WO2008099065A2 - Mobile ip access to a requested service - Google Patents

Mobile ip access to a requested service Download PDF

Info

Publication number
WO2008099065A2
WO2008099065A2 PCT/FI2008/050066 FI2008050066W WO2008099065A2 WO 2008099065 A2 WO2008099065 A2 WO 2008099065A2 FI 2008050066 W FI2008050066 W FI 2008050066W WO 2008099065 A2 WO2008099065 A2 WO 2008099065A2
Authority
WO
WIPO (PCT)
Prior art keywords
mobile node
mobile
nai
information
node
Prior art date
Application number
PCT/FI2008/050066
Other languages
French (fr)
Other versions
WO2008099065A3 (en
Inventor
Jouni Korhonen
Original Assignee
Teliasonera Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Teliasonera Ab filed Critical Teliasonera Ab
Publication of WO2008099065A2 publication Critical patent/WO2008099065A2/en
Publication of WO2008099065A3 publication Critical patent/WO2008099065A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/30Managing network names, e.g. use of aliases or nicknames
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/30Types of network names
    • H04L2101/375Access point names [APN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/04Network layer protocols, e.g. mobile IP [Internet Protocol]

Definitions

  • the present invention relates to Mobile IP technology, and more particularly to of providing access to a requested service.
  • APN Access Point Name
  • GPRS General Packet Radio Service
  • 3GPP I-WLAN access networks 3GPP I-WLAN access networks.
  • APN refers to a definition of routing information to external networks, which routing information enables a user of a mobile terminal to request, besides service from a certain operator, also a specific service provided by the operator.
  • the APN consists of two parts; the Network ID, which identifies the external service requested by the user, and the Operator ID, which specifies routing information for SGSN (Serving GPRS Support Nodes) and GGSN (Gateway GPRS Support Nodes).
  • the Mobile IP technology has the serious disadvantage that it does not support the concept of the APN, but the responsibility for providing this is left for the underlying access network.
  • the user of the mobile terminal can never be sure that the used access network really supports the APN.
  • the Mobile IP standard provides for the possibility to identify the user during the registration process to such level that in addition to providing the Network Access Identifier NAI (i.e. the user identity used in the authentication procedure), it is also possible to inform the "realm" (e.g. an organisation) the user belongs to, this does not suffice to distinguish between different services of the realm.
  • NAI Network Access Identifier
  • a user of a certain realm may, for example, have access to several services of the realm, but e.g. due to security reasons these services must be kept separated from each other.
  • the current status of the Mobile IP technology is not sufficient in terms of distinguishing between different services and there exists a demand for a Mobile IP registration process, which includes a possibility to inform also the particular service or the target network the user wishes to access.
  • a method according to the invention is based on the idea of providing access to a requested service in a communication network configured to support Mobile IPv4 and/or Mobile IPv6 technology, the method comprising: transmitting, from a mobile node, a Mobile IP registration message to a home agent of the mobile node, said Mobile IP registration message including information about the user identity of the mobile node and at least one service requested by the mobile node; in response to detecting, by the home agent, said information in the Mobile IP registration message; authenticating the user of mobile node on the basis of said user identity of the mobile node; and granting access to the mobile node to the requested service, if successfully authorised on the basis of said information about at least one service requested by the mobile node.
  • the information about the user identity of the mobile node and at least one service requested by the mobile node is inserted in the Mobile IP registration message in a predetermined format.
  • the method further comprises: inserting the information about the user identity of the mobile node in a form of a Network Access Identifier (NAI); and inserting said information about at least one service requested by the mobile node as a prefix to said Network Access Identifier (NAI).
  • NAI Network Access Identifier
  • the method further comprises: inserting said Network Access Identifier (NAI) and said prefix in a Mobile Node Identifier Option Field of a mobility header as a Mobile Node NAI (MN- NAI) defined by RFC4283.
  • NAI Network Access Identifier
  • MN- NAI Mobile Node NAI
  • the method further comprises: inserting said Network Access Identifier (NAI) and said prefix in a Mobile Node NAI Extension Field as a Mobile Node NAI (MN-NAI) defined by RFC2794.
  • NAI Network Access Identifier
  • MN-NAI Mobile Node NAI Extension Field
  • the method further comprises: inserting the information about the user identity of the mobile node in a form of a Network Access Identifier (NAI); and inserting said information about at least one service requested by the mobile node in an option field dedicated for service definition.
  • NAI Network Access Identifier
  • the arrangement according to the invention provides significant advantages.
  • the most significant advantage is that the concept of the APN can be implemented in the Mobile IP environment totally independently of the underlying access network. Thus, the user of the mobile node does not have to consider it any longer, whether the used access network supports the APN.
  • the implementation alternatives remain the backward compatibility of the existing Home Agents.
