1. 1 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-11-0022-00-0sec Title: Message Flow Date Submitted: March 1, 2011 Authors or Source(s): Fernando Bernal-Hidalgo, Rafa Marín-López Abstract: Message flows.

2. 2 IEEE 802.21 presentation release statements This document has been prepared to assist the IEEE 802.21 Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.21. The contributor is familiar with IEEE patent policy, as stated in Section 6 of the IEEE-SA Standards Board bylaws and in Understanding Patent Issues During IEEE Standards Development http://standards.ieee.org/board/pat/faq.pdf> Section 6 of the IEEE-SA Standards Board bylawshttp://standards.ieee.org/guides/bylaws/sect6-7.html#6 http://standards.ieee.org/board/pat/faq.pdf

3. Serving PoA Target PoA MIH User MIHF MN MAC PoS MIH User AAA 4. MIH_Auth.request 8. MIH_Auth response MIHF 9. MIH_Auth.confirm Service Authentication Phase 6. MIH_Auth.indication MIH Service AS 12. MIH_Auth request 13. MIH_Auth.indication Key hierarchy is derived 2. MIH_Start_Auth indication 1. MIH_Start_Auth.request 3. MIH_Start_Auth.indication 5. MIH_Auth request 7. MIH_Auth.response 11. MIH_Auth.request 10. Send the EAP message to the AAA client and perform connection with the Service Authentication Server. 15. MIH_Auth response 14. MIH_Auth.response 16. MIH_Auth.confirm …

4. Serving PoA Target PoA MIH User MIHF MN MAC PoS MIH User AAA 1. MIH_Auth.request 5. MIH_Auth response MIHF 6. MIH_Auth.confirm Service Authentication Phase network initiated 3. MIH_Auth.indication MIH Service AS 9. MIH_Auth request 10. MIH_Auth.indication Key hierarchy is derived 2. MIH_Auth request 4. MIH_Auth.response 8. MIH_Auth.request 7. Send the EAP message to the AAA client and perform connection with the Service Authentication Server. 12. MIH_Auth response 11. MIH_Auth.response 13. MIH_Auth.confirm 0. trigger …

5. Serving PoA Target PoA MIH User MIHF MN MAC PoS MIH User AAA 5. MIH_Auth.response MIHF ERP - MN Initiated 7. MIH_Auth.confirm MIH Service AS 6. MIH_Auth response 2. MIH_Auth request 3. MIH_Auth.indication 1. MIH_Auth.request 4. Send the ERP message to the AAA client to perform connection with the Service Authentication Server. Key hierarchy is derived

6. Serving PoA Target PoA MIH User MIHF MN MAC PoS MIH User AAA 1. MIH_Auth.request 5. MIH_Auth response MIHF 6. MIH_Auth.confirm ERP – Network initiated 3. MIH_Auth.indication MIH Service AS 9. MIH_Auth request 10. MIH_Auth.indication Key hierarchy is derived 2. MIH_Auth request 4. MIH_Auth.response 8. MIH_Auth.request 12. MIH_Auth response 0. trigger 7. Send the ERP message to the AAA client to perform connection with the Service Authentication Server. 11. MIH_Auth.response 13. MIH_Auth.confirm

7. Proactive Authentication Serving PoA Target PoA MIH User MIHF MN MAC MIHF MIH User AAA 3. MIH_LL_Auth request 4. MIH_LL_Auth.indication 7. MIH_LL_Auth response Serving PoS 2. MIH_LL_Auth.request 6. MIH_LL_Auth.response 8. MIH_LL_Auth.confirm 5. The L2 frames are sent to the target PoA to proceed the authentication with the Media Specific Authentication Server 12. The corresponding media-specific key is installed in the MAC layer 1. Request link layer frame … 10. MIH_LL_Auth response 9. MIH_LL_Auth.response 11. MIH_LL_Auth.confirm Media Specific AS

8. PUSH Key Distribution Serving PoA Target PoA MIH User MIHF MN MAC MIHF MIH User AAA 2. MIH_Push_Key request 5. MIH_Push_Key.response Serving PoS 3. MIH_Push_Key.indication 1. MIH_Push_Key.request 6. MIH_Push_Key response 4. PoS install the key in the target PoA 7. The corresponding media-specific key is installed in the MAC layer 7. MIH_Push_Key confirm

9. Reactive PULL Key Distribution Serving PoA Target PoA MIH User MIHF MN MAC MIHF MIH User AAA PoS The corresponding media-specific key is installed both in the MAC layer and in the collocated AAA server in the PoS. After this a media-specific authentication is performed.

10. Optimized Proactive PULL Key Distribution Serving PoA Target PoA MIH User MIHF MN MAC MIHF MIH User AAA 3. MIH_LL_Auth request 4. MIH_LL_Auth.indication 7. MIH_LL_Auth response Serving PoS 2. MIH_LL_Auth.request 6. MIH_LL_Auth.response 8. MIH_LL_Auth.confirm 12. The corresponding media-specific key is installed in the MAC layer 1. Request link layer frame 5. A key is installed in the AAA server (collocated in the PoS) and the L2 frames are sent to the target PoA to proceed the authentication with the Authentication server. Using the new identity provided during the negotiation phase, the target PoA can contact with the Authentication server collocated in the PoS. … 10. MIH_LL_Auth response 9. MIH_LL_Auth.response 11. MIH_LL_Auth.confirm

11. Termination Phase Serving PoA Target PoA MIH User MIHF MN MAC PoS MIH User AAA 2. MIH_Termination_Auth request 5. MIH_Termination_Auth response MIHF 3. MIH_Termination_Auth.indication 6. MIH_Termination_Auth.confirm 1. MIH_Termination_Auth.request 4. MIH_Termination_Auth.response