KR20080068700A - Wireless terminal methods and apparatus for establishing connections - Google Patents

Abstract

Methods and apparatus for establishing communication links are provided that are used to support communication sessions with one or more end nodes, such as mobile devices. Various features relate to a mobile node that controls the establishment of initial links to a first access node and the establishment of new links from a first access node to a second access node during handoff operation using highly efficient messages and signals. .

Description

WIRELESS TERMINAL METHODS AND APPARATUS FOR ESTABLISHING CONNECTIONS

The present invention relates to methods and apparatus for establishing connections in a communication system, more particularly wireless, such as cellular, communication networks.

Communication systems often include a plurality of network nodes where end nodes, such as mobile devices, are connected to access nodes that are connected to a network. The network nodes may be arranged hierarchically. Access Authentication and Authorization (AAA) servers are nodes that are typically placed relatively higher up in the network hierarchy. They typically provide information used for security and access control purposes. Access nodes often have a secure link with the AAA server in cases where such servers are used. The secure link may pass through one or more nodes in the hierarchy.

Operators typically manage access sessions in IP networks using the RADIUS protocol and associated RADIUS AAA servers. In the future, AAA systems may be based on new protocols such as DIAMETER. In a system using a RADIUS AAA server, when a user attempts to gain access to an operator network, during the duration of an access session, the local access router may have one or more RADIUS Access-Requests. Is issued to an Authentication Server to authenticate the user based on an identity, such as a Network Access Identifier (NAI). The AAA database typically stores the identities of those users who are allowed to access the system along with service features that can be invoked. When the user is successfully authenticated, the access port on the access device is configured with a policy state that conforms to the user's service authorization. Service authorization is typically delivered by the authorization server to the access router via RADIUS. While authorized, the service usage during an access session is recorded by the access router and using Accounting-Request messages in the RADIUS protocol as accounting records. Is sent to. The billing server may be part of the AAA server or may be an independent server using the same protocol as the authorization server. If the user is connected to multiple access routers during a single session, the multiple sessions need to be collected at the billing servers.

AAA systems are typically used in conjunction with Mobile IP to manage IP address assignments (HoAs), dynamically assign HAs, distribute MN profiles to the access router and also authenticate MIP messages and wireless- Distribute security keys to secure the air-link. Mobile Nodes (end nodes that can change the point of network attachment) typically send MIP messages to gain access to the system, which triggers an AAA request to trigger the mobile Authenticate and authorize the node. An AAA MN profile and security status are then passed from the AAA system to the access router to control the services used by the MN.

MNs can change their network attachment point, for example as they move from one cell to another. This involves changing the point of attachment of the MNs from a first access node, such as a first router, to a second access node, such as a second router. This process is commonly known as handoff. As part of the handoff, the CoA / CCoA of the MN needs to be updated and delivered to the HA using MIP signaling so that packets are redirected to the MN through the new access router. As part of the handoff process, it is necessary to convey to the new access router at least some of the state information of the first access router corresponding to the MN involved in the handoff so that the MN service is not interrupted. This process is referred to as state transfer. Status propagation may include, for example, delivery of AAA profile information previously delivered to an AR via RADIUS, where the MN access session is initiated. This also includes, for example, radio-link security vectors, MN-NAI, MN IP address, MN-EUI-64, remaining MIP Registration Lifetime, MN multicast group membership, admission control status, Of many other potential items of resource reservation status, diff-serv status, SIP session status, compressor status, MN scheduling history and / or MN specific AR status information. May include delivery.

In at least one known system, the transfer of state information during handoff may include sending a state transfer message by a new access node to which the mobile node is connecting to an old access node to which the mobile node was connected via a communication network. By sending. In response, the old access node forwards state information to the new access node. Alternatively, the core node is used to store state associated with a given mobile node. When the mobile node is about to move to another target access node, the target access node may retrieve the state associated with the mobile node from the core node.

Mobile IP, also known as MIPv4 [MIPv4] and MIPv6 [MIPv6] (versions 4 and 6), allows the mobile node (MN) to provide a care-of-address, for its agent (Home Agent, HA). Allows you to register at your temporary location as indicated by CoA). The HA then intersects the permanent addresses of the MNs (other than home addresses) so that packets destined for the MNs can be redirected to their current location using IP encapsulation techniques (tunneling). Maintain a mapping (also called binding) of Home Address, HoA) and registered CoA). The CoA used by the MN may be an address belonging to a foreign agent (FA) within an access router when MIPv4 is used or may be an address temporarily assigned to the MN itself, from an access router prefix. In this case, it is called a collocated care-of address (CCOA). The latter model also applies to MIPv4 while this is a dedicated mode of operation in MIPv6. For the purposes of this specification the terms CCoA and CoA as well as Binding Update (BU) are interchangeable because they are the corresponding terms for MIPv4 and MIPv6.

The smallest possible MIPv4 compliant registration request message includes at least the following headers and fields.

IP header (at least 160 bits long)

UDP header (at least 64 bits long)

The UDP header is followed by the mobile IP as shown below: (at least 192 bits long)

Type 1 (registration request)

S simultaneous bindings. If this 'S' bit is set, the mobile node is requesting the home agent to maintain previous mobility bindings.

B broadcast datagrams. When this 'B' bit is set, the mobile node requests the home agent to tunnel any broadcast datagrams received on the home network to it.

D Decapsulation by mobile node. If this 'D' bit is set, the mobile node will decapsulate datagrams sent to the sub-address. In other words, the mobile node is using a co-located sub-address.

M minimum encapsulation. When this 'M' bit is set, the mobile node requests its home agent to use minimal encapsulation [34] for datagrams tunneled to the mobile node.

G GRE encapsulation. When this 'G' bit is set, the mobile node requests its home agent to use GRE encapsulation [16] for datagrams tunneled to the mobile node.

r transmitted as zero; Ignored on receipt.

T Reverse Tunneling requested;

x sent as zero; Ignored on receipt.

Lifetime

The number of seconds remaining before the registration is considered expired. A zero value indicates a request for deregistration. A value of 0xffff indicates infinity.

Home Address

IP address of the mobile node.

