WO2001024476A1 - Apparatus and method for routing aaa messages between domains of a network - Google Patents

Apparatus and method for routing aaa messages between domains of a network Download PDF

Info

Publication number
WO2001024476A1
WO2001024476A1 PCT/IB2000/001304 IB0001304W WO0124476A1 WO 2001024476 A1 WO2001024476 A1 WO 2001024476A1 IB 0001304 W IB0001304 W IB 0001304W WO 0124476 A1 WO0124476 A1 WO 0124476A1
Authority
WO
WIPO (PCT)
Prior art keywords
nai
aaa
message
domain
local
Prior art date
Application number
PCT/IB2000/001304
Other languages
French (fr)
Inventor
Rambabu Tummala
Emad Qaddoura
Basavaraj Patil
Haseeb Akhtar
Original Assignee
Nortel Networks Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nortel Networks Limited filed Critical Nortel Networks Limited
Priority to EP00956749A priority Critical patent/EP1219089A1/en
Priority to AU68611/00A priority patent/AU6861100A/en
Publication of WO2001024476A1 publication Critical patent/WO2001024476A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • H04L12/1403Architecture for metering, charging or billing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5046Resolving address allocation conflicts; Testing of addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5076Update or notification mechanisms, e.g. DynDNS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5084Providing for device mobility
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/306User profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/51Discovery or management thereof, e.g. service location protocol [SLP] or web services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/52Network services specially adapted for the location of the user terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/53Network services using third party service providers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/604Address structures or formats
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/04Network layer protocols, e.g. mobile IP [Internet Protocol]