  • a network node for providing access to a requested service, said network node being configured to support Mobile IPv4 and/or Mobile IPv6 technology and to operate as a home agent to at least one mobile node; receive, from the mobile node, a Mobile IP registration message including information about the user identity of the mobile node and at least one service requested by the mobile node; detect the presence of said information in the Mobile IP registration message; authenticate the user of mobile node on the basis of said user identity of the mobile node; and grant access to the mobile node to the requested service, if successfully authorised on the basis of said information about at least one service requested by the mobile node.
  • Fig. 1 shows a simplified example of a Mobile IP environment
  • Fig. 2 shows a signalling chart of according to an embodiment of the invention
  • Fig. 3 shows a network node according to an embodiment of the invention in a reduced block chart.
  • a Mobile IP environment 100 includes the internet 102 (or a WAN) over which a Mobile Node 104 can communicate remotely via mediation by a Home Agent 106.
  • the implementation of Mobile IPv4 typically also includes a Foreign Agent 108.
  • the Home Agent and Foreign Agent are routers or other network connection devices performing appropriate Mobile IP functions as implemented by software, hardware, and/or firmware.
  • a particular Mobile Node (e.g., a laptop computer) attached to its home network connects with the internet through its designated Home Agent.
  • the Mobile Node is always identified by its home address, regardless of its current point of attachment to the Internet.
  • a Mobile Node While situated away from its home (i.e. while roaming 110), a Mobile Node is also associated with a care-of-address, which provides information about its current point of attachment (i.e. the Foreign Agent) to the Internet.
  • the Mobile Node may also use a "co-located care-of address", which is an externally obtained local address, which the mobile node has associated with one of its own network interfaces.
  • the Mobile Node registers 112, 114 its care-of address with its Home Agent. Depending on its method of attachment, the Mobile Node will register either directly with its Home Agent, or through a foreign agent, which forwards the registration to the Home Agent. After registration, the Home Agent sends datagrams destined for the Mobile Node through a tunnel to the care-of address. After arriving at the end of the tunnel, each datagram is then delivered to the Mobile Node.
  • Mobile IP defines two different registration procedures, one via a Foreign Agent that relays the registration to the Mobile Node's Home Agent, and one directly with the Mobile Node's Home Agent. Both registration procedures involve the exchange of Registration Request 112 and Registration Reply 114 messages.
  • a Mobile Node registers with its Home Agent using a Registration Request message so that its Home Agent can create or modify a mobility binding for that Mobile Node (e.g. with a new lifetime).
  • the Request may be relayed to the Home Agent by the Foreign Agent through which the Mobile Node is registering, or it may be sent directly to the Home Agent in the case in which the Mobile Node is registering a co-located care-of address.
  • RFC3344 For a detailed description of registration procedures in Mobile IPv4, a reference is made to RFC3344.
  • RFC2794 (Calhoun & Perkins, March 2000), in turn, discloses a method, wherein the Mobile Node identifies itself, by including the Network Access Identifier (NAI) along with the Mobile IP Registration Request, when attempting to connect to foreign domains with AAA servers.
  • NAI Network Access Identifier
  • the method provides a valuable extension to Mobile IP, since AAA servers are in use within the Internet today to provide authentication and authorization services for dial-up computers, and AAA servers identify clients by using the NAI.
  • the Mobile IP protocol for Ipv6 has been described in RFC3775 (Johnson et al., June 2004), wherein the Home Agent generally advertises its address, which is obtained by a Mobile Node.
  • a specification of Proxy Mobile IPv6, especially the network side controlled IP mobility support for IPv6, is described in draft-sgundave- mip6-proxymip6 (Gundavelli, 2007).
  • the Mobile Node sends a Binding Update message to the Home Agent, which responds by sending a Binding Acknowledgement message to the Mobile Node.
  • the Home Agent creates a binding cache entry and a tunnel is established between the Mobile Node's care-of address and the Home Agent.
  • a Correspondent Node 116 sends 118 a packet to the Mobile Node, it is forwarded to the Mobile Node by the Home Agent via the tunnel 120 that has been established.
  • the Binding Update process in the Mobile IPv6 takes the place of the Registration process in the Mobile IPv4, but for the purpose of explaining the invention, the terms "registration process” and “registration message” are used hereinafter to refer to both of these processes.
  • RFC3775 For a detailed description of binding procedures in Mobile IPv6, a reference is made to RFC3775.
  • a mobility header option which enables the Mobile Node to include its Network Access Identifier (NAI) along with a registration message (e.g. the Binding Update message) when attempting to connect to foreign domains with AAA servers.
  • NAI Network Access Identifier
  • This mobility header option is disclosed RFC4283 (Patel et al, November 2005).
  • the Mobile Node For overcoming this limitation, it has now been invented an improved method for registering a Mobile Node with its Home Agent, whereby the registration itself enables selecting both a requested realm and a desired service within said realm.
  • the basic idea of the invention is that when the Mobile Node registers itself with its Home Agent, the Mobile Node inserts information about its user identity and the desired service, preferably in some predetermined format, into the registration message and sends the registration message to the Home Agent.
