station BS, and the PKM-RSP message may be used for a PKM response from the base station BS to the terminal SS. .

Table 11 below shows an example of a PKM-REQ message that can be used in embodiments of the present invention.

Syntax Size Contents PKM-REQ_Message_Format () {  Management Message Type = 9 8 bits  Code 8 bits  PKM Identifier 8 bits  TLV Encoded Attributes variable TLV-Specific }

Referring to Table 11, the Management Message Type parameter is 8 bits in size, indicating that the message is a PKM-REQ message. The code parameter has a length of one byte and may indicate a type of a PKM packet. If the base station receives a PKM-REQ message with an invalid code from the terminal can simply delete. The PKM Identifier parameter has a length of one byte, and the terminal may use the PKM identifier parameter to associate a response of the base station to its PKM request.

The TLV Encoded Attribute parameter represents an attribute of a PKM-REQ message in a Type, Length, and Value. Accordingly, the terminal and the base station can exchange authentication, authorization, and key management data using the TLV encode attribute parameter. Each PKM packet type has its own mandatory or optional attributes. Unless explicitly stated in the PKM attributes, the order of the attributes in the PKM message may be arbitrary.

Table 12 below shows an example of a PKM-RSP message that can be used in embodiments of the present invention.

Syntax Size Contents PKM-RSP_Message_Format () {  Management Message Type = 10 8 bits  Code 8 bits  PKM Identifier 8 bits  TLV Encoded Attributes variable TLV-Specific }

The contents of the parameters included in Table 12 are similar to those of Table 11.

Referring to Table 12, the Management Message Type parameter is 8 bits in size, indicating that the message is a PKM-RSP message. The code parameter specifies a PKM type, and the base station may delete the PKM packet having an invalid code from the terminal. The PKM identifier parameter is used by the base station to associate the PKM-RSP message of the base station with the PKM-REQ message of the terminal. The TLV Encoded Attributes parameter may be used to indicate the attributes of the PKM-RSP message.

Table 13 below shows a PKM message code added for performing the pre-authentication method used in the embodiments of the present invention.

Code PKM Message Type MAC Management Messages 0-2 Reserved - 3 SA Add PKM-RSP 4 Auth Request PKM-REQ 5 Auth Reply PKM-RSP 6 Auth Reject PKM-RSP ... ... ... 26 PKMv2 SA-Addition PKM-RSP 27 PKMv2 TEK-Invalid PKM-RSP 28 PKMv2 Group-Key-Update-Command PKM-RSP 29 PKMv2 EAP Complete PKM-RSP 30 PKMv2 Authenticated EAP Start PKM-REQ 31 PKMv3 EAP Pre - Auth Start PKM-REQ 32 PKMv3 EAP Pre - Auth Transfer PKM-RSP 33 PKMv3 Key Request PKM-RSP 34 PKMv3 Key Reply PKM-REQ 35 PKMv3 Key Reject PKM-REQ / PKM-RSP 36 PKMv3 Authenticated EAP Pre - Auth Start PKM-REQ 37 PKMv3 Authenticated EAP Pre - Auth Transfer PKM-REQ / PKM-RSP 38 PKMv3 EAP Pre - Auth Complete PKM-RSP 39-255 Reserved

Table 13 adds some newly defined messages to the PKM message code. A PKM message code having a code number of 0 to 30 indicates a commonly used PKM message. In this case, PKM message code numbers used in the embodiments of the present invention are thirty-first to thirty-eighth.

PKM message code 31 indicates that the PKM message is for pre-authentication start request (PKMv3 EAP Pre-Auth Start), PKM message code 32 is used for the EAP transmission (PKMv3 EAP-Transfer) used in the present invention Used to indicate a PKM message. In addition, the 33rd PKM message code may be used to indicate a PKM message for a PKMv3 Key Reuqest. The thirty-fourth PKM message code represents a PKM message for a key reply, and the thirty-fifth PKM message code represents a PKM message for a key reject. The 36th PKM message code is for indicating PKMv3 Authenticated EAP PreauthStart and the 37th PKM message code is for indicating PKMv3 Authenticated EAP Preauth-Transfer. will be. In addition, the 38th PKM message code is used to indicate PKMv3 EAP Preauth Complete.

In embodiments of the present invention, a terminal of a serving network may perform a pre-authentication procedure before performing a handover to a target network. Each target network runs its own authentication server (AAA Server), and the authentication function is included in the AAA server. In the embodiments of the present invention, a method of performing pre-authentication between a terminal, a serving network, a target network, and an authentication server may be divided into two types, an indirect pre-authentication method and a direct pre-authentication method. This may vary depending on the type of serving authentication server involved in pre-authentication signaling.

The indirect preauthentication method is a case where the serving network is involved in preauthentication signaling. The indirect pre-authentication method is required when IP communication between the target network and the terminal is not allowed for security. Indirect pre-authentication signaling may be divided into signaling between the terminal and the serving network, signaling between the serving network and the target network. In this case, the signaling between the serving network and the target network may include an authentication server of the serving network and an authentication server of the target network.

The direct pre-authentication method is a case where the serving network is not involved in pre-authentication signaling. The direct request for pre-authentication means that the mobile terminal makes a pre-authentication request to the target network via the serving authentication server, but the serving authentication server does not participate in the pre-authentication procedure and merely relays the message. Therefore, the pre-authentication signaling may be delivered from the terminal to the target authentication server via the serving authentication server.

In the drawings to be described below, the start point and the arrival point of each arrow indicate an entity of a message transmitted and an entity of a destination received, respectively. However, all the transmission paths of the messages between the entities included in the mobile terminal or the access network will not be described. Of course, even the part which is not demonstrated can be understood with reference to drawings.

3 is a diagram illustrating a process of performing an indirect pre-authentication by a mobile terminal when handover between heterogeneous networks according to an embodiment of the present invention.

In FIG. 3, a system in which the present invention is used includes a mobile node (MN) 300, an IEEE 802.16 access network (320) as a serving network, and an IEEE 802.16 authentication server (802.16 AAA Server, 340) as a serving authentication server. ), A 3GPP authentication server (3GPP AAA Server, 360) as a target authentication server, a home subscriber server (HSS: 380) of a target network, and a 3GPP access network (3GPP access network, 390) as a target network. have. In this case, the mobile terminal 300 may be described in various ways such as a terminal, a mobile node, or a mobile station (MS). Also, the serving network refers to a network currently providing a service to a mobile terminal, and a target network refers to a target network to which the mobile terminal intends to perform handover.

In FIG. 3, the components of each system may be configured as one or more entities. For example, the mobile terminal 300 may include a security entity, an IP entity, an 802.16 link entity, and a 3GPP link entity. In this case, the mobile terminal 300 may be equipped with UICC / USIM to support handover between heterogeneous networks and may utilize information for interworking with the IEEE 802.16 network as well as information for 3GPP networks.

In addition, the serving network 320 may include an 802.16 link entity, a Network Control and Management System (NCMS) entity, and a security entity. In addition, the target network 390 may include a 3GPP link entity and a security entity.

In FIG. 3, the start point and the arrival point of each arrow indicate an entity of a message transmitted and an entity of a destination received, respectively. The route through which each message is delivered will be described only in the context of the features of the present invention. Of course, even the part which is not demonstrated can be understood with reference to drawings.

