Method of user access authorization in wireless local area network

US 7,519,036 B2
Filed: 10/27/2005
Issued: 04/14/2009
Est. Priority Date: 06/06/2003
Status: Active Grant

First Claim

Patent Images

1. A method of user access authorization in a wireless local area network, comprising:

when a Wireless Local Area Network (WLAN) user terminal is accessing a WLAN operational network,an authentication procedure including authenticating the WLAN user terminal;

an authorization procedure to access the WLAN operational network before a service authorization including;

verifying whether to allow the WLAN user terminal to access the WLAN operational network according to authorization conditions, anddetermining access rules of the WLAN user terminal according to the authorization conditions if the WLAN user terminal is allowed to access the WLAN operational network, wherein the access rules including a limitation rule on the access of the WLAN user terminal to the WLAN operational network, wherein the service authorization determines whether the WLAN terminal user has access to a service;

implementing restriction on the access to the WLAN operational network of the WLAN user terminal according to the access rules;

sending the determined access rules to one or more than one related entity implementing the access rules so as to implement the restriction on the access of the WLAN user terminal;

after the WLAN user terminal sends an access request to the WLAN operational network, the WLAN operational network first performing the legality authentication of the currently accessing WLAN user terminal, if the WLAN user terminal passes the legality authentication, judging whether the WLAN user terminal is allowed to access according to the authorization conditions; and

otherwise, sending the information of the access failure to the WLAN user terminal.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention discloses a method of user access authorization in wireless local area networks. The method comprises: when a Wireless Local Area Network (WLAN) user terminal is accessing a WLAN operational network, the WLAN operational network, while authenticating this WLAN user terminal, judging whether to allow this WLAN user terminal to access according to authorization conditions having an impact on the access of this WLAN user terminal, if yes, the WLAN operational network will determine the access rules of this WLAN user terminal according to the said authorization conditions; otherwise, the WLAN operational network will notify the WLAN user terminal about the failure. By adopting the method of the present invention, different users can be controlled to access the network according to different authorization conditions, and be restricted by different access rules after getting accessed. As a result, the access control capability of a wireless local area network is enhanced and the working efficiency of the network is improved.

Citations

24 Claims

1. A method of user access authorization in a wireless local area network, comprising:
- when a Wireless Local Area Network (WLAN) user terminal is accessing a WLAN operational network,an authentication procedure including authenticating the WLAN user terminal;
  
  an authorization procedure to access the WLAN operational network before a service authorization including;
  
  verifying whether to allow the WLAN user terminal to access the WLAN operational network according to authorization conditions, anddetermining access rules of the WLAN user terminal according to the authorization conditions if the WLAN user terminal is allowed to access the WLAN operational network, wherein the access rules including a limitation rule on the access of the WLAN user terminal to the WLAN operational network, wherein the service authorization determines whether the WLAN terminal user has access to a service;
  
  implementing restriction on the access to the WLAN operational network of the WLAN user terminal according to the access rules;
  
  sending the determined access rules to one or more than one related entity implementing the access rules so as to implement the restriction on the access of the WLAN user terminal;
  
  after the WLAN user terminal sends an access request to the WLAN operational network, the WLAN operational network first performing the legality authentication of the currently accessing WLAN user terminal, if the WLAN user terminal passes the legality authentication, judging whether the WLAN user terminal is allowed to access according to the authorization conditions; and
  
  otherwise, sending the information of the access failure to the WLAN user terminal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method according to claim 1, further comprising:
    - after the WLAN user terminal sends an access request to the WLAN operational network, the WLAN operational network first performing the legality authentication of the currently accessing WLAN user terminal, if the WLAN user terminal passes the authentication, judging whether the WLAN user terminal is allowed to access according to the authorization conditions;
      