  • the Home Agent takes the role of the APN manager by first authenticating the user on the basis of the user identity information, and then authorising the user to the desired service.
  • the concept of the APN can advantageously be implemented in the Mobile IP environment totally independently of the underlying access network.
  • the management of the APN is enabled the Mobile IP Home Agent such that an advantage is taken of the fact that the NAI enables so-called prefix-based decoration; i.e. the user name portion of a NAI may include one or more options, separated by a separation mark (e.g. "!), used typically for identifying a further realm, as is disclosed in RFC4282.
  • this prefix option is used for identifying a particular service within the realm specified in the NAI. This embodiment is further illustrated by the example of Figure 2.
  • the Mobile Node (MN) of the user forms 200 a NAI in the format of imsiuser@realm.com.
  • the NAI is included in the Mobile Node Identifier Option Field of the mobility header as a MN-NAI, as required by RFC4283.
  • the Mobile Node transmits 202 the NAI to its Home Agent (HA), either directly or via one or more intermediate Foreign Agents (FA), whereby the user is authenticated 204 in each Agent on the basis of the NAI part user@realm.com, and finally the Home Agent (after having authenticated 204 the user) authorises 206 the user to use the service "ims" on the basis of the prefix "ims!.
  • "! is used as the separation mark, but also other separation mark, such as "%” can be deployed as long as they conform with the requirements of RFC4282.
  • the granted access to the requested service can be indicated in the registration reply message 208.
  • the Home Agent advantageously takes the role of an APN manager by the interpreting the prefix in appropriate manner (allowed by RFC4282) and the APN functionality can be implemented solely as Mobile IP based functionality, which is totally in line with the requirements of RFC4282.
  • the management of the APN is enabled for the Mobile IP Home Agent such that a further option field is defined for the Mobile IP registration request message, said further option field containing the identity of the required service.
  • this further option field type is "Service Option”. Since the usage of plain "Service Option" in the Mobile IP registration request message would not enable the identification of the requested service, it is therefore preferably defined that it is mandatory to use also the NAI, when the "Service Option" is used.
  • the Mobile Node of the user forms a regular NAI in the format of user@realm.com.
  • the NAI is included in the Mobile Node Identifier Option Field of the mobility header as a MN-NAI.
  • the Service Option field the name of the requested service is identified as "ims".
  • the Mobile Node transmits the Mobile IP registration request message containing the NAI and the Service Option field to its Home Agent, either directly or via one or more intermediate Mobile Agents.
  • the user is authenticated in each Agent on the basis of the NAI (user@realm.com), and possible intermediate Agents are configured to ignore the Service Option field.
  • the Home Agent After the Home Agent has authenticated the user, it checks the content of the Service Option field and authorises the user to use the service "ims". Likewise in accordance with the second embodiment, the Home Agent advantageously controls the APN provisioning by being configured to interpret the option field containing the identity of the required service in appropriate manner and the APN functionality can be implemented solely as Mobile IP based functionality.
  • the management of the APN is enabled for the Mobile IP Home Agent such that, instead of defining any new option fields for identifying the requested service, existing options are utilised for this purpose.
  • the IETF documents are utilised for this purpose.
  • Mobile IPv6 Extension for Configuration Options (draft-bharatia- mip6-gen-ext; Bharatia et al, June 2006), and “MIPv4 Extension for Configuration Options Exchange”, (draft-ietf-mip4-gen-ext; Bharatia et al, March 3, 2006) disclose mechanisms for providing the host configuration information during Mobile IPv6 Binding Update procedure or during Mobile IP registration, wherein one or more Configuration
  • the Configuration Option Extensions disclosed by both of said documents include, among other fields, a "Sub-Type” field and a "Config-Data” field.
  • a new value e.g. 2 or any other unused value
  • the "Sub-Type” field which value indicates that the following "Config-Data” field includes the name of the requested service.
  • the name of the service is inserted in the "Config-Data" field either in a predetermined format or as plain text.
  • the Home Agent may preferably be a server connected to an IP network. Accordingly, the server comprises, as illustrated in Fig. 3, memory MEM, a user interface Ul, I/O means I/O for arranging data transmission with other devices, and one or more central processing units CPU comprising at least one processor.
  • the memory MEM includes a non-volatile portion for storing the applications controlling the central processing unit CPU and other data to be stored and a volatile portion to be used for temporary data processing.
  • the functionalities of the invention are preferably implemented in the server as a computer program which, when executed in a central processing unit CPU, affects the server to implement procedures of the invention.
  • Functions of the computer program SW may be distributed to several separate program components communicating with one another.
  • the computer software may be stored into any memory means, such as the hard disk of a PC or a CD-ROM disc, from where it can be loaded into the memory of server.
  • the computer software can also be loaded through a network, for instance using a TCP/IP protocol stack.