Definitions

  • This invention relates generally to routing messages between domains of a network and, more particularly, to routing messages between domains of a network using Authentication, Authorization, and Accounting (“AAA”) protocols .
  • AAA Authentication, Authorization, and Accounting
  • IP networks such as the Internet
  • IP networks are generally apportioned into “domains,” and each user of a network is typically assigned to one "home” domain within the network.
  • IP Internet Protocol
  • a user is assigned to one home domain, it is often difficult and cumbersome for that user to then access the network through a "non-home” domain. This is because, when a user attempts to access the network through a non-home domain, the non-home domain is not configured to readily authenticate who the user is, and to determine what the user's home domain is, and what account the user is authorized to use with the home domain.
  • AAA Authentication, Authorization and Accounting
  • AAA protocols Two embodiments of AAA protocols proposed by the Internet Engineering Task Force are referred to as RADIUS and DIAMETER.
  • DIAMETER specifies that DIAMETER servers be stateless, meaning that DIAMETER servers should act strictly as routers for DIAMETER clients' messages without storing state information, such as the source or destination of the messages. Servers that do not store such state information are referred to as being "lightweight.”
  • AAA messages are routed according to a User NAI, which may be provided in a format such as "user@domainX.com".
  • a User NAI is, in common terminology, a user's e-mail address.
  • DIAMETER currently uses the domain of the user NAI (e.g., domainX) to route messages, the domain also being referred to as the realm portion of the user NAI.
  • AAA servers such as those employing DIAMETER and RADIUS, include the following fields in AAA messages for routing messages to their proper destinations:
  • Proxy State (only used when messages go through proxy servers) ;
  • Command Code (i.e., message type).
  • the User NAI identifies the user that the message is carried on behalf of.
  • the Proxy State is a field used when a proxy server is used to forward AAA messages.
  • the Command Code identifies the type of message.
  • FIGURE 1 depicts a communication network 100 commonly used in the prior art in connection with transmission and receipt of AAA messages.
  • the network 100 includes a data network (such as the Internet) 102 that is coupled to a Domain A, a Domain B, and a Domain C.
  • Domain A includes an AAA Entity 1 of Domain A, an AAA Entity 2 of Domain A, and an AAA Server of Domain A, which are operably interconnected to one another and also to the data network 102.
  • Domain B includes an AAA Entity 1 of Domain B, an AAA Entity 2 of Domain B, and an AAA Server of Domain B, each of which is operably interconnected to one another and also to the data network 102.
  • Domain C includes an AAA Entity 1 of Domain C, an AAA Entity 2 of Domain C, and an AAA Server of Domain C, each of which is operably interconnected to one another and also to the data network 102.
  • the AAA servers of Domain A, Domain B, and Domain C are each responsible for delivering or routing AAA messages to appropriate entities, which perform task(s) specified by the messages. It is the responsibility of the AAA servers of Domain A, Domain B, and Domain C to resolve the appropriate server or entity to which to send the AAA messages.
  • the AAA Entities 1 and 2 of Domain A, Domain B, and Domain C each serve users in their respective domains and are also used to forward messages between users and the AAA Entities' respective AAA servers.
  • the AAA Servers and AAA Entities illustrated in FIGURE 1 may comprise any conventional computer generally capable of receiving, storing, processing, and outputting data. While not shown in detail, the AAA Servers and AAA Entities each include components, such as input and output devices, volatile and non-volatile memory, and the like, but, because such computer components are well known in the art, they are not shown or described in further detail herein.
  • AAA Registration request of a user with a User NAI of name@Dorr.ainB.com is sent from the AAA Entity 1 of Domain A to the AAA Server of Domain A.
  • the AAA Server of Domain A reads the realm portion of the User NAI of the message, determines that the message should be forwarded to the Domain B, and forwards the message to the AAA Server of Domain B.
  • the AAA Server of Domain B determines that the message is intended for an entity in its domain and then forwards the message to the appropriate AAA Entity, such as, for example, the AAA Entity 1 of Domain B.
  • the AAA Entity 1 of Domain B then processes the message. After the AAA Entity 1 of Domain B has processed the message, it will attempt to send a registration response message back to the AAA Entity 1 of Domain A. In so attempting, the AAA Entity 1 of Domain B forwards the registration response message to its AAA server, which is the AAA Server of Domain B. The AAA Server of Domain B will then attempt to forward the message to its proper destination, AAA Entity 1 of Domain A.
  • the AAA server of Domain B cannot use the user NAI ( .e., name@domainB.com) to route the message to the AAA Entity 1 of Domain A, because to do so would direct the message to the AAA Entity 1 of Domain B as a result of the AAA Server of Domain B determining where to route the message based on the domamB realm of the User NAI.
  • the User NAI does not include any information to tell the AAA server of Domain B that the user (i.e., name@domainB.com) has sought to register at a non-home domain (i.e., Domain A) .
  • Domain B would use a Proxy State to send a message back to Domain A.
  • the AAA server of Domain B does not have the necessary information to forward the registration response message to the Domain A or, more particularly, to the AAA Entity 1 of Domain A.
  • the AAA server of Domain B would need to maintain state information regarding the source of the original registration request message (i.e., AAA Entity 1 of Domain A) or use a Proxy State.
  • the AAA server of Domain B cannot maintain this state information without running afoul of DIAMETER' s requirement that all AAA servers be stateless.
  • the second and third drawbacks of conventional AAA protocols mentioned above can be exemplified by a user having a user NAI of user@domamB.com who connects via a wireless mobile link to the data network 102 through the Domain A, for example, using a notebook computer or personal digital assistant. As the user moves from the Domain A to the Domain C, the Domain A and the Domain C will need to communicate with one another in order to facilitate a handoff of the user.
  • conventional AAA protocols do not permit such communicatior.
  • AAA Entity 2 of Domain ?. to communicate with an AAA entity of Domain B that had been serving the user prior to the handoff request (e.g., AAA Entity 2 of Domain B) .
  • the fourth and fifth drawbacks of conventional AAA protocols mentioned above are exemplified when the AAA Entity 2 of Domain A needs to communicate specifically with the AAA Entity 1 of Domain B, for example, because a roaming wireless Internet user moving between Domain A and Domain B needs to be handed off from tr.e Domain A to the Domain B.
  • Conventional AAA protocols do r.ot permit such communication. While conventional protocols do permit an entity in a non- home serving domain to specifically communicate with another entity in the user's home domain, they do not permit specific entities in two different non-home serving domains to communicate with one another. This problem is exacerbated when one or both of the entities is behind a proxy server or firewall, since conventional protocols require publicly-routable IP addresses.
  • the sixth drawback is illustrated by the use of a proxy state by AAA servers to modify or mark AAA messages so that they can be routed.
  • a computer participating in the routing of a message is required to mark or modify the message in order to keep track of from where it received the message. For example, if computer 1 routes a message to computer 2, computer 2 will mark or modify the message to indicate that it came from computer 1. When computer 2 sends the message to computer 3, computer 3 will, on receipt of the message, mark or modify it as having been received from computer 2. This process of marking or modifying the message will continue until the message reaches its destination.
  • Such marking or modification of messages creates a security risk because it prevents the use of certain security mechanisms, such as IPSEC, which attempt to maintain message security by verifying whether a message has been modified. Thus, if routing computers modify or mark the message using a proxy state, the security mechanisms are- unable to verify that that the message has not been modified.
  • certain security mechanisms such as IPSEC
  • the communication system comprises a data network coupled to a plurality of domains, wherein each domain includes at least one AAA server and at least one AAA Entity.
  • routing an AAA message includes receiving the AAA message having a User NAI, determining whether the AAA message includes a Destination NAI, in response to a determination that the AAA message includes a Destination NAI determining whether an NAI domain of the Destination NAI is or is not local.
  • the AAA message is dispatched to a local AAA entity identified by the Destination NAI.
  • the AAA message is dispatched to an AAA server in a non-local domain identified by the Destination NAI.
  • the AAA message in response to a determination that the NAI domain of the User NAI is non-local, the AAA message is dispatched to a non-local AAA entity identified by the User NAI.
  • an apparatus for routing AAA messages between AAA entities comprises a first domain operably connected to the Internet that has at least one AAA server that is adapted to route a plurality of AAA messages having at least a Source NAI and a User NAI.
  • the apparatus also includes a first AAA entity operably connected to the first domain that is adapted to send and receive a plurality of AAA messages having at least a Source NAI and a User NAI .
  • a second domain operably connected to the Internet and having at least one AAA server that is adapted to route a plurality of AAA messages having at least a Source NAI and a User NAI is provided.
  • the apparatus further includes an AAA entity operably connected to the second domain that is adapted to send and receive a plurality of AAA messages having at least a Source NAI and a User NAI.
  • FIGURE 1 is a diagram illustrating a prior art communications system used in connection with current AAA protocols and in connection with the present invention
  • FIGURE 2 is a diagram illustrating an exemplary Registration Request message according to the present invention
  • FIGURE 3 is a flow diagram illustrating an algorithm for routing of AAA messages according to the present invention.
  • the reference numeral 100 generally designates a communication network embodying features of the prior art.
  • the network 100 includes a data network (such as the Internet) 102 that is coupled to a Domain A, a Domain B, and a Domain C.
