System, apparatus and method for sim-based authentication and encryption in wireless local area network access

US 20060052085A1
Filed: 05/01/2002
Published: 03/09/2006
Est. Priority Date: 05/01/2002
Status: Active Grant

First Claim

Patent Images

1. A method in a telecommunication system for allowing a SIM-based authentication to users of a wireless local area network who are subscribers of a public land mobile network, the method comprising the steps of:

(a) a wireless terminal accessing the wireless local area network through an accessible Access Point;

(b) discovering an Access Controller interposed between the Access Point and the public land mobile network from the wireless terminal;

(c) carrying out a challenge-response authentication procedure between the wireless terminal and the public land mobile network through the Access Controller, the wireless terminal provided with a SIM card and adapted for reading data thereof;

the method characterized in that the challenge-response authentication submissions in step c) take place before having provided IP connectivity to the user, and are carried;

on top of a Point-to-Point layer 2 protocol (PPPOE) between the wireless terminal and the Access Controller; and

on an authentication protocol residing at application layer between the public land mobile network and the Access Controller; and

the method further comprises a step of;

(d) offering IP connectivity to the user at the wireless terminal, by sending an assigned IP address and other network configuration parameters, once said user has been validly authenticated by the public land mobile network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention refers to a system, apparatus and method for carrying out a SIM-based authentication of a user accessing a WLAN, without having provided yet an IP connectivity, along with a layer-2 encryption mechanism for protecting the path between the Terminal Equipment and the Mobile network. Therefore, the invention provides a method for establishing a PPP-tunnelling for AKA dialogues between the terminal and an Access Controller for accessing the mobile network owning the SIM. The invention also provides an Access Controller (AC) comprising a Point-to-Point over Ethernet (PPPOE) server for tunnelling AKA dialogues from a PPP-client installed in the terminal for the same purpose, and also comprising a Traffic Router and a RADIUS-client. The AC thus including a RADIUS-client is interposed between a RADIUS-proxy accessed from the access points (AP) in the WLAN and the mobile network where SIM-based authentication is carried out.

Citations

25 Claims

1. A method in a telecommunication system for allowing a SIM-based authentication to users of a wireless local area network who are subscribers of a public land mobile network, the method comprising the steps of:
- (a) a wireless terminal accessing the wireless local area network through an accessible Access Point;
  
  (b) discovering an Access Controller interposed between the Access Point and the public land mobile network from the wireless terminal;
  
  (c) carrying out a challenge-response authentication procedure between the wireless terminal and the public land mobile network through the Access Controller, the wireless terminal provided with a SIM card and adapted for reading data thereof;
  
  the method characterized in that the challenge-response authentication submissions in step c) take place before having provided IP connectivity to the user, and are carried;
  
  on top of a Point-to-Point layer 2 protocol (PPPOE) between the wireless terminal and the Access Controller; and
  
  on an authentication protocol residing at application layer between the public land mobile network and the Access Controller; and
  
  the method further comprises a step of;
  
  (d) offering IP connectivity to the user at the wireless terminal, by sending an assigned IP address and other network configuration parameters, once said user has been validly authenticated by the public land mobile network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method in claim 1, wherein the step b) of discovering an Access Controller includes a step of establishing a Point-to-Point Protocol session between a Point-to-Point over Ethernet (PPoE) Protocol client in the wireless terminal and a Point-to-Point over Ethernet (PPoE) Protocol server in the Access Controller.
  - 3. The method in claim 1, wherein the step c) of carrying out the challenge-response authentication procedure include the steps of:
    - (c1) sending a user identifier from the wireless terminal to the public land mobile network through the Access Controller;
      
      (c2) receiving an authentication challenge at the wireless terminal from the public land mobile network via the Access Controller;
      
      (c3) deriving encryption key and authentication response at the wireless terminal from the received challenge;
      
      (c4) sending the authentication response from the wireless terminal to the public land mobile network through the Access Controller;
      
      (c5) receiving at the Access Controller an encryption key from the public land mobile network; and
      