Home agent

IP address of the mobile agent's home agent

Care-of Address

IP address of the end of the tunnel

Identification

64-bit number, constructed by the mobile node, used to match registration requests with Registration Reply, and to protect against replay attacks of registration messages.

Extensions (at least 176 bits long)

One or more extensions follow the fixed portion of the registration request.

Authorization-enabling extensions must be included in all registration requests.

Type

32

Length

4 plus number of bytes in the authenticator.

SPI

Security Parameter Index (4 bytes). Opaque identifier.

Authenticator

The default authentication algorithm uses HMAC-MD5 to calculate the 128-bit "message digest" of the registration message.

Authenticator Extension

Type

32

Length

4 plus number of bytes in authenticator.

SPI

Security parameter index (4 bytes). Opaque identifier.

Certifier

The default authentication algorithm uses HMAC-MD5 to calculate the 128-bit "message digest" of the registration message.

The minimum possible MIPv4 compliant registration request message presented above is 592 bits long which may result in inefficient use of resources when to be transmitted over the radio link for registration and handoff purposes. Note that the actual MIPv4-compatible registration request messages are actually significantly larger than the calculated minimum, but the minimum is used for explanation.

The minimum possible MIPv4 compliant Registration response message includes at least the following headers and fields.

IP header (at least 160 bits long)

UDP header (at least 64 bits long)

Followed by the Mobile IP fields shown below in the UDP header; (At least 160 bits long)

Type 3 (Registration Reply)

Code A value indicating the result of a registration request.

Lifetime

If the code field indicates that the registration has been approved, the lifetime field is set to the number of seconds remaining before the registration expires. A value of zero indicates that the mobile node has been deregistered. A value of 0xffff means infinity.

Home Address

IP address of the mobile node.

Home Agent

IP address of the home agent of the mobile node.

Identification

64-bit number used to match registration requests with registration responses and to protect against replay attacks of registration messages.

Extensions (at least 176 bits long)

One or more of the extensions follow a fixed portion of the registration response.

Authorization-enabling extension must be included in all registration responses.

Authenticator Extension

Type

32

Length

4 plus number of bytes in authenticator

SPI

Security Parameter Index (4 bytes). Opaque identifier.

Authenticator

The default authentication algorithm uses HMAC-MD5 to calculate the 128-bit "message digest" of the registration message.

The smallest possible MIPv4-compatible registration response message shown is 560 bits long, which can cause inefficient use of resources when it must be sent over the wireless link for registration and handoff purposes. Note that although typical MIPv4 registration response messages are actually significantly larger than the calculated minimum, the minimum is used for illustrative purposes.

It is also well known to those skilled in the art that the minimum possible Mobile IPv6 (MIPv6) compatible binding updated (equivalent to the MIPv4 registration request) is greater than the minimum possible MIPv4 compatible registration request message. Note that there is. Finally, it is well known to those skilled in the art that the minimum possible Mobile IPv6 (MIPv6) compliant binding Ack (equivalent to the MIPv4 registration response) is larger than the minimum possible MIPv4 compatible registration response message.

In the above discussion, a novel method for implementing the establishment of network links for access nodes in mobile node initial registration with the network, handoff to a new access node, or in other cases when the mobile node enters a new cell It is clear that there is a need for more efficient methods.

The present invention is directed to methods and apparatus for establishing connections between wireless terminals and access nodes.

Various methods and apparatus of the present invention may be used to establish communication links with one or more mobile nodes. Established links may be used to support communication sessions with one or more end nodes, such as mobile devices.

Various new features relate to mobile node methods that control the establishment of initial links to a first access node. Other features relate to the establishment of a new link as part of the mobile node handoff from the first access node to the second access node during handoff operation using highly efficient messages and signals.

In accordance with various embodiments of the present invention, highly efficient messages, messages much shorter than mobile IPv4 or IPv6 messages used to perform similar tasks, are often created, used and stored.

While some features relate to wireless terminal methods and apparatus, along with the novel messages of the present invention stored at the wireless terminal, other features relate to access node methods and apparatus.

The invention also relates to data storage devices, such as memory devices, which store one or more novel messages of the invention.

Additional features and advantages of the invention are discussed in the examples that follow.

1 shows a network diagram of an exemplary communication system implemented in accordance with the present invention.

2 illustrates an exemplary end node implemented in accordance with the present invention.

3 illustrates an exemplary access node implemented in accordance with the present invention.

4 illustrates an exemplary Server Node implemented in accordance with the present invention.

5 illustrates an exemplary Home Agent implemented in accordance with the present invention.

6 illustrates an exemplary reduced size IP registration message implemented in accordance with the present invention.

7 illustrates an exemplary reduced size IP registration response message implemented in accordance with the present invention.

8 illustrates exemplary signaling performed in accordance with the present invention when an end node transitions from one access node to another.

The methods and apparatus of the present invention for establishing link and network connections to one or more end nodes, such as access nodes used to support communication sessions with mobile devices, can be used with various communication systems. . For example, the present invention can be used with systems that support mobile communication devices such as notebook computers equipped with modems, PDAs, and various other devices that support wireless interfaces for device mobility. .

1 illustrates an exemplary communication system 100, such as a cellular communication network, implemented in accordance with the present invention, which includes a plurality of nodes interconnected by communication links. Nodes within the exemplary communication system 100 exchange information using signals, such as messages, based on communication protocols, such as the Internet Protocol (IP). The communication links of the system 100 may be implemented using, for example, wired, fiber optic cables, and / or wireless communication technologies. The exemplary communication system 100 includes a plurality of end nodes 144, 146, 144 ′, 146 ′, 144 ″, 146 ″, which are a plurality of access nodes 140, 140 ′, 140. '') To access the communication system. The end nodes 144, 146, 144 ′, 146 ′, 144 ″, 146 ″ may be, for example, wireless communication devices or terminals, and the access nodes 140 ′, 140 ′, 140 ″ ) May be, for example, radio access routers or base stations. The example communication system 100 also includes a number of other nodes 104, 106, 109, 110, and 112, which are used to provide interconnection or provide particular services or functions. In particular, the exemplary communication system 100 includes a server 104 that is used to support the transfer and storage of states belonging to end nodes. Server node 104 may be an AAA server, or may be a context transfer server, or may be a server that includes both AAA server functionality and context transfer server functionality.

