Method of User Access Authorization in Wireless Local Area Network

US 20090158442A1
Filed: 02/19/2009
Published: 06/18/2009
Est. Priority Date: 06/06/2003
Status: Active Grant

First Claim

Patent Images

1. A method of user access control to a wireless telecommunications network, the method comprising:

an access authentication process including authenticating a wireless local area network (WLAN) user terminal upon receiving an access request for accessing a WLAN operational network from said WLAN user terminal; and

an access authorization process comprising;

verifying whether said WLAN user terminal is allowed to access said WLAN operational network, wherein whether said WLAN user terminal is allowed to access is verified according to authorization conditions; and

determining access rules to be applied to said WLAN user terminal at least based on said authorization conditions, wherein said access rules are configured to restrict said access of said WLAN user terminal,wherein said access authorization process occurs after a successful access authentication process and before service authorization is performed.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention discloses a method of user access authorization in wireless local area networks. The method comprises: when a Wireless Local Area Network (WLAN) user terminal is accessing a WLAN operational network, the WLAN operational network, while authenticating this WLAN user terminal, judging whether to allow this WLAN user terminal to access according to authorization conditions having an impact on the access of this WLAN user terminal, if yes, the WLAN operational network will determine the access rules of this WLAN user terminal according to the said authorization conditions; otherwise, the WLAN operational network will notify the WLAN user terminal about the failure. Different users can be controlled to access the network according to different authorization conditions, and be restricted by different access rules after getting accessed. Thus, the access control capability of a wireless local area network is enhanced and the working efficiency of the network is improved.

Citations

22 Claims

1. A method of user access control to a wireless telecommunications network, the method comprising:
- an access authentication process including authenticating a wireless local area network (WLAN) user terminal upon receiving an access request for accessing a WLAN operational network from said WLAN user terminal; and
  
  an access authorization process comprising;
  
  verifying whether said WLAN user terminal is allowed to access said WLAN operational network, wherein whether said WLAN user terminal is allowed to access is verified according to authorization conditions; and
  
  determining access rules to be applied to said WLAN user terminal at least based on said authorization conditions, wherein said access rules are configured to restrict said access of said WLAN user terminal,wherein said access authorization process occurs after a successful access authentication process and before service authorization is performed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method according to claim 1, wherein the authorization conditions comprise one or more of the following:
    - a user'"'"'s account information, a user'"'"'s subscriber information, managing rules of operators, and operational rules of operators.
  - 3. A method according to claim 1, wherein the access rules include one or more of the following:
    - access scope limitation, access time limitation, and access path.
  - 4. A method according to claim 1, wherein the access rules are determined by an authentication, authorization and accounting (AAA) server in the WLAN operational network.
  - 5. A method according to claim 4, wherein the determined access rules are implemented by one or more of the following network entities:
    - the AAA server, a WLAN access gateway (WAG), a service authorization unit, the WLAN user terminal, an Access Point (AP), and an access controller (AC).
  - 6. A method according to claim 1, wherein the access rules are implemented by using one or more of the following methods:
    - an IP allocation scheme, a Virtual Local Area Network (VLAN) allocation, and filtering.
  - 7. A method according to claim 1, further comprising:
    - notifying the WLAN user terminal of the success of the access authentication and the access authorization in one message.
  - 8. A method according to claim 7, further comprising:
    - notifying the user terminal the determined access rules using said message.
  - 9. A method according to claim 1, wherein the WLAN operational network comprises one of:
    - a 3GPP-WLAN inter-working network, and a 3GPP2-WLAN inter-working network.

10. A system for user access control, the system comprising:
- a wireless local area network (WLAN) user terminal; and
  
  an authentication, authorization and accounting (AAA) server included in a WLAN operational network and in communication with the WLAN user terminal, the AAA server configured to perform an access authentication process including authenticating eligibility of the WLAN user terminal upon receiving an access request for accessing a WLAN operational network from the WLAN user terminal, to perform an access authorization after the access authentication process is successful and before service authorization, wherein the access authorization includes;
  
  verifying whether the WLAN user terminal is allowed to access said WLAN operational network according to authorization conditions, and determining access rules to be applied to the WLAN user terminal at least based on said authorization conditions, wherein the determined access rules include an access limitation policy configured to restrict the access of said WLAN user terminal.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. A network system of claim 10, wherein the AAA server is further configured to notify the WLAN user terminal of the success of the access authentication and the access authorization using a single message.
  - 12. A network system of claim 11, wherein the AAA server is further configured to inform the WLAN user terminal of the determined access rules using the single message.
  - 13. A network system of claim 10, wherein the AAA server is further configured to notify a network entity, capable of implementing the access rules, of the determined access rules in order to restrict the access of the WLAN user terminal in accordance with the access rules.
  - 14. A network system of claim 13, wherein the network entity capable of implementing the access rules comprises one or more of the following:
    - a WLAN access gateway (WAG), a service authorization unit, an Access Point (AP), and an access controller (AC).
  - 15. A network system of claim 10, wherein the VWLAN operational network comprises one of:
    - a 3GPP-WLAN inter-working network, and a 3GPP2-WLAN inter-working network.

16. A wireless telecommunications network comprising:
- an access authentication module configured to authenticate a wireless local area network (WLAN) user terminal requesting access to the network, in response to receiving an access request for accessing the network from the user terminal; and
  
  an access authorization module configured to process an access authorization of the WLAN user terminal after the access authentication module successfully authenticates the WLAN user terminal and before service authorization is performed,wherein the access authorization process comprises verifying whether the WLAN user terminal is allowed to access the network according to authorization conditions and determining access rules to be applied to said WLAN user terminal based on said authorization conditions, andwherein the access rules are configured to allow the network to restrict the access of said user terminal.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The wireless telecommunications network of claim 16, wherein the access authentication module and the access authorization module are included in an authentication, authorization and accounting (AAA) server.
  - 18. A wireless telecommunications network according to claim 17, wherein the access rules to be applied to the WLAN user terminal are determined by the AAA server.
  - 19. A wireless telecommunications network according to claim 18, wherein the AAA server is configured to inform said WLAN user terminal of success of the access authentication and access authorization in a single message.
  - 20. A wireless telecommunications network according to claim 19, wherein the AAA server is further configured to notify said WLAN user terminal of the determined access rules.
  - 21. A wireless telecommunications network according to claim 16, wherein the determined access rules are implemented in one or more of the following:
    - a WLAN access gateway (WAG), a service authorization unit, an Access Point (AP), and an access controller (AC) within the network.
  - 22. A wireless telecommunications network according to claim 16, wherein the wireless telecommunication network comprises one of:
    - a 3GPP-WLAN inter-working network, and a 3GPP2-WLAN inter-working network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Zhang, Wenlin

Granted Patent

US 8,077,688 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/28
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/0892   by using authentication-aut...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04W 12/069   using certificates or pre-s...

H04W 12/08   Access security

H04W 84/12   WLAN [Wireless Local Area N...

Method of User Access Authorization in Wireless Local Area Network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method of User Access Authorization in Wireless Local Area Network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links