      (c6) extracting the encryption key received for further encryption of communication path with the wireless terminal.
  - 4. The method in claim 2, further comprising the step of shifting authentication information received on top of a Point-to-Point layer 2 protocol upwards to an authentication protocol residing at application layer for submissions toward the public land mobile network.
  - 5. The method in claim 4, further comprising the step of shifting authentication information received on an authentication protocol residing at application layer downwards on top of a Point-to-Point layer 2 protocol for submissions toward the wireless terminal.
  - 6. The method in claim 3, further comprising the step of establishing at the wireless terminal a symmetric encryption path by using the previously derived encryption keys at the Access Controller and wireless terminal.
  - 7. The method in claim 1, wherein the step d) of sending an IP address includes a previous step of requesting such IP address from a Dynamic Host Configuration Protocol server.
  - 8. The method in claim 1, wherein the communication between the Access Controller and the public land mobile network goes through an Authentication Gateway of said public land mobile network.
  - 9. The method in claim 1, wherein the communication between the Access Controller and the Authentication Gateway of a public land mobile network goes through an Authentication Server of the wireless local area network in charge of authenticating local users of said wireless local area network who are not mobile subscribers.
  - 10. The method of claim 1, wherein the user identifier in step c1) comprises a Network Access Identifier.
  - 11. The method in claim 1, wherein the user identifier in step c1) comprises an International Mobile Subscriber Identity.
  - 12. The method in claim 1, wherein the authentication protocol residing at application layer in step c) is an Extensible Authentication Protocol.
  - 13. The method in claim 12, wherein this Extensible Authentication Protocol is transported over a RADIUS protocol.
  - 14. The method in claim 12, wherein this Extensible Authentication Protocol is transported over a Diameter protocol.

15. An Access Controller in a telecommunication system that comprises a wireless local area network including at least one Access Point, a public land mobile network, and at least one Terminal Equipment provided with a SIM card and adapted for reading subscriber data thereof, the Access Controller characterized in that it comprises:
- (a) a Point-to-Point layer 2 protocol (PPPOE) server for communicating with the wireless terminal, and arranged for tunneling the challenge-response authentication procedure; and
  
  (b) an authentication protocol residing at an OSI application layer for communicating with the public land mobile network.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 25)
- - 16. The Access Controller in claim 15 further comprising:
    - (a) means for shifting the information received on top of the Point-to-Point layer 2 protocol upwards to the authentication protocol residing at application layer; and
      
      (b) means for shifting the information received on the authentication protocol residing at application layer downwards on top of the Point-to-Point layer 2 protocol (PPPoE).
  - 17. The Access Controller in claim 16 further comprising means for requesting an IP address from a Dynamic Host Configuration Protocol server, after a user has been successfully authenticated by his public land mobile network.
  - 18. An Access Controller according to claim 17 adapted for communicating with a wireless terminal via an Access Point.
  - 19. An Access Controller according to claim 17 adapted for communicating with a public land mobile network via an Authentication Gateway.
  - 20. An Access Controller according to claim 17 adapted for communicating with an Authentication Gateway via an Authentication Server responsible for authenticating local users of a wireless local area network.
  - 21. An Access Controller according to claim 15, wherein the authentication protocol residing at application layer is an Extensible Authentication Protocol.
  - 22. The Access Controller in claim 21, wherein this Extensible Authentication Protocol is transported over a RADIUS protocol.
  - 23. The Access Controller in claim 21, wherein this Extensible Authentication Protocol is transported over a Diameter protocol.
  - 25. A telecommunication system comprising a wireless local area network that includes at least one Access Point, a public land mobile network, and at least one Terminal Equipment provided with a SIM card and adapted for reading subscriber data thereof, characterized in that it further comprises the Access Controller in claim 15 for allowing SIM-based subscriber authentication to users of the wireless local area network who are subscribers of the public land mobile network.

24. A wireless terminal comprising functionally for acting as a Point-to-Point layer 2 protocol (PPPoE) client and having an Extensible Authentication Protocol on top of this Point-to-Point layer 2 protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Monjas Llorente, Miguel Angle, Gregrio Rodriguez, Jesus Angel

Granted Patent

US 7,936,710 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

H04L 12/2859   Point-to-point connection b...

H04L 63/0272   Virtual private networks

H04L 63/0435   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0853   using an additional device,...

H04L 63/162   at the data link layer

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

H04W 76/10   Connection setup

H04W 8/005   Discovery of network device...

H04W 8/26   Network addressing or numbe...

H04W 80/00   Wireless network protocols ...

H04W 84/12   WLAN [Wireless Local Area N...

H04W 88/02   Terminal devices

System, apparatus and method for sim-based authentication and encryption in wireless local area network access

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

System, apparatus and method for sim-based authentication and encryption in wireless local area network access

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links