`(10) Patent N0.:
`US 6,587,680 B1
`
`Ala-Laurila et al.
`(45) Date of Patent:
`Jul. 1, 2003
`
`USOO6587680B1
`
`(54) TRANSFER OF SECURITY ASSOCIATION
`DURING A MOBILE TERMINAL
`HANDOVER
`
`(75)
`
`Inventors: Juha Ala-Laurila, Tampere (Fl); Harri
`Hansén, Espoo (FI); Juha Salvela,
`Espoo (FI)
`
`(73) Assignee: Nokia Corporation, Espoo (FI)
`
`OTHER PUBLICATIONS
`
`.
`ETSI, “DTR/BRAN—00230002 v0.1.0, 99/03/29, ngh Per-
`formance Radio Access Local Area Network—Type
`2—System OverVIew”, Broadband Radio Access Networks,
`an ETSI Project, 29/03/99-
`Korhonen, Markku “1on Key Management”, Tik—110.551
`Internetworking Seminar, Department of Computer Science,
`Helsinki University of Technology.
`
`( * ) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`US.C. 154(b) by 0 days.
`
`* cited by examiner
`
`Primary Examiner—Thanh Cong Le
`Assistant Examiner—Tuan Tran
`
`(21) Appl. No.: 09/447,761
`
`(22)
`
`Filed:
`
`NOV. 23, 1999
`
`7
`
`(51)
`
`Int. Cl.
`
`(52) US. Cl.
`
`.......................... H04M 1/66, H04M 1/68,
`H04M 3/16
`....................... 455/411; 455/435; 455/437;
`455/438; 380/248; 380/270; 380/272
`(58) Fidd 0f Search ------------------------- 455/411, 435—439;
`380/247, 248, 270—273; 370/331, 332
`
`(56)
`
`References Cited
`US. PATENT DOCUMENTS
`
`5,204,902 A *
`4/1993 Reeds, 111 et a1~
`~~~~~~~~~~~~ 380/23
`52379612 A *
`8/1993 Ralth -------------------- 380/23
`
`5,598,459 A *
`1/1997 Haartsen
`..... 379/58
`2,313,823 2 * 3:333 151;:r1tsenif340/Zgg/gi
`
`2/2000 Osborn ................ 455/411
`6:026:293 A *
`
`............ 455/436
`6,370,380 B1 *
`4/2002 Norefors et a1.
`
`(57)
`
`ABSTRACT
`
`An existing security association is re-established when a
`communication handover event occurs in a radio commu-
`Hicatlons System Such as IEEE 08211 Or a HIPERLAN
`wherein the existing security association between a mobile
`terminal and a wireless communication network is main-
`tained when the communication handover occurs within the
`network. Authentication during a handover event is achieved
`by a challenge/response procedure. In accordance with the
`challenge/response procedure each member of a communi-
`cation pair that is made up of a new access point and the
`mobile terminal that is experiencing a handover to the new
`access pomt sends a challenge to the other member of the
`communication pair. Each member of the communication
`pair then calculates a response to its received challenge, and
`these responses are sent back to the other member of the
`communication pair. Each member of the communication
`paIr
`then compares Its recelved response to a correct
`responso When these comparisons are correct, Payload
`communication begins between the second access point and
`
`EP
`W0
`
`0 939 519 A1
`WO 00/49827
`
`9/1999
`8/2000
`
`20 Claims, 11 Drawing Sheets
`
`
`
`
`handover
`
`_
`_
`MAC_REASSOC|ATE_REQ (o|d_ap_|d, oid_mt_|d, mt_challenge*1)
`
`
`
`
`.