The example system 100 of FIG. 1 illustrates a network 102 that includes a server 104, a home agent node 109, and a node 106, all of which correspond to corresponding network links 105, 108, and 107, respectively, is connected to an intermediate network node 110. The intermediate network node 110 in the network 102 also provides interconnection to network nodes that are external from the perspective of the network 102 via the network link 111. The network link 111 is connected to the other intermediate network node 112, which is via the network links 141, 141 ′, 141 ″, respectively, a plurality of access nodes 140, 140 ′, 140 ″. Provides additional connectivity to.

Each access node 140, 140 ′, 140 ″, respectively, via a plurality of corresponding access links 145, 147, 145 ′, 147 ′, 145 ″, 147 ″, respectively, Is shown as providing connectivity for the N end nodes 144, 146 ', 144', 146 ', 144 ", 146 " In the example communication system 100, each access node 140, 140 ′, 140 ″ is shown as providing access using wireless technology, such as wireless access links. The wireless coverage areas, e.g., communication cells 148, 148 ', 148 " of each access node 140, 140', 140 ", are respectively shown as circles surrounding the corresponding access node.

The exemplary communication system 100 is then used as a basis for the description of various embodiments of the present invention. Alternative embodiments of the present invention include various network topologies, where the number and type of network nodes, the number and type of access nodes, the number and type of end nodes, the number and type of servers and home or other agents, and the links. Number and type, and interconnectivity between nodes may differ from the exemplary communication system 100 shown in FIG.

In various embodiments of the present invention, some of the functional entities shown in FIG. 1 may be omitted or combined. The location or placement of these functional entities in the network may also change.

2 provides a detailed illustration of an exemplary end node 200, such as a mobile node, implemented in accordance with the present invention. The example end node 200, shown in FIG. 2, may be used as any one of the end nodes 144, 146, 144 ′, 146 ′, 144 ″, 146 ″, shown in FIG. 1. Detailed representation of the device. In the FIG. 2 embodiment, the end node 200 includes a processor 204, a wireless communication interface 230, a user input / output interface 240, and a memory 210 that are connected together by a bus 206. do. Thus, various components of the end node 200 via the bus 206 may exchange information, signals, and data. The components 204, 206, 210, 230, 240 of the end node 200 are located inside the housing 202.

Wireless communication interface 230 provides a mechanism by which internal components of end node 200 can transmit and receive signals to / from external devices and network nodes, such as access nodes. Wireless communication interface 230 is used to connect the end node 200 with other network nodes, eg, via wireless communication channels, eg, receiver circuit 232 with corresponding receive antenna 236 and corresponding. Transmitter circuitry 234 having a transmit antenna 238.

The example end node 200 also includes a user input device 242, such as a keypad, and a user output device 244, such as a display, which are connected to the bus 206 via the user input / output interface 240. Connected. Thus, user input / output devices 242, 244 can exchange information, signals, and data with other components of end node 200 via user input / output interface 240 and bus 206. . The user input / output interface 240 and associated devices 242 and 244 provide a mechanism by which the user can operate the end node 200 to perform various tasks. In particular, the user input device 242 and the user output device 244 allow the user to execute modules, programs, routines, executing in the memory of the end node 200 and applications, such as the end node 200. And / or provide functionality to control functions.

The processor 204, which is included in the memory 210, under the control of various modules, such as routines, controls the operation of the end node 200 to perform various signaling and processing as discussed below. Modules included in memory 210 are executed at startup or when called by other modules. Modules may exchange data, information, and signals when executed. Modules can also share data and information at runtime. In the FIG. 2 embodiment, the memory 210 of the end node 200 of the present invention includes a signaling / control module 212 and signaling / control data 214.

The signaling / control module 212 controls processing related to receiving and transmitting signals, such as messages, for signal generation and state information storage, retrieval, and management of processing. The messages stored in the memory 210 include a connection request message 610, a connection response message 660, an IP registration message 800, and an IP registration response message 900. Messages 800 and 900 may be reduced to messages of the present invention, such as small size, that are smaller than conventional mobile IPv4 and / or v6 messages. The messages stored in memory may be messages generated and / or received. The messages will be discussed in more detail below. Signaling / control data 214 includes status information related to the operation of the end node, such as parameters, status and / or other information. In particular, signaling / control data 214 may include configuration information 216 such as end node identification information and operational information 218 such as current processing state, pending. It may include information about the status (status), etc. of the responses in progress. The module 212 may access and / or modify data 214, such as updating the configuration information 216 and / or operation information 218.

3 provides a detailed illustration of an example access node 300 implemented in accordance with the present invention. The example access node 300, shown in FIG. 3, is a detailed representation of an apparatus that may be used as any one of the access nodes 140, 140 ′, 140 ″ shown in FIG. 1. In the FIG. 3 embodiment, the access node 300 is a processor 304, a memory 310, a network / internetwork interface 320 and a wireless communication interface 330 that are connected together by a bus 306. It includes. Thus, various components of access node 300 via bus 306 may exchange information, signals, and data. The components 304, 306, 310, 320, 330 of the access node 300 are located inside the housing 302.

Network / internet interface 320 provides a mechanism by which internal components of access node 300 can transmit and receive signals to / from external devices and network nodes. The network / internet interface 302 includes receiver circuitry 322 and transmitter circuitry 324 used to connect the node 300 to other network nodes, eg, via copper wire or fiber optic lines. do. Wireless communication interface 330 also provides a mechanism by which internal components of access node 300 can transmit and receive signals to / from external devices and network nodes, such as end nodes. The wireless communication interface 330 includes, for example, a receiver circuit 332 with a corresponding receive antenna 336 and a transmitter circuit 334 with a corresponding transmit antenna 338. Interface 330 is used to connect the access node 300 with other network nodes, eg, via wireless communication channels.

