METHOD AND SYSTEM FOR DISTRIBUTED, LOCALIZED AUTHENTICATION IN THE FRAMEWORK OF 802.11
First Claim
1. :
- A method for controlling Internet access of a mobile device by using a communication system which includes a number of access points connected to an Internet and to mobile devices, the method comprising the steps of;
a) performing a certificate-based authentication between an access point, operating as an authentication access point, and an authenticating mobile device seeking access to an Internet, wherein the authenticating mobile device is disposed in the coverage area of the authentication access point;
a1) transmitting a certificate from the mobile device over a wireless link to the authentication access point, wherein the transmitted certificate includes at least a mobile device identifier, the public key of the mobile device or user, and a timestamp indicating a lifetime of the certificate;
a2) verifying the certificate by the authentication access point;
a3) determining by the authentication access point, based on a certificate revocation list, whether the authenticating mobile device'"'"'s certificate has been revoked prior to the expiration of the lifetime, wherein at least a portion of the certificate revocation list is stored at least temporarily at the authentication access point; and
a4) granting the authenticating mobile device access to the Internet if the certificate has been verified successfully in the verifying step and not revoked prior to the expiration of the lifetime.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for controlling Internet access of a mobile device by using a communication system having a number of access points includes the steps of performing a certificate-based authentication between an authentication access point and a mobile device seeking access to the Internet; transmitting a certificate from the mobile device to the authentication access point; verifying the certificate by the authentication access point; determining whether the authenticating mobile device'"'"'s certificate has been revoked prior to the expiration of its lifetime; and granting the authenticating mobile device access to the Internet, if the certificate has been verified successfully and not revoked prior to the expiration of its lifetime.
-
Citations
30 Claims
-
1. :
- A method for controlling Internet access of a mobile device by using a communication system which includes a number of access points connected to an Internet and to mobile devices, the method comprising the steps of;
a) performing a certificate-based authentication between an access point, operating as an authentication access point, and an authenticating mobile device seeking access to an Internet, wherein the authenticating mobile device is disposed in the coverage area of the authentication access point; a1) transmitting a certificate from the mobile device over a wireless link to the authentication access point, wherein the transmitted certificate includes at least a mobile device identifier, the public key of the mobile device or user, and a timestamp indicating a lifetime of the certificate; a2) verifying the certificate by the authentication access point; a3) determining by the authentication access point, based on a certificate revocation list, whether the authenticating mobile device'"'"'s certificate has been revoked prior to the expiration of the lifetime, wherein at least a portion of the certificate revocation list is stored at least temporarily at the authentication access point; and a4) granting the authenticating mobile device access to the Internet if the certificate has been verified successfully in the verifying step and not revoked prior to the expiration of the lifetime. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 30)
- A method for controlling Internet access of a mobile device by using a communication system which includes a number of access points connected to an Internet and to mobile devices, the method comprising the steps of;
-
17. :
- A communication system for controlling Internet access of a mobile device, comprising;
at least one mobile device including; a storage medium configured to store a certificate including at least a mobile device identifier and a timestamp indicating a lifetime of the certificate; a transmitting device configured to transmit the certificate via a wireless link; a first certificate-based authentication module; and at least one access point connected to an Internet, the at least one access point including; a second certificate-based authentication module; a verification device; a determining device configured to determine, on the basis of a certificate revocation list, whether the certificate has been revoked prior to the expiration of the lifetime; a storage device configured to store the certificate revocation list or a predetermined segment of the certificate revocation list at least temporarily; and an access granting device configured to grant the mobile device access to the Internet if the mobile device'"'"'s certificate has been verified successfully and the certificate is absent from the certificate revocation list; wherein; the transmitting device is configured to transmit the certificate to the at least one access point; the verification device is configured to verify the certificate received from the at least one mobile device; and the first certificate-based authentication module and the second certificate-based authentication module are configured to control an authentication between the at least one mobile device and the at least one access point. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
wherein the at least one first access point is adapted to forward the updated CRL segment to its friendship access points which are located in the same geographical zone.
- A communication system for controlling Internet access of a mobile device, comprising;
-
28. :
- A wireless access point adapted to perform a certificate-based authentication with a mobile device of the communication system of claim 17.
-
29. :
- A mobile device adapted to perform a certificate-based authentication with an access point of the communication system of claim 17.
Specification