`* an SA IS created
`
`* a response to the
`mtichallenge is
`calculated”
`* a challenge to
`authenticate the
`MT is generated
`
`114
`14
`12
`
` lPsec tunneling
`
`
`
`“ a challenge to authenticate
`SA parameters are retrieved
`
`the AP is generated
`
`from the security association
`
`data base
`FO RCED_HANDOVER_REQ (newgapiid)
`
`
`
`
`
`V
`HO_RESPONSE (old_mt_id, SA, SA, other info)
`
`
`MAC_REASSOCIATE_RESP (ap_response‘, ap_challenge, other info)
`
`* the SA parameters are updated
`
`* a response to the ap_challenge is calculated
`
`* apiresponse is compared to the correct response
`
`AP Authentication#1
`
`
`MAC_AUTHENTICATE_REQ eresponse
`
`
`
`MAC_AUTHENTICATE_RESP
`
`Payload traffic can be resumed
`
`
`
`MT Authentication
`
`
`* mt_response is
`compared to the
`correct response
`
`
`
`
`
`
`0001
`
`Ex. 1014
`
`Apple V. MPH Techs. Oy
`IPR2019-00821
`
`Ex. 1014
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`0001
`
`
`
`US. Patent
`
`InId
`
`021,
`
`mw:
`
`=mm
`
`
`
` IIIIJ_,-L.:2:
`
`4<mkzmo
`
`AoEzoo
`
`VN
`
`.2me.er
`
`ZO_._.<O_ZD_>=>_OO
`
`¥m0>>._.m_z
`
`szmxo<m
`
`mm>ooz<x
`
`
`
`mownwwmémmE35525
`
`11f01
`
`US 6,587,680 B1
`
`r.0.“—
`
`m.__mO_>_
`
`462:2me
`
`_|||._
`
`
`
`t>E_:om_oEtzomaw$23$28%M703wag
`
`mszmmEo
`
`m_n_O_>_
`
`mOFOmnfiw
`mMZSMmEMD
`>.:.=m<4_<><
`
`mm>ODZ<I
`
`I
`
`0002
`
`0002
`
`
`
`
`
`
`
`
`
`US. Patent
`
`Jul. 1, 2003
`
`Sheet 2 0f 11
`
`US 6,587,680 B1
`
`V:
`
`
`
`m:__m::3can:
`
`ON\
`
`9,OI
`
`
`
`:20:n_<_.
`
`umfimoomungE9mEEmEEmQed
`
`N.9". $203989603025mem5:8moEm:383ml
`335fl«6:m02m{mywaOmmwmIOInwgmww%%mwwaW%wngfimoW
`
`
`
`
`oofimwmohcmcsmA25550.mmcflfifidm.mwcoammWQSOMMIMF<O_._.Zm_I._.D<IO<_2
`
`m.‘$9???ercofiozcofiém<
`
`HmmadmmOImamaEmummcmficolqm052320%?m.,
`Ii35:28E.
`225.6883:332:EatBEES9mmngmEEmQ<m0.:,.
`
`we...e353%m,.
`
`83$chm.‘be
`
`5:chm..
`
`mm.nomu
`
`
`
`cosmozcoéz<._._2
`
`
`$320qule0awmmw._.<_oOmm<mm032
`
`2:9nmtquoQII
`
`
`
`
`
`
`
`
`
`Aomcoqmofléammmlmzofizsz/‘lgz
`
`0003
`
`
`
`
`
`392.233amalflsoowmfimo<_2
`
`msmumoutmfizm98.2%chm,.06mm
`396$chm.‘Ex8598;
`
`0003
`
`
`
`US. Patent
`
`Jul. 1, 2003
`
`Sheet 3 0f 11
`
`US 6,587,680 B1
`
`0.:00300050:*
`
`050:00:03:00
`
`
`
`00:00.00:00:00
`
`0::0:00:0Q00:00
`
`
`
`0.:00:0::0:0|:E
`
`0003200
`
`8583852:2
`
`
`
`68802312010000025805de
`
`m.0."—
`
`00E000:00:0000:0000030:”:00:03:000.:00:88:100
`
`
`
`
`_00:0000:00:000::0:
`
`1‘
`
`cozmozcochxn_<
`
`
`0:0:0=0:000I
`
`000000.:«6:00.2m{myFwMDmeOI
`
`
`
`
`he0::«0:805:300020000010:0:08500$me2E
`
`
`
`00:00:000.:8:5.05509205108Mmgwnwfiwwwdmhwfifiaflrm.:0>00:0:0::
`mm.I
`
`
`
`
`
`GE5:60920505.mmcoameJEV00010200005012:
`
`
`
`0::0000:050000090:0:00.,
`
`00:00:000.:Q<
`
`
`
`0000030:02008000«60::,.
`
`0m:0:0:0..q00::0:00:00.00:00
`
`2000
`
`00032000.:
`:0>00:0:
`
`mm
`
`0004
`
`00000:00
`
`:000000005000000030000
`
`
`
`
`
`0:00:000:58<m
`
`
`
`0::E0:00>0.E0:
`
` g
`
`000.“:
`
`950:5:
`
`FWMDOMEIOI
`
`om\
`
`V:IN“
`
`0004
`
`
`
`
`
`
`US. Patent
`
`Jul. 1, 2003
`
`Sheet 4 0f 11
`
`US 6,587,680 B1
`
`Mobile Terminal
`12
`
`No
`
`Old—AP
`
`14
`
`New—AP
`1 14
`
`I Handover
`
`Required?