The processor 304, which is included in the memory 310, under the control of various modules, such as routines, controls the operation of the access node 300 to perform various signaling and processing. Modules included in memory 310 are executed at startup or in response to a call by other modules that may be in memory 310. Modules may exchange data, information, and signals at run time. Modules can also share data and information at runtime. In the FIG. 3 embodiment, the memory 310 of the access node 300 of the present invention includes a state management module 312 and a signaling / control module 314. Also corresponding to each of these modules, memory 310 includes state management data 313 and signaling / control data 315. The messages stored in the memory 310 include a connection request message 610, a connection response message 660, an IP registration message 800, and an IP registration response message 900. Messages 800 and 900 may be reduced to messages of the present invention, eg, small size, which are smaller than conventional mobile IPv4 and / or v6 messages. Memory 310 also includes a mobile IPv4 and / or mobile IPv6 registration message 680. The messages stored in the memory may be messages generated and / or received. The messages will be discussed in more detail below.

State management module 312 controls the processing of signals received from end nodes or other network nodes with respect to state storage and retrieval. State management data 313 includes, for example, end-node related information such as state or part of the state, or the location of the current end node state if stored in some other network node. State management module 312 may access and / or modify the state management data 313.

The signaling / control module 314 may, as needed for other operations, such as basic wireless functionality, network management, etc., to / from end nodes via the wireless communication interface 330, and a network / internet interface ( Control the processing of signals to / from other network nodes via 320. Signaling / control data 315 includes, for example, end-node related data regarding radio channel assignments for basic operations, and other network-related data such as addresses of support / management servers, configuration information for basic network communications. . The signaling / control module 314 can access and / or modify the signaling / control data 315.

4 provides a detailed illustration of an exemplary server node 400 implemented in accordance with the present invention. The example server node 400, shown in FIG. 4, is a detailed representation of an apparatus that may be used as the server 104 shown in FIG. 1. In the FIG. 4 embodiment, the server node 400 includes a processor 404, a memory 410, a network / internet interface 420, which are connected together by a bus 406. Thus, various components of the access node 400 via the bus 406 may exchange information, signals, and data. The components 404, 406, 410, 420 of the access node 400 are located in the housing 402.

Network / internet interface 420 provides a mechanism by which internal components of server node 400 can send and receive signals to / from external devices and network nodes. The network / internet interface 420 includes a receiver circuit 422 and a transmitter circuit 424 used to connect the node 400 with other network nodes, such as via copper wires or fiber optic lines.

The processor 404 under the control of various modules, such as routines, included in the memory 410 controls the operation of the server 400 to perform various signaling and processing. Modules included in memory 410 are executed at startup or in response to a call by other modules that may be in memory 410. In the FIG. 4 embodiment, the memory 410 of the server 400 of the present invention includes a core state management module 412 and core state management data 413, and an AAA module 415.

The core state management module 412 controls the processing of signals received from other servers, access nodes, or network nodes with respect to state storage and retrieval. The core state management data 413 includes, for example, end-node state information. The core state management module 412 may access and / or change the core state management data 413.

The AAA module 415 performs operations pertaining to authentication, authorization, and accounting.

5 illustrates an exemplary home agent node 500 implemented in accordance with the present invention. Exemplary home agent node 500 may be used in the system of FIG. 1, eg, as home agent node 109 serving a home agent. In the FIG. 5 embodiment, the home agent node 500 includes an input / output interface 501, a processor 503 and a memory 507, which are connected together by a bus 502. The elements 501, 502, 503 and 507 of the home agent node 500 are represented by a plastic, represented by a rectangle surrounding the housing 508, such as the inner elements 501, 502, 503 and 507 of the node. And / or located inside a metal case. Thus, various components of the access node 500 via the bus 502 may exchange information, signals, and data. Input / output interface 501 includes circuitry used to connect the node 500 to, for example, fiber optic lines, to other network nodes, and potentially to end nodes, for example, via wireless communication channels. .

The processor 503, under the control of various modules, such as routines, included in the memory 507 controls the operation of the home agent node 500 to perform the various signaling, routing, and other operations discussed below. Modules included in memory 507 are executed at startup or in response to a call by other modules. Modules may exchange data, information, and signals at run time. Modules can also share data and information at runtime. In the FIG. 5 embodiment, the memory 507 of the home agent node 500 of the present invention is, for example, associated with parameters, communication session and / or end node state information, security information, and / or access node and / or other apparatus. A mobility agent module 506 containing end node interactions and / or other information related to the communication. The mobility agent module 505 also includes an end node specific state that includes mappings between the end node's home address and care-of addresses.

The mobility agent module 506 allows the node 500 to support end node mobility and connectivity management services. Thus, home agent node 500 may provide node mobility, session establishment, and session maintenance services to connected end nodes. The mobility agent module 506 can be implemented in a number of ways. In the FIG. 5 embodiment this is implemented as a collection of sub-modules. As shown, the mobility agent module 506 includes a mobile IPv4 sub-module 505 and a mobile IPv6 sub-module 504. By including sub modules 505 and 504, the mobility agent module 506 can support multiple versions of mobile IP signaling, including mobile IPv4 and mobile IPv6. In various embodiments, the mobility agent module 506 includes a subset of the sub-modules 505 and 504 shown in FIG. 5. For example, in embodiments where mobile IPv6 is not required, the mobile IPv6 home agent sub-module 504 may be omitted.

6 illustrates an exemplary reduced size IP registration message 800 implemented in accordance with the present invention. As shown in the present invention, although sufficient for the purpose of setting up network layer connectivity and redirecting mobile IP tunnels, the message 800 is the minimum possible mobile IPv4 compatible registration presented in the background art. It is smaller than the request message. Exemplary reduced site IP registration message 800 is: Message Type field 810, Reserved field 820, "D" (Deregistration) field 830, "I" ( Initial) field 840, Message Identifier 850, and optional extensions 860 of zero or more.

The message type field 810 contains a value that identifies the message as a reduced size IP registration message. In some embodiments of the present invention, the message type field value identifies the message as a Mobility Management Protocol message referred to as an L3 RegistrationRequest message.

Reserved field 820 is reserved for future use. In one embodiment of the present invention, the value of the reserved field 820 is set to zero by the sender and ignored by the receiver.

The "D" (unregister) field 830 contains a value indicating whether this message is sent to register with the network layer or to deregister from a previously registered network layer.

