There are several levels of security needed for a reasonable implementation of a secure mobile network and therefore, several different classes of cryptographic keys. The key material used for mobile registration will be referred to as the Mobil-IP authentication key. In addition, IPSEC keys, which are the keys associated with a SPI for using either the AH or ESP header need to be negotiated or fixed in advance of mobility. The last might be viewed as ``routing'' keys.
Mobile-IP registration requires that control messages between the home agent and mobile node are authenticated . A general assumption is that the home agent and mobile node have agreed on the information needed for a Mobility Security Association in advance of registration. In this case, a SA, based on the Mobile-IP authentication key, exists between the home agent and mobile node prior to mobile registration. Optionally, messages between the mobile node and the foreign agent or the home agent and the foreign agent may also be authenticated depending in the security policy of these entities.