`
`400 Yes
`
`
`
`
`
`
`Radio
`Handover
`
`Generate
`Challenge to
`Authenticate
`New—AP
`
`
`
`Send
`
`MAC_REASSOCIATE_REQ
`
` 404
`
`
`
`Request
`
` Send
`Handover
`
`
`
`
`
`
`Retrieve
`
`Security
`Association
`Parameters
`from
`Data Base
`
`
`
`
`
`Send
`Handover
`
`Request
`
`(SA, SA)
`
`FIG. 4A
`
`0005
`
`0005
`
`
`
`US. Patent
`
`Jul. 1, 2003
`
`Sheet 5 0f 11
`
`US 6,587,680 B1
`
`Mobile Terminal
`12
`
`Old-AP
`14
`
`New-AP
`1 14
`
`409
`
`410
`
`Create SA
`
`Generate
`
`Challenge to
`Authenticate
`Mobile
`Terminal
`
`(Optional)
`Calculate
`Response to
`mt_cha||enge
`
`
`
`Send
`MAC_AUTHENTlCATE_REQ
`(ap_response,
`ap_challenge,
`other information)
`
`413
`
`414
`
`415
`
`416
`
`Update SA
`Parameters
`
`Calculate
`
`ap_challenge
`
`Response
`to
`
`
`
`Compare
`ap_response
`
`
`to Correct
`
`
`Response
`
`
`
`Authenticate
`New-AP
`
`417
`
`Send
`MAC_AUTHENTlCATE_RESP
`
` (mt_response)
`
`I
`
`FIG. 43
`
`0006
`
`0006
`
`
`
`US. Patent
`
`Jul. 1, 2003
`
`Sheet 6 0f 11
`
`US 6,587,680 B1
`
`Mobile Terminal
`12
`
`
`
`
`
`
`Compare
`mt_response
`to
`Correct
`Response
`
`
`
`
`
`
`Authenticate
`Mobile
`Terminal
`
`
`
`Resume
`
`
`
`
`
`Payload
`Traffic
`
`Using
`New-AP
`
`0007
`
`0007
`
`
`
`US. Patent
`
`Jul. 1, 2003
`
`Sheet 7 0f 11
`
`US 6,587,680 B1
`
`New-AP
`114
`
`| I I I I
`
`Mobile Terminal
`12
`
`No
`
`Old-AP
`14
`
`
`
`Required?
`
`I Handover
`
`
`
`502
`
`
`Request
`
`
`Send
`Handover
`
`503
`
`
`
`504
`
`Message
`Accepted
`
`Retrieve
`
`Security
`Association
`Parameters
`from SA
`Data Base
`
`
`
`: I I I I I I
`
`Send
`Handover
`
`Request
`(SA, SA)
`
`
`
`
`
`
`
`Generate
`Challenge to
`
`Authenticate
`Mobile
`Terminal
`
`
`
`
` Send
`Handover
`
`
`
`
`
`
`Request
`(ap_challenge,
`Other
`
`Information)
`
`FIG. 5A
`
`0008
`
`0008
`
`
`
`US. Patent
`
`Jul. 1, 2003
`
`Sheet 8 0f 11
`
`US 6,587,680 B1
`
`Mobile Terminal
`
`12
`
`Old-AP
`14
`
`New-AP
`1 14
`
`504
`
`
`other information)
`
`
`
`Send
`MAC_DISASSOCIATE
`(ap_challenge,
`
`
`
`
`
`
`Radio
`Handover
`
`Update SA
`Parameters
`
`ap_challenge
`
`
`
`Calculate
`Response
`
`
`to
`
`
`
`
`
`
`Generate
`Challenge to
`Authenticate
`New-AP
`
`
`
`Send
`MAC_REASSOCIATE_REQ
`
`
`(mt_response,
`
`mt_challenge,
`other information)
`
`
`0009
`
`0009
`
`
`
`US. Patent
`
`Jul. 1, 2003
`
`Sheet 9 0f 11
`
`US 6,587,680 B1
`
`Mobile Terminal
`12
`
`Old—AP
`
`New—AP
`1 14
`
`Mobile
`Terminal
`Authentication
`
`
`
`
`
`Compare
`mt_response
`
`Response
`
`
`
`
`
`
`
`Calculate
`
`
`Response to
`mt_challenge
`
`Authenticate
`New—AP
`
`
`519
`
`
`Send
`
`MAC_REASSOCIATE_RESP_ENH
`(ap_response)
`
`520
`
`
`
`Compare
`ap_response
`to Correct
`
`
`
`
`Response
`
`
`
`FIG. SC
`
`0010
`
`0010
`
`
`
`US. Patent
`
`Jul. 1, 2003
`
`Sheet 10 0f 11
`
`US 6,587,680 B1
`
`030020m.‘«620a,III
`
`
`
`052320%?m,.A852050.omcm__0codm6020000503mwmmIMH<_OOmm<m~—IO<_2
`o.0."— 002020022002000223002022000.2.2022000101
`0020:0200.0.2REI
`
`0S0200220230002020022002000590020222000.200202002200
`0206202020000000302000.20&202020I2005020020200200
`
`0.2203200002002:900202220202<m05g
`v:3NF
`
`35:26.<m.<m.2E20502008”.0:
`
`0026.232900202220202<mmkmoccopmmwmmwwmmwwmmw“cm
`
`
`
`Armmcmficfle.EIEIEO.EdmlggOMmIEsoowwfimIoé
`
`
`
`9502230000.
