Method and system for providing access via a first network to a service of a second network

US 8,233,934 B2
Filed: 10/01/2002
Issued: 07/31/2012
Est. Priority Date: 10/01/2002
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

transmitting an authentication message to signal service selection information via a first network to an authentication server of a second network, the service selection information indicating an access point, wherein the first and second networks are distinct, wherein the authentication message signals the service selection information via the first network to an authentication server of the second network; and

using the service selection information to connect to at least one service provided over the access point indicated by the service selection information,selecting, using the service selection information, a gateway in the second network to connect to the first network;

wherein the service selection information comprises at least one of an access point name parameter, a username, and a password, andwherein the at least one access point name parameter is encrypted in the authentication message so that the access point name parameter can be decrypted or read by an access server, and the user name and the password can only be decrypted at a network defined by the access point name parameter.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a method and system for providing access from a first network (30) to a service of a second network, wherein an authentication signaling is used to transfer a service selection information to the second network (70). Based on the service selection information, a connection can be established to access the desired service. Thereby, cellular packet-switched services can be accessed over networks which do not provide a context activation procedure or corresponding control plane signaling function.

Citations

42 Claims

1. A method, comprising:
- transmitting an authentication message to signal service selection information via a first network to an authentication server of a second network, the service selection information indicating an access point, wherein the first and second networks are distinct, wherein the authentication message signals the service selection information via the first network to an authentication server of the second network; and
  
  using the service selection information to connect to at least one service provided over the access point indicated by the service selection information,selecting, using the service selection information, a gateway in the second network to connect to the first network;
  
  wherein the service selection information comprises at least one of an access point name parameter, a username, and a password, andwherein the at least one access point name parameter is encrypted in the authentication message so that the access point name parameter can be decrypted or read by an access server, and the user name and the password can only be decrypted at a network defined by the access point name parameter.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 41)
- - 2. A method according to claim 1, wherein the first network comprises a wireless local area network, wherein the second network comprises a cellular packet-switched network different from the first network, and the authentication message comprises an extensible authentication protocol message.
  - 3. A method according to claim 1, wherein the second network is a cellular packet-switched network.
  - 4. A method according to claim 3, wherein the cellular packet-switched network is a general packet radio service network.
  - 5. A method according to claim 1, wherein the authentication message is an extensible authentication protocol message.
  - 6. A method according to claim 5, wherein the extensible authentication protocol message is an extensible authentication protocol subscriber identity module or extensible authentication protocol authentication and key agreement message.
  - 7. A method according to claim 5, wherein the authentication message is an extensible authentication protocol challenge response message.
  - 41. A method according to claim 5, wherein the authentication message is an extensible authentication protocol challenge response message.

8. An apparatus, comprising:
- a processor configured to connect first and second distinct networks and extract from a received authentication message a service selection information to select a service, wherein the authentication message signals the service selection information via the first network to an authentication server of the second network,wherein the processor is configured to use the service selection information to establish a connection to services provided over an access point indicated by the service selection information,wherein the service selection information comprises at least one of an access point name parameter, a username, and a password,wherein the processor is configured to select a gateway in the second network to connect to the first network; and
  
  wherein the at least one access point name parameter is encrypted in the authentication message so that the access point name parameter can be decrypted or read by an access server, and the user name and the password can only be decrypted at a network defined by the access point name parameter.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus according to claim 8, wherein the received authentication message is based on an extensible authentication protocol.
  - 10. The apparatus according to claim 9, wherein the received authentication message is an extensible authentication protocol challenge response message.
  - 11. The apparatus according to claim 8, wherein the processor is a standalone wireless local area network authentication server.
  - 12. The apparatus according to claim 8, wherein the processor is a gateway general packet radio service support node.
  - 13. The apparatus according to claim 8, wherein the at least one access point name parameter is decrypted in the processor.
  - 14. The apparatus according to claim 8, wherein the at least one access point name parameter is forwarded by the processor to the access point in an encrypted manner.

15. An apparatus, comprising:
- a processor configured to connect first and second distinct networks and to transmit, in an authentication message, a service selection information regarding selection of a network service, wherein the authentication message signals the service selection information via the first network to an authentication server of the second network,wherein the service selection information comprises at least one of an access point name parameter, a username, and a password, andwherein the at least one access point name parameter is encrypted in the authentication message so that the access point name parameter can be decrypted or read by an access server, and the user name and the password can only be decrypted at a network defined by the access point name parameter,wherein the service selection information is configured to select a gateway in the second network to connect to the first network.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The apparatus according to claim 15, wherein the authentication message is an extensible authentication protocol message.
  - 17. The apparatus according to claim 16, wherein the extensible authentication protocol message is an extensible authentication protocol challenge response message.
  - 18. The apparatus according to claim 17, wherein the extensible authentication protocol challenge response message is an extensible authentication protocol subscriber identity module or extensible authentication protocol authentication and key agreement challenge response message.
  - 19. The apparatus according to claim 15, wherein the service is a general packet radio service.