In FIG. 3, the mobile terminal transmits a pre-authentication start message to the authentication server of the target network through the current serving network. The target authentication server performs pre-authentication for the mobile terminal and then transmits the result to the serving network and the target network. As a method used for pre-authentication, it is assumed to use the EAP-Authentication and Key Agreement (EAP-AKA) method. 3 will be described in detail below.

Referring to FIG. 3, the mobile terminal 300 accesses the serving network 320 to share a master session key (MSK) and an authentication key (AK) through EAP-based authentication, and a 3-way handshake. The TEK sharing process may be performed through the step (S301).

Since step S301 is similar to the authentication procedure described with reference to FIG. 2, a detailed description will be replaced with reference to FIG. 2. However, when the serving network on which the authentication procedure is performed is an IEEE 802 series network other than the IEEE 802.16 network, a similar type of initial authentication procedure based on the EAP may be performed.

The mobile terminal 300 performing the serving network and the authentication procedure receives signals from nearby heterogeneous networks through scanning, and performs neighbor network search and network selection procedures (S302).

As a result of the scanning in step S302, it is assumed that the mobile terminal 300 determines a network operated by another management domain as a potential handover destination network. In the embodiment of the present invention, a 3GPP network will be described as an example of a heterogeneous network.

The terminal 300 may transmit a PKM EAP Pre-Auth Start message to the serving network 320 to perform a pre-authentication procedure with the target network 390. For example, a pre-authentication request is performed as a 802.16 link entity in a security entity that is an upper entity of the terminal 300, a pre-authentication request message is transmitted from an 802.16 entity in the terminal to an 802.16 link entity in the serving network 320, and the serving The 802.16 link entity of the network 320 forwards the pre-authentication request message to the security entity of the serving network 320. In addition, the security entity of the serving network 320 may transmit a pre-authentication request message to the authentication server 360 of the target network through the authentication server of the serving network (S303).

In step S303, the EAP-related message is encapsulated by a serving network-specific protocol in the IEEE 802.16 network, which is a serving network, and transmitted to a mobile terminal through a serving network interface, and the target network authenticator from the serving network authenticator. Up to the authentication server, the EAP message is packaged and delivered in the AAA protocol.

Table 14 below shows attributes of the PKM pre-authentication start message that can be used in step S303.

Attributes Contents Serving Network Identifier Current network identifier Serving AS Identifier Current network authentication server identifier Target Network Identifier Identifier of the target access network SS Identifier Mobile terminal identifier (IMSI) SS MAC Address MAC address of mobile terminal Security Capabilities Security capability such as authentication method supported by mobile terminal Security Negotiation Parameters Security Capabilities Negotiated Before Performing Pre-Authentication Procedures Key Sequence Number AK sequence number HAMC / CMAC digest Message Digest calculated using AK

Table 14 shows a PKM pre-authentication start message for the terminal to pre-authentication request. The PKM preauthentication start message is one of the PKM messages. The identifier of the current access network, the identifier of the current access network authentication server, the identifier of the target access network, the identifier of the mobile terminal (IMSI), the MAC address of the mobile terminal, and the security-related capabilities supported by the mobile terminal. And security-related capabilities such as mobile terminals to negotiate before performing pre-authentication.

The target authentication server 360 receiving the preauthentication start message through step S303 transmits the EAP preauthentication request / identification message to the serving network 320. In addition, the serving network 320 transmits an EAP preauthentication request / identification message to the terminal 300. In this case, the EAP request / identification message is encapsulated through a unique protocol of the serving network 320 and transmitted to the terminal 300 through an IEEE 802.16 interface.

The terminal 300 may transmit its identifier using an EAP Preauth Response / Identity message. This conforms to the Network Access Identifier (NAI) specified in 3GPP TS 23.003. The EAP pre-authentication response / identification message indicates a pre-authentication value, an identifier of the current access network 320, an identifier of the current access network authentication server 340, an identifier of the target access network 360, and a MAC address of the mobile terminal 300. It may include. The EAP response / identification message is transmitted from the security entity of the terminal 300 through the 802.16 link of the terminal to the 802.16 link of the serving network. In addition, the EAP pre-authentication response / identification message is delivered to the target authentication server via the serving network security entity and the serving network authentication server through the 802.16 link of the serving network (S305).

In step S305, the message is delivered to the appropriate nearby 3GPP authentication server via the authentication server 340 of the current serving network according to the Realm Part of the NAI, and the delivery path may include one or more authentication servers.

In operation S305, the target authentication server 360 receives an EAP Preauth Response / Identity message including an identifier of the terminal 300. At this time, when the target authentication server 360 recognizes the authentication method included in the PKM pre-authentication start message transmitted by the terminal 300 but does not recognize the identifier of the terminal 300, the target authentication server 360 is a terminal. A new identifier may be requested to the terminal 300 using the EAP method specified by the 300.

In this case, when the target authentication server 360 recognizes the identifier of the terminal 300, it may check whether there are authentication parameters that are not used to perform EAP-AKA authentication for the terminal. If there are no authentication parameters, the target authentication server 360 may extract a series of new authentication parameters from the HSS 380 (S306).

In operation S306, the target authentication server 360 performs mapping of a temporary identifier (TMSI), an international mobile subscriber identity (IMSI), and a MAC address of the terminal 300. The identifier of the terminal 300 to be used after the authentication is once used is the temporary identifier (IMSI) adopted by the negotiated authentication method (EAP-AKA).

The target authentication server 360 may request the identifier of the terminal again through the EAP preauthentication request / AKA-Identity message (S307).

In step S307, the EAP pre-authentication request / AKA-identification message is performed when the identifier of the terminal received through the EAP pre-authentication response / identification message is changed by the intermediate nodes, and may be omitted if it is not changed. The EAP pre-authentication request / AKA-identification message may be delivered to the terminal 300 through the serving network 320.

The mobile terminal 300 responds to the EAP Preauthentication Request / AKA-Identity message with the same identifier as used in the EAP Preauth Response / Identity message. At this time, the serving network 320 transmits an EAP Preauth Response / AKA-Identity message to the target authentication server 360, and the identifier included in the message is the target authentication server 340. It can be used in subsequent authentication procedures by (S308).

If the identifiers included in the two messages of step S307 and step S308 do not match. In this case, the user profile and authentication vector previously extracted from the HSS (or HLR) cannot be used, so a new user profile and authentication vector must be extracted from the HSS.

The target authentication server 360 generates new keying materials from the Integrity Key (IK) and the Cipher Key (CK). Key materials are security-related contexts required by EAP-AKA and are used to protect the confidentiality or integrity inherent in the target network (3GPP) technology. In addition, a new anonymous (Pseudonym) to be assigned to the authenticated user is generated (S309).

In addition, step S306 may be performed again before step S309. In order to optimize performance, identifier re-request procedures (S307 to S308) are performed before the user profile and authentication vector are extracted if the target authentication server 360 does not have enough information to identify the user as an EAP-AKA user. Should be.

The target authentication server 360 sends an EAP Preauth Request / AKA-Challenge (RAP) message with a random number (RAND), authentication (AUTN), message authentication code (MAC), and protected pseudonym (Pseudonym). It can be included in, and delivered to the serving network 320. The EAP pre-authentication request / AKA-request message may be transmitted to the terminal 300 through the serving network 320 (S310).

In operation S310, the target authentication server 360 may include a Result Indication parameter in the EAP pre-authentication request / AKA-request message and transmit the result indication parameter to the mobile terminal 300. The result indication parameter is used to specify whether to protect the Success Result message at the end of the authentication procedure. Whether or not the resulting messages are protected depends on the operator's policy. When the CK and IK are included in this message and delivered to the authentication server 340 of the serving network, additional key materials are generated by the serving network authentication server. Additional key materials can ensure the inherent confidentiality and integrity of the serving network.

The mobile terminal 300 may perform a UMTS algorithm existing in its USIM. The Universal Subscriber Identity Module (USIM) of the terminal checks whether the AUTN is correct and performs network authentication. If the AUTN is incorrect, the terminal 300 fails to authenticate. On the other hand, if the sequence number is not synchronized (Out-of-Sync), the terminal 300 starts a synchronization procedure (Synchronization Procedure). If AUTN is correct, USIM generates RES, IK and Kc. The terminal 300 may generate additional key materials using the newly calculated IK and Kc in the USIM, and check the received MAC. When the protected anonymous (Pseudonym) is received, the terminal 300 stores it for future authentication procedure (S311).

The mobile terminal 300 calculates a new MAC value for the EAP message with the new key materials, and then EAP Preauth Response / AKA-Challenge message including the calculated RES and MAC value. To the serving network 320. When the mobile terminal 300 receives the same indication parameter from the target authentication server 360, the mobile terminal 300 includes the result indication parameter in the EAP pre-authentication response / AKA-request message. At this time, the EAP preauthentication response / AKA-request message is transmitted to the target authentication server 360 via the serving network 320 (S312).

The target authentication server 360 checks the received MAC and compares the XRES with the received RES. Through this process, the target authentication server 360 may perform the authentication procedure for the mobile terminal 300 even before the mobile terminal 300 performs the handover (S313).

If all the checks in step S313 are successful, the target authentication server 360 sends a 3GPP Specific security context transfer message to the target network 390 to deliver the security contexts used in the target network 390. It may transmit (S314).

In operation S314, security parameters specific to the target network 390 are transferred from the target authentication server 360 to the target network 390. Target-specific security-related parameters are authentication vectors generated for the corresponding terminal in step S311, and additionally include information related to terminal identifiers (IMSI, TMSI) and may be transmitted through a MAP protocol. Security-specific parameters specific to the target network are for the case where authentication process through the target network 390 occurs in the future. In addition to the information transmitted through the security context transfer message, key materials generated for the confidentiality or integrity protection inherent in the target network 390 may be further included. The target authentication server 360 delivers it to the target network 390 through an AAA protocol message. The target network 390 may store the key materials and use the same to communicate with an authenticated mobile terminal 300.

If the target authentication server 360 was previously requested to use protected Success Result Indication, the EAP Preauth Request / AKA-Notification prior to sending the EAP Success message. The message may be transmitted to the mobile terminal through the serving network. The EAP preauthentication request / AKA-notification message may be protected via the MAC (S315).

The mobile terminal 300 may transmit an EAP preauthentication response / AKA-notification message to the serving network 320 as a response to the EAP preauthentication request / AKA notification message (S316).

In operation S316, the serving network 320 transmits the EAP pre-authentication response / AKA notification message to the target authentication server, and the target authentication server 360 may ignore the contents of the message.

If the authentication procedure for the mobile terminal 300 is successfully performed in the target network 390, the target network authentication server 360 transmits an EAP Success message to the serving network 320. In addition, the serving network 320 notifies the mobile terminal 300 of the successful authentication through the EAP success message (S317).

If the EAP AKA procedure is successfully completed, the mobile terminal 300 performs L2 handover to the target network 390. In this case, the terminal may quickly perform handover based on information previously exchanged through pre-authentication between the network entities of the serving network and the target network. That is, the mobile terminal 300 may omit a process of newly performing authentication and setting a key from the beginning when registering with the target network 390. When the mobile terminal 300 completes the second layer (L2) handover, the MAC layer of the mobile terminal 300 establishes a security association with an access point of the target network 390 and prepares for communication (S318).

FIG. 4 is a diagram illustrating a process of directly performing pre-authentication by a mobile terminal in a handover between heterogeneous networks according to another embodiment of the present invention.

In FIG. 4, a system in which the present invention is used includes a mobile node (MN) 400, an IEEE 802.16 access network (420) as a serving network, and an IEEE 802.16 authentication server (802.16 AAA Server, 440) as a serving authentication server. ), A 3GPP authentication server (3GPP AAA Server, 460) as a target authentication server, a home subscriber server (HSS: 480) of a target network, and a 3GPP access network (3GPP Access Network, 490) as a target network. have. In this case, the mobile terminal 400 may be described in various ways such as a terminal, a mobile node, or a mobile station (MS). In addition, the serving network refers to a network currently providing services to the mobile terminal, and the target network refers to a network to which the mobile terminal intends to perform handover.

In FIG. 4, the components of each system may be configured as one or more entities. For example, the mobile terminal 400 may include a security entity, an IP entity, an 802.16 link entity, and a 3GPP link entity. In this case, the mobile terminal 400 may use UICC / USIM to support handover between heterogeneous networks and utilize information for 3GPP network as well as information for interworking with the IEEE 802.16 network.

In addition, the serving network 420 may include an 802.16 link entity, a Network Control and Management System (NCMS) entity, and a security entity. Target network 490 can also include 3GPP link entities and security entities.

4 illustrates a case where a mobile terminal requests pre-authentication directly to a target network. In this case, the direct pre-authentication request means that the pre-authentication request is made to the target network through the serving authentication server in the mobile terminal, but the serving authentication server does not participate in the pre-authentication procedure and merely relays a message. In this case, the result of the pre-authentication is transferred directly from the target network authentication server to the target network authenticator. In addition, it is assumed that the EAP-AKA authentication method is used for pre-authentication of FIG.

Referring to FIG. 4, step S401 is a process in which the mobile station performs authentication with the serving network. That is, in step S401, the multi-mode mobile terminal 400 accesses the IEEE 802.16 network 420 to share a master session key (MSK) and an authentication key (AK) through authentication based on EAP, and a 3-way handshake (3-). way handshake), including TEK sharing (S401).

Detailed description of the step S401 is similar to the authentication procedure in FIG. Therefore, the detailed description will be made with reference to FIG. 2. In addition, if the IEEE 802 series network other than the IEEE 802.16 network 420 in step S401, an initial authentication procedure of a similar type based on the EAP may be performed.

Thereafter, the mobile terminal 400 receives a signal from the neighboring network through scanning and performs a neighbor network search and selection procedure. As a result of the scanning, it is assumed that the mobile terminal 300 determines that the 3GPP network operated by another management domain is a potential handover target network (S402).

In another embodiment of the present invention, the mobile terminal 400 may directly transmit a PKM EAP Pre-Auth Start message to the target 3GPP network 490. In addition, the target network 490 transfers the pre-authentication start message received from the mobile terminal 400 to the target authentication server 460. In addition to the identifier of the terminal and the MAC address, the EAP pre-authentication start message includes the authentication method supported by the terminal, the identifier of the current access network identifier and the current access network authentication server, the security capabilities supported by the terminal, and the security to be negotiated before the pre-authentication. Information such as capabilities may be included. At this time, since the identifier of the target access network already has the mobile terminal, it does not need to be included in the pre-authentication start message (S403).

