Authentication system and authentication method for performing authentication of wireless terminal

US 7,945,245 B2
Filed: 08/21/2007
Issued: 05/17/2011
Est. Priority Date: 08/22/2006
Status: Active Grant

First Claim

Patent Images

1. An authentication system for performing authentication of a wireless terminal that issues an authentication request to an authentication server connected to a communication network through a wireless base station for access to the communication network, whereinthe wireless base station comprises:

authentication information acquisition means for acquiring authentication information from a wireless connection request packet including the authentication information transmitted from the wireless terminal; and

authentication request transmission means for transmitting the authentication information acquired by the authentication information acquisition means and remote access service (RAS) unique information which is information unique to the wireless base station that has previously been registered in the wireless base station to the authentication server as an authentication request packet,the authentication server comprises;

base station information acquisition means for acquiring the authentication information and RAS unique information of the wireless base station from the authentication request packet transmitted by the authentication request transmission means; and

base station information determination means for comparing the authentication information and RAS unique information acquired by the base station information acquisition means with wireless terminal authentication information in which the authentication information and RAS unique information have previously been registered in association with each other to determine whether or not they coincide with each other, andin the case where the acquired authentication information and RAS unique information and previously registered wireless terminal authentication information coincide with each other, the base station information determination means authenticates the wireless terminal;

wherein the authentication server further comprises RAS unique information determination means and authentication result transmission means,the RAS unique information determination means determining authentication rejection in the case where the authentication information acquired by the base station information acquisition means and previously registered wireless terminal authentication information do not coincide with each other,the RAS unique information determination means determining authentication acceptance in the case where the authentication information acquired by the base station information acquisition means and previously registered wireless terminal authentication information coincide with each other and where corresponding RAS information coincide with each other to update the validity period of the wireless terminal authentication information,the RAS unique information determination means determining authentication acceptance in the case where the authentication information acquired by the base station information acquisition means and previously registered wireless terminal authentication information coincide with each other but corresponding RAS information do not coincide with each other and where the authentication request is within the validity period of the wireless terminal authentication information,the RAS unique information determination means determining authentication rejection in the case where the authentication information acquired by the base station information acquisition means and previously registered wireless terminal authentication information coincide with each other but corresponding RAS information do not coincide with each other and where the authentication request is beyond the validity period of the wireless terminal authentication information,the authentication result transmission means transmitting an authentication acceptance replay packet generated by the authentication server to the wireless base station in the case where authentication acceptance is determined by the RAS unique information determination means, andthe authentication result transmission means transmitting an authentication rejection replay packet generated by the authentication server to the wireless base station in the case where authentication rejection is determined by the RAS unique information determination means, andthe wireless base station further comprises authentication result base station transmission means,the authentication result base station transmission means transmitting a wireless connection acceptance replay packet to the wireless terminal when receiving the authentication acceptance replay packet transmitted by the authentication result transmission means of the authentication server, andthe authentication result base station transmission means transmitting a wireless connection rejection replay packet to the wireless terminal when receiving the authentication rejection replay packet transmitted by the authentication result transmission means of the authentication server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication system for performing authentication of a wireless terminal is a system that issues an authentication request to an authentication server connected to a communication network and includes a wireless base station and an authentication server. The wireless base station includes: an authentication information acquisition means for acquiring authentication information from a wireless connection request packet; and an authentication request transmission means for transmitting the authentication information acquired by the authentication information acquisition means and RAS unique information registered in the wireless base station to the authentication server. The authentication server includes a means for acquiring the transmitted authentication information and RAS unique information and comparing the acquired authentication information and RAS unique information with previously registered wireless terminal authentication information previously registered to determine whether or not they coincide with each other. In the case where the acquired authentication information and RAS unique information and previously registered wireless terminal authentication information coincide with each other, the wireless terminal is authenticated.