20. A system, comprising:
- a terminal device connected to a first network configured to provide access to a network service, the terminal device configured to set, in an authentication message, a service selection information regarding selection of the network service, wherein the authentication message signals the service selection information via the first network to an authentication server of a second network; and
  
  an authentication server device connected to the second network, the authentication server device configured to provide an authentication mechanism, the authentication server device configured to extract from a received authentication message the service selection information to select the service, and to use the service selection information to establish a connection to services provided over an access point indicated by the service selection information, wherein the authentication server is configured to select a gateway in the second network to connect to the first network,wherein the service selection information comprises at least one of an access point name parameter, a username, and a password,wherein the first and second networks are distinct, andwherein the at least one access point name parameter is encrypted in the authentication message so that the access point name parameter can be decrypted or read by an access server, and the user name and the password can only be decrypted at a network defined by the access point name parameter.

21. A method, comprising:
- extracting, by a processor coupled to a second network, from a received authentication message received via a first network a service selection information to select a service;
  
  selecting, using the processor coupled to the second network, a gateway in the second network to connect to the first network, wherein the authentication message signals the service selection information via the first network to an authentication server of the second network; and
  
  using, by the processor coupled to the second network, the service selection information to establish a connection to services provided over an access point indicated by the service selection information,wherein the service selection information comprises at least one of an access point name parameter, a username, and a password,wherein the first and second networks are distinct, andwherein the at least one access point name parameter is encrypted in the authentication message so that the access point name parameter can be decrypted or read by an access server, and the user name and the password can only be decrypted at a network defined by the access point name parameter.
- View Dependent Claims (26, 27, 28, 29)
- - 26. The method according to claim 21, wherein the received authentication message is based on an extensible authentication protocol.
  - 27. The method according to claim 26, wherein the received authentication message is an extensible authentication protocol challenge response message.
  - 28. The method according to claim 21, further comprising:
    - decrypting the at least one access point name parameter.
  - 29. The method according to claim 21, further comprising:
    - forwarding the at least one access point name parameter to the access point in an encrypted manner.

22. A method, comprising:
- setting in an authentication message sent via a first network to a second network a service selection information regarding selection of a network service at a terminal device, wherein the authentication message signals the service selection information via the first network to an authentication server of the second network;
  
  selecting a gateway in the second network to connect to the first network;
  
  wherein the service selection information comprises at least one access point name parameter, a username, and a password,wherein the first and second networks are distinct, andwherein the at least one access point name parameter is encrypted in the authentication message so that the access point name parameter can be decrypted or read by an access server, and the user name and the password can only be decrypted at a network defined by the access point name parameter.
- View Dependent Claims (30, 31, 32, 33)
- - 30. The method according to claim 22, wherein the authentication message is an extensible authentication protocol message.
  - 31. The method according to claim 30, wherein the extensible authentication protocol message is an extensible authentication protocol challenge response message.
  - 32. The method according to claim 31, wherein the extensible authentication protocol challenge response message is an extensible authentication protocol subscriber identity module or extensible authentication protocol authentication and key agreement challenge response message.
  - 33. The method according to claim 22, wherein the service is a general packet radio service.

23. A non-transitory computer-readable storage medium encoded with instructions configured to control a processor to perform a process, the process comprising:
- transmitting an authentication message to signal a service selection information via a first network to a second network, wherein the first and second networks are distinct;
  
  using the service selection information to select a gateway in the second network to connect to the first network, wherein the authentication message signals the service selection information via the first network to an authentication server of the second network; and
  
  using the service selection information to connect to services provided over an access point indicated by the service selection information,wherein the service selection information comprises at least one access point name parameter, a username, and a password, andwherein the at least one access point name parameter is encrypted in the authentication message so that the access point name parameter can be decrypted or read by an access server, and the user name and the password can only be decrypted at a network defined by the access point name parameter.

24. A non-transitory computer-readable storage medium encoded with instructions configured to control a processor to perform a process, the process comprising:
- extracting, using a processor connected to a second network, from a received authentication message from a first network, a service selection information to select a service, wherein the authentication message signals the service selection information via the first network to an authentication server of the second network;
  
  selecting a gateway in the second network to connect to the first network, wherein the first and second networks are distinct;
  
  using the service selection information to establish a connection to services provided over an access point indicated by the service selection information,wherein the service selection information comprises at least one access point name parameter, a username, and a password, andwherein the at least one access point name parameter is encrypted in said authentication message so that the access point name parameter can be decrypted or read by an access server, and the user name and the password can only be decrypted at a network defined by the access point name parameter.