  • Domain A includes an AAA Entity 1 of Domain A, an AAA Entity 2 of Domain A, and an AAA Server of Domain A, which are operaoly interconnected to one another and also to the data network 102.
  • Domain B includes an AAA Entity 1 of Domain B, an AAA Entity 2 of Domain B, and an AAA Server of Domain B, each of which is operably interconnected to one another and also to the data network 102.
  • Domain C includes an AAA Entity 1 of Domain C, an AAA Entity 2 of Domain C, and an AAA Server of Domain C, each of which is operably interconnected to one another and also to the data network 102.
  • the AAA servers of Domain A, Domain B, and Domain C are each responsible for delivering or routing AAA messages to appropriate entities, which perform task(s) specified by the messages. It is the responsibility of the AAA servers of Domain A, Domain B, and Domain C to resolve the appropriate server or entity to which to send the AAA messages.
  • the AAA Entities 1 and 2 of Domain A, Domain B, and Domain C each serve users in their respective domains and are also used to forward messages between users and the AAA Entities' respective AAA servers.
  • the AAA Servers and AAA Entities illustrated in FIGURE 1 may comprise any conventional computer generally capable of receiving, storing, processing, and outputtmg data. While not shown in detail, the AAA Servers and AAA Entities each include components, such as input and output devices, volatile and non-volatile memory, and the like; however, because such computer components are well known in the art, they will not be shown or described in further detail herein.
  • FIGURE 2 an exemplary AAA Registration message 200 of the present invention is shown which facilitates the routing of AAA messages based on domains, using such AAA protocols as DIAMETER and RADIUS, and can be deployed in any type of network setup as either a Registration Request message or as a Registration Response message (discussed below) .
  • the AAA Registration message 200 comprises a plurality of Attribute Value Pairs ("AVPs") , including: (1) a Source Network Access Identifier (NAI) field 202, (2) an optional Destination NAI field 204, (3) User NAI field 206, and (4) a Command Code field 208.
  • the Source NAI field 202 is a required field used to identify the source from which a Registration message originates.
  • the Destination NAI field 204 is an optional field used to identify the destination NAI a Registration message.
  • the Registration message 200 when used to Request Registration, generally does not require the Destination NAI, but when used to Respond to a Registration Request, generally does require a Destination NAI, since the Destination NAI of a Registration Response message is most often the Source NAI of a Registration Request message.
  • the User NAI field 206 field identifies the user and the user' s home domain, and the Command Code field 208 identifies the type of message, for example, as a Registration Request, or as a Response to a Registration
  • the Registration Message would include the Source NAI field 202, the User NAI field 206, and the Command Code field 208.
  • the Source NAI field 202 identifies the source of the message as being an AAA entity of the non-home domain at which the user is requesting Registration.
  • the User NAI field 206 identifies the user that originated the request, including the home domain of the user, even though the user is now requesting to be registered at the non-home domain.
  • the Command Code field 208 identifies the type of message as a Registration Request. Referring now to both FIGURES 1 and 2, if an AAA Entity
  • NAI of userl@domainB in a preferred embodiment, the message would include the following: a. Source NAI field 202 (aaaentityl ⁇ DomainA) ; b. Destination NAI field 204 ( —empty— ) c. User NAI field 206 (userl@Domain B) ; and d. Command Code field 208 (Registration Request) .
  • the Destination NAI field 202 is empty, and the Source NAI field 202 (aaentityl ⁇ DomainA) ; b. Destination NAI field 204 ( —empty— ) c. User NAI field 206 (userl@Domain B) ; and d. Command Code field 208 (Registration Request) .
  • the Destination NAI field 202 is empty, and the Source NAI field 202 (aaentityl ⁇ DomainA) ; b. Destination NAI field 204 ( —empty— ) c. User NAI field 206 (userl@Domain B)
  • FIGURE 3 is a flow diagram, designated by the reference numeral 300, depicting control logic implemented by an AAA server for routing AAA messages 200 in accordance with a preferred embodiment of the present invention. The control logic will be exemplified first with respect to the routing of a message 200, wherein a user (designated herein as "userl") having a home domain in Domain B is requesting Registration in Domain A.
  • step 302 the AAA Server of Domain A receives a message 200 from the AAA Entity 1 of Domain A. Execution then proceeds to step 304, wherein the AAA Server of Domain A determines whether the message includes a Destination NAI in the field 204 of the Registration Message 200. If the AAA Server of Domain A determines that a Destination NAI is not present in the Destination NAI field 204, execution proceeds to step 308; otherwise, execution proceeds to step 306, discussed below with respect to a response to a request for registration. In step 308, the AAA Server of Domain A retrieves the User NAI field 206 from the message.
  • step 318 a determination is made whether the User NAI's domain is local (i.e., whether the userl has the Domain B as its home domain). If it is determined that the User NAI's domain is not local, execution proceeds to step 324; otherwise, execution proceeds to step 320, discussed below.
  • step 324 the Internet Protocol ("IP") address of the NAI domain is resolved using the well-known Domain Name System (“DNS”) .
  • step 326 the message is dispatched to the proper domain (e.g., Domain B) . Execution then returns to step 302.
  • IP Internet Protocol
  • DNS Domain Name System
  • step 302 the AAA Server of Domain B receives the message sent to Domain B from the AAA Server of Domain A in step 326 above. Execution then proceeds to step 304, wherein the AAA Server of Domain B determines whether a Destination NAI is present in the field 204. If it is determined that a Destination NAI is not present in the field 204, execution proceeds to step 308; otherwise, execution proceeds to step 306, discussed below with respect to a response to a request for registration.
  • step 308 the AAA Server of Domain B retrieves the User NAI 206 from the message 200. Execution then proceeds to step 318, wherein the AAA Server of Domain B determines whether the domain of the User NAI 206 is local (i.e., whether the userl has the Domain B as its home domain) .
  • step 320 the AAA Server of Domain B determines from the Command Code field 208 that the message 200 is a Request for Registration. Execution then proceeds to step 322, wherein the message 200 requesting registration is sent to the appropriate entity of Domain B, which is, for example, the AAA Entity 1 of Domain B. Execution then terminates at step 330.
  • the message 200 would, in a preferred embodiment, include the following fields: a. Source NAI field 202 (aaaentityl ⁇ DomainB) b. Destination NAI field 204 (aaaentityl@DomainA) c. User NAI field 206 (userl@DomainB) d. Command Code field 208 (Registration Response)
  • the Source NAI field 202 identifies the source of the message as the AAA Entity 1 of Domain B.
  • the Destination NAI field 204 identifies the destination of the message as the AAA Entity 1 of Domain A, since the AAA Entity 1 of Domain A sent the Registration Request message 200.
  • the User NAI field 206 identifies the user that originated the request, which in this example is userl, who has a home domain of the Domain B.
  • the Command Code field 208 identifies the type of message as a message 200 responding to a request for registration.
  • step 302 the AAA Server of Domain B receives the Registration message 200 requesting registration from the AAA Entity 1 of Domain B. Execution then proceeds to step 304, wherein a determination is made whether a Destination NAI is present in the field 204. If it is determined that a Destination NAI (e.g., aaaentityl ⁇ DomainA) is present in the field 204, then execution proceeds to step 306; otherwise, execution proceeds to step 308, discussed above with respect to transmission of a message requesting registration. In step 306, a determination is made whether the Destination NAI field 204 identifies a local domain.
  • a Destination NAI e.g., aaaentityl ⁇ DomainA
  • step 314 If it is determined that the Destination NAI field 204 does not identify a local domain, execution proceeds to step 314; otherwise, execution proceeds to step 310, discussed below.
  • step 314 the IP address of the Destination NAI field 204 is determined using the well-known DNS.
  • step 316 the AAA Server of Domain B dispatches the message 200 responding to a request for registration to the proper AAA domain, which, in the present example, is the AAA Server of Domain A because the domain portion of the Destination NAI field 204 identifies the Domain A. Execution then returns to step 302.
  • step 302 the AAA Server of Domain A receives the Registration Response message 200 that was dispatched in step 316 from the AAA Server of Domain B. Execution then proceeds to step 304, wherein a determination is made whether a Destination NAI (e.g., aaaentityl ⁇ DomainA) is present in the field 204. If it is determined that a Destination NAI is present in the field 204, then execution proceeds to step 306; otherwise, execution proceeds to step 308, discussed above with respect to transmission of a message requesting registration.
  • the AAA Server of Domain A determines whether the Destination NAI field 204 identifies a local domain. If it is determined that the Destination NAI field 204 identifies a local domain (e.g., DomainA) , then execution proceeds to step 310; otherwise, execution proceeds to step 314, discussed above.
  • a Destination NAI e.g., aaentityl ⁇ DomainA
  • step 310 a determination is made to which AAA entity
  • the Registration Response message 200 should be dispatched. It will be apparent to those skilled in the art that, unlike prior art approaches, even if the AAA entity to which the Registration message 200 response is directed has only a private IP address, the message 200 can be routed to the proper entity, so long as the AAA Server serving the entity has a publicly routable address .
  • step 310 execution proceeds to step 312.
  • step 312 execution proceeds to step 312.
  • the AAA Server of the Domain A dispatches the message
  • routing of AAA messages of roaming users is achievable, messaging between a
  • AAA entity to another AAA entity in any domain can be performed, and communication between two or more non-home serving domains can be accomplished in a system using any
  • the present invention provides an apparatus and method that permits communications between two specific entities in different domains as well as communications between entities in which one or more of the entities is behind a firewall or a proxy server and thus does not have a publicly-routable IP address.
  • the present invention also allows servers to be stateless and lightweight (since message routing state information need not be stored in the servers) .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