The "I" (initial) field 840 contains a value indicating whether this message is an initial registration message for this network layer or a later registration for a previously established network layer.

The message identifier 850 includes a value that distinguishes the message 800 from at least another message of the same type (message 800) sent before the message. In some exemplary embodiments of the present invention, the message identifier field 850 takes the value of a monotonically increasing sequence number. In exemplary embodiments of the present invention, the message identifier field 850 takes the value of a timestamp. In still other exemplary embodiments of the present invention, the message identifier field 850 is configured in part by a sequence number and partly by a timestamp.

Zero or more optional extensions 860 may be included that may include various additional parameters. In some exemplary embodiments of the present invention such extensions are target access node identifier extensions that identify the access node to which the message 800 is sent (eg, to the target access node 530 of FIG. 8). Identifier extension 870, the access node to which the end node transmitting the message 800 (eg, end node 510 of FIG. 8) was last connected at the network layer (eg, to access node 520 of FIG. 8). End access node identification extension 880, and authentication extension 8900 for authenticating message 800. In some exemplary embodiments of the invention each of the extensions 870 and 880 may include at least a type field (a value identifying the type of the extension), a length field (a value identifying the length of the extension) and an identifier field ( A value identifying one of the target access node and the final access node. In some such embodiments of the invention the authenticator extension 890 may include at least a type field (a value identifying the type of the extension), a length field (a value identifying the length of the extension) and an authenticator field (the message). Cryptographically authenticated value); The authentication field value is calculated based on a key shared between the sender and the receiver. In some such embodiments of the present invention, the final access node identification extension 880 is not included when the value of the "I" field 840 indicates that the message 800 is an initial registration, while the last access node identification extension is not included. 880 is included when the value of the "I" field 840 indicates that the message 800 is an initial registration. In some embodiments of the present invention, the authenticator extension 890 is an optional extension, which may be omitted from the message 800. Various combinations of optional extensions are possible, in accordance with various embodiments of the present invention including zero, one, two, or three extensions 890.

In an exemplary embodiment of the present invention, the message type field 810 is 8 bits long, the reservation field 820 is 14 bits long, the "D" field 830 is a 1 bit long flag, and Field 840 is a one-bit length flag, and message identifier 850 consists of a 16-bit sequence number and a 32-bit timestamp. In the same embodiment of the invention, when the optional extensions, target access node identifier 870 and final access node identifier 880 are included in the message 800, each of the 8 bit type field, the 8 bit length field And up to 64-bit identifiers. In the same embodiment of the present invention, when an optional authenticator extension 890 is included in the message 800, it consists of an 8 bit type file, an 8 bit length field and a maximum of 64 bit authenticators. In the same embodiment of the present invention, the maximum length of the reduced size IP registration message 800 is 312 bits which is significantly smaller than the minimum possible MIPv4 registration request message, which is shown to be 592 bits long in the background art section.

7 illustrates an exemplary reduced size IP registration response message 900 implemented in accordance with the present invention. Although sufficient to set up network layer connectivity and redirect mobile IP tunnels, the message 900 is of a smaller size than the minimum possible mobile IPv4 registration response message shown in the background section. Exemplary reduced size IP registration response message 900 includes: message type field 910, message identifier field 920, response code field 930, reservation field 940, lifetime field ( 950, and zero or more optional extensions 960.

The message type field 910 contains a value that identifies the message as a reduced size IP registration response message. In some embodiments of the present invention the message type field value identifies the IP registration response message 900 as a mobility management protocol message referred to as an L3 RegistrationResponse message.

The message identifier 920 includes a value that matches the message 900 with the corresponding reduced size IP registration message 800. In some embodiments of the present invention, the message identifier field 920 takes the values from at least a portion of the value of the message identifier field 850 of the corresponding reduced size IP registration message 800, and the response code field 930. The message 900 responsive to) includes a value indicating the success or failure of the IP registration operation.

Reserved field 940 is reserved for future use. In some embodiments of the present invention, the value of this reservation field 940 is set to zero by the sender and ignored by the receiver.

The lifetime field 950 is a value indicating the lifetime of the IP registration. In some embodiments of the present invention, the value of the lifetime field 950 corresponds to the lifetime of the IP address associated with the recipient of the message 900. In some such embodiments of the present invention, the recipient of the message 900 must send another reduced size IP registration message before the value of the lifetime field 950 expires following receipt of the message 900.

More than zero optional extensions 960 may be included that may include various additional parameters. In some embodiments of the invention such extensions are the home address extension 970 (which is the IP address associated with the receiver of the message 900 (eg, the IP address of the end node 510 of FIG. 8)), the home agent Address extension 980 (which identifies the address of the mobile IP home agent serving the home address included in extension 970) and authenticator extension 990 authenticating the message 900. In some exemplary embodiments of the present invention each of the extensions 970 and 980 includes at least a type field (a value identifying the type of the extension), a length field (a value identifying the length of the extension) and an address field ( Value indicating an IP address). In some embodiments of the present invention, authenticator extension 990 may include at least a type field (a value identifying the type of extension), a length field (a value identifying the length of extension) and an authenticator field (cryptographically authenticating the message). Value); The authentication field value is calculated based on the key shared between the sender and the receiver. In some embodiments of the present invention, the home address extension 970 and the home agent address extension 980 may only have the value of the "I" field 840 in the corresponding reduced size IP registration message 800 (message 900). ) Is only included when indicating that it is an initial registration, while the home address extension 970 and home agent address extension 980 are associated with the corresponding reduced size IP registration message 800 (message 900). Responsive to this) are not included when indicating that the value of the " I " Various combinations of optional extensions are possible in accordance with various embodiments of the present invention that include zero, one, two, or three extensions 970, 980, 990.

In an exemplary embodiment of the present invention, the message type field 910 is 8 bits long, the message identifier 920 consists of a 16 bit sequence number, the response code field 930 is 8 bits long, and the reserved field ( 940 is 8 bits long and the lifetime field 950 is 16 bits long. In the same embodiment of the present invention, when the optional extensions home address 970 and home agent address 980 are included in the message 900, each of the 8 bit type field, the 8 bit length field and the maximum 32 bit IP It consists of an address. In the same embodiment of this extension, when the optional authenticator extension 990 is included in the message 900, it includes an 8 bit type file, an 8 bit length field and a maximum 64 bit authenticator. In the same embodiment of the present invention, the maximum length of the reduced size IP registration response message 900 is 232 bits which is significantly smaller than the minimum possible MIPv4 compatible registration response message presented as 560 bits in the background art section.