Abstract

A method for providing access to a requested service in a communication network configured to support Client or Proxy based Mobile IPv4 and/or Client or Proxy based Mobile IPv6 technology,the method comprising: transmitting, from a mobile node, a Mobile IP registration message to a home agent of the mobile node, said Mobile IP registration message including information about the user identity of the mobile node and at least one service requested by the mobile node; in response to detecting, by the home agent, said information in the Mobile IP registration message; authenticating the user of mobile node on the basis of said user identity of the mobile node; and granting access to the mobile node to the requested service, if successfully authorised on the basis of said information about at least one service requested by the mobile node.

Description

MOBILE IP ACCESS TO A REQUESTED SERVICE
Field of the invention
The present invention relates to Mobile IP technology, and more particularly to of providing access to a requested service.
Background of the invention
The concept of Access Point Name (APN) is generally known in GPRS (General Packet Radio Service) networks, and also in 3GPP I-WLAN access networks. APN refers to a definition of routing information to external networks, which routing information enables a user of a mobile terminal to request, besides service from a certain operator, also a specific service provided by the operator. In the GPRS, the APN consists of two parts; the Network ID, which identifies the external service requested by the user, and the Operator ID, which specifies routing information for SGSN (Serving GPRS Support Nodes) and GGSN (Gateway GPRS Support Nodes).
Both Client and Proxy based Mobile IP technology has proven to become a promising platform for providing a user of a mobile terminal with a seamless mobility support between different communication networks. Its significance will be even more emphasized, when the 3rd generation (3GPP) and the future generation mobile networks are developed towards multi-access networks, which support Mobile IP technology and enable the same network services to be accesses via different access networks. Accordingly, network users may constantly move between different locations, and depending on their current location, they may gain network access from different network media, such as 802.1 1 WLAN, GPRS, and CDMA2000 wireless data connections, or simply through Ethernet-based wireline connection.
However, the Mobile IP technology has the serious disadvantage that it does not support the concept of the APN, but the responsibility for providing this is left for the underlying access network. Unfortunately, when moving around in multi-access network environment, the user of the mobile terminal can never be sure that the used access network really supports the APN.
Even though the Mobile IP standard (particularly RFC4282, RFC4283, RFC2794) provides for the possibility to identify the user during the registration process to such level that in addition to providing the Network Access Identifier NAI (i.e. the user identity used in the authentication procedure), it is also possible to inform the "realm" (e.g. an organisation) the user belongs to, this does not suffice to distinguish between different services of the realm. A user of a certain realm may, for example, have access to several services of the realm, but e.g. due to security reasons these services must be kept separated from each other. Thus, it is evident that the current status of the Mobile IP technology is not sufficient in terms of distinguishing between different services and there exists a demand for a Mobile IP registration process, which includes a possibility to inform also the particular service or the target network the user wishes to access.
Summary of the invention
Now there is invented an improved method and technical equipment implementing the method, by which the above problems are alleviated to great extent. Various aspects of the invention include a method, a network node and a computer program, which are characterized by what is stated in the independent claims. Various embodiments of the invention are disclosed in the dependent claims.
According to a first aspect, a method according to the invention is based on the idea of providing access to a requested service in a communication network configured to support Mobile IPv4 and/or Mobile IPv6 technology, the method comprising: transmitting, from a mobile node, a Mobile IP registration message to a home agent of the mobile node, said Mobile IP registration message including information about the user identity of the mobile node and at least one service requested by the mobile node; in response to detecting, by the home agent, said information in the Mobile IP registration message; authenticating the user of mobile node on the basis of said user identity of the mobile node; and granting access to the mobile node to the requested service, if successfully authorised on the basis of said information about at least one service requested by the mobile node.
According to an embodiment, the information about the user identity of the mobile node and at least one service requested by the mobile node is inserted in the Mobile IP registration message in a predetermined format.
According to an embodiment, the method further comprises: inserting the information about the user identity of the mobile node in a form of a Network Access Identifier (NAI); and inserting said information about at least one service requested by the mobile node as a prefix to said Network Access Identifier (NAI).
According to an embodiment, the method further comprises: inserting said Network Access Identifier (NAI) and said prefix in a Mobile Node Identifier Option Field of a mobility header as a Mobile Node NAI (MN- NAI) defined by RFC4283.
According to an embodiment, the method further comprises: inserting said Network Access Identifier (NAI) and said prefix in a Mobile Node NAI Extension Field as a Mobile Node NAI (MN-NAI) defined by RFC2794.
According to an embodiment, the method further comprises: inserting the information about the user identity of the mobile node in a form of a Network Access Identifier (NAI); and inserting said information about at least one service requested by the mobile node in an option field dedicated for service definition.
The arrangement according to the invention provides significant advantages. The most significant advantage is that the concept of the APN can be implemented in the Mobile IP environment totally independently of the underlying access network. Thus, the user of the mobile node does not have to consider it any longer, whether the used access network supports the APN. Furthermore, the implementation alternatives remain the backward compatibility of the existing Home Agents.
