Method and apparatus for authentication in a wireless telecommunications system
First Claim
1. A method for relaying data packets of a wireless terminal device in a communication network, the network comprising;
- an access point for setting up a communication connection to the terminal device, an access controller for relaying authentication information between the terminal device and an authentication server, an authentication server for providing an authenticating service for the terminal device to authenticate to the network, the terminal device being configured to use one of the following authentication methods in order to authenticate itself to the network;
a first authentication method wherein the access point relays authentication information between the terminal device and the authentication server, a second authentication method wherein the access controller relays authentication information between the terminal device and the authentication server, the method comprising establishing a communication connection between the terminal device and the access point, characterized by the method further comprising the steps of identifying at the access point a parameter relating to the step of establishing the communication connection, classifying the terminal device on the basis of the identified parameter and directing data packets of terminal devices of different classes to separate logical channels.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and device for routing data packets of a wireless terminal device in a communication network. When Open system Authentication is used, the system operates similarly as the current Nokia Operator Wireless LAN system, in which the terminal device and the access controller are the parties involved in the authentication. The access controller relays information relating to the authentication between the terminal device and an authenticating server, and it is capable of updating independently the list of users it maintains. When authentication according IEEE 802.1X authentication, the access point operates according to the IEEE 802.1X standard, serving as the authenticating party and relaying information relating to the authentication between the terminal device and the authentication server. In addition, the list maintained by the access controller is updated after a successful authentication, for example by the access point or the authenticating server.
189 Citations
33 Claims
-
1. A method for relaying data packets of a wireless terminal device in a communication network, the network comprising;
-
an access point for setting up a communication connection to the terminal device, an access controller for relaying authentication information between the terminal device and an authentication server, an authentication server for providing an authenticating service for the terminal device to authenticate to the network, the terminal device being configured to use one of the following authentication methods in order to authenticate itself to the network;
a first authentication method wherein the access point relays authentication information between the terminal device and the authentication server, a second authentication method wherein the access controller relays authentication information between the terminal device and the authentication server,the method comprising establishing a communication connection between the terminal device and the access point, characterized by the method further comprising the steps of identifying at the access point a parameter relating to the step of establishing the communication connection, classifying the terminal device on the basis of the identified parameter and directing data packets of terminal devices of different classes to separate logical channels. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An access point (700) for setting up a communication connection to a terminal device in a network, said network comprising:
-
an access controller for relaying authentication information between the terminal device and an authentication server, an authentication server for providing an authenticating service for the terminal device to authenticate to the network, said access point comprising establishing means (701-703, 705) for establishing a communication connection between the terminal device and the access point, characterized in that the access point is configured to accept the terminal device to use one of the following authentication methods in order to authenticate itself to the network;
a first authentication method wherein the access point is configured to relay authentication information between the terminal device and the authentication server, a second authentication method wherein the access point is configured to relay authentication information between the terminal device and an authentication agent, whereby the access point further comprisesidentifying means (707) for identifying a parameter relating to the establishment of the communication connection, classifying means (704) for classifying the terminal device on the basis of the identified parameter and directing means (701-703, 705, 706) for directing data packets of terminal devices of different classes to separate logical channels. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method for access control of a wireless terminal device in a communication network, the network comprising
an access point for setting up a communication connection to the terminal device, an authentication agent for relaying authentication information between the terminal device and an authentication server, a logical access controller functionality for relaying data packets of the authenticated terminal device and blocking data packets of unauthenticated terminal devices, the logical access controller functionality further comprising a list of authenticated terminal devices, an authenticating server for providing an authenticating service for the terminal device to authenticate to the network, the terminal device being configured to use either of the following authentication methods in order to authenticate itself to the network: - a first authentication method wherein the access point relays authentication information between the terminal device and the authentication server, a second authentication method wherein the authentication agent relays authentication information between the terminal device and the authentication server, characterized by the method comprising the steps of
identifying at the access point whether the terminal device is using the first or the second authentication method, whereby if the terminal device authenticates by using the first authentication method, performing the steps of;