The pre-authentication start message that can be used in step S403 is a message that can be used not only in the IEEE 802.16 network but also in the 3GPP network. Therefore, the PKM message used in Table 14 or a general type of message that can be used in the 3GPP network can be used as the pre-authentication start message. In addition, the mobile terminal 400 may include an identifier corresponding to the NAI (Network Access Identifier) specified in 3GPP TS 23.003 in the pre-authentication start message and transmit it to the target network 490. The pre-authentication start message is delivered to an appropriate target authentication server (eg, 3GPP AAA server) according to the Realm of the NAI, and the delivery path may include one or more AAA servers. In operation S403, the target network authentication server 460 may receive a pre-authentication start message including the identifier of the mobile terminal 400.

After the serving network authentication server receives the pre-authentication start message, the serving network authentication server may transmit an EAP preauthentication request / identification message to the terminal via the target network authenticator and the serving network authenticator (S404).

The mobile terminal can transmit its identifier to the target network authentication server through an EAP Preauth Response / Identity message. At this time, it is assumed that the identifier of the terminal conforms to the NAI specified in 3GPP TS 20.003. In addition, the value specifying the pre-authentication, the identifier of the current access network, the identifier of the current access network authentication server, the target access network identifier and the MAC address of the terminal may be included in the EAP pre-authentication response / identification message.

The EAP pre-authentication response / identification message is delivered to the authentication server 460 of the target network through the authentication server 440 of the serving network according to the Realm Part of the NAI, and the delivery path may include one or more AAA servers. Can be. The target network authentication server 460 may receive the EAP pre-authentication response / identification packet including the NAI (S405).

When the target network authentication server 460 recognizes the authentication method of the pre-authentication request transmitted by the mobile terminal, but does not recognize the identifier of the terminal, the target network authentication server 460 may transmit a new identifier to the terminal using the authentication method specified by the terminal. have. When the target authentication server 460 recognizes the identifier of the mobile terminal 400, it is checked whether there are authentication parameters for performing AKA authentication on the received identifier. If there are no authentication parameters for AKA authentication, the target network authentication server 460 may transmit an Authentication Data Request message to the HSS 480. Through this, the target network authentication server 460 may extract a set of new authentication parameters for the mobile terminal 400 from the HSS (480).

In addition, upon receiving the authentication data request message from the 3GPP authentication server 460, the HSS 480 may generate a series of new authentication data for bidirectional authentication. The transmission of authentication data generated by the HSS 480 is performed through a 3GPP specific MAP protocol. In addition, the HSS 480 also performs mapping between the temporary identifier (TMSI) and the IMSI of the terminal 400. As the identifier of the terminal to be used after the authentication is performed once, a temporary identifier (IMSI) adopted by the negotiated authentication method (AKA) may be used (S406).

The 3GPP network authentication server requests a terminal identifier again through an EAP preauthentication request / AKA identity message. This request is performed when the terminal identifier received through the EAP Preauth Response / Identity message is changed by the intermediate nodes, otherwise it is omitted. The EAP pre-authentication request AKA identification message is transmitted to the terminal through the 3GPP network authenticator and the IEEE 802.16 network authenticator (S407).

The mobile terminal responds to the EAP Preauthentication Request / AKA Identity message with the same identifier (NAI) as used in the EAP Preauth Response / Identity message. The authenticator of the IEEE 802.16 network forwards the EAP Preauth Response / AKA Identity message to the 3GPP network authentication server through the 3GPP authenticator. The identifier included in the EAP pre-authentication response / AKA identification message is used in subsequent authentication procedures by the 3GPP network authentication server (S408).

If the identifiers received through the EAP preauthentication request / AKA identification message and the EAP preauthentication response / AKA identification message do not match, the user profile and authentication vector previously extracted from the HSS / HLR cannot be used. Therefore, a new user profile and authentication vector must be extracted from the HSS / HLR. Before step S409, step S406 may be performed again. To optimize performance, identifier re-request procedures (S407-S408) should be performed before the user profile and authentication vector are extracted if the authentication server of the 3GPP network does not have enough information to identify the user as an EAP-AKA user. do.

The 3GPP network authentication server generates new key material from IK and CK. This key material is the security contexts required by EAP-AKA and is used to protect the confidentiality and integrity inherent in the 3GPP network. In addition, a new Anonymous (Pseudonym) is created to assign to the authenticated user.

The 3GPP network authentication server 460 includes RAND, AUTN, and MAC protected anonymity in an EAP Preauth Request / AKA-Challenge message and forwards it to the IEEE 802.16 network authenticator. This is transmitted to the terminal via the authenticator of the 3GPP network and the authenticator of the IEEE 802.16 network. In addition, the 3GPP network authentication server transmits a Result Indication to the mobile terminal. Result Indication is to specify whether to protect the Success Result at the end of the authentication process. The resulting message protection is up to the operator's policy. When CK and IK are included in the EAP pre-authentication request / AKC-application message and forwarded to the IEEE 802.16 network authentication server 420, an additional key material is generated by the IEEE 802.16 network authentication server 420 to provide the confidentiality of the IEEE 802.16 network. Confidentiality and Integrity can be guaranteed.

The mobile terminal performs a UMTS algorithm existing in the USIM. The USIM checks whether the AUTN is correct and performs network authentication. If the AUTN is wrong, the terminal fails to authenticate. On the other hand, if the sequence number is not synchronized, the terminal starts the synchronization procedure. If AUTN is correct, USIM generates RES, IK, and CK. The terminal generates additional key material using the newly calculated IK, CK in the USIM, and confirms the received MAC. If the protected anonymous is received, the mobile terminal stores it for subsequent authentication (S411).

The mobile station calculates a new MAC value for the EAP message with the new key material and then sends an IEEE 802.16 EAP Preauth Response / AKA-Challenge message containing the calculated RES and MAC values. Send to network authenticator. When the mobile terminal receives the same indication from the 3GPP network authentication server 460, the mobile terminal includes a result indication in the EAP pre-authentication response / AKA-application message, otherwise it does not include the result indication. . The EAP Preauth Response / AKA-Request packet is transmitted to the 3GPP network authentication server 460 via the IEEE 802.16 network authenticator 420 and the 3GPP network authenticator 490 (S412). ).

The authentication server 460 of the 3GPP network performs user authentication by checking the received MAC and comparing the XRES with the received RES (S413).

If previously requested to use Protected Success Result Indication, and if all checks in step S413 are successful, the 3GPP network authentication server 460 pre-certifies EAP prior to sending the EAP Success message. Send an EAP Preauth Request / AKA-Notification message. EAP preauthentication request / AKA-notification messages are protected via MAC. In addition, 3GPP network-specific security parameters are passed from the 3GPP network authentication server to the authenticator of the 3GPP network. These parameters additionally include terminal identifier (IMSI, TMSI) information as authentication vectors generated for the corresponding terminal in step S406, and are transmitted through a mobile application part (MAP) protocol. This is for the case that authentication process through 3GPP network occurs in the future. In addition to the security information, the EAP pre-authentication request / AKA-notification message may further include key materials generated for confidentiality or integrity protection inherent in the 3GPP network. The 3GPP network authentication server 460 delivers the EAP pre-authentication request / AKA-notification message to the 3GPP network authenticator through an authentication protocol message. The authenticator of the 3GPP network stores these security related parameters and key materials and uses them to communicate with the authenticated mobile terminal (S414).