      otherwise, sending the information of access failure to the WLAN user terminal.
  - 3. A method according to claim 1, wherein the said authorization conditions comprises:
    - conditions of user account user subscription information, operational rules, or any combination of the former.
  - 4. A method according to claim 3, wherein the said user subscription information comprises a designation list of user accessible network services.
  - 5. A method according to claim 1, wherein determining the said access rules are implemented by the Authentication Authorization and Accounting (AAA) server of the WLAN operational network.
  - 6. A method according to claim 1, wherein the access rules include access scope limitation, access paths limitation, and/or time limitation.
  - 7. A method according to claim 1, wherein the said access rule is determined as null.
  - 8. A method according to claim 1, wherein the said related entity implementing access rules comprises AAA, WLAN Access gateway (WAG), Access Controller (AC), Access Point (AP), or a WLAN user terminal.
  - 9. A method according to claim 8, further comprising:
    - after the access rules are determined, the network sending to the WLAN user terminal at the same time the information about the success of access authentication and authorization of the current WLAN user terminal as well as the access rules that the WLAN user terminal needs to be informed of.
  - 10. A method according to claim 1, wherein the said WLAN operational network is a 3rd Generation Partnership Project Wireless Local Area Network (3GPP-WLAN) interworking network or a 3rd Generation Partnership Project 2Wireless Local Area Network (3GPP2-WLAN) interworking network.

11. A method for controlling an access of a subscriber in a wireless local area network, comprising:
- receiving a request for accessing a wireless local area network(WLAN) operational network from a user terminal;
  
  an access authentication procedure in response to the access request, the access authentication procedure comprising authenticating the subscriber of the user terminal; and
  
  an access authorization procedure to the WLAN operational network upon the success of the access authentication and before a service authorization, the access authorization procedure comprising;
  
  checking whether the subscriber is allowed to access based on an access authorization condition of the user terminal;
  
  determining access rules being applied to the subscriber based on the access authorization condition so as to control the access of the user terminal, wherein the access rules include restrictions regarding the access of the subscriber to the WLAN operational network, wherein the service authorization determines whether the WLAN terminal user has access to a service;
  
  implementing restriction on the access of the user terminal according to the access rules;
  
  sending the determined access rules to one or more than one related entity implementing the access rules so as to implement the restriction on the access of the WLAN user terminal;
  
  after the WLAN user terminal sends an access request to the WLAN operational network, the WLAN operational network first performing the legality authentication of the currently accessing WLAN user terminal, if the WLAN user terminal passes the legality authentication, judging whether the WLAN user terminal is allowed to access according to the authorization conditions; and
  
  otherwise, sending the information of the access failure to the WLAN user terminal.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. A method of claim 11, wherein the access authorization condition comprises the subscriber'"'"'s subscription information, the subscriber'"'"'s account information, or operation and manage rules.
  - 13. A method of claim 11 further comprising:
    - deploying the decided access rules in one or more network entity so as to implement the restriction on the access of the subscriber, wherein the network entity comprising a AAA server in the network, a WLAN access gateway (WAG), a access controller (AC), access point (AP) or the subscriber'"'"'s terminal.
  - 14. A method of claim 11, wherein the access rules include one or more of access scope limitation, access time limitation, and access path.
  - 15. A method of claim 11 further comprising implementing the decided rules by using a scheme selected from a group consisting of IP allocation scheme, virtual local area network (VLAN) allocation, and filtering.
  - 16. A method of claim 11 further comprising a service authorization process after the access authorization procedure.

17. A system in a wireless local area network (WLAN) operational network comprising:
- an access authentication and authorization device capable of communicating with a user terminal and configured to implement a method comprising;
  
  when a subscriber of the user terminal is accessing the WLAN operational network,an access authentication procedure for authenticating the subscriber; and
  
  an access authorization procedure before a service authorization comprising;
  
  verifying whether the subscriber is allowed to access the WLAN operational network according to an access authorization condition of the subscriber,deciding an access policy being applied to the user terminal according to the access authorization condition if the subscriber is allowed to access the WLAN operational network; and
  