`
`
`
`
`
`383%5409305OMmImm>ooz<IIomomom
`
`
`
`20202000005.2300002...E02
`
`
`
`
`
`
`
`
`
`8:035:0222
`
`220200.20.2200
`
`
`
`I0.20020200322IammmImEofizmIS<o<_>_
`
`
`
`wmcoamedev0mmmEofizsz<I0<2
`
`0.200202020422
`
`28m
`
`205020;
`
`Ecozmozcmfisxxn_<
`
`0011
`
`0011
`
`
`
`US. Patent
`
`Jul. 1, 2003
`
`Sheet 11 0f 11
`
`US 6,587,680 B1
`
`can:
`
`9:333
`
` v:EN“
`
`
`
`ecumlomeqelgovBusdmmd:
`
`Eg$3.599m2&2:qu<m
`
`
`
`
`
`€3.85E..pdmfiovmeDOmmdeez/E
`
`mhmoacofizm9mmcgmcom*
`
`bmwmgmzmmw.‘Ex2:
`
`23m
`
`L®>OUCNS
`
`
`2m.<m.58:8&.E-23mmzonammso:
`
`mamaEmu:oufioommm3:339:
`
`
`
`
`
`BEE:9m.QmEEEmQ<m.m5..
`
`
`
`rmmcgafilfivt_.__m<n_<olxz_._d:
`
`Ewenm...«Gcm0
`
`
`
` we“mumoxhzmchzm9mmtmsmcom,.
`
`2:9320%?m.,
`
`meEmtmmEbe
`
`
`
`m.‘mmcmficolg
`
`$93328
`
`
`
`
`
`m.‘mw20Qmmg|~E,.
`
`
`
`mmcoqmm:89:8
`
`2:o“b98800meszma:88&9“82me
`
`5.0."—
`
`55%;?E.IA
`
`
`
`
`
`mwcoammLIuEvmm>ODZ<IOZ_._._<ZO_wI>>Z
`
`
`
`555&0.mmceacodm6.0.8qudixo<|>5_m<n_<olxz_._Imm>ooz<:
`
`
`
`
`
`¥co=mo=cm53<n_<
`
`0012
`
`85:28EmEmsmzoném52329%:m*
`
`
`
`
`
`.. 3:0quBmtoom52nmngEooflmucoqfizdm
`
`0012
`
`
`
`
`
`
`
`
`
`
`US 6,587,680 B1
`
`1
`TRANSFER OF SECURITY ASSOCIATION
`DURING A MOBILE TERMINAL
`HANDOVER
`
`RELATED PATENT APPLICATION
`
`This application is related to patent application Ser. No.
`09/342,367, filed Jun. 29, 1999 and entitled APPARATUS,
`AND ASSOCIATED METHOD, FOR SELECTABLY
`OPERATING RADIO DEVICE IN ALTERNATE MODE,
`which application is incorporated herein by reference.
`
`FIELD OF THE INVENTION
`
`This invention relates to radio communications systems of
`which a wireless local area network (WLAN) is a non-
`limiting example. More specifically this invention relates to
`providing information security when a mobile terminal is
`handed-over from a first base station or access point (AP) to
`a second base station or access point (AP).
`
`BACKGROUND OF THE INVENTION
`
`In a minimum configuration, a communication system is
`formed by a transmitting station and a receiving station that
`are interconnected by a communication channel. Commu-
`nication signals generated by the transmitting station are
`transmitted upon the communication channel and received
`by the receiving station.
`In a radio communication system at least a portion of the
`communication channel
`is formed by a portion of the
`electromagnetic spectrum. Increased mobility of communi-
`cations is permitted in a radio communication system
`because a fixed or a hard-wired connection is not required
`between the transmitting and receiving stations.
`A cellular communication system, of which a cellular
`telephone system is an example, is an example of a radio
`communication system. When the mobile terminal of a
`subscriber to a cellular communication system is physically
`positioned at almost any location throughout an area that is
`encompassed by the network infrastructure of the cellular
`communication system, the mobile terminal is able to com-
`municate by way of the cellular communication system with
`another mobile terminal.