19 Citations

8 Claims

1. An authentication system for performing authentication of a wireless terminal that issues an authentication request to an authentication server connected to a communication network through a wireless base station for access to the communication network, whereinthe wireless base station comprises:
- authentication information acquisition means for acquiring authentication information from a wireless connection request packet including the authentication information transmitted from the wireless terminal; and
  
  authentication request transmission means for transmitting the authentication information acquired by the authentication information acquisition means and remote access service (RAS) unique information which is information unique to the wireless base station that has previously been registered in the wireless base station to the authentication server as an authentication request packet,the authentication server comprises;
  
  base station information acquisition means for acquiring the authentication information and RAS unique information of the wireless base station from the authentication request packet transmitted by the authentication request transmission means; and
  
  base station information determination means for comparing the authentication information and RAS unique information acquired by the base station information acquisition means with wireless terminal authentication information in which the authentication information and RAS unique information have previously been registered in association with each other to determine whether or not they coincide with each other, andin the case where the acquired authentication information and RAS unique information and previously registered wireless terminal authentication information coincide with each other, the base station information determination means authenticates the wireless terminal;
  
  wherein the authentication server further comprises RAS unique information determination means and authentication result transmission means,the RAS unique information determination means determining authentication rejection in the case where the authentication information acquired by the base station information acquisition means and previously registered wireless terminal authentication information do not coincide with each other,the RAS unique information determination means determining authentication acceptance in the case where the authentication information acquired by the base station information acquisition means and previously registered wireless terminal authentication information coincide with each other and where corresponding RAS information coincide with each other to update the validity period of the wireless terminal authentication information,the RAS unique information determination means determining authentication acceptance in the case where the authentication information acquired by the base station information acquisition means and previously registered wireless terminal authentication information coincide with each other but corresponding RAS information do not coincide with each other and where the authentication request is within the validity period of the wireless terminal authentication information,the RAS unique information determination means determining authentication rejection in the case where the authentication information acquired by the base station information acquisition means and previously registered wireless terminal authentication information coincide with each other but corresponding RAS information do not coincide with each other and where the authentication request is beyond the validity period of the wireless terminal authentication information,the authentication result transmission means transmitting an authentication acceptance replay packet generated by the authentication server to the wireless base station in the case where authentication acceptance is determined by the RAS unique information determination means, andthe authentication result transmission means transmitting an authentication rejection replay packet generated by the authentication server to the wireless base station in the case where authentication rejection is determined by the RAS unique information determination means, andthe wireless base station further comprises authentication result base station transmission means,the authentication result base station transmission means transmitting a wireless connection acceptance replay packet to the wireless terminal when receiving the authentication acceptance replay packet transmitted by the authentication result transmission means of the authentication server, andthe authentication result base station transmission means transmitting a wireless connection rejection replay packet to the wireless terminal when receiving the authentication rejection replay packet transmitted by the authentication result transmission means of the authentication server.
- View Dependent Claims (2, 3, 4)
- - 2. The authentication system according to claim 1, wherein,in the case where the RAS unique information determination means determines that the RAS unique information coincide with each other and that the authentication request from the wireless base station is beyond the validity period of the wireless terminal authentication information, the authentication server determines expiration of the authentication validity period and generates an authentication validity period expiration replay packet so as to transmit to the wireless base station.
  - 3. The authentication system according to claim 1, wherein,in the case where the RAS unique information determination means determines that the RAS unique information do coincide with each other, the authentication server determines authentication rejection regardless of whether the wireless terminal authentication information is within or beyond the validity period.
  - 4. The authentication system according to claim 1, whereinthe authentication server can change the RAS unique information of the wireless base station which has previously been registered in association with the authentication information of the wireless terminal to which the authentication result base station transmission means of the wireless base station has transmitted the wireless connection acceptance replay packet.