  implementing restriction on the access to the WLAN operational network of the user terminal according to the access policy,wherein the access policy includes limitation on the access of the subscriber to the WLAN operational network,wherein the access authorization procedure occurs after the success of the access authentication procedure, andwherein the service authorization determines whether the WLAN terminal user has access to a service;
  
  sending the determined access rules to one or more than one related entity implementing the access rules so as to implement the restriction on the access of the WLAN user terminal;
  
  after the WLAN user terminal sends an access request to the WLAN operational network, the WLAN operational network first performing the legality authentication of the currently accessing WLAN user terminal, if the WLAN user terminal passes the legality authentication, judging whether the WLAN user terminal is allowed to access according to the authorization conditions; and
  
  otherwise, sending the information of the access failure to the WLAN user terminal.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. A system of claim 17, wherein the access authentication and authorization device is further configured to notify at least one of an access authentication result and an access authorization result to the subscriber.
  - 19. A system of claim 17, wherein the access authentication and authorization device is further configured to send the access policy to at least one of an AAA server, a WLAG access gateway (WAG), a service authorization unit, the user terminal and a WLAN access network which is capable of implementing the access policy to implement the limitation on the access according to the access policy.
  - 20. A system of claim 17, wherein the access authentication and authorization device is an authentication, authorization, and accounting (AAA) server in the WLAN operational network.
  - 21. A system of claim 20, wherein the AAA server is coupled with a WLAN access network (WLAN AN) through which the WLAN directly communicates with at least one of a local intranet network and an internet associated with hot spots so as to provide at least one of a local intranet service and an internet service for the user terminal in the hot spots.
  - 22. A system of claim 21, wherein the AAA sever is coupled with a WLAN Access Gateway (WAG) in the WLAN connecting with the WLAN AN and a 3GPP operational network, and the WLAN communicates with the 3GPP network so as to provide a 3GPP-specific service for the subscriber through the WLAN AN and in turn the WAG.

23. A system comprising:
- a subscriber terminal communicable with a wireless local area network (WLAN) operational network and configured tosend a request to the WLAN operational network for accessing the WLAN operational network,wherein the WLAN operational network is configured to perform an access authentication procedure and an access authorization procedure before a service authorization for a subscriber of the subscriber terminal upon receiving the request, andwherein the access authorization procedure includes;
  
  checking whether the subscriber is allowed to access the WLAN operational network according to an access authorization condition of the subscriber;
  
  deciding access rules applied to the subscriber based on the access authorization condition, wherein the subscriber terminal is further configured to receive a response from the WLAN, and the response includes at least one of an access authentication result and an access authorization result;
  
  implement restriction on the access of the subscriber terminal according to the access rules, wherein the service authorization determines whether the WLAN terminal user has access to a service;
  
  implement restriction on the access of the user terminal according to the access rules;
  
  send the determined access rules to one or more than one related entity implementing the access rules so as to implement the restriction on the access of the WLAN user terminal;
  
  after the WLAN user terminal sends an access request to the WLAN operational network, the WLAN operational network first performing the legality authentication of the currently accessing WLAN user terminal, if the WLAN user terminal passes the legality authentication, judge whether the WLAN user terminal is allowed to access according to the authorization conditions; and
  
  otherwise, send the information of the access failure to the WLAN user terminal.
- View Dependent Claims (24)
- - 24. A system of claim 23, wherein the subscriber terminal is further configured to receive the access rules from the WLAN.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Zhang, Wenlin
Primary Examiner(s)
Ngo; Ricky
Assistant Examiner(s)
Yuen; Kan

Application Number

US11/260,865
Publication Number

US 20060109826A1
Time in Patent Office

1,265 Days
Field of Search

370/338, 370/395.2, 370/395.21, 370/395.42, 713/155, 713/168, 726 1- 7, 726 27- 30
US Class Current

370/338
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/0892   by using authentication-aut...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04W 12/069   using certificates or pre-s...

H04W 12/08   Access security

H04W 84/12   WLAN [Wireless Local Area N...

Method of user access authorization in wireless local area network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method of user access authorization in wireless local area network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links