8 illustrates exemplary signaling performed in accordance with exemplary embodiments of the present invention. The signaling is shown in the context of the example system 100 shown in FIG. 1. End node 510 corresponds to any of the end nodes 144, 146, 144 ′, 146 ′, 144 ″, 146 ″ of the example system 100 and the example end node implementation of FIG. 2. Is implemented according to 200; The access node 520 and the target access node 530 are simplified implementations of the example access node 300 of FIG. 3 and the access nodes 140, 140 ′, 140 '' of the example system 100 of FIG. 1. ) Corresponds to any of Server 540 is a simplified implementation of server 400 of FIG. 4 and corresponds to server 104 of example system 100 of FIG. The home agent node 550 is a simplified representation of the home agent 500 of FIG. 5 and corresponds to the home agent node 109 of the example system 100 of FIG. 1.

In FIG. 8, the vertical solid lines 511, 521, 531, 541 and 551 represent nodes 510, 520, 530, 540 and 550 in time where the lines 511, 521, 531, Portions of 541 and 551 represent an earlier time than a portion of the lines at the bottom of FIG. 8. Vertical solid lines 610, 620, 640, 660, 670, 680, 690, 700, 710 and 720 represent signals between nodes 510, 520 530, 540 and 550. Wide double arrow lines 600, 630, and 650 represent groups of signals exchanged between nodes 510, 520 530, 540, and 550. Broken lines 621 and 641 represent alternative signals for signals 620 and 640. Dotted lines 630 and 650 represent optional signals. A signal is transmitted between two nodes if a line representing such a signal or group of signals points to a dot on a vertical line representing a node in time. For example, signal 610 is transmitted by end node 510 at time 610a and received by target access node 530 at time 610c.

Physical Layer establishment is now described. In FIG. 8, the end node 510 requests physical layer access to the node 530 by sending a signal (part of the group of signals 600) at point 600a to the target access node 530. do. The target access node 530 receives the signal at point 600c, which is part of the group of signals 600, and sends another signal, which is part of the group of signals 600, to the end node 510. To allow physical layer access to the end node 510.

Link Layer establishment is now described. The end node 510 sends a connection request message 610 to the target access node 530 at point 610a to establish the link and media access control layer communications with the target access node 530. request. In some exemplary embodiments of the present invention, the connection request message 610 includes a first identifier that identifies the end node 510. In some embodiments of the present invention, the message 610 also includes a second identifier that identifies the access node to which the end node 510 had previously established a connection (eg, with the access node 520). The target access node 530 receives the connection request message 610 at a time 610c when parameters (eg, identifiers) included in the message 610 are stored in the memory of the target access node 530. . In other exemplary embodiments of the present invention, message 610 is a handoff request message indicating that end node 510 has previously established communication with the present or other access node (eg, access node 520). .

An example Core Context Transfer embodiment will be described. At point 620c, node 530 sends a status request message 620 to server 540 to request authorization and another state corresponding to end node 530. Status request message 620 includes at least some of the parameters stored at point 610c in memory of node 530; For example, the identifier of the end node 510. The server 540 receives the status request message 620 at point 620d and searches its memory for the status associated with the end node 510. In some exemplary embodiments of the invention where the server 540 is a core state transfer server, the server 540 may be authorized and other states (eg, secure) associated with the end node 510. And a status response message 640 containing the keys, IP addresses and other parameters) at point 640d. Target node 530 receives the message 640 at point 640c and stores at least a portion of the state associated with end node 510 included in message 640 in its memory.

AAA server embodiments will be described. In other exemplary embodiments of the invention where the server 540 is an authentication and authorization (AAA) server, the server 540 points to a message, which is part of optional groups of messages 630, Transmit at 630d, requesting proof of identity of end node 510. The node 510 receives, at point 630a, messages that are part of a group of messages 630 and, to server 540, of an identity message that is part of a group of messages 630. Send proof In some embodiments of the present invention, server 540 and end node 510 exchange additional messages proving the identification of both end node 510 and server 540 to each other. The server 540 includes an authorization state and other states (eg, security keys, IP addresses, and other parameters) associated with the end node 510 when satisfied with the identification of the end node 510 at point 640d. Message 640 is transmitted. Target access node 530 receives the message 640 at point 640c and stores in memory at least a portion of the state associated with end node 510 included in message 640.

An example Peer-to-Peer context delivery embodiment will be described. In some exemplary embodiments of the present invention the target access node 530 instead of the message 620 sends, at point 621c, the message 621 to the access node 520; The access node 520 is the last access node to which the end node 510 has connected. According to the present invention, the message 621 includes at least some of the parameters stored at point 610c in the memory of node 530; For example, the identifier of the end node 510. Access node 520 receives message 621 at point 621b and searches its memory for the status associated with end node 510. The access node 520 sends a response message at point 641b that includes an authorization state associated with end node 510 and other states (eg, keys shown, IP addresses, and other parameters). Target node 530 receives the message 641 at point 641c and stores at least a portion of the state associated with end node 510 included in message 641 in its memory.

An optional security related step, now used in some embodiments of the present invention, will be described. In some embodiments of the invention where encryption of data traffic is required for the link between end node 510 and target access node 530, the node 530 may, at point 650c, receive messages. Send a message, which is part of the optional group of 650, to establish at least one encryption key with the end node 510. The node 510 receives, at point 650a, a key establishment message that is part of a group of messages 650 by receiving a message that is part of a group of messages 650, and a target access node ( 530). In some embodiments of the present invention, the target access node 530 and the end node 510 exchange additional messages to establish the encryption key.

The completion of link layer establishment will now be described. The target access node 530, at point 660c, sends a connection response message 660 to grant at least link layer access to the end node 510. End node 510 receives the message 660 at point 660a. In an embodiment of the invention where message 610 is a handoff request message, message 660 is a handoff response message.