AAA messages are routed among AAA entities in a data network coupled to a plurality of domains, each domain including at least one AAA server for routing AAA messages, and at least one AAA entity for serving users within each of the respective domains. AAA messages include a Source Network Access Identifier ('NAI') and optionally include a Destination NAI. An AAA message is received and a determination is made whether the message includes a Destination NAI. If no Destination NAI is present, a User NAI is retrieved from the message, and a determination is made whether the User NAI's domain is local, and routing the message accordingly. If the Destination NAI is present in the message, a determination is made whether the Destination NAI's domain is local, and the message is routed accordingly.

Description

APPARATUS AND METHOD FOR ROUTING AAA MESSAGES BETWEEN DOMAINS OF A NETWORK
TECHNICAL FIELD OF THE INVENTION
This invention relates generally to routing messages between domains of a network and, more particularly, to routing messages between domains of a network using Authentication, Authorization, and Accounting ("AAA") protocols . BACKGROUND
Internet Protocol (IP) networks, such as the Internet, are generally apportioned into "domains," and each user of a network is typically assigned to one "home" domain within the network. Unfortunately, when a user is assigned to one home domain, it is often difficult and cumbersome for that user to then access the network through a "non-home" domain. This is because, when a user attempts to access the network through a non-home domain, the non-home domain is not configured to readily authenticate who the user is, and to determine what the user's home domain is, and what account the user is authorized to use with the home domain.
The difficulty users experience accessing the network through non-home domains is becoming more acute as users are becoming more mobile, traveling between domains, and desiring access to networks from any number of different locations, often not within the range of their home domain. Therefore, there is a growing need for technology, namely protocols, which will permit users to readily access a network from "non-home" domains. To this end, various protocols, referred to as Authentication, Authorization and Accounting ("AAA") protocols have been developed by Internet Service Providers (ISP's) which permit domains to authenticate users of other domains, to identify the home domain and accounts held by users at their home domains, and to obtain authorization from the user's home domain for the user to use the identified account, as the user travels between domains of the Internet.
There are, however, a number of drawbacks associated with using conventional AAA protocols, many of which drawbacks are related to their failure to provide an adequate mechanism to route AAA messages among various AAA entities. Some of the drawbacks of conventional AAA protocols are that: 1) they provide routing based only on user network access identifiers ("NAIs") ; 2) they support messaging only between a user' s home domain and serving domain; 3) they do not allow communication between two or more non-home serving domains, such as during handoffs; 4) they do not allow specifically directed communication between two AAA entities; 5) they require that AAA entities have publicly routable, as opposed to private, IP addresses; and 6) they create potential security problems by virtue of modification of AAA messages by AAA servers by addition of a proxy state. With respect to item 5), conventional AAA protocols do not permit communication with a AAA entity behind a firewall or proxy server wherein the entity does not have a publicly routable IP address, but has only a private IP address.
Two embodiments of AAA protocols proposed by the Internet Engineering Task Force are referred to as RADIUS and DIAMETER. DIAMETER, for example, specifies that DIAMETER servers be stateless, meaning that DIAMETER servers should act strictly as routers for DIAMETER clients' messages without storing state information, such as the source or destination of the messages. Servers that do not store such state information are referred to as being "lightweight." According to recent drafts of the DIAMETER protocol, AAA messages are routed according to a User NAI, which may be provided in a format such as "user@domainX.com". A User NAI is, in common terminology, a user's e-mail address. DIAMETER currently uses the domain of the user NAI (e.g., domainX) to route messages, the domain also being referred to as the realm portion of the user NAI.
Conventional AAA servers, such as those employing DIAMETER and RADIUS, include the following fields in AAA messages for routing messages to their proper destinations:
1. User NAI;
2. Proxy State (only used when messages go through proxy servers) ; and
3. Command Code (i.e., message type). The User NAI identifies the user that the message is carried on behalf of. The Proxy State is a field used when a proxy server is used to forward AAA messages. The Command Code identifies the type of message.
FIGURE 1 depicts a communication network 100 commonly used in the prior art in connection with transmission and receipt of AAA messages. The network 100 includes a data network (such as the Internet) 102 that is coupled to a Domain A, a Domain B, and a Domain C. Domain A includes an AAA Entity 1 of Domain A, an AAA Entity 2 of Domain A, and an AAA Server of Domain A, which are operably interconnected to one another and also to the data network 102. In addition, Domain B includes an AAA Entity 1 of Domain B, an AAA Entity 2 of Domain B, and an AAA Server of Domain B, each of which is operably interconnected to one another and also to the data network 102. Similarly, Domain C includes an AAA Entity 1 of Domain C, an AAA Entity 2 of Domain C, and an AAA Server of Domain C, each of which is operably interconnected to one another and also to the data network 102. The AAA servers of Domain A, Domain B, and Domain C are each responsible for delivering or routing AAA messages to appropriate entities, which perform task(s) specified by the messages. It is the responsibility of the AAA servers of Domain A, Domain B, and Domain C to resolve the appropriate server or entity to which to send the AAA messages. The AAA Entities 1 and 2 of Domain A, Domain B, and Domain C each serve users in their respective domains and are also used to forward messages between users and the AAA Entities' respective AAA servers.
The AAA Servers and AAA Entities illustrated in FIGURE 1 may comprise any conventional computer generally capable of receiving, storing, processing, and outputting data. While not shown in detail, the AAA Servers and AAA Entities each include components, such as input and output devices, volatile and non-volatile memory, and the like, but, because such computer components are well known in the art, they are not shown or described in further detail herein.
The drawbacks associated with conventional AAA protocols outlined above are discussed in more detail hereinbelow. For example, as an illustration of the first drawback mentioned above, suppose an AAA registration request of a user with a User NAI of name@Dorr.ainB.com is sent from the AAA Entity 1 of Domain A to the AAA Server of Domain A. In accordance with conventional protocols, the AAA Server of Domain A reads the realm portion of the User NAI of the message, determines that the message should be forwarded to the Domain B, and forwards the message to the AAA Server of Domain B. Upon receiving the message, the AAA Server of Domain B determines that the message is intended for an entity in its domain and then forwards the message to the appropriate AAA Entity, such as, for example, the AAA Entity 1 of Domain B. The AAA Entity 1 of Domain B then processes the message. After the AAA Entity 1 of Domain B has processed the message, it will attempt to send a registration response message back to the AAA Entity 1 of Domain A. In so attempting, the AAA Entity 1 of Domain B forwards the registration response message to its AAA server, which is the AAA Server of Domain B. The AAA Server of Domain B will then attempt to forward the message to its proper destination, AAA Entity 1 of Domain A. However, the AAA server of Domain B cannot use the user NAI ( .e., name@domainB.com) to route the message to the AAA Entity 1 of Domain A, because to do so would direct the message to the AAA Entity 1 of Domain B as a result of the AAA Server of Domain B determining where to route the message based on the domamB realm of the User NAI. The User NAI does not include any information to tell the AAA server of Domain B that the user (i.e., name@domainB.com) has sought to register at a non-home domain (i.e., Domain A) .
Under conventional AAA protocols, Domain B would use a Proxy State to send a message back to Domain A. Under such protocols, the AAA server of Domain B does not have the necessary information to forward the registration response message to the Domain A or, more particularly, to the AAA Entity 1 of Domain A. To properly route the registration response message, the AAA server of Domain B would need to maintain state information regarding the source of the original registration request message (i.e., AAA Entity 1 of Domain A) or use a Proxy State. However, the AAA server of Domain B cannot maintain this state information without running afoul of DIAMETER' s requirement that all AAA servers be stateless.
The second and third drawbacks of conventional AAA protocols mentioned above can be exemplified by a user having a user NAI of user@domamB.com who connects via a wireless mobile link to the data network 102 through the Domain A, for example, using a notebook computer or personal digital assistant. As the user moves from the Domain A to the Domain C, the Domain A and the Domain C will need to communicate with one another in order to facilitate a handoff of the user. However, conventional AAA protocols do not permit such communicatior. because a message sent on behalf of the user to the Domain C in an effort to initiate the handoff would result in a response to the message based on User NAI by the Domain C being sent to the Domain B, because Domain B is the user' s home domain, as indicated by the realm portion of the user's user NAI (i.e., "domainB") . Thus, communication between the two non-home serving domains (e.g., Domain A and Domain C) is not possible using conventional protocols. The second and third drawbacks are also exemplified when a user with user NAI of user@domainC.com connected to the data network 102 via a wireless link travels from the Domain B to the Domain A and thus needs to be handed off to the Domain A. Conventional protocols do not permit a particular AAA entity newly assigned to serve the user
