Method for authenticated connection setup

US 20060183463A1
Filed: 02/07/2006
Published: 08/17/2006
Est. Priority Date: 02/08/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method for authenticated connection setup between a mobile subscriber and a WLAN radio communication system, comprising:

signing-on as a guest to an access point of the WLAN network via connection that is authenticated on the network side and assigning an individual IP address to the mobile subscriber;

using the individual IP address to access a portal page and authenticating himself/herself to the portal page in a person-related manner;

using a Security Assertion Markup Language to assign person-related authentication data to the mobile subscriber; and

transmitting, in a new connection setup as part of a secure Link Layer connection, the person-related authentication data to an AAA server for final authentication of the mobile subscriber.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a method for the authenticated establishment of a connection between a mobile subscriber and a WLAN radio communication system. The mobile subscriber signs on as a guest to an access point of the WLAN network via an insecure connection or via a secure connection that is only authenticated on the network side and an individual IP address is assigned to the mobile subscriber. Using the individual IP address, the mobile subscriber accesses a portal page and authenticates himself/herself in a person-related manner to the portal page. Person-related authentication data is assigned to the mobile subscriber using a Security Assertion Markup Language. In a new connection setup as part of a secure Link Layer connection, the person-related authentication data is transmitted to an AAA server for final authentication of the mobile subscriber.

21 Citations

View as Search Results

11 Claims

1. A method for authenticated connection setup between a mobile subscriber and a WLAN radio communication system, comprising:
- signing-on as a guest to an access point of the WLAN network via connection that is authenticated on the network side and assigning an individual IP address to the mobile subscriber;
  
  using the individual IP address to access a portal page and authenticating himself/herself to the portal page in a person-related manner;
  
  using a Security Assertion Markup Language to assign person-related authentication data to the mobile subscriber; and
  
  transmitting, in a new connection setup as part of a secure Link Layer connection, the person-related authentication data to an AAA server for final authentication of the mobile subscriber.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as claimed in claim 1, wherein the individual IP address is assigned by an AAA server using the Dynamic Host Configuration Protocol.
  - 3. The method as claimed in claim 1, wherein the mobile subscriber accesses the portal page via a server only connection.
  - 4. The method as claimed in claim 1, wherein the authentication of the mobile subscriber to the portal page is carried out using a secure transmission method.
  - 5. The method as claimed in claim 1, wherein the person-related authentication to the portal page is carried out by specification of a user name related to the person of the mobile subscriber and/or a password, or the person-related authentication to the portal page is carried out based on a certificate.
  - 6. The method as claimed in claim 5, wherein the person-related authentication to the portal page is carried out over a secure connection using the HTTPS protocol.
  - 7. The method as claimed in claim 1, wherein a person-related SAML assertion or a person-related SAML artifact is used as authentication data.
  - 8. The method as claimed in claim 7, wherein, in the authentication using the Security Assertion Markup Language, the portal page is used as the asserting party and the AAA server as the relying party.
  - 9. The method as claimed in claim 1, wherein the person-related authentication data is transmitted to the mobile subscriber over a secure connection using the HTTPS protocol.
  - 10. The method as claimed in claim 2, wherein the Link Layer connection is set up to the AAA server.
  - 11. The method as claimed in claim 1, wherein the authentication via the Link Layer connection is carried out using the EAP protocol, with a home network in which the mobile subscriber is known authenticates the mobile subscriber to the inquiring AAA server of the WLAN network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Siemens AG
Original Assignee
Siemens AG
Inventors
Falk, Rainer, Kroselberg, Dirk

Application Number

US11/348,528
Publication Number

US 20060183463A1
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

G06Q 30/06   Buying, selling or leasing ...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/162   at the data link layer

H04L 67/56   Provisioning of proxy servi...

H04L 67/567   Integrating service provisi...

H04W 12/069   using certificates or pre-s...

H04W 80/00   Wireless network protocols ...

H04W 80/04   Network layer protocols, e....

H04W 84/12   WLAN [Wireless Local Area N...

Method for authenticated connection setup

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Method for authenticated connection setup

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links