Method and system for wireless connecting a mobile device to a service provider through a hosting wireless access node
First Claim
1. A method for commissioning a wireless connection with a related authentication to a remote relay node, whereto an electronic mobile device is connected through at least one wireless communication module to a hosting wireless access node for transferring data with respect to a service provider available on the Internet by means of a commissioned relay access node selected by an authentication and commissioning manager, the method comprising:
- initiating an association phase by the mobile device wireless communication module to establish a connection with at least one wireless communication module of the hosting wireless access node, the association phase to be performed at OSI layer 2;
initiating an identification phase by an authentication module of the hosting wireless access node to retrieve from a client authentication module of the mobile device at least its authentication credentials provided by an authentication credentials module, the identification phase to be performed at OSI layer 2;
initiating an access verification phase by the hosting wireless access node authentication module to retrieve from an authentication server of the authentication and commissioning manager the commissioned relay access node to be used;
initiating a commissioned relay access node selection phase by the authentication server to retrieve from a commissioned relay access node selector of the authentication and commissioning manager the commissioned relay access node to be used;
initiating a tunnel creation phase by a tunnel/optimization module of the hosting wireless access node to establish a tunnel with a tunneling/optimization module of the commissioned relay access node;
initiating a transfer of the authentication state phase by the hosting wireless access node authentication module to transfer at least the mobile device authentication credentials to an authentication module of the selected commissioned relay access node, the transfer being encapsulated into the tunnel;
initiating an authentication phase by the commissioned relay access node authentication module to handshake with the mobile device client authentication module the authentication data used to establish a trusted connection between the commissioned relay access node and the mobile device, the authentication phase to be performed at OSI layer 2,the handshaking, using OSI layer 2 data units, being encapsulated into the tunnel between the commissioned relay access node and the hosting wireless access node; and
initiating a keys negotiation phase by the commissioned relay access node authentication module to handshake with the mobile device client authentication module at least one session key to be used for the data encryption from a cryptography module of the mobile device and a cryptography module of the commissioned relay access node, the keys negotiation phase to be performed at OSI layer 2,the handshaking, using OSI layer 2 data units, being encapsulated into the tunnel between the commissioned relay access node and the hosting wireless access node;
performing a data transfer phase to transfer data between the mobile device and the service provider,the data exchanged by the mobile device, contained in OSI layer 2 data units, encrypted by the cryptography module and transmitted on the wireless connection with the hosting wireless access node, being encapsulated into the tunnel between the hosting wireless access node and the commissioned relay access node, andthe data then being extracted from the OSI layer 2 data units, decrypted by the cryptography module and forwarded by the commissioned relay access node to the service provider;
wherein data is thereby exchanged by the service provider with the commissioned relay access node and not directly with the hosting wireless access node.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for commissioning a wireless connection with a related authentication and the eventual encryption to a remote relay node, whereto an electronic mobile device is connected to a hosting wireless access node for transmitting/receiving data to/from a service provider available on the Internet by means of a commissioned relay access node selected by an authentication and commissioning manager. The data transfer between the mobile device and the service provider is encapsulated into the tunnel between the hosting wireless access node and the commissioned relay access node and is finally forwarded by the commissioned relay access node to the service provider. The service provider thereby is exchanging data with the commissioned relay access node and not directly with the hosting wireless access node.