`
`The network infrastructure of an exemplary wireless
`communication system includes physically spaced-apart
`base stations or access points (APs) which each include a
`transceiver. In such an exemplary system, each base station
`or AP defines a geographic area or cell of the communica-
`tions system. As a first mobile terminal is used to commu-
`nicate with a second mobile terminal, and as the first mobile
`terminal travels or moves between the cells of the system,
`uninterrupted communication is possible by handing-over
`communications from one base station to another base
`
`station. Such a communication handover is provided by a
`handover process.
`A High Performance radio Local Area Network such as
`HIPERLAN type-2supports three kinds of handover.
`HIPERLAN/2 PROVIDES HIGH SPEED (typically 25
`Mb/s data rate) communications between portable devices
`and broadband IP, ATM and UMTS networks, and is capable
`of supporting multiple media applications, with the typical
`application being indoors.
`HIPERLAN/2 provides local wireless access to different
`infrastructure networks (e.g. IP, ATM and UMTS) by mov-
`ing and stationary terminals that interact with access points
`which, in turn, usually are connected to an IP, ATM, or
`UMTS backbone. A number of access points are required to
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`service the network. The wireless network as a whole
`
`supports handovers of connections between access points to
`provide mobility. Typical operating environments include
`business networks and domestic premises networks. An
`overview of HIPERLAN/2 access networks is provided by
`the European Telecommunications Standards Institute
`(ETSI) document DTR/BRAN-00230002, 1998,
`incorpo-
`rated herein by reference.
`Depending upon the mobile terminal’s handover decision,
`sector handover (inter-sector), radio handover (inter access
`point transceiver/inter access point handover), network han-
`dover (inter access point/inter network handover) or forced
`handover may occur in accordance with HIPERLAN/2.
`Prior to the execution of a handover, the mobile terminal
`must gather relevant measurements on the frequency that is
`used by the current access point, as well as on the frequen-
`cies that are used by access points that are candidates for a
`handover. Measurements on the serving frequency can be
`carried out by the mobile terminal while it is synchronized
`to the current access point. However, in order to measure the
`frequency of neighboring access points, the mobile terminal
`must be temporarily absent from the current access point.
`During a mobile terminal absent procedure the mobile
`terminal is temporarily disconnected from the current access
`point, in order that the mobile terminal can perform mea-
`surements on neighboring access points. During this time,
`no communication between the mobile terminal and the
`
`is possible. As part of this absent
`current access point
`procedure, the mobile terminal tells the current access point
`that it will be absent for n-frames. During this absent period,
`the mobile terminal cannot be reached by the current access
`point. After the absent period, the current access point may
`trigger a mobile terminal alive sequence to check if the
`mobile terminal is available.
`
`During a sector handover the antenna sector of the access
`point is changed, and the same access point controls the
`entire handover. After a successful sector handover,
`the
`mobile terminal communicates via the new sector. A radio
`
`handover relates to access points having more than one
`transceiver per access point, for example two access point
`transceivers and one access point controller. Radio handover
`is performed when a mobile terminal moves from a coverage
`area of one access point to another coverage area that is
`served by the same access point. Since radio handover can
`be performed within the data link control (DLC) layer,
`higher layer protocols (HL) are not involved. When the
`mobile terminal detects the need for a handover to another
`
`access point controller, the mobile terminal may still syn-
`chronize to the current access point. In this case the mobile
`terminal may notify its access point controller that
`the
`mobile terminal will perform a handover to another access
`point controller. In the case of a radio handover all relevant
`information about on-going connections, security
`parameters, etc. are available in the access point, so that this
`information is not re-negotiated.
`Anetwork handover is carried out when a mobile terminal
`
`moves from one access point to another access point. Since
`the mobile terminal leaves the serving area of a radio control
`link (RLC) instance, a network handover involves the con-
`vergence layer (CL) and the HL (as may be needed), as well
`as DLCI. To maintain HL association and connections,
`specific signaling via the backbone may be needed. When
`the mobile terminal detects the need for handover to another
`
`the mobile terminal may still be
`(target) access point,
`synchronized to the current access point. In this case, the
`mobile terminal may notify the current access point that it
`
`0013
`
`0013
`
`
`
`US 6,587,680 B1
`
`3
`will perform a handover to another access point. The notified
`access point shall
`then stop transmitting to that mobile
`terminal, but shall maintain association for a specified time,
`when indicated.
`
`Forced handover gives a current access point the oppor-
`tunity to order a certain mobile terminal to leave the current
`access point’s cell. A forced handover is initiated by the
`access point sending a ForceiHandover signal to the mobile
`terminal. In one procedure the mobile terminal performs a
`normal handover and leaves its old cell, regardless of
`whether it finds a new cell. In a second procedure the mobile
`terminal has the opportunity to come back to the old access
`point if handover fails.
`For further discussion of HIPLERLAN/2 features see the
`Broadband Radio Access Networks (BRAN); HIPERLAN
`type 2 Functional Specification; Radio Link Control (RLC)
`that are provided by the ETSI standardization organization,
`incorporated herein by reference.
`Several types of wireless communication systems have
`been implemented, and others have been proposed,
`to
`encompass limited geographic areas, for example a limited
`area that
`is encompassed by a building or by an office
`workplace within a building. Wireless communication sys-
`tems such as microcellular networks, private networks, and
`WLANs are exemplary of such systems.
`Wireless communication systems are typically con-
`structed pursuant to standards that are promulgated by a
`regulatory or a quasi-regulatory body. For instance,
`the
`IEEE 802.11 standard promulgated by the IEEE (Institute of
`Electrical and Electronic Engineering) is a wireless local
`area network (LAN) standard pertaining generally to the
`commercial 2.4 GHz wireless LAN. The 802.11 standard
`
`specifies an interface between a wireless terminal and a base
`station or access point, as well as among wireless terminals.
`Standards pertaining to a physical layer and a media access
`control (MAC) layer are set forth in such a standard. This
`standard permits automatic medium sharing between differ-
`ent devices that include compatible physical layers. Asyn-
`chronous data transfer is provided for in the standard,
`generally by way of the MAC layer, utilizing a carrier sense
`multiple access with collision avoidance (CSMA/CA) com-
`munication scheme.
`
`While the IEEE 802.11 standard provides for wireless
`communications through the use of mobile terminals that are
`constructed to be mutually operable pursuant
`to such a
`standard, the standard does not adequately provide for real
`time wireless services. For instance, in an implementation of
`the standard a significant
`loss of quality is sometimes
`experienced during handover of communications from one
`AP to another AP. Excessive numbers of data frames are
`
`susceptible to being lost or delayed, resulting in the loss of
`communication quality, or even termination of communica-
`tions. Operational modes different than that set forth in the
`IEEE 802.11 standard are therefore required, particularly for
`real time wireless services. Proprietary functions have been
`proposed which permit improved quality of communications
`as compared to operation pursuant to the existing IEEE
`802.11 standard. APs and mobile terminals that are operable
`to perform such proprietary functions are referred to as
`being proprietary mode capable.
`However, both ends of a communication pair, consisting
`of a mobile terminal and the AP through which the mobile
`terminal communicates, must be capable of operation in the
`proprietary mode. If both ends of the communication pair
`are not together operable pursuant to the proprietary mode,
`conventional operation pursuant to the IEEE 802.11 stan-
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`dard is required. Therefore, prior to permitting both ends of
`the communication pair to operate in the proprietary mode,
`a determination must be made of the ability of both ends of
`the communication pair together to be operable pursuant to
`the proprietary mode.
`The above mentioned copending patent application pro-
`vides apparatus that is operable to identify whether both
`ends of the communication pair are together operable in the
`proprietary mode, the apparatus operating to activate both
`ends of the communication pair to operate in the proprietary
`mode when it is determined that pair-compatibility exits, and
`the apparatus thereafter operating to maintain the proprietary
`mode operation during handover procedures should a mobile
`terminal physically move from a cell that is serviced by a
`first AP to a cell that is served by a second AP.
`In addition to the valuable features that are provided by
`the apparatus of this copending application,
`it would be
`desirable to re-establish a security association as such an
`AP-to-AP handover occurs.
`
`Many customers, and particularly business environments,
`require a high degree of data security, and this data security
`cannot be compromised by use of a WLAN installation.
`Since access to the WLAN cannot be restricted physically,
`it is customary to use crytographical methods to protect
`transmitted data and network elements. Current
`IEEE
`
`802.11 and ITEF Internet standards offer two complemen-
`tary mechanisms for providing secure data communications
`over a wireless link, i.e. Internet Protocol Security (IPSEC).
`IPSEC is an IP-based security protocol that provides FOR
`secure communication between two IP hosts. Acommon use
`
`of the IPSEC protocol is in the building of Virtual Private
`Networks (VPNs).
`In WLAN systems the IPsec protocol can be used to
`provide end-to-end security for data packets, this security
`being provided by authenticating and/or encrypting the
`transmitted data packets. IPsec uses symmetric cryptogra-
`phy that requires use of the same encryption and/or authen-
`tication key at both ends of a communication link. Sealable
`key management protocols such as IKE can be used to
`generate the symmetric keys for an IPsec stack.
`While the Internet Key Exchange (IKE) key management
`protocol
`is useful for the establishment of an IP level
`security association during an initial mobile-terminal/
`access-point association, when the need for a communica-
`tion handover occurs,
`the use of IKE or other similar
`protocols inflicts a considerable time delay on accomplish-
`ing the handover since such protocols require the exchange
`of multiple messages, the their use of public key encryption
`requires very heavy computation. Since a handover of the
`payload traffic can be resumed only after an active security
`association has been established between the new-AP and
`
`the mobile terminal, the use of the IKE key management
`protocol or other such protocols presents problems during
`the handover.
`
`When any security protocol with a dynamic encryption
`key,
`i.e. a session-dependent dynamic key,
`is applied
`between a mobile terminal and an AP, it is desirable to find
`a mechanism for the transfer of an active security associa-
`tion from one AP to another AP, as the mobile terminal
`moves within the coverage that is provided by the wireless
`radio network or system.
`It
`is in light of this background information that the
`present invention provides a low or short delay method/
`apparatus for the key management and security association
`re-establishment during a WLAN communication handover,
`wherein there is no need to modify the end-to-end security
`
`0014
`
`0014
`
`
`
`US 6,587,680 B1
`
`5
`
`association during handover (e. g. IPsec payload connections
`between the mobile terminal and a server), and wherein the
`handover affects only the security functions between the
`mobile terminal and the new and old APs.
`
`SUMMARY OF THE INVENTION
`
`to the
`This invention relates to radio communications,
`IEEE 802.11 2.4 GHZ WLAN standard, to high performance
`radio local area networks (HIPERLANs), to the ETSI HIP-
`ERLAN type 2 standard, and to IPSEC level security
`association between a wireless terminal and network ele-
`
`ments. The invention finds utility in any IP based wireless
`network, examples of which include ETSI BRAN and IEEE
`802.11. In addition the invention finds utility when a mobile
`terminal moves between two IPSEC router entities where a
`
`wireless terminal communicates with an endpoint that is not
`a wireless access point.
`The present
`invention provides an efficient method/
`apparatus for re-establishing an existing security association
`when a handover event occurs in a radio communications
`
`system such as an IEEE 802.11 or a HIPERLAN. Operation
`of this invention increases handover performance, and mini-
`mizes the delay that is associated with re-negotiating an
`security association between a new AP and a mobile termi-
`nal.
`
`The invention provides an efficient way to maintain an
`established security association between a mobile terminal
`and the wireless communication network when a handover
`
`occurs within the network. An example of the utility of the
`invention is a WLAN having Internet Protocol Security
`(IPsec) based security association between the APs and the
`mobile terminals that are within the WLAN. However, the
`invention also finds utility for maintaining any type of
`dynamic security association, such as HIPERLAN/2 radio
`level security functions.
`In accordance with the invention, authentication of a
`mobile terminal during a handover event is achieved by a
`challenge/response procedure.
`In accordance with this
`challenge/response procedure the newAP sends a challenge
`to the mobile terminal, whereupon the mobile terminal (MT)
`responds by sending a response to the new AP.
`An authentication key for both ends of the communication
`pair that is made up of a mobile terminal and an AP is
`originally generated by a scaleable key management
`protocol, for example Internet Key Exchange (IKE). Secu-
`rity associations are transferred between the various APs that
`are within the wireless communication system in order to
`avoid the need for a new and different key exchange during
`each handover.
`
`The keys and their related information are requested by a
`new AP during a handover process, and the keys and other
`information are transferred from the old AP to the new AP
`
`in one or more handover messages that pass between the old
`AP and the new AP. The exchange of authentication chal-
`lenges and the responses thereto are integrated into handover
`signaling that occurs between the new AP and the mobile
`terminal that is involved in the handover.
`
`In accordance with a feature of the invention, the mes-
`sages are medium access control (MAC) messages.
`It is to be noted that this invention’s feature of providing
`access point authentication is a desirable but an optional
`feature.
`
`While a secure connection is preferred between access
`points, such a feature is not required by the spirit and scope
`of the invention.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6
`These and other features and advantages of the invention
`will be apparent to those of skill in the art upon reference to
`the following detailed description of the invention, which
`description makes reference to the drawing.
`BRIEF DESCRIPTION OF THE DRAWING
`
`FIG. 1 is a showing of a communication system in which
`an embodiment of the present invention is operable.
`FIG. 2 is a showing of a forward handover process in
`accordance with the invention.