Network layer establishment will now be described. The end node 510 constructs a reduced size IP registration message 670 in its memory and, at point 670a, sends it to the target access node 530 to establish a network layer with the node 530 and to Request packet redirection through node 530. In some embodiments of the present invention, the reduced size IP registration message 670 is implemented in accordance with the present invention according to the message type 800 of FIG. Target access node 530 receives message 670 at point 670c and stores in memory at least some of the values of the fields included in message 670. The target access node 530 constructs a mobile IP registration message 680 and sends it to the home agent 550 at point 680c. According to the present invention, the identification field of the mobile IP registration request message 680 includes at least a portion of the message identifier field 850 of the message 800 of FIG. 6.

An initial registration embodiment will now be described. In one exemplary embodiment of the present invention (reduced size IP registration message 670 implemented according to message 800 of FIG. 6), an "I" field 840 indicates initial registration. In this embodiment of the present invention, the target access node 530 constructs a mobile IP registration message 680 and transmits it to the home agent 550 at the point 680c. To construct the mobile IP registration request message 680, the target access node 530 combines the state associated with the end node 510 with the state received at the point 640c from the server 540. In one embodiment of the invention where server 540 is an AAA server, the state associated with end node 510 stored at node 530 includes a home agent address and a home address associated with end node 510. The home address and home agent address values may be zero. In one embodiment of the present invention, the home agent address included in the stored state is not zero, and the target access node 530 uses the value as part of the corresponding field of the mobile IP registration request message 680. In another embodiment of the present invention, the home agent address included in the stored state is zero, and the target access node 530 may set a locally configured home agent address value to the mobile IP registration request message 680. As part of the corresponding field in. In another embodiment of the present invention, the home address included in the stored state is not zero and the target access node 530 uses the value as part of the corresponding field of the mobile IP registration request message 680. In a further embodiment of the present invention, the home address included in the stored state is zero and the target access node 530 uses the zero value as part of the corresponding field of the mobile IP registration request message 680.

The home agent 550 constructs a registration response message 710 and sends it at point 710e to grant the previously received registration request. The target access node receives the registration response message 710 at the point 710c and stores at least some of the values contained in the fields of the message 710 in its memory. The node 530 configures the reduced size IP registration message 720 in memory and sends it at point 720c to grant the network layer registration request to the end node 530. In this exemplary embodiment of the present invention, the reduced size IP registration response message 720 is implemented according to the message type 900 of FIG. In this embodiment of the present invention, the message identifier field 920 of the message 900 of FIG. 7 corresponds to the message identifier field 850 of the message 800 of FIG. 6 to which the message is responsively transmitted. The home address value copied from the message identifier and included in the message 710 from the home agent 550 is used as part of the value of the home address extension 970 of the message 900 of FIG. The lifetime value included in the message 710 is used as an upper limit to the value of the lifetime field 950 of the message 900 of FIG. 7, and the home agent address value included in the message 710 is shown in FIG. It is used as part of the value of the home agent address extension 980 of message 900 of seven.

The following registration embodiment will now be described. In an exemplary embodiment of the present invention, in the reduced size IP registration message 670 implemented according to message 800 of FIG. 6, the "I" field 840 indicates a non-initial registration. do. In accordance with one embodiment of the present invention as discussed in FIG. 6, a final access node identifier extension 880 is included in the message 800 in a non-initial registration message 800. According to the present invention, the last access node identifier is set to an identifier identifying the access node 520.

In this embodiment of the present invention, the target access node 530 configures the mobile IP registration message 680 and transmits it to the home agent 550 at the point 680c. To construct the mobile IP registration request message 680, the target access node 530 combines the state associated with the end node 510 with the state received at the point 640c from the server 540. In one embodiment of this extension where the server 540 is a core context delivery server, the state associated with the end node 510 stored at node 530 is the home agent address and home address associated with the end node 510. Include. In one embodiment of the present invention, the target access node 530 uses the home address and home agent address values as part of the corresponding field of the mobile IP registration request message 680.

Target access node 530 also constructs a mobile IP registration message 690 and sends it from point 690c to access node 520, which is identified in the last access node identifier of message 670. The access node 520 receives the message 690 at point 690b and sends a response message 700 at point 700b. Target access node 530 receives the message 700 at point 700c. In another embodiment of the present invention, messages 690 and 700 are binding update messages while in other embodiments of the present invention, other packet redirect messages exist. According to the present invention a message 690 identifies at least the end node 510. In one embodiment of the present invention, the identifier is an IP address (home address) of the end node 510.

The home agent 550 constructs a registration response message 710 and sends it at point 710e to grant the previously received registration request. The target access node 530 receives the registration response message 710 at point 710c and stores at least some of the values included in the fields of the message 710 in its memory. The node 530 configures the reduced size IP registration response message 720 in memory and transmits it at the point 720c to grant the network layer registration request to the end node 510. In the exemplary embodiment of the present invention, the reduced size IP registration response message 720 is implemented according to the message type 900 of FIG. In this embodiment of the present invention, the message identifier field 920 of the message 900 of FIG. 7 is included in the message identifier field 850 of the message 800 of FIG. 7 in which the message 720 is responsively transmitted. The lifetime value contained in the message 710, which is duplicated from the corresponding message identifier, is used as the upper limit for the value of the lifetime field 950 of message 900 of FIG. In this embodiment of the present invention, the home address and home agent address extensions 970 and 980 of FIG. 7 are not included in the message 720.

In one exemplary embodiment of the invention, the end node 510 communicates with the target access node 530 as shown in FIG. 8, while the end node 510 is configured with other physical nodes established with the same or different access nodes. It does not have a link or network layer connection. In another exemplary embodiment of the present invention, the end node 510 communicates with the target access node 530 as shown in FIG. 8, while the end node 510 is the same or different access node, such as an access node ( 520 and at least one physical, link, or network layer connection established.