25. A non-transitory computer-readable storage medium encoded with instructions configured to control a processor to perform a process, the process comprising:
- setting in an authentication message a service selection information regarding selection of a network service,sending the authentication message from via a first network to an authentication server coupled to a second network, wherein the first and second networks are distinct, and wherein the authentication message signals the service selection information via the first network to an authentication server of the second network to enable selection of a gateway in the second network to connect to the first network;
  
  wherein the service selection information comprises at least one access point name parameter, a username, and a password, andwherein the at least one access point name parameter is encrypted in the authentication message so that the access point name parameter can be decrypted or read by an access server, and the user name and the password can only be decrypted at a network defined by the access point name parameter. access server, and the user name and the password can only be decrypted at a network defined by the access point name.

34. An apparatus, comprising:
- extracting means connected to a second network for extracting from a received authentication message from a first network, a service selection information to select a service, wherein the authentication message signals the service selection information via the first network to an authentication server of the second network; and
  
  controlling means for using the service selection information to establish a connection to services provided over an access point indicated by the service selection information, and for selecting a gateway in the second network to connect to the first network, wherein the first and second networks are distinct,wherein the service selection information comprises at least one access point name parameter, a username, and a password, andwherein the at least one access point name parameter is encrypted in the authentication message so that the access point name parameter can be decrypted or read by an access server, and the user name and the password can only be decrypted at a network defined by the access point name parameter.

35. An apparatus, comprising:
- a processor configured to set in an authentication message a service selection information regarding selection of a network service and configured to send the authentication message through a first network to a second network, wherein the first and second networks are distinct, wherein the authentication message is used by the second network to select a gateway in the second network to connect to the first network,wherein the service selection information comprises at least one of an access point name parameter, a username, and a password, andwherein the at least one access point name parameter is encrypted in the authentication message so that the access point name parameter can be decrypted or read by an access server, and the user name and the password can only be decrypted at a network defined by the access point name parameter.

36. A method comprising:
- setting in an authentication message a service selection information regarding selection of a network service; and
  
  sending the authentication message through a first network to a second network, wherein the first and second networks are distinct, wherein the authentication message is used by the second network to select a gateway in the second network to connect to the first network,wherein the service selection information comprises at least one of an access point name parameter, a username, and a password, andwherein the at least one access point name parameter is encrypted in the authentication message so that the access point name parameter can be decrypted or read by an access server, and the user name and the password can only be decrypted at a network defined by the access point name parameter.
- View Dependent Claims (37, 38, 39, 40)
- - 37. method according to claim 36, wherein the first network comprises a wireless local area network, wherein the second network comprises a cellular packet-switched network different from the first network, and the authentication message comprises an extensible authentication protocol message.
  - 38. A method according to claim 36, wherein the second network is a cellular packet-switched network.
  - 39. A method according to claim 36, wherein the authentication message is an extensible authentication protocol message.
  - 40. A method according to claim 39, wherein the extensible authentication protocol message is an extensible authentication protocol subscriber identity module or extensible authentication protocol authentication and key agreement message.

42. A non-transitory computer-readable storage medium encoded with instructions configured to control a processor to perform a process, the process comprising:
- setting in an authentication message a service selection information regarding selection of a network service; and
  
  sending the authentication message through a first network to a second network, wherein the first and second networks are distinct, wherein the authentication message is used by the second network to select a gateway in the second network to connect to the first network,wherein the service selection information comprises at least one of an access point name parameter, a username, and a password, andwherein the at least one access point name parameter is encrypted in the authentication message so that the access point name parameter can be decrypted or read by an access server, and the user name and the password can only be decrypted at a network defined by the access point name parameter.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Ahmavaara, Kalle, Haverinen, Henry
Primary Examiner(s)
BALAOING, ARIEL A

Application Number

US10/529,346
Publication Number

US 20050272465A1
Time in Patent Office

3,591 Days
Field of Search

370/338, 370/331, 370/341, 455/432.1, 455/432.3, 455/435.2, 455/552.1, 380/270, 380/272
US Class Current

455/552.1
CPC Class Codes

H04L 63/162   at the data link layer

H04L 63/18   using different networks or...

H04L 67/51   Discovery or management the...

H04L 67/563   Data redirection of data ne...

H04M 2207/20   hybrid systems

H04M 7/121   Details of network access a...

H04W 12/069   using certificates or pre-s...

H04W 8/265   for initial activation of n...

H04W 84/12   WLAN [Wireless Local Area N...

H04W 92/02   Inter-networking arrangements

Method and system for providing access via a first network to a service of a second network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for providing access via a first network to a service of a second network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links