In response to the EAP Preauth Request / AKA Notification message, the UE sends an EAP Preauth Response / AKA-Notification message to the authenticator 420 of the IEEE 802.16 network. To pass. The IEEE 802.16 network authenticator 420 forwards this message to the 3GPP network authenticator 460 via the 3GPP network authenticator 490, and the 3GPP network authenticator 460 ignores the contents of the message (S415). .

The 3GPP network authentication server 460 transmits an EAP success message to the IEEE 802.16 network authenticator 420. The EAP success message is delivered to the IEEE 802.16 network authenticator 420 via the 3GPP network authenticator 490, and the authenticator of the IEEE 802.16 network notifies the success of authentication using the EAP pre-authentication success message. If the EAP AKA procedure is successfully completed, after the L2 handover is made, the UE and the 3GPP network share authentication vectors and keying materials, and secure communication is possible (S416).

The mobile terminal 400 performing the pre-authentication procedure with the target network 490 in steps S403 to S410 may perform L2 handover with the target network 490. Therefore, after the handover, a new authentication procedure and key setting procedure between the mobile terminal and the target network can be omitted. When the second layer (L2) handover is completed, the MAC of the mobile terminal 400 establishes a security association with an access point of the target network 490 and prepares for communication (S417).

FIG. 5 is a diagram illustrating a process of performing an indirect pre-authentication by a mobile terminal during handover between heterogeneous networks according to another embodiment of the present invention.

In FIG. 5, a system in which the present invention is used is a mobile terminal (MN), an IEEE 802.16 access network (520) as a serving network, an IEEE 802.16 authentication server (802.16 AAA Server, 540) as a serving authentication server. ), A 3GPP authentication server (3GPP AAA Server, 560) as a target authentication server, a home subscriber server (HSS: 580) of a target network, and a 3GPP access network (3GPP access network, 590) as a target network. have. In this case, the mobile terminal 500 may be described in various ways such as a terminal, a mobile node, or a mobile station (MS). In addition, the serving network refers to a network currently providing services to the mobile terminal, and the target network refers to a network to which the mobile terminal intends to perform handover.

In FIG. 5, the components of each system may be configured as one or more entities. For example, the mobile terminal 500 may include a security entity, an IP entity, an 802.16 link entity, and a 3GPP link entity. In this case, the mobile terminal 500 may be equipped with UICC / USIM to support handover between heterogeneous networks, and may utilize information for interworking with the IEEE 802.16 network as well as information for 3GPP networks.

In addition, the serving network 520 may include an 802.16 link entity, a Network Control and Management System (NCMS) entity, and a security entity. Target network 590 may also include 3GPP link entities and security entities.

In FIG. 5, the start point and the arrival point of each arrow indicate an entity of a message transmitted and an entity of a received destination, respectively. The route through which each message is delivered will be described only in the context of the features of the present invention. Of course, even the part which is not demonstrated can be understood with reference to drawings.

In another embodiment of the present invention, the mobile terminal 500 may transmit the pre-authentication request start message to the authentication server 560 of the target network through the authentication server 540 of the current serving network. After receiving the pre-authentication request, the target authentication server 540 may perform pre-authentication for the mobile terminal 500 and transmit the result to the serving network 520 and the target network 590. The target network 590 may transfer key materials to be used in the target network to the mobile terminal 500 as a result of pre-authentication. In addition, it is assumed that another embodiment of the present invention uses the EAP-SIM authentication method for pre-authentication.

Referring to FIG. 5, in step S501, a multi-mode mobile terminal 500 accesses an IEEE 802.16 network 520 serving as a serving network, and performs master session key (MSK) and authentication key (AK) through EAP-based authentication. Sharing and TEK sharing via 3-Way Handshake. If the serving network 520 is another IEEE 802 series network other than the IEEE 802.16 network, a similar initial authentication procedure based on the EAP is performed.

Thereafter, the mobile terminal 500 receives a signal from a neighboring network through scanning, and performs a network search and network selection procedure. As a result, it is assumed that the mobile terminal 500 determines a network operated by another management domain as a target network which is a potential handover target network. In another embodiment of the present invention, it is assumed that the 3GPP network is determined as the target network (S502).

The mobile terminal 500 may transmit an EAP pre-auth start message to the IEEE 802.16 network 520 serving as the serving network. In addition, the serving network 520 may transmit a pre-authentication start message to the target authentication server 560. At this time, the EAP pre-authentication start message may use the EAP pre-authentication start message described in Table 14. Therefore, the EAP pre-authentication start message may include the identifier and MAC address of the mobile terminal. In addition, the EAP pre-authentication start message includes information such as the authentication method supported by the mobile terminal, the current access network identifier, the identifier of the current access network authentication server, the target access network identifier, the security capability supported by the terminal, and the security capability that the terminal needs to negotiate. It may be (S503).

The target authentication server 560 may transmit an EAP preauthentication request / identification message to the serving network 520 to request a parameter necessary for authentication of the terminal 500. In addition, the serving network 520 may transmit an EAP request / identification message to the mobile terminal 500. The EAP packets may be encapsulated through a unique protocol of a serving network (IEEE 802.16 network, 520) and transmitted through an IEEE 802.16 interface (S504).

The mobile terminal 500 may transmit the identifier of the mobile terminal 500 through an EAP Preauth Response / Identity message. At this time, the identifier of the mobile terminal conforms to NAI (Network Access Identifier) specified in 3GPP TS 23.003. In addition, the EAP response / identification message may further include a value specifying pre-authentication, an identifier of the current access network, an identifier of the current access network authentication server, an identifier of the target access network, and a MAC address of the mobile terminal. The EAP pre-authentication response / identification message is delivered to the target network authentication server (3GPP AAA Server, 560). The EAP pre-authentication response / identification message is delivered to the appropriate target authentication server 560 via the current serving authentication server 540 according to the Realm Part of the NAI, and the delivery path may include one or more AAA servers. (S505).

In operation S505, the target authentication server 560 may receive an EAP Preauth Response / Identity message including the identifier of the mobile terminal 500. At this time, the target authentication server 560 may recognize the authentication method of the pre-authentication request transmitted by the terminal, but may not recognize the identifier of the mobile terminal 500. In this case, the target authentication server 560 may request to transmit the new identifier to the mobile terminal 500 through the EAP authentication method specified by the mobile terminal 500. The target authentication server 3GPP AAA server 560 may request the terminal identifier again through an EAP Preauth Request / SIM Start message (S506).

In step S506, the terminal identifier request using the EAP pre-authentication request / SIM start message in the target authentication server, the identifier of the mobile terminal 500 received through the EAP pre-authentication response / identification (EAP Preauth Response / Identity) message is Can be performed if changed by intermediate nodes. If the identifier of the mobile terminal 500 has not been changed, step S506 may be omitted. The EAP preauthentication response / identification message is delivered to the mobile station through the IEEE 802.16 network.

