Certificate authorization method of separation-mechanism mobile management system

Abstract

The invention relates to a certificate authorization method of a separation-mechanism mobile management system. The method comprises the steps of: firstly, carrying out identity authentication on a moving node accessed into the separation-mechanism mobile management system, after successful authentication, adding routs and establishing a tunnel by all functional entities in the system through mobile signaling interaction, acquiring home network prefix information stored in a server by the mobile node, and acquiring a network service by the mobile node at the moment so as to realize the authorization of the separation mechanism mobile management to the mobile node. The method comprises home domain initial authentication, home domain reauthentication, foreign domain initial authentication, foreign domain reauthentication and authentication to the mobile node. According to the invention, an AGW (Access Gateway), a CGW (Customer GateWay), a DGW (Data Gateway) and an AAA (Authentication, Authorization and Accounting) server are taken as main functional entities, and a series message interaction among the AGW, CGW, DGW and AAA server is used to complete the authentication of the legality of the mobile node so as to guarantee network safety.

Description

technical field [0001] The invention relates to an authentication authorization method of a separation mechanism mobility management system. Background technique [0002] The literature (application number: 201110152731.4) proposes a network model of mobility management under the separation mechanism. This scheme makes full use of the separation mechanism address mapping and the separation of mobile node (Mobile Node, MN) identity and location in Proxy MobileIPv6 (Proxy MobileIPv6, PMIPv6) At the same time, it also solves the problem that the local mobility anchor point of PMIPv6 is not only a control gateway for processing mobility control signaling, but also a data gateway for forwarding MN data, which causes it to become a single fault node in the PMIPv6 network structure. Separation mechanism The mobility management system realizes the separation of identity and location, data forwarding and control signaling, and separation of access network and core network. The acces...

AI Technical Summary

Problems solved by technology

[0010] In the mobility management process of PMIPv6, the LMA is not only the control gateway for processing mobility control signaling, the data gateway for forwarding MN data, but also the client for authorization interaction with HAAA. single failure node

[0011] The authentication interaction between MAG and HAAA in PMIPv6 only considers the intra-domain scenario, and does not consider the cross-domain authentication scenario after the MN cross-domain handover; at the same time, when the MN continuously switches between different access gateways, it needs to perform a complete initial authentication process. Does not consider the use of re-authentication process to reduce signaling interaction and authentication delay

Images