(e.g., AAA Entity 2 of Domain ?. ) to communicate with an AAA entity of Domain B that had been serving the user prior to the handoff request (e.g., AAA Entity 2 of Domain B) .
Rather, a message from the AAA Entity 2 of Domain A would be sent to the Domain C, because the Domain C is indicated as the user' s home domain by virtue of the realm portion of the user's User NAI (i.e., "domainC").
The fourth and fifth drawbacks of conventional AAA protocols mentioned above are exemplified when the AAA Entity 2 of Domain A needs to communicate specifically with the AAA Entity 1 of Domain B, for example, because a roaming wireless Internet user moving between Domain A and Domain B needs to be handed off from tr.e Domain A to the Domain B. Conventional AAA protocols do r.ot permit such communication. While conventional protocols do permit an entity in a non- home serving domain to specifically communicate with another entity in the user's home domain, they do not permit specific entities in two different non-home serving domains to communicate with one another. This problem is exacerbated when one or both of the entities is behind a proxy server or firewall, since conventional protocols require publicly-routable IP addresses. As is well known, an entity behind a proxy server or firewall does not have a publicly routable IP address, but, rather, only has a private IP address. This drawback of conventional protocols is due in part to their use of user NAIs for AAA message routing. In addition, if a host IP address has only a private address, the same drawback of conventional AAA protocols is present.
The sixth drawback is illustrated by the use of a proxy state by AAA servers to modify or mark AAA messages so that they can be routed. Under conventional protocols, a computer participating in the routing of a message is required to mark or modify the message in order to keep track of from where it received the message. For example, if computer 1 routes a message to computer 2, computer 2 will mark or modify the message to indicate that it came from computer 1. When computer 2 sends the message to computer 3, computer 3 will, on receipt of the message, mark or modify it as having been received from computer 2. This process of marking or modifying the message will continue until the message reaches its destination.
Such marking or modification of messages creates a security risk because it prevents the use of certain security mechanisms, such as IPSEC, which attempt to maintain message security by verifying whether a message has been modified. Thus, if routing computers modify or mark the message using a proxy state, the security mechanisms are- unable to verify that that the message has not been modified.
Thus, there is a need for an apparatus and method for routing AAA messages among various AAA entities in systems based on domains in which routing of AAA messages of roaming users is achievable, messaging between a AAA entity to another AAA entity in any domain can be performed, and communication between two or more non-home serving domains can be accomplished. There is a further need for an apparatus and method that permits communications between two specific entities in different domains as well as communications between entities in which one or more of the entities is behind a firewall or a proxy server and thus does not have a publicly-routable IP address. There is a further need for an apparatus and method that overcome the potential security problems associated with the use of a proxy state message modification to route AAA messages as in the prior art. There is also a need for AAA servers capable of meeting the above-described needs to be stateless and lightweight, since the RADIUS and DIAMETER protocols mandate that message state information not be stored in the servers.
SUMMARY OF THE INVENTION
In response to these and other limitations, provided herein are a unique method and apparatus for routing Authentication, Authorization, and Accounting ("AAA") messages in a communication system. The communication system comprises a data network coupled to a plurality of domains, wherein each domain includes at least one AAA server and at least one AAA Entity.
In one embodiment, routing an AAA message includes receiving the AAA message having a User NAI, determining whether the AAA message includes a Destination NAI, in response to a determination that the AAA message includes a Destination NAI determining whether an NAI domain of the Destination NAI is or is not local. In response to a determination that the Destination NAI is local, the AAA message is dispatched to a local AAA entity identified by the Destination NAI. In response to a determination that the Destination NAI is not local, the AAA message is dispatched to an AAA server in a non-local domain identified by the Destination NAI. In other embodiments, in response to a determination that the NAI domain of the User NAI is non-local, the AAA message is dispatched to a non-local AAA entity identified by the User NAI.
In still other embodiments, an apparatus for routing AAA messages between AAA entities is provided. The apparatus comprises a first domain operably connected to the Internet that has at least one AAA server that is adapted to route a plurality of AAA messages having at least a Source NAI and a User NAI. The apparatus also includes a first AAA entity operably connected to the first domain that is adapted to send and receive a plurality of AAA messages having at least a Source NAI and a User NAI .
In other embodiments, a second domain operably connected to the Internet and having at least one AAA server that is adapted to route a plurality of AAA messages having at least a Source NAI and a User NAI is provided. The apparatus further includes an AAA entity operably connected to the second domain that is adapted to send and receive a plurality of AAA messages having at least a Source NAI and a User NAI.
BRIEF DESCRIPTION OF THE DRAWINGS
For a more complete understanding of the present invention and the advantages thereof, reference is now made to the following description taken in conjunction with the accompanying drawings, in which like reference numbers indicate like features and wherein:
FIGURE 1 is a diagram illustrating a prior art communications system used in connection with current AAA protocols and in connection with the present invention;
FIGURE 2 is a diagram illustrating an exemplary Registration Request message according to the present invention; and FIGURE 3 is a flow diagram illustrating an algorithm for routing of AAA messages according to the present invention.
DETAILED DESCRIPTION
In the following discussion, numerous specific details are set forth to provide a thorough understanding of the present invention. However, it will be obvious to those skilled in the art that the present invention can be practiced without such specific details. In other instances, well-known elements have been illustrated in block diagram or schematic form in order not to obscure the present invention in unnecessary detail. Additionally, for the most part, details concerning routing of AAA messages and the like have been omitted inasmuch as such details are not necessary to obtain a complete understanding of the present invention and are within the skills of persons of ordinary skill in the relevant art.
Referring to FIGURE 1 of the drawings, the reference numeral 100 generally designates a communication network embodying features of the prior art. The network 100 includes a data network (such as the Internet) 102 that is coupled to a Domain A, a Domain B, and a Domain C. Domain A includes an AAA Entity 1 of Domain A, an AAA Entity 2 of Domain A, and an AAA Server of Domain A, which are operaoly interconnected to one another and also to the data network 102. In addition, Domain B includes an AAA Entity 1 of Domain B, an AAA Entity 2 of Domain B, and an AAA Server of Domain B, each of which is operably interconnected to one another and also to the data network 102. Similarly, Domain C includes an AAA Entity 1 of Domain C, an AAA Entity 2 of Domain C, and an AAA Server of Domain C, each of which is operably interconnected to one another and also to the data network 102.
The AAA servers of Domain A, Domain B, and Domain C are each responsible for delivering or routing AAA messages to appropriate entities, which perform task(s) specified by the messages. It is the responsibility of the AAA servers of Domain A, Domain B, and Domain C to resolve the appropriate server or entity to which to send the AAA messages. The AAA Entities 1 and 2 of Domain A, Domain B, and Domain C each serve users in their respective domains and are also used to forward messages between users and the AAA Entities' respective AAA servers.
The AAA Servers and AAA Entities illustrated in FIGURE 1 may comprise any conventional computer generally capable of receiving, storing, processing, and outputtmg data. While not shown in detail, the AAA Servers and AAA Entities each include components, such as input and output devices, volatile and non-volatile memory, and the like; however, because such computer components are well known in the art, they will not be shown or described in further detail herein. In FIGURE 2, an exemplary AAA Registration message 200 of the present invention is shown which facilitates the routing of AAA messages based on domains, using such AAA protocols as DIAMETER and RADIUS, and can be deployed in any type of network setup as either a Registration Request message or as a Registration Response message (discussed below) . The AAA Registration message 200 comprises a plurality of Attribute Value Pairs ("AVPs") , including: (1) a Source Network Access Identifier (NAI) field 202, (2) an optional Destination NAI field 204, (3) User NAI field 206, and (4) a Command Code field 208. The Source NAI field 202 is a required field used to identify the source from which a Registration message originates. The Destination NAI field 204 is an optional field used to identify the destination NAI a Registration message. The Registration message 200, when used to Request Registration, generally does not require the Destination NAI, but when used to Respond to a Registration Request, generally does require a Destination NAI, since the Destination NAI of a Registration Response message is most often the Source NAI of a Registration Request message. The User NAI field 206 field identifies the user and the user' s home domain, and the Command Code field 208 identifies the type of message, for example, as a Registration Request, or as a Response to a Registration Request.
