|
1
|
|
|
2
|
- RFC5296 ERP and RFC4187 EAP-AKA both include support for fast
re-authentication.
- AKA has been widely deployed in 3GPP system, while ERP has not be
deployed in the real-life environment.
|
|
3
|
|
|
4
|
|
|
5
|
- 1. How to identify the fast re-authentication?
- For ERP, two new EAP codes (Initiate, Finish) are specified for
re-authentication.
- For EAP-AKA, a special identity (fast re-authentication identity) is
generated to support re-authentication. The identity is one-time
identity. The new identity is delivered during re-authentication
processing.
- O1:The identity is one-time identity, which is delivered within EAP-AKA
exchange each time. It brings one more round trip time.
|
|
6
|
- 2.Where is the re-authentication terminated?
- For ERP, the re-authentication is terminated at local ER server, not
home EAP server.
- For EAP-AKA, the re-authentication is terminated at home EAP server,
not in local domain.
- O2:The total time of EAP-AKA is increased due to the additional round
trip time between local server and home server.
|
|
7
|
- Is it possible/necessary to further reduce latency with optimization of
the EAP-AKA method?
|
|
8
|
|
Notes