In various embodiments the nodes described herein are implemented using one or more modules that perform steps corresponding to one or more methods of the invention, eg, signal processing, message generation, and / or transmission steps. Thus, in some embodiments various features of the present invention are implemented using modules. Such modules are implemented using software, hardware or a combination of software and hardware. Many of the methods or method steps described above are implemented using machine executable instructions, such as software, contained in a machine readable medium, such as a memory device, such as RAM, floppy disk, and the like. It may be implemented to control a machine, such as a general purpose computer with or without additional hardware, to implement all or part of the methods described above, such as at one or more nodes. Thus, among other things, the present invention is directed to a machine-readable medium comprising machine executable instructions that cause a machine, such as a processor and associated hardware, to perform one or more steps of the above-described method (s).

Many additional modifications to the methods and apparatus of the present invention described above will be apparent to those of ordinary skill in the art in view of the above description of the present invention. Such variations are to be considered within the scope of the present invention. The methods and apparatus of the present invention can be used with CDMA, orthogonal frequency division multiplexing (OFDM), or various other kinds of communication techniques that can be used to provide wireless communication links between access nodes and mobile nodes. Can be used or used in various embodiments. In some embodiments the access nodes are implemented as base stations that establish communication links with mobile nodes using OFDM and / or CDMA. In various embodiments the mobile nodes are notebook computers, personal digital assistants (PDAs), or other portable devices including receiver / transmitter circuits and logic and / or routines for implementing the methods of the present invention. Is implemented.

Claims (40)

As a method of operating a wireless terminal: Transmitting a connection request message to a target base station; Receiving a connection response message from the target base station in response to the connection request message; And Transmitting an Internet Protocol (IP) registration message, wherein the IP registration message is smaller than a Mobile IPv4 Registration Request message. The method of claim 1, Transmitting the connection request message comprises transmitting the connection request message via a wireless link. The method of claim 2, The access request message includes a terminal identifier identifying the wireless terminal. The method of claim 1, Before transmitting the IP registration message, further comprising generating the IP registration message, wherein the generating step: A message type identifier identifying the message as an IP registration message; And And a message identifier generated by the wireless terminal, wherein the total number of bits included in the IP registration message is less than 480 bits. The method of claim 4, wherein The generated IP registration message does not include a home agent address. The method of claim 5, wherein The generated IP registration message also does not include a home address. The method of claim 6, The generated IP registration message also does not include a Lifetime value. The method of claim 7, wherein The generated IP registration message also does not include a care-of address. The method of claim 4, wherein The generating step is: Initial registration indicator used to indicate whether the IP registration message is an initial registration message for the network layer or a subsequent registration for a previously established network layer. incorporating an indicator. The method of claim 9, And the initial registration indicator value is a 1 bit flag. The method of claim 4, wherein The generating step is: Incorporating a de-registration indicator value that may be set to indicate that the IP registration message is a request to de-register the wireless terminal. Wireless terminal operation method. The method of claim 11, And the deregistration indicator value is a 1 bit flag. The method of claim 4, wherein And wherein said message identifier is a time stamp. The method of claim 4, wherein And wherein said message identifier is a sequence number. The method of claim 4, wherein And wherein said message identifier is at least a combination of a sequence number and a time stamp. The method of claim 1, The IP registration message includes an initial registration indicator value, and the method includes: Receiving an IP registration response message for the IP registration message, wherein the IP registration response message includes a home address corresponding to the wireless terminal when the initial registration indicator value is set to indicate initial registration. , Wireless terminal operation method. The method of claim 16, And the received IP registration response message does not include the home address when the initial registration indicator value is set to indicate a subsequent registration. The method of claim 17, And wherein the received IP registration response message includes a lifetime associated with the home address. The method of claim 17, The IP registration message includes a 1-bit deregistration indicator that can be set to indicate a deregistration request, and And wherein the received registration response message includes a lifetime value and an acknowledgment indicator associated with the home address of the wireless terminal. A transmission module for transmitting an access request message to a target base station; A receiver module for receiving a connection response message from the target base station in response to the connection request message; And And an IP registration message generation module for generating an Internet Protocol (IP) registration message, the IP registration message being smaller than a mobile IPv4 registration request message. The method of claim 20, And the transmitting module is connected to an antenna for transmitting the connection request message via a wireless link. The method of claim 21, And a memory including a stored connection request message, wherein the stored connection request message includes a terminal identifier identifying the wireless terminal. The method of claim 22, An IP registration message generation module for generating the registration message by including in the registration message; A message type identifier identifying the message as an IP registration message; And And a message identifier generated by the wireless terminal, wherein the total number of bits included in the IP registration message is less than 480 bits. The method of claim 23, The generated IP registration message does not include a home agent address. The method of claim 24, The generated IP registration message also does not include a home address. The method of claim 25, The generated IP registration message also does not include a lifetime value. The method of claim 26, The generated IP registration message also does not include a sub-address. The method of claim 23, The IP registration message generation module may include in the generated IP registration message: And an initial registration indicator value used to indicate whether the IP registration message is an initial registration message for a network layer or a subsequent registration for a network layer that was previously established. The method of claim 28, And the initial registration indicator value is a 1-bit flag. A wireless terminal comprising a memory comprising an IP registration message stored, the IP registration message comprising less than 480 bits in total and comprising a plurality of elements, the plurality of elements: A message type identifier identifying the message as an IP registration message; And A message identifier generated by the wireless terminal. The method of claim 30, And the stored IP registration message does not include a home agent address. The method of claim 31, wherein The stored IP registration message also does not include a home address. The method of claim 32, The stored IP registration message also does not include a lifetime value and also does not include a sub-address. The method of claim 30, The stored IP registration message is: And an initial registration indicator value used to indicate whether the IP registration message is an initial registration message for a network layer or a subsequent registration for a previously established network layer. The method of claim 34, wherein And the initial registration indicator value is a 1-bit flag. The method of claim 30, The stored IP registration message is: And a registration-releasing indicator that can be set to indicate whether the IP registration message is a request to de-register the wireless terminal. The method of claim 36, And the registration-unregister indicator value is a 1-bit flag. The method of claim 30, The message identifier is a time stamp. The method of claim 30, Wherein the message identifier is one of i) sequence number and ii) at least a combination of sequence number and time stamp. The method of claim 39, The stored IP registration message further comprises an initial registration indicator value.

Images