The mobile terminal 500 selects a new random number 'NONCE_MT', which is used for network authentication. The mobile terminal 500 includes the same identifier and 'NONCE_MT' as used in the EAP preauthentication response / identification message in the EAP preauthentication response / SIM-Start message, and the EAP preauthentication. The response / SIM-start message may be sent to the serving network 520. The serving network 520 forwards the EAP pre-authentication response / SIM-initiation message to the target authentication server 560, and the identifier included in the EAP pre-authentication response / SIM-initiation message is subsequently updated by the target authentication server 560. Can be used in the authentication process (S507).

If the identifiers included in the two messages of step S506 and step S507 do not match, the user profile and authentication vector previously extracted from the HSS (or HLR) 580 cannot be used, so that the new user profile and authentication vector are HSS. (Or HLR).

The target authentication server 560 checks whether there are N authentication parameters for performing EAP-SIM authentication on the mobile terminal 500. If there are no authentication parameters, the target authentication server 560 extracts a series of new authentication parameters from the HSS / HLR. In addition, the mapping of the temporary identifier (TMSI) and IMSI and MAC address is performed. After authentication is performed once, a temporary identifier adopted by the negotiated authentication method (EAP-SIM) may be used as an identifier of the terminal (S508).

Step S508 is generally performed after the serving network 520 transmits an EAP Preauth Response / SIM-Start message to the target authentication server 560 in step S507, but after step S506. Or it may be performed after the step S509 to be described below.

The target authentication server 560 may generate new keying materials from NONCE_MT and N new Ciphering keys (Kc). These key materials are the security contexts required by EAP-SIM and are used to protect the confidentiality and integrity of the 3GPP technology. In addition, a new pseudonym to be assigned to the authenticated user is also created at this time. This anonymity is encrypted via key materials generated by EAP-SIM and integrity is protected. Meanwhile, a message authentication code (MAC) is calculated for an EAP message using a key generated by the EAP-SIM and used as a network authentication value (S509).

The target authentication server 560 transfers the RAND, MAC, and protected anonymous data to the serving network 520 by loading the EAP Preauth request / SIM-Challenge message. The EAP preauthentication request / SIM-request message is transmitted to the mobile terminal 500 through the serving network 520. In addition, the target authentication server 560 may include a Result Indication parameter in the EAP pre-authentication request / SIM-request message and transmit the result to the mobile terminal. This is to specify whether to protect the Success Result message at the end of the authentication procedure. The protection of the resulting messages depends on the operator's policy. Therefore, when the target authentication server 560 includes Kc in the EAP pre-authentication request / SIM-request message and delivers it to the authentication server 540 of the serving network, additional key materials are generated by the serving authentication server 540 to serve it. Inherent confidentiality and integrity may be guaranteed in the network 520 (S510).

The mobile terminal 500 may perform N times the GSM A3 / A8 algorithm in the SIM for each received RAND to generate N SRES and Kc values. The mobile terminal 500 can generate additional key materials from N Kc's and NONCE_MT. The mobile terminal 500 calculates a network authentication MAC using newly generated key materials and checks whether the same is the same as the received MAC. If the MAC is incorrect, network authentication fails, and the mobile terminal 500 cancels the authentication. If the MAC is correct, the mobile terminal 500 continues the authentication procedure. The mobile terminal 500 can calculate the new MAC for the EAP message containing N SRESs with the new key materials. If the protected anonymous is received, the mobile terminal 500 stores it for future authentication (S511).

The mobile terminal 500 may transmit an EAP Preauth Response / SIM Challenge message including the calculated RES and MAC values to the serving network 520. When the mobile terminal 500 receives the same indication parameter from the target authentication server 560, the mobile terminal 500 includes the result indication parameter in the EAP pre-authentication response / SIM-application message. If the same indication parameter is not received from the target authentication server, the mobile terminal 500 does not include the result indication parameter in the EAP pre-authentication response / SIM-application message. The serving network 520 may transmit the EAP response / SIM-application message received from the terminal 500 to the target authentication server 560 (S512).

The target authentication server 560 may perform user authentication by comparing its response MAC with the received MAC (S513).

Security-specific parameters specific to the target network 560 may be transferred from the target authentication server 560 to the target network 590. The unique security-related parameters are authentication vectors generated for the corresponding terminal in step S511, and may further include information related to terminal identifiers (IMSI, TMSI), and are transmitted and received through a MAP protocol. This is for the case where authentication process through target network (for example, 3GPP network) occurs in the future. In addition to the information transmitted through the 3GPP Specific Security Contexts Transfer message, key materials generated for the confidentiality or integrity protection of the target network (3GPP network) may be additionally included. The target network authentication server 560 delivers a specific security context transfer message to the target network using an AAA protocol message. The network stores key materials and uses them to communicate with the authenticated mobile terminal (S514).

If the comparison result in S513 is successful, the target authentication server (3GPP AAA Server) 560 may request in advance to the target network 590 to use the Success Result Indication parameter that is protected. In this case, the target authentication server 560 transmits an EAP Preauthentication Request / SIM / Notification message prior to the transmission of the EAP Preauth Success message, which is transmitted through the MAC. It may be protected (S515).

The mobile terminal 500 may transmit an EAP preauthentication response / SIM / notification message to the serving network 520 as a response to the EAP preauthentication request / SIM / notification message. The serving network 520 transfers the EAP pre-authentication response / SIM / notification message to the target authentication server 560 (S516).

However, in step S516 the target authentication server 560 may ignore the contents of the EAP pre-authentication response / SIM / notification message.

If pre-authentication with the mobile terminal 500 is successful, the target authentication server 560 may transmit an EAP Preauth Success message to the serving network 520. The serving network 520 may notify the mobile terminal 500 of the successful EAP pre-authentication success message (S517).

If the EAP SIM authentication procedure is successfully completed, the mobile terminal and the 3GPP network share authentication vectors and key materials, and secure communication is possible. That is, the mobile terminal 500 may perform L2 handover to the target network (S518).

In step S518, as a result of the pre-authentication performed in steps S514 to S517, network entities of the serving network 520 and the target network 590 newly perform authentication upon registration to the target network based on information exchanged with each other. Can be omitted and the process of setting a new key. When the second layer handover is completed, the MAC of the mobile terminal 500 establishes a security association with an access point of the target network 560 and prepares for communication.

FIG. 6 is a diagram illustrating a process in which a mobile terminal directly performs pre-authentication during handover between heterogeneous networks according to another embodiment of the present invention.

In FIG. 6, the system in which the present invention is used includes a mobile node (MN), an IEEE 802.16 access network (620) as a serving network, and an IEEE 802.16 authentication server (802.16 AAA Server, 640) as a serving authentication server. ), A 3GPP authentication server (3GPP AAA Server, 660) as a target authentication server, a home subscriber server (HSS: 680) of a target network, and a 3GPP access network (3GPP Access Network, 690) as a target network. have. In this case, the mobile terminal 600 may be described in various ways such as a terminal, a mobile node, or a mobile station (MS). In addition, the serving network refers to a network currently providing services to the mobile terminal, and the target network refers to a network to which the mobile terminal intends to perform handover.

In FIG. 6, the components of each system may be configured as one or more entities. For example, the mobile terminal 600 may include a security entity, an IP entity, an 802.16 link entity, and a 3GPP link entity. In this case, the mobile terminal 600 may be equipped with UICC / USIM to support handover between heterogeneous networks, and may utilize information for interworking with the IEEE 802.16 network as well as information for 3GPP networks.