5. An authentication method used in an authentication system for performing authentication of a wireless terminal that issues an authentication request to an authentication server connected to a communication network through a wireless base station for access to the communication network, comprising:
- a first step in which the wireless base station acquires authentication information from a wireless connection request packet including the authentication information transmitted from the wireless terminal;
  
  a second step in which the wireless base stationtransmits the authentication information acquired by the first step and remote access service (RAS) unique information which is information unique to the wireless base station that has previously been registered in the wireless base station to the authentication server as an authentication request packet;
  
  a third step in which the authentication server acquires the authentication information and RAS unique information of the wireless base station from the authentication request packet transmitted by the second step; and
  
  a fourth step in which the authentication server compares the authentication information and RAS unique information acquired by the third step with wireless terminal authentication information in which the authentication information and RAS unique information have previously been registered in association with each other to determine whether or not they coincide with each other, wherein,in the case where the authentication information and RAS unique information acquired by the third step and previously registered wireless terminal authentication information coincide with each other, the fourth step authenticates the wireless terminal;
  
  further comprising a fifth step, a sixth step, and a seventh step,the fifth step determining authentication rejection in the case where the authentication information acquired by the third step and previously registered wireless terminal authentication information do not coincide with each other in the fourth step, the fifth step determining authentication acceptance in the case where the authentication information acquired by the third step and previously registered wireless terminal authentication information coincide with each other and where corresponding RAS information coincide with each other in the fourth step to update the validity period of the wireless terminal authentication information,the fifth step determining authentication acceptance in the case where the authentication information acquired by the third step and previously registered wireless terminal authentication information coincide with each other but corresponding RAS information do not coincide with each other in the fourth step and where the authentication request is within the validity period of the wireless terminal authentication information,the fifth step determining authentication rejection in the case where the authentication information acquired by the third step and previously registered wireless terminal authentication information coincide with each other but corresponding RAS information do not coincide with each other in the fourth step and where the authentication request is beyond the validity period of the wireless terminal authentication information,the sixth step transmitting an authentication acceptance replay packet generated by the authentication server to the wireless base station in the case where authentication acceptance is determined by fifth step, andthe six step transmitting an authentication rejection replay packet generated by the authentication server to the wireless base station in the case where authentication rejection is determined by the fifth step,the seventh step transmitting a wireless connection acceptance replay packet to the wireless terminal when the wireless base station receives the authentication acceptance replay packet transmitted by the sixth step, andthe seventh step transmitting a wireless connection rejection replay packet to the wireless terminal when the wireless base station receives the authentication rejection replay packet transmitted by the sixth step.
- View Dependent Claims (6, 7, 8)
- - 6. The authentication method according to claim 5, whereinin the case where it is determined in the fifth step that the RAS unique information coincide with each other and that the authentication request from the wireless base station is beyond the validity period of the wireless terminal authentication information, the authentication server determines expiration of the authentication validity period and generates an authentication validity period expiration replay packet so as to transmit to the wireless base station.
  - 7. The authentication method according to claim 5, whereinin the case where it is determined in the fifth step that the RAS unique information do coincide with each other, the authentication server determines authentication rejection regardless of whether the wireless terminal authentication information is within or beyond the validity period.
  - 8. The authentication method according to claim 5, whereinthe authentication server can change the RAS unique information of the wireless base station which has previously been registered in association with the authentication information of the wireless terminal to which the authentication result base station transmission means of the wireless base station has transmitted the wireless connection acceptance replay packet in the seventh step.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NEC Platforms, Ltd.
Original Assignee
NEC Infrontia Corporation (NEC Corporation)
Inventors
Takahashi, Masatsugu
Primary Examiner(s)
RAMPURIA, SHARAD K

Application Number

US11/842,707
Publication Number

US 20080051061A1
Time in Patent Office

1,365 Days
Field of Search

455410-411, 4554321-433, 370/328, 370/338, 370/352, 370/401
US Class Current

455/411
CPC Class Codes

G06F 21/88   Detecting or preventing the...

G06F 2221/2129   Authenticate client device ...

G06F 2221/2137   Time limited access, e.g. t...

H04L 63/083   using passwords cryptograph...

H04L 63/101   Access control lists [ACL]

H04W 12/062   Pre-authentication

H04W 88/08   Access point devices

Authentication system and authentication method for performing authentication of wireless terminal

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

8 Claims

Specification

Use Cases

Quick Links

Others

Authentication system and authentication method for performing authentication of wireless terminal

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

8 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others