According to a second aspect, there is provided a network node for providing access to a requested service, said network node being configured to support Mobile IPv4 and/or Mobile IPv6 technology and to operate as a home agent to at least one mobile node; receive, from the mobile node, a Mobile IP registration message including information about the user identity of the mobile node and at least one service requested by the mobile node; detect the presence of said information in the Mobile IP registration message; authenticate the user of mobile node on the basis of said user identity of the mobile node; and grant access to the mobile node to the requested service, if successfully authorised on the basis of said information about at least one service requested by the mobile node.
These and other aspects of the invention and the embodiments related thereto will become apparent in view of the detailed disclosure of the embodiments further below.
List of drawings
In the following, various embodiments of the invention will be described in more detail with reference to the appended drawings, in which
Fig. 1 shows a simplified example of a Mobile IP environment;
Fig. 2 shows a signalling chart of according to an embodiment of the invention;
Fig. 3 shows a network node according to an embodiment of the invention in a reduced block chart.
Description of embodiments
In the following, the invention will be illustrated by referring briefly to the Mobile Node registration processes both in Mobile IPv4 and Mobile IPv6, and these processes are disclosed only to the extent considered necessary for understanding the invention.
An implementation of Mobile IP, especially the IP mobility support for IPv4, is described in RFC3344 (Perkins, August 2002) and shown in a simplified manner in Figure 1. A specification of Proxy Mobile IPv4, especially the network side controlled IP mobility support for IPv4, is described in draft-leung-mip4-proxy-mode (Leung, 2007). A Mobile IP environment 100 includes the internet 102 (or a WAN) over which a Mobile Node 104 can communicate remotely via mediation by a Home Agent 106. The implementation of Mobile IPv4 typically also includes a Foreign Agent 108. Typically, the Home Agent and Foreign Agent are routers or other network connection devices performing appropriate Mobile IP functions as implemented by software, hardware, and/or firmware. A particular Mobile Node (e.g., a laptop computer) attached to its home network connects with the internet through its designated Home Agent. The Mobile Node is always identified by its home address, regardless of its current point of attachment to the Internet. While situated away from its home (i.e. while roaming 110), a Mobile Node is also associated with a care-of-address, which provides information about its current point of attachment (i.e. the Foreign Agent) to the Internet. It is to be noted that instead of the "foreign agent care-of address", the Mobile Node may also use a "co-located care-of address", which is an externally obtained local address, which the mobile node has associated with one of its own network interfaces.
The Mobile Node registers 112, 114 its care-of address with its Home Agent. Depending on its method of attachment, the Mobile Node will register either directly with its Home Agent, or through a foreign agent, which forwards the registration to the Home Agent. After registration, the Home Agent sends datagrams destined for the Mobile Node through a tunnel to the care-of address. After arriving at the end of the tunnel, each datagram is then delivered to the Mobile Node.
As stated above, Mobile IP defines two different registration procedures, one via a Foreign Agent that relays the registration to the Mobile Node's Home Agent, and one directly with the Mobile Node's Home Agent. Both registration procedures involve the exchange of Registration Request 112 and Registration Reply 114 messages. A Mobile Node registers with its Home Agent using a Registration Request message so that its Home Agent can create or modify a mobility binding for that Mobile Node (e.g. with a new lifetime). The Request may be relayed to the Home Agent by the Foreign Agent through which the Mobile Node is registering, or it may be sent directly to the Home Agent in the case in which the Mobile Node is registering a co-located care-of address. For a detailed description of registration procedures in Mobile IPv4, a reference is made to RFC3344.
RFC2794 (Calhoun & Perkins, March 2000), in turn, discloses a method, wherein the Mobile Node identifies itself, by including the Network Access Identifier (NAI) along with the Mobile IP Registration Request, when attempting to connect to foreign domains with AAA servers. The method provides a valuable extension to Mobile IP, since AAA servers are in use within the Internet today to provide authentication and authorization services for dial-up computers, and AAA servers identify clients by using the NAI.
The Mobile IP protocol for Ipv6 has been described in RFC3775 (Johnson et al., June 2004), wherein the Home Agent generally advertises its address, which is obtained by a Mobile Node. A specification of Proxy Mobile IPv6, especially the network side controlled IP mobility support for IPv6, is described in draft-sgundave- mip6-proxymip6 (Gundavelli, 2007). In Mobile IPv6, there is no Foreign Agent, but an access router provides connectivity to the network. The Mobile Node sends a Binding Update message to the Home Agent, which responds by sending a Binding Acknowledgement message to the Mobile Node. The Home Agent creates a binding cache entry and a tunnel is established between the Mobile Node's care-of address and the Home Agent. When a Correspondent Node 116 sends 118 a packet to the Mobile Node, it is forwarded to the Mobile Node by the Home Agent via the tunnel 120 that has been established. Thus, the Binding Update process in the Mobile IPv6 takes the place of the Registration process in the Mobile IPv4, but for the purpose of explaining the invention, the terms "registration process" and "registration message" are used hereinafter to refer to both of these processes. For a detailed description of binding procedures in Mobile IPv6, a reference is made to RFC3775.
However, also in Mobile IPv6, there is defined a mobility header option, which enables the Mobile Node to include its Network Access Identifier (NAI) along with a registration message (e.g. the Binding Update message) when attempting to connect to foreign domains with AAA servers. This mobility header option is disclosed RFC4283 (Patel et al, November 2005).
Nevertheless, even with these extensions the Mobile IP technology, as such, does not support the concept of the APN. In terms of the APN, it is not sufficient that RFC4283 provides for the possibility to identify the user at the level of the NAI and the "realm" the user belongs to.