-
Citations
20 Claims
-
1. A method for commissioning a wireless connection with a related authentication to a remote relay node, whereto an electronic mobile device is connected through at least one wireless communication module to a hosting wireless access node for transferring data with respect to a service provider available on the Internet by means of a commissioned relay access node selected by an authentication and commissioning manager, the method comprising:
-
initiating an association phase by the mobile device wireless communication module to establish a connection with at least one wireless communication module of the hosting wireless access node, the association phase to be performed at OSI layer 2; initiating an identification phase by an authentication module of the hosting wireless access node to retrieve from a client authentication module of the mobile device at least its authentication credentials provided by an authentication credentials module, the identification phase to be performed at OSI layer 2; initiating an access verification phase by the hosting wireless access node authentication module to retrieve from an authentication server of the authentication and commissioning manager the commissioned relay access node to be used; initiating a commissioned relay access node selection phase by the authentication server to retrieve from a commissioned relay access node selector of the authentication and commissioning manager the commissioned relay access node to be used; initiating a tunnel creation phase by a tunnel/optimization module of the hosting wireless access node to establish a tunnel with a tunneling/optimization module of the commissioned relay access node; initiating a transfer of the authentication state phase by the hosting wireless access node authentication module to transfer at least the mobile device authentication credentials to an authentication module of the selected commissioned relay access node, the transfer being encapsulated into the tunnel; initiating an authentication phase by the commissioned relay access node authentication module to handshake with the mobile device client authentication module the authentication data used to establish a trusted connection between the commissioned relay access node and the mobile device, the authentication phase to be performed at OSI layer 2, the handshaking, using OSI layer 2 data units, being encapsulated into the tunnel between the commissioned relay access node and the hosting wireless access node; and initiating a keys negotiation phase by the commissioned relay access node authentication module to handshake with the mobile device client authentication module at least one session key to be used for the data encryption from a cryptography module of the mobile device and a cryptography module of the commissioned relay access node, the keys negotiation phase to be performed at OSI layer 2, the handshaking, using OSI layer 2 data units, being encapsulated into the tunnel between the commissioned relay access node and the hosting wireless access node; performing a data transfer phase to transfer data between the mobile device and the service provider, the data exchanged by the mobile device, contained in OSI layer 2 data units, encrypted by the cryptography module and transmitted on the wireless connection with the hosting wireless access node, being encapsulated into the tunnel between the hosting wireless access node and the commissioned relay access node, and the data then being extracted from the OSI layer 2 data units, decrypted by the cryptography module and forwarded by the commissioned relay access node to the service provider; wherein data is thereby exchanged by the service provider with the commissioned relay access node and not directly with the hosting wireless access node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for commissioning a wireless connection with a related authentication to a remote relay node, whereto an electronic mobile device is able to establish a connection with a hosting wireless access node for transferring data with respect to a service provider available on the Internet by means of a commissioned relay access node selected by an authentication and commissioning manager,
the electronic mobile device comprising: -
at least one wireless communication module to establish a connection with the hosting wireless access node; at least one client authentication module providing means to authenticate the mobile device connection, by exchanging OSI layer 2 identification requests and responses with an authentication module of the hosting wireless access node and by exchanging OSI Layer 2 authentication requests and responses with an authentication module of the commissioned relay access node, and providing means to define at least one session key to be used for at least one of an encryption process or a decryption process, by exchanging OSI layer 2 keys negotiation request and responses with an authentication module of the commissioned relay access node; at least one cryptography module providing means to perform at least one encryption or decryption of the data exchanged with the commissioned relay access node; and at least one authentication credentials module providing means to univocally identify the mobile device or its user; the hosting wireless access node comprising; at least one wireless communication module providing means to manage at least one wireless connection; at least one WAN communication module providing means to reach the Internet; at least one authentication module providing means to retrieve at OSI layer 2 from the mobile device client authentication module at least its authentication credentials, means to retrieve from the authentication and commissioning manager the commissioned relay access node to be used, and means to transfer to the commissioned relay node the retrieved mobile device authentication credentials; and at least one tunneling/optimization module providing means to manage and eventually optimize at least one tunnel connection with a commissioned relay access node, means to encapsulate and send into this tunnel the mobile device authentication credentials, means to perform at least one of encapsulation or decapsulation of the OSI Layer 2 authentication requests and responses exchanged between the mobile device and the commissioned relay access node, means to encapsulate the data, contained in OSI layer 2 data units and received on the wireless connection, sent from the mobile device to the service provider, and means to decapsulate and forward to the mobile device the data, included in OSI layer 2 data units received from the commissioned relay access node 4, sent from the service provider; the authentication and commissioning manager comprising; at least one commissioned relay access node selector providing means to statically or dynamically map each mobile device authentication credentials to at least one access node authentication credentials; and at least one authentication server providing means to communicate to the hosting wireless access node authentication module the access node to be used to manage the traffic generated by the mobile device; the commissioned relay access node comprising; at least one WAN communication module providing means to reach the Internet; at least one authentication module providing means to authenticate the connected mobile device in order to obtain a trusted connection, by retrieving the mobile device authentication credentials from the hosting wireless access node authentication module and by exchanging OSI layer 2 authentication requests and responses with the mobile device client authentication module and means to define at least one session key to be used for at least one of an encryption process or a decryption process, by exchanging OSI layer 2 keys negotiation requests and responses with the mobile device client authentication module; and at least one tunneling/optimization module providing means to manage and eventually optimize at least one tunnel connection with a hosting wireless access node, means to decapsulate the mobile device authentication credentials received and make them available to the authentication module, means to perform at least one of encapsulation or decapsulation of the OSI layer 2 authentication requests and responses exchanged with the mobile device, means to encapsulate the data from the service provider, after including it into OSI layer 2 data units, to the mobile device, and means to decapsulate and forward to the service provider the data sent from the mobile device; and the commissioned relay access node comprising; at least one cryptography module providing means to perform at least one of encryption or decryption the data exchanged with the mobile device. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification