Cryptography – Communication system using cryptography – Wireless communication
Reexamination Certificate
1999-01-08
2004-07-06
Morse, Gregory (Department: 2137)
Cryptography
Communication system using cryptography
Wireless communication
C380S259000, C713S153000, C713S155000, C713S160000, C713S168000, C709S218000, C709S219000, C709S227000, C709S241000, C455S432100, C455S433000, C455S435100
Reexamination Certificate
active
06760444
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to Mobile IP network technology. More particularly, the present invention relates to Mobile IP authentication.
2. Description of the Related Art
Mobile IP is a protocol which allows laptop computers or other mobile computer units (referred to as “Mobile Nodes” herein) to roam between various sub-networks at various locations—while maintaining internet and/or WAN connectivity. Without Mobile IP or related protocol, a Mobile Node would be unable to stay connected while roaming through various sub-networks. This is because the IP address required for any node to communicate over the internet is location specific. Each IP address has a field that specifies the particular sub-network on which the node resides. If a user desires to take a computer which is normally attached to one node and roam with it so that it passes through different sub-networks, it cannot use its home base IP address. As a result, a business person traveling across the country cannot merely roam with his or her computer across geographically disparate network segments or wireless nodes while remaining connected over the internet. This is not an acceptable state-of-affairs in the age of portable computational devices.
To address this problem, the Mobile IP protocol has been developed and implemented. An implementation of Mobile IP is described in RFC 2002 of the Network Working Group, C. Perkins, Ed., October 1996. Mobile IP is also described in the text “Mobile IP Unplugged” by J. Solomon, Prentice Hall. Both of these references are incorporated herein by reference in their entireties and for all purposes.
The Mobile IP process and environment are illustrated in FIG.
1
. As shown there, a Mobile IP environment
2
includes the internet (or a WAN)
4
over which a Mobile Node
6
can communicate remotely via mediation by a Home Agent
8
and a Foreign Agent
10
. Typically, the Home Agent and Foreign Agent are routers or other network connection devices performing appropriate Mobile IP functions as implemented by software, hardware, and/or firmware. A particular Mobile Node (e.g., a laptop computer) plugged into its home network segment connects with the internet through its designated Home Agent. When the Mobile Node roams, it communicates via the internet through an available Foreign Agent. Presumably, there are many Foreign Agents available at geographically disparate locations to allow wide spread internet connection via the Mobile IP protocol. Note that it is also possible for the Mobile Node to register directly with its Home Agent.
As shown in
FIG. 1
, Mobile Node
6
normally resides on (or is “based at”) a network segment
12
which allows its network entities to communicate over the internet
4
through Home Agent
8
(an appropriately configured router denoted R2). Note that Home Agent
8
need not directly connect to the internet. For example, as shown in
FIG. 1
, it may be connected through another router (a router R1 in this case). Router R1 may, in turn, connect one or more other routers (e.g., a router R3) with the internet.
Now, suppose that Mobile Node
6
is removed from its home base network segment
12
and roams to a remote network segment
14
. Network segment
14
may include various other nodes such as a PC
16
. The nodes on network segment
14
communicate with the internet through a router which doubles as Foreign Agent
10
. Mobile Node
6
may identify Foreign Agent
10
through various solicitations and advertisements which form part of the Mobile IP protocol. When Mobile Node
6
engages with network segment
14
, Foreign Agent
10
relays a registration request to Home Agent
8
(as indicated by the dotted line “Registration”). The Home and Foreign Agents may then negotiate the conditions of the Mobile Node's attachment to Foreign Agent
10
. For example, the attachment may be limited to a period of time, such as two hours. When the negotiation is successfully completed, Home Agent
8
updates an internal “mobility binding table” which specifies the care-of address (e.g., a collocated care-of address or the Foreign Agent's IP address) in association with the identity of Mobile Node
6
. Further, the Foreign Agent
10
updates an internal “visitor table” which specifies the Mobile Node address, Home Agent address, etc. In effect, the Mobile Node's home base IP address (associated with segment
12
) has been shifted to the Foreign Agent's IP address (associated with segment
14
).
Now, suppose that Mobile Node
6
wishes to send a message to a corresponding node
18
from its new location. An output message from the Mobile Node is then packetized and forwarded through Foreign Agent
10
over the internet
4
and to corresponding node
18
(as indicated by the dotted line “packet from MN”) according to a standard internet protocol. If corresponding node
18
wishes to send a message to Mobile Node—whether in reply to a message from the Mobile Node or for any other reason—it addresses that message to the IP address of Mobile Node
6
on sub-network
12
. The packets of that message are then forwarded over the internet
4
and to router R1 and ultimately to Home Agent
8
as indicated by the dotted line (“packet to MN(1)”). From its mobility binding table, Home Agent
8
recognizes that Mobile Node
6
is no longer attached to network segment
12
. It then encapsulates the packets from corresponding node
18
(which are addressed to Mobile Node
6
on network segment
12
) according to a Mobile IP protocol and forwards these encapsulated packets to a “care of” address for Mobile Node
6
as shown by the dotted line (“packet to MN(2)”). The care-of address may be, for example, the IP address of Foreign Agent
10
. Foreign Agent
10
then strips the encapsulation and forwards the message to Mobile Node
6
on sub-network
14
. The packet forwarding mechanism implemented by the Home and Foreign Agents is often referred to as “tunneling.”
During registration of a mobile node with its Home Agent, the identities of the sending party of the registration request (e.g., mobile node) and the sending party of the registration reply (e.g., Home Agent) are authenticated. During the registration process, a Mobile-Home Authentication Extension is typically appended to both the registration request and the registration reply. Upon receipt of the registration request by the Home Agent and the registration reply by the mobile node, the identity of the sending party is authenticated through the application of the Mobile-Home Authentication Extension.
RFC 2002 specifies the packet format for both the registration request and the registration reply packets that are sent between the mobile node and the Home Agent. As shown in
FIG. 2
, a registration request packet
202
and registration reply packet
204
both include a mandatory Mobile-Home Authentication Extension
206
. More specifically, the mandatory Mobile-Home Authentication Extension
206
includes a type field
208
, a length field
210
, a security parameter index (SPI) field
212
, and an authenticator
214
. The type field
208
indicates the type of the extension (i.e., Mobile-Home Authentication Extension) and the length field
210
indicates the length of the extension (e.g., bytes). The Security Parameter Index
212
is an identifier which specifies a security association, or “row” in a security-association table, that a receiver should use to interpret a received packet. The security-association, described in further detail below, defines the key and the algorithm to be applied during the authentication process. Both the registration request packet
202
and the registration reply packet
204
include a protected area
216
which includes the registration request
202
/registration reply
204
, the type field
208
, the length field
210
, and the security parameter index (SPI) field
212
. Both the mobile node and the Home Agent have access to the same secret key, provided by the security-association, which is used to hash this pr
Beyer Weaver & Thomas LLP
Callahan Paul E.
Cisco Technology Inc.
Morse Gregory
LandOfFree
Mobile IP authentication does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Mobile IP authentication, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Mobile IP authentication will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3216210