For overcoming this limitation, it has now been invented an improved method for registering a Mobile Node with its Home Agent, whereby the registration itself enables selecting both a requested realm and a desired service within said realm. The basic idea of the invention is that when the Mobile Node registers itself with its Home Agent, the Mobile Node inserts information about its user identity and the desired service, preferably in some predetermined format, into the registration message and sends the registration message to the Home Agent. In response to detecting this information in the registration message, the Home Agent takes the role of the APN manager by first authenticating the user on the basis of the user identity information, and then authorising the user to the desired service. Thus, the concept of the APN can advantageously be implemented in the Mobile IP environment totally independently of the underlying access network.
According to a first embodiment, the management of the APN is enabled the Mobile IP Home Agent such that an advantage is taken of the fact that the NAI enables so-called prefix-based decoration; i.e. the user name portion of a NAI may include one or more options, separated by a separation mark (e.g. "!"), used typically for identifying a further realm, as is disclosed in RFC4282. In this embodiment, this prefix option is used for identifying a particular service within the realm specified in the NAI. This embodiment is further illustrated by the example of Figure 2.
Let us suppose that the mobile user has an identity "user" and his home realm is "realm.com", and the user wishes to access a service "ims" within the home realm. Now, as a part of the initial network authentication process, the Mobile Node (MN) of the user forms 200 a NAI in the format of imsiuser@realm.com. In case of Mobile IPv6, the NAI is included in the Mobile Node Identifier Option Field of the mobility header as a MN-NAI, as required by RFC4283. The Mobile Node transmits 202 the NAI to its Home Agent (HA), either directly or via one or more intermediate Foreign Agents (FA), whereby the user is authenticated 204 in each Agent on the basis of the NAI part user@realm.com, and finally the Home Agent (after having authenticated 204 the user) authorises 206 the user to use the service "ims" on the basis of the prefix "ims!". In this example, "!" is used as the separation mark, but also other separation mark, such as "%" can be deployed as long as they conform with the requirements of RFC4282. The granted access to the requested service can be indicated in the registration reply message 208. Thus, the Home Agent advantageously takes the role of an APN manager by the interpreting the prefix in appropriate manner (allowed by RFC4282) and the APN functionality can be implemented solely as Mobile IP based functionality, which is totally in line with the requirements of RFC4282.
In case of Mobile IPv4, the procedure is otherwise similar to that described above, but the NAI is included in the Mobile Node NAI Extension Field as a MN-NAI, as required by RFC2794.
According to a second embodiment, the management of the APN is enabled for the Mobile IP Home Agent such that a further option field is defined for the Mobile IP registration request message, said further option field containing the identity of the required service. Let us denote this further option field type as "Service Option". Since the usage of plain "Service Option" in the Mobile IP registration request message would not enable the identification of the requested service, it is therefore preferably defined that it is mandatory to use also the NAI, when the "Service Option" is used.
Now, modifying the above example in accordance with this embodiment, for the purpose of sending the Mobile IP registration request message, the Mobile Node of the user forms a regular NAI in the format of user@realm.com. In case of Mobile IPv6, the NAI is included in the Mobile Node Identifier Option Field of the mobility header as a MN-NAI. Furthermore, in the Service Option field the name of the requested service is identified as "ims". The Mobile Node transmits the Mobile IP registration request message containing the NAI and the Service Option field to its Home Agent, either directly or via one or more intermediate Mobile Agents. The user is authenticated in each Agent on the basis of the NAI (user@realm.com), and possible intermediate Agents are configured to ignore the Service Option field. After the Home Agent has authenticated the user, it checks the content of the Service Option field and authorises the user to use the service "ims". Likewise in accordance with the second embodiment, the Home Agent advantageously controls the APN provisioning by being configured to interpret the option field containing the identity of the required service in appropriate manner and the APN functionality can be implemented solely as Mobile IP based functionality.
According to a third embodiment, the management of the APN is enabled for the Mobile IP Home Agent such that, instead of defining any new option fields for identifying the requested service, existing options are utilised for this purpose. For example, the IETF documents
"Mobile IPv6 Extension for Configuration Options", (draft-bharatia- mip6-gen-ext; Bharatia et al, June 2006), and "MIPv4 Extension for Configuration Options Exchange", (draft-ietf-mip4-gen-ext; Bharatia et al, March 3, 2006) disclose mechanisms for providing the host configuration information during Mobile IPv6 Binding Update procedure or during Mobile IP registration, wherein one or more Configuration
Options Exchange Extensions may be included in the registration message to provide the Mobile Node the configuration parameters needed for network service usage. The Configuration Option Extensions disclosed by both of said documents include, among other fields, a "Sub-Type" field and a "Config-Data" field. Now in accordance with this embodiment, a new value (e.g. 2 or any other unused value) should be assigned for the "Sub-Type" field, which value indicates that the following "Config-Data" field includes the name of the requested service. Then the name of the service is inserted in the "Config-Data" field either in a predetermined format or as plain text.
The Home Agent may preferably be a server connected to an IP network. Accordingly, the server comprises, as illustrated in Fig. 3, memory MEM, a user interface Ul, I/O means I/O for arranging data transmission with other devices, and one or more central processing units CPU comprising at least one processor. The memory MEM includes a non-volatile portion for storing the applications controlling the central processing unit CPU and other data to be stored and a volatile portion to be used for temporary data processing.
The functionalities of the invention are preferably implemented in the server as a computer program which, when executed in a central processing unit CPU, affects the server to implement procedures of the invention. Functions of the computer program SW may be distributed to several separate program components communicating with one another. The computer software may be stored into any memory means, such as the hard disk of a PC or a CD-ROM disc, from where it can be loaded into the memory of server. The computer software can also be loaded through a network, for instance using a TCP/IP protocol stack.
It is obvious that the present invention is not limited solely to the above- presented embodiments, but it can be modified within the scope of the appended claims.