the access point relaying authentication information between the terminal device and the authentication server, the access point sending the identifier data of the terminal device, in response to successful authentication, to the list of the access controller functionality, the access controller functionality adding the identifier data of the authenticated terminal device to the list and relaying data packets of the terminal device included on the list and if the terminal device authenticates by using the second authentication method, performing the steps of;
the access point relaying authentication information between the terminal device and the authenticating agent, the authentication agent relaying authentication information between the terminal device and the authentication server, the authentication agent sending the identifier data of the terminal device, in response to successful authentication, to the list of the access controller functionality, and the access controller functionality adding the identifier data of the authenticated terminal device to the list and relaying data packets of the terminal device included on the list. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- a first authentication method wherein the access point relays authentication information between the terminal device and the authentication server, a second authentication method wherein the authentication agent relays authentication information between the terminal device and the authentication server, characterized by the method comprising the steps of
-
28. An access point (200) for setting up a communication connection to a terminal device in a network, said network comprising
an authentication agent for relaying authentication information between the terminal device and an authentication server, a logical access controller functionality for relaying data packets of authenticated terminal devices included on a list and blocking data packets of unauthenticated terminal devices, an authenticating server for providing an authenticating service for the terminal device to authenticate to the network, characterized in that the access point is configured to accept the terminal device to use one of the following authentication methods in order to authenticate itself to the network: - a first authentication method wherein the access point is configured to relay authentication information between the terminal device and the authentication server, a second authentication method wherein the access point is configured to relay authentication information between the terminal device and an authentication agent, whereby the access point comprises
identifying means (207) for identifying whether the terminal device is using the first or the second authentication method, first relaying means (201, 205, 206) for relaying authentication information between the terminal device and the authentication server if the terminal device was identified to be using the first authentication method, first sending means (201, 205) for sending identifier data of the terminal device, in response to successful authentication of the terminal device according to the first authentication method, to the list of the access controller functionality, second relaying (201, 205, 206) means for relaying authentication information between the terminal device and the authentication agent if the terminal device was identified to be using the second authentication method and second sending means (201, 205) for sending identifier data of the terminal device, in response to successful authentication of the terminal device according to the second authentication method, to the list of the access controller functionality. - View Dependent Claims (29, 30, 31, 32)
- a first authentication method wherein the access point is configured to relay authentication information between the terminal device and the authentication server, a second authentication method wherein the access point is configured to relay authentication information between the terminal device and an authentication agent, whereby the access point comprises
-
33. A system for access control of a wireless terminal device (303, 304) in a communication network, the network comprising:
-
an access point (501) for setting up a communication connection to the terminal device, an authentication agent (504) for relaying authentication information between the terminal device (303) and an authentication server (505), a logical access controller functionality (502) for relaying data packets of the authenticated terminal device and blocking data packets of unauthenticated terminal devices, the logical access controller functionality further comprising a list (503) of authenticated terminal devices, an authenticating server (505) for providing an authenticating service for the terminal device (303, 404) to authenticate to the network, the terminal device (303, 304) being configured to use one of the following authentication methods in order to authenticate itself to the network;
a first authentication method wherein the access point (501) relays authentication information between the terminal device (404) and the authentication server (505), a second authentication method wherein the authentication agent (504) relays authentication information between the terminal device (303) and the authentication server (505), characterized in that the system comprises;
identifying means for identifying at the access point (501) whether the terminal device (303, 404) is using the first or the second authentication method, first relaying means for relaying at the access point (501) the authentication information of the first authentication method between the terminal device (404) and the authentication server (505), second relaying means for relaying information between the terminal device (303) and the authentication agent (504), third relaying means at the authentication agent (504) for relaying authentication information of the second authentication method between the access point (501) and the authentication server (505), first sending means for sending from the access point (501) identifier data of the terminal device (404), in response to successful authentication of the terminal device according to the first authentication method, to the list (503) of the access controller functionality (502), second sending means for sending from the authentication agent (504) the identifier data of the terminal device (303), in response to successful authentication of the terminal device according to the second authentication method, to the list (503) of the access controller functionality (502) and relaying means at the access controller functionality (502) for relaying data packets of the terminal device (303, 404) included on the list.
-
Specification