For example, in a preferred embodiment, if a mobile user who is roaming outside his home domain submits a Registration Message 200 to the AAA Server of a non-home domain to Request Registration at the non-home server, the Registration Message would include the Source NAI field 202, the User NAI field 206, and the Command Code field 208. The Source NAI field 202 identifies the source of the message as being an AAA entity of the non-home domain at which the user is requesting Registration. The User NAI field 206 identifies the user that originated the request, including the home domain of the user, even though the user is now requesting to be registered at the non-home domain. The Command Code field 208 identifies the type of message as a Registration Request. Referring now to both FIGURES 1 and 2, if an AAA Entity
1 of Domain A submits a Registration Request message 200 to the AAA Server of Domain A on behalf of a user with a User
NAI of userl@domainB, in a preferred embodiment, the message would include the following: a. Source NAI field 202 (aaaentitylΘDomainA) ; b. Destination NAI field 204 ( —empty— ) c. User NAI field 206 (userl@Domain B) ; and d. Command Code field 208 (Registration Request) . The Destination NAI field 202 is empty, and the Source
NAI field 202 identifies the source of the message 200 as being the AAA Entity 1 of Domain A, since the user is requesting Registration with the Domain A through the AAA Entity 1 of Domain A. The User NAI field 206 identifies the user that originated the request, which in this example is userl, who has a home domain of Domain B, but who is now requesting to be registered at Domain A. The Command Code field 208 identifies the type of message as a Registration Request . FIGURE 3 is a flow diagram, designated by the reference numeral 300, depicting control logic implemented by an AAA server for routing AAA messages 200 in accordance with a preferred embodiment of the present invention. The control logic will be exemplified first with respect to the routing of a message 200, wherein a user (designated herein as "userl") having a home domain in Domain B is requesting Registration in Domain A.
Accordingly, in step 302, the AAA Server of Domain A receives a message 200 from the AAA Entity 1 of Domain A. Execution then proceeds to step 304, wherein the AAA Server of Domain A determines whether the message includes a Destination NAI in the field 204 of the Registration Message 200. If the AAA Server of Domain A determines that a Destination NAI is not present in the Destination NAI field 204, execution proceeds to step 308; otherwise, execution proceeds to step 306, discussed below with respect to a response to a request for registration. In step 308, the AAA Server of Domain A retrieves the User NAI field 206 from the message. Execution then proceeds to step 318, wherein a determination is made whether the User NAI's domain is local (i.e., whether the userl has the Domain B as its home domain). If it is determined that the User NAI's domain is not local, execution proceeds to step 324; otherwise, execution proceeds to step 320, discussed below. In step 324, the Internet Protocol ("IP") address of the NAI domain is resolved using the well-known Domain Name System ("DNS") . Execution then proceeds to step 326. In step 326, the message is dispatched to the proper domain (e.g., Domain B) . Execution then returns to step 302.
In step 302, the AAA Server of Domain B receives the message sent to Domain B from the AAA Server of Domain A in step 326 above. Execution then proceeds to step 304, wherein the AAA Server of Domain B determines whether a Destination NAI is present in the field 204. If it is determined that a Destination NAI is not present in the field 204, execution proceeds to step 308; otherwise, execution proceeds to step 306, discussed below with respect to a response to a request for registration. In step 308, the AAA Server of Domain B retrieves the User NAI 206 from the message 200. Execution then proceeds to step 318, wherein the AAA Server of Domain B determines whether the domain of the User NAI 206 is local (i.e., whether the userl has the Domain B as its home domain) . If it is determined that the User NAI's domain is local, execution proceeds to step 320; otherwise, execution proceeds to step 324, discussed above. In step 320, the AAA Server of Domain B determines from the Command Code field 208 that the message 200 is a Request for Registration. Execution then proceeds to step 322, wherein the message 200 requesting registration is sent to the appropriate entity of Domain B, which is, for example, the AAA Entity 1 of Domain B. Execution then terminates at step 330.
Referring now to FIGURES 1 and 2, if the AAA Entity 1 of Domain B submits to the AAA Entity 1 of Domain A a message 200 responding to a request for registration, the message 200 would, in a preferred embodiment, include the following fields: a. Source NAI field 202 (aaaentitylΘDomainB) b. Destination NAI field 204 (aaaentityl@DomainA) c. User NAI field 206 (userl@DomainB) d. Command Code field 208 (Registration Response) The Source NAI field 202 identifies the source of the message as the AAA Entity 1 of Domain B. The Destination NAI field 204 identifies the destination of the message as the AAA Entity 1 of Domain A, since the AAA Entity 1 of Domain A sent the Registration Request message 200. The User NAI field 206 identifies the user that originated the request, which in this example is userl, who has a home domain of the Domain B. The Command Code field 208 identifies the type of message as a message 200 responding to a request for registration.
Referring again to FIGURE 3, routing of a message 200 responding to a request for registration is illustrated. In step 302, the AAA Server of Domain B receives the Registration message 200 requesting registration from the AAA Entity 1 of Domain B. Execution then proceeds to step 304, wherein a determination is made whether a Destination NAI is present in the field 204. If it is determined that a Destination NAI (e.g., aaaentitylΘDomainA) is present in the field 204, then execution proceeds to step 306; otherwise, execution proceeds to step 308, discussed above with respect to transmission of a message requesting registration. In step 306, a determination is made whether the Destination NAI field 204 identifies a local domain. If it is determined that the Destination NAI field 204 does not identify a local domain, execution proceeds to step 314; otherwise, execution proceeds to step 310, discussed below. In step 314, the IP address of the Destination NAI field 204 is determined using the well-known DNS. Execution then proceeds to step 316, wherein the AAA Server of Domain B dispatches the message 200 responding to a request for registration to the proper AAA domain, which, in the present example, is the AAA Server of Domain A because the domain portion of the Destination NAI field 204 identifies the Domain A. Execution then returns to step 302.
In step 302, the AAA Server of Domain A receives the Registration Response message 200 that was dispatched in step 316 from the AAA Server of Domain B. Execution then proceeds to step 304, wherein a determination is made whether a Destination NAI (e.g., aaaentitylΘDomainA) is present in the field 204. If it is determined that a Destination NAI is present in the field 204, then execution proceeds to step 306; otherwise, execution proceeds to step 308, discussed above with respect to transmission of a message requesting registration. In step 306, the AAA Server of Domain A determines whether the Destination NAI field 204 identifies a local domain. If it is determined that the Destination NAI field 204 identifies a local domain (e.g., DomainA) , then execution proceeds to step 310; otherwise, execution proceeds to step 314, discussed above.
In step 310, a determination is made to which AAA entity
(e.g., AAA Entity 1 of Domain A) the Registration Response message 200 should be dispatched. It will be apparent to those skilled in the art that, unlike prior art approaches, even if the AAA entity to which the Registration message 200 response is directed has only a private IP address, the message 200 can be routed to the proper entity, so long as the AAA Server serving the entity has a publicly routable address .
From step 310, execution proceeds to step 312. In step
312, the AAA Server of the Domain A dispatches the message
200 to the proper AAA entity of the local domain (e.g., AAA Entity 1 of Domain A) . Execution then terminates at step
328.
By use of the present invention, routing of AAA messages of roaming users is achievable, messaging between a
AAA entity to another AAA entity in any domain can be performed, and communication between two or more non-home serving domains can be accomplished in a system using any
AAA protocol. In addition, the present invention provides an apparatus and method that permits communications between two specific entities in different domains as well as communications between entities in which one or more of the entities is behind a firewall or a proxy server and thus does not have a publicly-routable IP address. The present invention also allows servers to be stateless and lightweight (since message routing state information need not be stored in the servers) .
It is understood that the present invention can take many forms and embodiments. Accordingly, several variations may be made in the foregoing without departing from the spirit or the scope of the invention. For example, various algorithms in addition to the that disclosed herein could be devised using the destination NAI to route AAA messages among different domains of a network.
Although the invention has been described with specific AAA protocol embodiments, these descriptions are not meant to be construed in a limiting sense. Various modifications of the disclosed embodiments, as well as alternative embodiments of the invention, will become apparent to persons skilled in the art upon reference to the description of the invention. It is, therefore, contemplated that the claims will cover any such modifications or embodiments that fall within the true scope and spirit of the invention.