Claims

Claims:
1. A method for providing access to a requested service in a communication network configured to support Client or Proxy based Mobile IPv4 and/or Client or Proxy based Mobile IPv6 technology, characterized by the method comprising transmitting, from a mobile node, a Mobile IP registration message to a home agent of the mobile node, said Mobile IP registration message including information about the user identity of the mobile node and at least one service requested by the mobile node; in response to detecting, by the home agent, said information in the Mobile IP registration message; authenticating the user of mobile node on the basis of said user identity of the mobile node; and granting access to the mobile node to the requested service, if successfully authorised on the basis of said information about at least one service requested by the mobile node.
2. The method according to claim 1 , characterized in that the information about the user identity of the mobile node and at least one service requested by the mobile node is inserted in the Mobile IP registration message in a predetermined format.
3. The method according to claim 1 or 2, characterized by the method further comprising: inserting the information about the user identity of the mobile node in a form of a Network Access Identifier (NAI); and inserting said information about at least one service requested by the mobile node as a prefix to said Network Access Identifier (NAI).
4. The method according to claim 3, characterized by the method further comprising: inserting said Network Access Identifier (NAI) and said prefix in a Mobile Node Identifier Option Field of a mobility header as a Mobile Node NAI (MN-NAI) defined by RFC4283.
5. The method according to claim 3, characterized by the method further comprising: inserting said Network Access Identifier (NAI) and said prefix in a Mobile Node NAI Extension Field as a Mobile Node NAI (MN-NAI) defined by RFC2794.
6. The method according to claim 1 or 2, characterized by the method further comprising: inserting the information about the user identity of the mobile node in a form of a Network Access Identifier (NAI); and inserting said information about at least one service requested by the mobile node in an option field dedicated for service definition.
7. The method according to claim 6, characterized by the method further comprising: inserting said Network Access Identifier (NAI) and said option field dedicated for service definition in a Mobile Node Identifier Option Field of a mobility header as a Mobile Node NAI (MN-NAI) defined by RFC4283.
8. The method according to claim 6, characterized by the method further comprising: inserting said Network Access Identifier (NAI) and said option field dedicated for service definition in a Mobile Node NAI Extension Field as a Mobile Node NAI (MN-NAI) defined by RFC2794.
9. The method according to claim 1 or 2, characterized by the method further comprising: inserting the information about the user identity of the mobile node in a form of a Network Access Identifier (NAI); and inserting said information about at least one service requested by the mobile node in an option field of a Configuration Options Exchange Extension.
10. A network node for providing access to a requested service, said network node being configured to support Client or Proxy based Mobile IPv4 and/or Client or Proxy based Mobile IPv6 technology and to operate as a home agent to at least one mobile node, characterized in that the network node is configured to receive, from the mobile node, a Mobile IP registration message including information about the user identity of the mobile node and at least one service requested by the mobile node; detect the presence of said information in the Mobile IP registration message; authenticate the user of mobile node on the basis of said user identity of the mobile node; and grant access to the mobile node to the requested service, if successfully authorised on the basis of said information about at least one service requested by the mobile node.
11. The network node according to claim 10, characterized in that the network node is configured to detect the information about the user identity of the mobile node from a Network Access Identifier (NAI); and detect said information about at least one service requested by the mobile node from a prefix to said Network Access Identifier
(NAI).
12. The network node according to claim 10, characterized in that the network node is configured to detect the information about the user identity of the mobile node from a Network Access Identifier (NAI); and detect said information about at least one service requested by the mobile node in an option field dedicated for service definition.
13. The network node according to claim 10, characterized in that the network node is configured to detect the information about the user identity of the mobile node from a Network Access Identifier (NAI); and detect said information about at least one service requested by the mobile node in an option field of a Configuration Options Exchange Extension.
14. A computer program product, stored on a computer readable medium and executable in a data processing device configured to support Client or Proxy based Mobile IPv4 and/or Client or Proxy based Mobile IPv6 technology and to operate as a home agent to at least one mobile node, for providing access to a requested service, characterized in that the computer program product comprises: a computer program code section for controlling the reception of a Mobile IP registration message, from the mobile node, said Mobile IP registration message including information about the user identity of the mobile node and at least one service requested by the mobile node; a computer program code section for detecting the presence of said information in the Mobile IP registration message; a computer program code section for authenticating the user of mobile node on the basis of said user identity of the mobile node; and a computer program code section for granting access to the mobile node to the requested service, if successfully authorised on the basis of said information about at least one service requested by the mobile node.
PCT/FI2008/050066 2007-02-16 2008-02-14 Mobile ip access to a requested service WO2008099065A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI20075110 2007-02-16
FI20075110A FI20075110L (en) 2007-02-16 2007-02-16 Mobile IP joined a requested service