In addition, the serving network 620 may include an 802.16 link entity, a Network Control and Management System (NCMS) entity, and a security entity. Target network 690 may also include 3GPP link entities and security entities.

In FIG. 6, the start point and the arrival point of each arrow indicate an entity of a message transmitted and a destination of a received destination, respectively. The route through which each message is delivered will be described only in the context of the features of the present invention. Of course, even the part which is not demonstrated can be understood with reference to drawings.

6 illustrates a case where a mobile terminal requests pre-authentication directly to a target network. In this case, the direct pre-authentication request means that the pre-authentication request is made to the target network through the serving authentication server in the mobile terminal, but the serving authentication server does not participate in the pre-authentication procedure and merely relays a message. In this case, the result of the pre-authentication can be transferred directly from the target network authentication server to the target network. In addition, the pre-authentication result is directly transmitted to the terminal via the serving authentication server. In addition, it is assumed that the EAP-AKA authentication method is used for the line authentication of FIG.

In step S601, the multi-mode mobile terminal 600 accesses a serving network (IEEE 802.16 network, 620) and shares a master session key (MSK) and AK through EAP-based authentication, and a 3-way handshake (3-). It may include the process of TEK sharing through Way Handshake). In the case of an IEEE 802 series network other than the serving network 620, a similar initial authentication procedure based on the EAP may be performed (S601).

Thereafter, the mobile terminal 600 receives a signal from a neighboring network through scanning, and performs a network search and selection procedure. As a result of the scanning, it is assumed that the mobile terminal 600 determines a network operated by another management domain as a potential handover destination network. In this case, it is assumed that the 3GPP network is selected as the handover target network (S602).

The mobile terminal 600 may directly transmit an EAP pre-auth start message to the 3GPP network 690. In addition to the identifier and MAC address of the terminal, the EAP preauthentication start message includes an authentication method supported by the terminal, a current access network identifier, an identifier of the current access network authentication server, a security capability supported by the terminal, and a security capability to be negotiated before the pre-authentication. Information may be included (S603).

In step S603, since the identifier of the target access network is already owned by the terminal, it does not need to be included in the pre-authentication start message. The EAP preauthentication start message is a message that can be used in the 3GPP network, not the PKM message described in Table 14. The mobile terminal 600 transmits an identifier conforming to the network access identifier (NAI) specified in 3GPP TS 23.003 to the target access network 690. The EAP pre-authentication start message is delivered to the appropriate 3GPP AAA server according to the NAI domain, and the delivery path may include one or more AAA servers. That is, the target network authentication server 660 may receive a pre-authentication start message including the identifier of the terminal 600 from the target network 690.

The target network authentication server 660 may transmit an EAP Preauthentication Request / Identity message to the mobile terminal through the target network authenticator 690 and the serving network authenticator 620 (S604).

The mobile terminal can transmit its identifier to the target network authentication server 660 through an EAP Preauth Response / Identity message. At this time, the terminal identifier corresponds to the NAI specified in 3GPP TS 23.003. The EAP pre-authentication response / identification message may include a value specifying pre-authentication, an identifier of a current access network, a current access network authentication server identifier, a target access network identifier, and a MAC address of the mobile terminal. The EAP pre-authentication response / identification message is delivered to the target network authentication server 660 along the real part of the NAI, and the delivery path may include one or more AAA servers (S605).

The target network authentication server 660 receives the EAP pre-authentication response / identification packet including the NAI. When the target network authentication server 660 recognizes the authentication method of the pre-authentication request transmitted by the mobile terminal 600, but does not recognize the identifier of the mobile terminal, the authentication method specified by the terminal (for example, EAP-SIM ) Can be used to transmit a new identifier to the terminal. For example, the 3GPP AAA server requests the identifier of the terminal again through the EAP Preauth Request / SIM Start message. This identifier request is performed when an identifier of a terminal received through an EAP preauthentication response / identification message is changed by intermediate nodes, and may be omitted if not changed. The EAP pre-authentication response / identification message is transmitted to the mobile terminal via the authenticator of the IEEE 802.16 network (S606).

The mobile station selects a new random number NONCE_MT, which can be used for network authentication. The terminal includes the identifier used in the EAP Preauth Response / Identity message and the NONCE_MT in the EAP Preauth Response / SIM-Start message, which is included in the IEEE 802.16 network. Deliver to authenticator 620. The IEEE 802.16 network authenticator 620 forwards the EAP preauthentication response / SIM-start message to the 3GPP network authenticator 660 via the 3GPP network authenticator 690. The identifier included in the EAP preauthentication response / SIM-initiation message may be used in subsequent authentication procedures by the 3GPP network authentication server. If the identifiers received by the EAP preauthentication response / identification message and the EAP preauthentication response / SIM start message do not match, the user profile and authentication vector previously extracted from the HSS / HLR cannot be used. Accordingly, the 3GPP network authentication server extracts a new user profile and authentication vector from the HSS / HLR 680 (S607).

The 3GPP network authentication server 660 checks whether there are N authentication parameters that the mobile terminal 600 does not use to perform EAP-SIM authentication. If there are no authentication parameters, the 3GPP network authentication server 660 extracts a series of new authentication parameters from the HSS / HLR 680. In addition, the 3GPP network authentication server 660 may also perform mapping of a temporary identifier (TMSI), IMSI, and MAC address. Once authentication is made, a temporary identifier adopted by the EAP-SIM may be used as an identifier of the terminal (S608).

Step S608 is performed after the IEEE 802.16 network authenticator 620 transmits the EAP pre-authentication response / SIM start message to the 3GPP network authentication server 660 through the 3GPP network authenticator 690 in step S607. However, step S608 may be performed after step S606 or before step S609 below.

The 3GPP network authentication server 660 generates new keying materials from NONCE_MT and N new Kc's. These key materials are the security contexts required by EAP-SIM and are used to protect the confidentiality and integrity of the 3GPP technology. In addition, a new Pseudonym is created for assignment to authenticated users. This anonymity is encrypted via key materials generated by EAP-SIM and integrity is protected. Meanwhile, the MAC is calculated for the EAP message using the key generated by the EAP-SIM and used as a network authentication value (S609).

The 3GPP network authentication server 660 loads RAND, MAC, and protected anonymous data in an EAP Preauth Request / SIM-Challenge message, through an IEEE 802.16 network authentication server 620, and an IEEE 802.16 protocol. Transfer to network authenticator 620. The EAP pre-authentication request / SIM-application message is finally transmitted to the mobile terminal through the IEEE 802.16 network authenticator 620. In addition, the 3GPP network authentication server 660 transmits a result indication to the terminal. The result indication is to specify whether to protect the Success Result message at the end of the authentication procedure. The protection of the resulting message depends on the operator policy. The 3GPP network authentication server 660 includes Kc in the EAP pre-authentication request / SIM-application message and transmits it to the IEEE 802.16 network authentication server 640. Since additional key materials are generated by the IEEE 802.16 network authentication server 620, confidentiality and integrity unique to the IEEE 802.16 network may be guaranteed (S610).