`
`FIG. 3 is a showing of a backward handover process in
`accordance with the invention.
`
`FIGS. 4A—4C provide another showing of the forward
`handover process of FIG. 2.
`FIGS. 5A—5C provide another showing of the backward
`handover process of FIG. 3.
`FIG. 6 is a showing of a HIPERLAN/2 forced handover
`in accordance with the invention.
`
`FIG. 7 is a showing of a HIPERLAN/2 forward handover
`in accordance with the invention.
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`
`FIG. 1 is an example of a communication system that
`provides for radio communications with and between a
`plurality of mobile terminals, of which mobile terminal 12
`is an example. In another example, an access point covers
`the radio interface and fixed network bridge, with the access
`points connected to the fixed network, this example not
`requiring the CCU shown in FIG. 1. Communication system
`10 forms a WLAN that provides radio communications with
`a plurality of mobile terminals 12 as set forth in the IEEE
`802.11 standard, as well as, potentially, pursuant to a pro-
`prietary mode of operation, as is described in the above
`mentioned copending patent application. Other communi-
`cation systems are analogous, and operation of the present
`invention is also operable in such other communication
`systems.
`WLAN 10 includes a plurality of spaced-apart APs 14 and
`114 that are individually located at two spaced-apart geo-
`graphic locations. While only two APs 14,114 shown, in
`actual practice a greater number of APs are utilized. APs
`14,114 are sometimes referred to as base stations or remote
`antenna devices (RADs). The term “access point”, “AP”, or
`“ap” shall generally be used herein to identify devices that
`form points of access to the network infrastructure of
`communication system 10. The term “mobile terminal”,
`“MT” or “mt” shall generally be used to identify devices that
`form points of access to access points.
`Each of the APs 14,114 includes radio transceiver cir-
`cuitry 16 that is capable of transceiving radio communica-
`tion signals with mobile terminals 12 when the mobile
`terminals are positioned within communication range of a
`particular AP. Generally, a mobile terminal 12 communi-
`cates with an AP 14,114 when the mobile terminal
`is
`positioned within a geographic area or cell 18,118 that is
`proximate to and defined by a given access point. In FIG. 1,
`cell 18 is associated with access point 14, mobile terminal 12
`resides within cell 18, and cell 118 is associated with access
`point 114. Note that mode selector 34 is included only when
`an implementation of the invention uses proprietary radio
`link level messages, this not being a required implementa-
`tion of the invention.
`
`Access points 14,114 are coupled to a central control unit
`(CCU) 22. CCU 22 is typically a hub or an IP router. CCU
`
`0015
`
`0015
`
`
`
`US 6,587,680 B1
`
`7
`22 provides for connections to an external communication
`network backbone 24. Although not shown, other commu-
`nication devices, such as other communication stations and
`other communication networks are typically coupled to
`communication network backbone 24. In this way, a com-
`munication path can be formed to provide for communica-
`tions between a mobile terminal 12 and communication
`
`to
`stations that are coupled, either directly or indirectly,
`communication network backbone 24. Also, local commu-
`nication between the plurality of mobile terminals 12 is
`permitted. In a communication between pairs of mobile
`terminals 12, the communication path formed therebetween
`includes two separate radio-links.
`APs 14,114 include control elements 28 that perform
`various control functions related to operation of the respec-
`tive APs. In FIG. 1 control elements 28 are each shown to
`
`include a comparator 32, a mode selector 34, and a handover
`availability determiner 36, which control elements are func-
`tional and are implemented in any desired manner, such as,
`for example, algorithms that are executable by processing
`circuitry. In another implementation, the functions that are
`performed by such elements are located elsewhere, such as
`at mobile terminals 12 as indicated by block 28', or at CCU
`22 as indicated by block 28". Thus, the functions performed
`by the control elements can be distributed amongst several
`different devices.
`
`Note that in accordance with the invention, comparator 32
`includes security functions, and blocks 28 include medium
`access control (MAC) functions.
`In the construction and arrangement of FIG. 1, and as
`taught by the above mentioned copending patent
`application, a communication pair that consists of an AP
`14,114 and a mobile terminal 12 are operable pursuant to a
`IEEE 802.11 standard-mode when it is determined that the
`
`communication pair are not both proprietary-mode
`compatible, or they are operable pursuant to the proprietary-
`mode when it is determine that both members of the com-
`
`munication pair are proprietary-mode capable. In order to
`produce this result, a comparator 32 receives identifiers that
`identify the operable-mode of both the mobile terminal and
`the access point that form a communication pair. A mode
`selector 34 then selects the standard-mode of operation or
`the proprietary-mode of opera