An authentication protocol for mobile users

Mobile networks need additional security functions in contrast to traditional fixed-topology static-user networks. In fact, a new problem involving mobility is that users are able to access the network at multiple points which can be separated by significant geographic distances and many different administrative boundaries. As these access points are not necessarily under the control of a single adminstrative authority, a new set of inter-domain mechanisms is needed in order to allow users to perform security operations in visited domains, providing they obtain an agreement from their home domain. Even if this requirement is obvious, the corresponding solutions should however take into account a somewhat contradictory security constraint that calls for strict partitioning of security domains in order to avoid sharing domain-specific security information among several domains. The authors suggest a generic solution for the authentication of users in visited domains that maintains the domain separation property. The advantage of the protocols described herein is they may be adapted to both wireless networks and traditional wireline networks supporting mobility.