The mobile terminal 600 performs the GSM A3 / A8 algorithm in the SIM N times for each received RAND to generate N SRES and Kc values. The mobile terminal can generate additional key materials from N Kc's and NONCE_MT. The mobile terminal calculates a network authentication MAC using newly generated key materials and checks whether the network authentication MAC is the same as the received MAC.

If the MAC is incorrect, network authentication fails, and the terminal cancels the authentication. If the MAC is correct, the terminal continues the authentication procedure. The terminal has new key materials and calculates a new MAC for the EAP message containing N SRESs. If the protected anonymous is received, the mobile terminal stores it for future authentication (S611).

The mobile station transmits an EAP Preauth Response / SIM Challenge message including the calculated RES and MAC values to the authenticator 620 of the IEEE 802.16 network. The mobile station includes the result indication in the EAP pre-authentication response / SIM request message when receiving the same indication from the 3GPP network authentication server 660, and does not include the indication when receiving different indications. The IEEE 802.16 network authenticator 620 transmits an EAP Response / SIM-Challenge message to the 3GPP authentication server 660 through the IEEE network authentication server 620 (S612).

The 3GPP network authentication server 660 performs user authentication by comparing its MAC with the received MAC (S613).

If the comparison result in step S613 is successful, the 3GPP network authentication server 660 transmits the EAP preauthentication request / SIM-Notification message prior to the transmission of the EAP preauthentication success message. do. The EAP preauthentication request / SIM-notification message is protected via the MAC (S614).

3GPP network specific security related parameters are passed from the 3GPP network authenticator 660 to the 3GPP network authenticator 690. Security-related parameters are authentication vectors generated for the terminal in step S606. The authentication vector additionally includes information related to terminal identifiers (IMSI and TMSI) and is transmitted through a mobile application part (MAP) protocol. This is for the case that authentication process through 3GPP network occurs in the future.

In addition to the security information, the EAP pre-authentication request / SIM-notification message may further include key materials generated for the confidentiality or integrity protection inherent in the 3GPP network. The authentication server 660 of the 3GPP network transfers it to the 3GPP network through an authentication protocol message. The 3GPP network may store these key materials and use them to communicate with the authenticated mobile terminal (S615).

The mobile terminal responds to the EAP Preauth Request / SIM-Notification and sends an EAP Preauth Response / SIM-Notification message to the IEEE 802.16 network authenticator (690). To pass). The IEEE 802.16 network authenticator 690 forwards the EAP preauthentication response / SIM-notification message to the authentication server 660 of the 3GPP network via the 3GPP network authenticator 690, and the 3GPP network authentication server 660 sends this message. The contents of can be ignored (S616).

The authentication server 660 of the 3GPP network transmits whether the EAP succeeds to the IEEE 802.16 network authenticator 620. This is passed through the authenticator of the 3GPP network, and the IEEE 802.16 network authenticator notifies the mobile terminal of the authentication success using an EAP Preauth Success message. If the EAP SIM procedure is successfully completed, after the L2 handover is made, the UE and the 3GPP network share the authentication vectors and the key materials, and secure communication is possible (S617).

The mobile terminal 600 performing the pre-authentication procedure with the target network authenticator 690 in steps S614 to S617 may perform L2 handover with the target network authenticator 690. Therefore, after the handover, a new authentication procedure and key setting procedure between the mobile terminal and the target network can be omitted. When the second layer (L2) handover is completed, the MAC of the mobile terminal 600 establishes a security association with the access point of the target network authenticator 690 and prepares for communication (S617).

The invention can be embodied in other specific forms without departing from the spirit and essential features of the invention. Accordingly, the above detailed description should not be construed as limiting in all aspects and should be considered as illustrative. The scope of the invention should be determined by reasonable interpretation of the appended claims, and all changes within the equivalent scope of the invention are included in the scope of the invention. It is also possible to form embodiments by combining claims that do not have an explicit citation in the claims or to include them as new claims by post-application correction.

1 is a flowchart illustrating a handover and initial network entry procedure.

2 is a flowchart illustrating an authentication procedure for a terminal of a general IEEE 802.16 system.

3 is a diagram illustrating a process of performing an indirect pre-authentication by a mobile terminal when handover between heterogeneous networks according to an embodiment of the present invention.

FIG. 4 is a diagram illustrating a process of directly performing pre-authentication by a mobile terminal in a handover between heterogeneous networks according to another embodiment of the present invention.

FIG. 5 is a diagram illustrating a process of performing an indirect pre-authentication by a mobile terminal during handover between heterogeneous networks according to another embodiment of the present invention.

FIG. 6 is a diagram illustrating a process in which a mobile terminal directly performs pre-authentication during handover between heterogeneous networks according to another embodiment of the present invention.

Claims (14)

In the method for performing pre-authentication before handover to perform a fast handover between heterogeneous networks, (a) transmitting a message including terminal information necessary for pre-authentication to a target network authentication server; (b) receiving security related information of a target network generated using the terminal information from the target authentication server; And and (c) generating, by the terminal, security related information to be used in the target network by using the security related information of the target network, and performing the pre-authentication. The method of claim 1, The terminal information is, And at least one of information specifying the pre-authentication, the serving network identifier, a serving authentication server identifier, the target network identifier, the terminal identifier, and the medium access control address of the terminal. The method of claim 1, Security related information of the target network, A method of performing pre-authentication comprising at least one of a random number (RAND), an authentication token (AUTN), a message authentication code, and protection anonymous information. The method of claim 1, Security related information of the terminal, Pre-authentication method characterized in that the terminal is generated using the integrity key and encryption key. The method of claim 1, After step (c), (d) transmitting security related information of the terminal to the target network authentication server; And (e) performing a handover to the target network. The method of claim 1, And the information and the message are transparently transmitted to the target authentication server through a target network authenticator. The method of claim 1, And the information and the message are delivered to the target authentication server through a serving authenticator and a target network authenticator. In the method for performing pre-authentication before handover to perform a fast handover between heterogeneous networks, Transmitting the terminal information necessary for the pre-authentication received from the terminal to a target network authentication server; Receiving security related information of a target network from the target network authentication server and transmitting the received security related information to the terminal; And And receiving security related information of the terminal and transmitting the received security related information to the target authentication server. In the method for performing pre-authentication before handover to perform a fast handover between heterogeneous networks, (a) receiving a message including terminal information; (b) extracting authentication information used in the target network from the home subscriber server; (c) generating security related information of the target network using the terminal information and the authentication information; And (d) transmitting the security related information of the target network to the terminal. The method of claim 9, The terminal information is, And at least one of information specifying the pre-authentication, the serving network identifier, a serving authentication server identifier, an identifier of the target network, an identifier of the terminal, and a medium access control address of the terminal. The method of claim 9, Security related information of the target network, A method of performing pre-authentication comprising at least one of a random number (RAND), an authentication token (AUTN), a message authentication code, and protection anonymous information. The method of claim 9, After step (d), (e) receiving security related information of the terminal generated using the security related information of the target network; (f) sending a message containing security related information of the target network to the target network authenticator; And (g) further comprising performing a handover with the terminal. The method of claim 9, The message and the security related information, characterized in that transparently transmitted to the terminal via a target network authenticator, pre-authentication method. The method of claim 9, The message and the security related information, characterized in that delivered to the terminal via a target network authenticator and a serving authenticator, pre-authentication method.

Images