Publications (2)

Publication Number Publication Date
WO2008099065A2 true WO2008099065A2 (en) 2008-08-21
WO2008099065A3 WO2008099065A3 (en) 2008-10-09

Family

ID=37832259

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2008/050066 WO2008099065A2 (en) 2007-02-16 2008-02-14 Mobile ip access to a requested service

Country Status (2)

Country Link
FI (1) FI20075110L (en)
WO (1) WO2008099065A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103220378A (en) * 2013-04-27 2013-07-24 杭州华三通信技术有限公司 Reporting method and equipment of unified certificated user IP (Internet Protocol)

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
"Numbering, Naming, Addressing and Identification for NGN; Draft ETSI ES 2XX XXX" ETSI STANDARDS, LIS, SOPHIA ANTIPOLIS CEDEX, FRANCE, no. V0.0.9, 1 January 2005 (2005-01-01), XP014031312 ISSN: 0000-0001 *
ABOBA MICROSOFT M BEADLES ENDFORCE J ARKKO ERICSSON P ERONEN NOKIA B: "The Network Access Identifier; rfc4282.txt" IETF STANDARD, INTERNET ENGINEERING TASK FORCE, IETF, CH, 1 December 2005 (2005-12-01), XP015043211 ISSN: 0000-0003 *
CALHOUN SUN MICROSYSTEMS LABORATORIES C PERKINS NOKIA RESEARCH CENTER P: "Mobile IP Network Access Identifier Extension for IPv4; rfc2794.txt" IETF STANDARD, INTERNET ENGINEERING TASK FORCE, IETF, CH, 1 March 2000 (2000-03-01), XP015008577 ISSN: 0000-0003 cited in the application *
KORHONEN U NILSSON TELIASONERA J: "Service Selection for Mobile IPv4; draft-korhonen-mip4-service-00.txt" IETF STANDARD-WORKING-DRAFT, INTERNET ENGINEERING TASK FORCE, IETF, CH, 15 February 2007 (2007-02-15), XP015050087 ISSN: 0000-0004 *
PATEL K LEUNG CISCO SYSTEMS M KHALIL H AKHTAR NORTEL NETWORKS K CHOWDHURY STARENT NETWORKS A: "Mobile Node Identifier Option for Mobile IPv6 (MIPv6); rfc4283.txt" IETF STANDARD, INTERNET ENGINEERING TASK FORCE, IETF, CH, 1 November 2005 (2005-11-01), XP015043212 ISSN: 0000-0003 cited in the application *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103220378A (en) * 2013-04-27 2013-07-24 杭州华三通信技术有限公司 Reporting method and equipment of unified certificated user IP (Internet Protocol)

Also Published As

Publication number Publication date
FI20075110A0 (en) 2007-02-16
FI20075110L (en) 2008-08-17
WO2008099065A3 (en) 2008-10-09

Similar Documents

Publication Publication Date Title
US7805754B2 (en) Communication method and apparatus using IP address of VPN gateway for mobile node in a VPN
US8671209B2 (en) Mobile terminal management system, network device, and mobile terminal operation control method used for them
JP5102836B2 (en) Network node and mobile terminal
EP1634422B1 (en) Method, system and apparatus to support hierarchical mobile ip services
US8701178B2 (en) Method and system for managing mobility of access terminal using proxy mobile internet protocol in a mobile communication system, and method for allocating home address of access terminal for the same
WO2006012511A1 (en) Methods and apparatus for achieving route optimization and location privacy in an ipv6 network
US20100040021A1 (en) Communication method, communication system, mobile node, proxy node, and management node
US20110271117A1 (en) User equipment (ue), home agent node (ha), methods, and telecommunications system for home network prefix (hnp) assignment
US7286510B2 (en) Method and apparatus for providing compatibility between elements of a wireless communication system
EP2288191B1 (en) Method for processing state switching information, mobile access gateway and mobile terminal
WO2010009654A1 (en) Method and apparatus for home agent redirect
CN101855882A (en) Mobile ip route optimization in ip version transition scenarios
US9596597B2 (en) Mobile security protocol negotiation
US20100241737A1 (en) Method and apparatus for address verification during multiple addresses registration
US8407764B2 (en) User authentication apparatus and method for supporting PMIPv6 in next generation networks
EP1946518A1 (en) Base station methods and apparatus for establishing connections
EP1990953B1 (en) A method and device for determining home agent attached by mobile node
WO2008099065A2 (en) Mobile ip access to a requested service
US20100027474A1 (en) Packet Communication Device
KR101588646B1 (en) System and method for authorizing in wireless communication system
WO2008151492A1 (en) Method for selecting mobile managing mode in wireless network
CN101198157A (en) Method for modifying local proxy of mobile node
US20080288616A1 (en) Apparatus and method for providing pdg information
EP1978684A1 (en) Handover method wireless packet transceiving equipment data exchange system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08718519

Country of ref document: EP

Kind code of ref document: A2

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08718519

Country of ref document: EP

Kind code of ref document: A2