Claims

WHAT IS CLAIMED IS:
1. A method for facilitating authentication, authorization, and accounting (AAA) message routing by ar. AAA server comprising the steps of: receiving an AAA message having at least a user network address identifier (NAI); determining whether the AAA message includes a destination NAI; in response to a determination that the AAA message includes a destination NAI, determining whether an NAI domain of the destination NAI is local; in response to a determination that the destination NAI is local, determining from the destination NAI a local AAA entity to which the AAA message should be dispatched and dispatching the AAA message to the determined local AAA entity; and in response to a determination that the destination NAI is not local, resolving an internet protocol (IP) address of the destination NAI and dispatching the AAA message to ar. AAA server in a non-local domain identified by the destination
NAI.
2. The method of claim 1 wherein the AAA server is stateless .
3. The method of claim 1 further comprising the step of retrieving the user NAI in response to a determination that the AAA message does not include a destination NAI.
4. The method of claim 3 further comprising the step of determining whether a NAI domain of the user NAI of the AAA message is local.
5. The method of claim 4 further comprising the step of determining a local AAA entity to which the AAA message should be dispatched from a message type of the AAA message in response to a determination that the NAI domain of the user NAI of the AAA message is local.
6. The method of claim 4 further comprising the step of resolving an IP address of the user NAI in response to a determination that the NAI domain of the user NAI of the AAA message is not local.
7. The method of claim 5 further comprising the step of dispatching the AAA message to a proper local AAA entity.
8. The method of claim 6 further comprising the step of dispatching the AAA message to a proper non-local domain.
9. The method of claim 8 wherein at least one of the AAA entities does not have a publicly routable IP address.
10. A method of facilitating routing of an AAA registration request message comprising the steps of: receiving an AAA registration request message having at least a user NAI; determining whether a NAI domain of the user NAI is local; in response to a determination that the NAI domain is local, dispatching the message to a local entity identified by the user NAI; and in response to a determination that the NAI domain is non-local, dispatching the message to a non-local domain identified by the user NAI.
11. A method of facilitating routing of an AAA registration response message comprising the steps of: receiving an AAA registration response message having at least a destination NAI; determining whether the NAI domain of the destination NAI is local; in response to a determination that the NAI domain of the destination NAI is local, dispatching the message to a local
AAA entity identified by the destination NAI; and in response to a determination that the NAI domain of the destination NAI is not local, dispatching the message to an
AAA domain identified by the destination NAI.
12. The method of claim 10 wherein the local AAA entity has a private IP address.
13. The method of claim 11 wherein the local AAA entity has a private IP address.
14. An apparatus for routing of Authentication, Authorization, and Accounting (AAA) messages between AAA entities comprising: a first domain operably connected to a data network, the first domain having at least one first AAA server, the first AAA server being adapted to route a plurality of AAA messages having a source NAI and a user NAI; and a first AAA entity operably connected to the first domain, the first AAA entity being adapted to send and receive a plurality of AAA messages, each message having at least a source NAI and a user NAI.
15. The apparatus of claim 14 further comprising: a second domain operably connected to a data network, the second domain having at least one second AAA server, the second AAA server being adapted to route a plurality of AAA messages having a source NAI and a user NAI; a second AAA entity operably connected to the second domain, the second AAA entity being adapted to send and receive a plurality of AAA messages, each message having at least a source NAI and a user NAI.
16. The apparatus of claim 14 further comprising a computer program product having a medium with a computer program embodied thereon, the computer program comprising computer program code executable, in response to receipt of an
ΑΑΑ message, for routing the AAA message, the computer program further comprising: computer program code for determining whether a destination network access identifier (NAI) is present in the
AAA message; computer code for determining, in response to a determination that a destination NAI is present in the AAA message, whether an NAI domain of the destination NAI is local; computer code for determining, in response to a determination that the NAI domain of the destination NAI is local, a local AAA entity to which the message should be dispatched; and computer code for dispatching the AAA message to the local AAA entity in response to the determination of the local
AAA entity to which the message should be dispatched.
17. The apparatus of claim 14 further comprising a computer program product having a medium with a computer program embodied thereon, the computer program comprising computer program code executable, in response to receipt of an AAA message, for routing the AAA message, the computer program further comprising: computer program code for determining whether a destination network access identifier (NAI) is present in the AAA message; computer code for determining, in response to a determination that a destination NAI is present in the AAA message, whether an NAI domain of the destination NAI is local; computer code for determining, in response to a determination that the NAI domain of the destination NAI is local, a local AAA entity to which the message should be dispatched; computer code for dispatching the AAA message to the local AAA entity in response to determination of the local AAA entity to which the message should be dispatched; computer code for resolving an internet protocol (IP) address of the NAI domain of the destination NAI in response to a determination that the destination NAI is not local; and computer code for dispatching the AAA message to the NAI domain of the destination NAI in response to resolution of the IP address of the NAI domain.
18. The apparatus of claim 14 further comprising a computer program product having a medium with a computer program embodied thereon, the computer program comprising computer program code executable, in response to receipt of an AAA message, for routing the AAA message, the computer program further comprising: computer program code for determining whether a destination network access identifier (NAI) is present in the AAA message; computer code for determining, in response to a determination that a destination NAI is present in the AAA message, whether an NAI domain of the destination NAI is local; computer code for determining, in response to a determination that the NAI domain of the destination NAI is local, a local AAA entity to which the message should be dispatched; computer code for dispatching the AAA message to the local AAA entity in response to identification of the local AAA entity to which the message should be dispatched; computer code for resolving an internet protocol (IP) address of the NAI domain of the destination NAI in response to a determination that the destination NAI is not local; computer code for dispatching the AAA message to the NAI domain of the destination NAI in response to resolution of the IP address of the NAI domain of the destination NAI; computer code for retrieving a user NAI from the AAA message in response to a determination that a destination NAI is not present in the AAA message; computer code for determining, in response to retrieval of the user NAI from the AAA message, whether the NAI domain of the user NAI is local; computer code for determining, in response to a determination that the NAI domain of the user NAI of the AAA message is local, a local AAA entity to which the AAA message should be dispatched; and computer code for dispatching the AAA message to the local AAA entity in response to the determination of the local AAA entity to which the AAA message should be dispatched. The apparatus of claim 14 further comprising a computer program product having a medium with a computer program embodied thereon, the computer program comprising computer program code executable, in response to receipt of an AAA message, for routing the AAA message, the computer program further comprising: computer program code for determining whether a destination network access identifier (NAI) is present in the AAA message; computer code for determining, in response to a determination that a destination NAI is present in the AAA message, whether an NAI domain of the destination NAI is local; computer code for determining, in response to a determination that the NAI domain of the destination NAI is local, a local AAA entity to which the message should be dispatched; computer code for dispatching the AAA message to the local AAA entity in response to identification of the local AAA entity to which the message should be dispatched; computer code for resolving an internet protocol (IP) address of the NAI domain of the destination NAI in response to a determination that the destination NAI is not local; computer code for dispatching the AAA message to the NAI domain of the destination NAI in response to resolution of the IP address of the NAI domain of the destination NAI; computer code for retrieving a user NAI from the AAA message in response to a determination that a destination NAI is not present in the AAA message; computer code for determining, in response to retrieval of the user NAI from the AAA message, whether the NAI domain of the user NAI is local; computer code for determining, in response to a determination that the NAI domain of the user NAI of the AAA message is local, a local AAA entity to which the AAA message should be dispatched; computer code for dispatching the AAA message to the local AAA entity in response to the determination of the local AAA entity to which the AAA message should be dispatched; computer code for resolving an IP address of the NAI domain of the user NAI in response to a determination that the NAI domain of the user NAI is not local; and computer code for dispatching the AAA message to the NAI domain of the user NAI in response to resolution of the IP address of the NAI domain of the user NAI.
19. The apparatus of claim 14 wherein the first domain is a non-home serving domain.
20. The apparatus of claim 14 wherein a portion of the
AAA messages are registration request messages. The apparatus of claim 14 wherein a portion of the AAA messages are registration response messages that include a destination NAI. The apparatus of claim 14 wherein at least one of the AAA entities has a private IP address. The apparatus of claim 15 wherein at least one of the AAA servers is stateless. The apparatus of claim 15 wherein the second domain is a non-home serving domain.
21. The apparatus of claim 15 wherein a portion of the
AAA messages are registration request messages.
22. The apparatus of claim 15 wherein a portion of the AAA messages are response messages that include a destination NAI. The apparatus of claim 15 wherein at least one of the AAA entities has a private IP address.
23. The apparatus of claim 15 further comprising a computer program product having a medium with a computer program embodied thereon, the computer program comprising computer program code executable, in response to receipt of an AAA message, for routing the AAA message, the computer program further comprising: computer program code for determining whether a destination network access identifier (NAI) is present in the
AAA message; computer code for determining, in response to a determination that a destination NAI is present in the AAA message, whether an NAI domain of the destination NAI is local; computer code for determining, in response to a determination that the NAI domain of the destination NAI is local, a local AAA entity to which the message should be dispatched; and computer code for dispatching the AAA message to the local AAA entity in response to the determination of the local AAA entity to which the message should be dispatched.
24. The apparatus of claim 15 further comprising a computer program product having a medium with a computer program embodied thereon, the computer program comprising computer program code executable, in response to receipt of an AAA message, for routing the AAA message, the computer program further comprising: computer program code for determining whether a destination network access identifier (NAI) is present in the AAA message; computer code for determining, in response to a determination that a destination NAI is present in the AAA message, whether an NAI domain of the destination NAI is local; computer code for determining, in response to a determination that the NAI domain of the destination NAI is local, a local AAA entity to which the message should be dispatched; computer code for dispatching the AAA message to the local AAA entity in response to determination of the local AAA entity to which the message should be dispatched; computer code for resolving an internet protocol (IP) address of the NAI domain of the destination NAI in response to a determination that the destination NAI is not local; and computer code for dispatching the AAA message to the NAI domain of the destination NAI in response to resolution of the IP address of the NAI domain.
25. The apparatus of claim 15 further comprising a computer program product having a medium with a computer program embodied thereon, the computer program comprising computer program code executable, in response to receipt of an AAA message, for routing the AAA message, the computer program further comprising: computer program code for determining whether a destination network access identifier (NAI) is present in the AAA message; computer code for determining, in response to a determination that a destination NAI is present in the AAA message, whether an NAI domain of the destination NAI is local; computer code for determining, in response to a determination that the NAI domain of the destination NAI is local, a local AAA entity to which the message should be dispatched; computer code for dispatching the AAA message to the local AAA entity in response to identification of the local AAA entity to which the message should be dispatched; computer code for resolving an internet protocol (IP) address of the NAI domain of the destination NAI in response to a determination that the destination NAI is not local; computer code for dispatching the AAA message to the NAI domain of the destination NAI in response to resolution of the IP address of the NAI domain of the destination NAI; computer code for retrieving a user NAI from the AAA message in response to a determination that a destination NAI is not present in the AAA message; computer code for determining, in response to retrieval of the user NAI from the AAA message, whether the NAI domain of the user NAI is local; computer code for determining, in response to a determination that the NAI domain of the user NAI of the AAA message is local, a local AAA entity to which the AAA message should be dispatched; and computer code for dispatching the AAA message to the local AAA entity in response to the determination of the local AAA entity to which the AAA message should be dispatched. The apparatus of claim 15 further comprising a computer program product having a medium with a computer program embodied thereon, the computer program comprising computer program code executable, in response to receipt of an AAA message, for routing the AAA message, the computer program further comprising : computer program code for determining whether a destination network access identifier (NAI) is present in the AAA message; computer code for determining, in response to a determination that a destination NAI is present in the AAA message, whether an NAI domain of the destination NAI is local; computer code for determining, in response to a determination that the NAI domain of the destination NAI is local, a local AAA entity to which the message should be dispatched; computer code for dispatching the AAA message to the local AAA entity in response to identification of the local AAA entity to which the message should be dispatched; computer code for resolving an internet protocol (IP) address of the NAI domain of the destination NAI in response to a determination that the destination NAI is not local; computer code for dispatching the AAA message to the NAI domain of the destination NAI in response to resolution of the IP address of the NAI domain of the destination NAI; computer code for retrieving a user NAI from the AAA message in response to a determination that a destination NAI is not present in the AAA message; computer code for determining, in response to retrieval of the user NAI from the AAA message, whether the NAI domain of the user NAI is local; computer code for determining, in response to a determination that the NAI domain of the user NAI of the AAA message is local, a local AAA entity to which the AAA message should be dispatched; computer code for dispatching the AAA message to the local AAA entity in response to the determination of the local
AAA entity to which the AAA message should be dispatched; computer code for resolving an IP address of the NAI domain of the user NAI in response to a determination that the
NAI domain of the user NAI is not local; and computer code for dispatching the AAA message to the NAI domain of the user NAI in response to resolution of the IP address of the NAI domain of the user NAI. An AAA message comprising a source network access identifier that indicates a source AAA entity from which the AAA message has been sent.
The AAA message of claim 33 further comprising a destination network access identifier that indicates a destination to which the message is to be sent.
26. The AAA message of claim 34 further comprising a user network access identifier that indicates a user's name and the user's home domain.
27. The AAA message of claim 35 further comprising a command code that indicates what type of action should be taken in response to the message.
PCT/IB2000/001304 1999-09-29 2000-09-12 Apparatus and method for routing aaa messages between domains of a network WO2001024476A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP00956749A EP1219089A1 (en) 1999-09-29 2000-09-12 Apparatus and method for routing aaa messages between domains of a network
AU68611/00A AU6861100A (en) 1999-09-29 2000-09-12 Apparatus and method for routing aaa messages between domains of a network

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US15666999P 1999-09-29 1999-09-29
US60/156,669 1999-09-29
US55181100A 2000-04-18 2000-04-18
US09/551,811 2000-04-18

Publications (1)

Publication Number Publication Date
WO2001024476A1 true WO2001024476A1 (en) 2001-04-05

Family

ID=26853405

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2000/001304 WO2001024476A1 (en) 1999-09-29 2000-09-12 Apparatus and method for routing aaa messages between domains of a network

Country Status (3)

Country Link
EP (1) EP1219089A1 (en)
AU (1) AU6861100A (en)
WO (1) WO2001024476A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004002108A1 (en) * 2002-06-20 2003-12-31 Nokia Corporation Method, system and devices for transferring accounting information
EP1451974A1 (en) * 2001-12-03 2004-09-01 Nokia Corporation Policy based mechanisms for selecting access routers and mobile context
EP1504392A2 (en) * 2002-05-13 2005-02-09 Thomson Licensing S.A. Paid access to a local area network
WO2007036104A1 (en) * 2005-09-27 2007-04-05 Huawei Technologies Co., Ltd. A method for transmitting session requests
CN100463479C (en) * 2001-12-25 2009-02-18 中兴通讯股份有限公司 Wide-band network authentication, authorization and accounting method
US7565688B2 (en) 2002-12-23 2009-07-21 Hewlett-Packard Development Company, L.P. Network demonstration techniques
EP2686986A4 (en) * 2011-03-18 2015-05-06 Tekelec Inc Methods, systems, and computer readable media for configurable diameter address resolution

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0912026A2 (en) * 1997-10-14 1999-04-28 Lucent Technologies Inc. Registration scheme for network
WO1999039481A1 (en) * 1998-01-29 1999-08-05 Ip Dynamics, Inc. System and method for using domain names to route data sent to a destination on a network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0912026A2 (en) * 1997-10-14 1999-04-28 Lucent Technologies Inc. Registration scheme for network
WO1999039481A1 (en) * 1998-01-29 1999-08-05 Ip Dynamics, Inc. System and method for using domain names to route data sent to a destination on a network

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Multimedia Conference Manager", RELEASE 11.3 NA, 4 March 1999 (1999-03-04), XP002152853 *
JOHNSON ET AL: "A Global Alphanumeric Naming Scheme for H.323", REQUEST FOR COMMENT, 12 July 1999 (1999-07-12), XP002152855 *

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7443835B2 (en) 2001-12-03 2008-10-28 Nokia Corporation Policy based mechanisms for selecting access routers and mobile context
EP1451974A1 (en) * 2001-12-03 2004-09-01 Nokia Corporation Policy based mechanisms for selecting access routers and mobile context
EP1451974A4 (en) * 2001-12-03 2007-05-02 Nokia Corp Policy based mechanisms for selecting access routers and mobile context
CN100463479C (en) * 2001-12-25 2009-02-18 中兴通讯股份有限公司 Wide-band network authentication, authorization and accounting method
EP1504392A2 (en) * 2002-05-13 2005-02-09 Thomson Licensing S.A. Paid access to a local area network
EP1504392A4 (en) * 2002-05-13 2006-06-21 Thomson Licensing Paid access to a local area network
US7251733B2 (en) 2002-06-20 2007-07-31 Nokia Corporation Method, system and devices for transferring accounting information
WO2004002108A1 (en) * 2002-06-20 2003-12-31 Nokia Corporation Method, system and devices for transferring accounting information
US7565688B2 (en) 2002-12-23 2009-07-21 Hewlett-Packard Development Company, L.P. Network demonstration techniques
WO2007036104A1 (en) * 2005-09-27 2007-04-05 Huawei Technologies Co., Ltd. A method for transmitting session requests
US7707293B2 (en) 2005-09-27 2010-04-27 Huawei Technologies Co., Ltd. Method, system and apparatuses for transferring session request
CN101160911B (en) * 2005-09-27 2010-08-04 华为技术有限公司 Method of transmitting session requirement
USRE43551E1 (en) 2005-09-27 2012-07-24 Huawei Technologies Co., Ltd. Method, system and apparatuses for transferring session request
EP2686986A4 (en) * 2011-03-18 2015-05-06 Tekelec Inc Methods, systems, and computer readable media for configurable diameter address resolution

Also Published As

Publication number Publication date
AU6861100A (en) 2001-04-30
EP1219089A1 (en) 2002-07-03

Similar Documents

Publication Publication Date Title
JP3557056B2 (en) Packet inspection device, mobile computer device, and packet transfer method
KR101086349B1 (en) Method And System For Controlling Operation Of A Communication Network, Related Network And Computer Program Product Therefor
CA2321396C (en) Mobile communications service system, mobile communications service method, authentication apparatus, and home agent apparatus
JP4226553B2 (en) Routing in data communication networks
US7707310B2 (en) Mobile IP registration supporting port identification
CN100559788C (en) Method, system and the home agent of the how mobile IP session of the home IP address of use dynamic assignment
US7324492B2 (en) Enabling push technologies for mobile IP
US7489667B2 (en) Dynamic re-routing of mobile node support in home servers
JP3964257B2 (en) System and method for allowing a simple IP mobile node to operate seamlessly by performing true roaming in a mobile IP network
US8429400B2 (en) VPN processing via service insertion architecture
US7152238B1 (en) Enabling mobility for point to point protocol (PPP) users using a node that does not support mobility
US20070171886A1 (en) System and method for managing foreign agent selections in a mobile internet protocol network
US20030208602A1 (en) System and method for pushing data in an internet protocol network environment
CN101305543B (en) Method and device for allowing network access for proxy mobile IP cases for nodes that do not support CHAP authentication
JP2001527331A (en) Ways to support mobility on the Internet
JPH09149036A (en) Address settlement method
US8755354B2 (en) Methods and apparatus for broadcast optimization in mobile IP
TWI270278B (en) System and method of providing computer networking
US20040090942A1 (en) Fast recovery from unusable home server
US20040156374A1 (en) Router and routing method for providing linkage with mobile nodes
WO2001024476A1 (en) Apparatus and method for routing aaa messages between domains of a network
US7215668B2 (en) Method and apparatus for processing information, storage medium, and software program
US7237025B1 (en) System, device, and method for communicating user identification information over a communications network
EP1990953B1 (en) A method and device for determining home agent attached by mobile node
Cisco Configuring Mobile IP

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 68611/00

Country of ref document: AU

WWE Wipo information: entry into national phase

Ref document number: 2000956749

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2000956749

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Ref document number: 2000956749

Country of ref document: EP