| 摘要 |
A method of authenticating a visited user access network to a mobile node, where the mobile node wishes to access a service via the visited access network, the method comprising: ```establishing a secure transport channel between the mobile node and a service access node of the visited network, said channel being bound to an identity of the service access node; ```sending an authorisation request from the mobile node to the service access node, incorporating an identity of the service access node into the request at the service access node, and forwarding the request to an authorisation node of the user's home network; ```at said authorisation node of the home network, authorising the service access node, and sending to the service access node a user challenge including the identity of the service access node, said identity being included in such a way that a change to the identity can be detected by a recipient; ```at the serving access node, forwarding the received user challenge to the mobile node; and ```at the mobile node verifying whether or not the identity bound to the secure transport channel matches the identity contained in the received challenge. The method prevents "man-in-the-middle" attacks by fraudulent nodes. |
