System, apparatus and method for sim-based authentication and encryption in wireless local area network access
First Claim
1. A method in a telecommunication system for allowing a SIM-based authentication to users of a wireless local area network who are subscribers of a public land mobile network, the method comprising the steps of:
- (a) a wireless terminal accessing the wireless local area network through an accessible Access Point;
(b) discovering an Access Controller interposed between the Access Point and the public land mobile network from the wireless terminal;
(c) carrying out a challenge-response authentication procedure between the wireless terminal and the public land mobile network through the Access Controller, the wireless terminal provided with a SIM card and adapted for reading data thereof;
the method characterized in that the challenge-response authentication submissions in step c) take place before having provided IP connectivity to the user, and are carried;
on top of a Point-to-Point layer 2 protocol (PPPOE) between the wireless terminal and the Access Controller; and
on an authentication protocol residing at application layer between the public land mobile network and the Access Controller; and
the method further comprises a step of;
(d) offering IP connectivity to the user at the wireless terminal, by sending an assigned IP address and other network configuration parameters, once said user has been validly authenticated by the public land mobile network.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention refers to a system, apparatus and method for carrying out a SIM-based authentication of a user accessing a WLAN, without having provided yet an IP connectivity, along with a layer-2 encryption mechanism for protecting the path between the Terminal Equipment and the Mobile network. Therefore, the invention provides a method for establishing a PPP-tunnelling for AKA dialogues between the terminal and an Access Controller for accessing the mobile network owning the SIM. The invention also provides an Access Controller (AC) comprising a Point-to-Point over Ethernet (PPPOE) server for tunnelling AKA dialogues from a PPP-client installed in the terminal for the same purpose, and also comprising a Traffic Router and a RADIUS-client. The AC thus including a RADIUS-client is interposed between a RADIUS-proxy accessed from the access points (AP) in the WLAN and the mobile network where SIM-based authentication is carried out.
-
Citations
25 Claims
-
1. A method in a telecommunication system for allowing a SIM-based authentication to users of a wireless local area network who are subscribers of a public land mobile network, the method comprising the steps of:
-
(a) a wireless terminal accessing the wireless local area network through an accessible Access Point;
(b) discovering an Access Controller interposed between the Access Point and the public land mobile network from the wireless terminal;
(c) carrying out a challenge-response authentication procedure between the wireless terminal and the public land mobile network through the Access Controller, the wireless terminal provided with a SIM card and adapted for reading data thereof;
the method characterized in that the challenge-response authentication submissions in step c) take place before having provided IP connectivity to the user, and are carried;
on top of a Point-to-Point layer 2 protocol (PPPOE) between the wireless terminal and the Access Controller; and
on an authentication protocol residing at application layer between the public land mobile network and the Access Controller; and
the method further comprises a step of;
(d) offering IP connectivity to the user at the wireless terminal, by sending an assigned IP address and other network configuration parameters, once said user has been validly authenticated by the public land mobile network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An Access Controller in a telecommunication system that comprises a wireless local area network including at least one Access Point, a public land mobile network, and at least one Terminal Equipment provided with a SIM card and adapted for reading subscriber data thereof, the Access Controller characterized in that it comprises:
-
(a) a Point-to-Point layer 2 protocol (PPPOE) server for communicating with the wireless terminal, and arranged for tunneling the challenge-response authentication procedure; and
(b) an authentication protocol residing at an OSI application layer for communicating with the public land mobile network. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 25)
-
-
24. A wireless terminal comprising functionally for acting as a Point-to-Point layer 2 protocol (PPPoE) client and having an Extensible Authentication Protocol on top of this Point-to-Point layer 2 protocol.
Specification