Communication system and method for providing a mobile communications service
First Claim
1. A communication system for providing a mobile telecommunication service, comprising:
- a communication network configured to transmit messages based upon an Internet protocol;
a mobile computer;
an access network for the mobile computer in which messages are transferred using a multicast process;
a network connection computer that connects the access network to the communication network;
a plurality of access points in the access network, each access point having at least one respective access point connection computer configured to establish a communication connection with the mobile computer; and
an authentication verification computer for establishing and managing trusted relationships between a plurality of communication elements;
wherein the network connection computer and the access point connection computer are each configured to execute a packet filtering method for security-related protection of the communication system when receiving and transmitting messages;
the packet filtering method executed by the access point connection computers comprising;
determining a source address of a message, andrejecting the message if that message has at least one access point connection rejection characteristic, the at least one access point connection rejection characteristic being at least one of a source address identifying a non-mobile communication element that originates from a wireless link, message information that indicates the message arrives at an upstream interface and originates from a wireless link, and the message is an advertisement message from an access point that arrives at an input-side interface and originates from a wireless link;
the packet filtering method executed by the network connection computer comprising;
determining a source address of a message, andrejecting the message if that message has at least one network connection rejection characteristic, the at least one network connection rejection characteristic being at least one of the source address of the message indicates the message is from a mobile computer, the source address of the message indicates that the message is from the access network, the source address of the message indicates the message is a MOMBASA-internal message, the message conforms to the Internet Group Management Protocol, and the message conforms to the Independent Multicast-Sparse Mode protocol; and
wherein the network connection computer and the authentication verification computer are configured to execute an overload control method by providing a communication protocol for the communication elements in order to prevent a malfunction of the communication elements as a result of an attack.
3 Assignments
0 Petitions
Accused Products
Abstract
The invention relates to a communication system and a method for providing a mobile telecommunication service. A communication network transmits messages on the basis of at least one internet protocol. A network connection computer connects an access network for mobile computers and the communication network. The access network is equipped with several access points comprising corresponding access point connection computers, which are configured to create a communication connection between variable access points and the mobile computers. An authorization verification computer establishes and manages trusted relationships between several communication elements. The network connection computer and the access point connection computer are configured to execute packet filtering during the receipt and transmission of messages for the secure protection of the communication system.
20 Citations
17 Claims
-
1. A communication system for providing a mobile telecommunication service, comprising:
-
a communication network configured to transmit messages based upon an Internet protocol; a mobile computer; an access network for the mobile computer in which messages are transferred using a multicast process; a network connection computer that connects the access network to the communication network; a plurality of access points in the access network, each access point having at least one respective access point connection computer configured to establish a communication connection with the mobile computer; and an authentication verification computer for establishing and managing trusted relationships between a plurality of communication elements; wherein the network connection computer and the access point connection computer are each configured to execute a packet filtering method for security-related protection of the communication system when receiving and transmitting messages; the packet filtering method executed by the access point connection computers comprising; determining a source address of a message, and rejecting the message if that message has at least one access point connection rejection characteristic, the at least one access point connection rejection characteristic being at least one of a source address identifying a non-mobile communication element that originates from a wireless link, message information that indicates the message arrives at an upstream interface and originates from a wireless link, and the message is an advertisement message from an access point that arrives at an input-side interface and originates from a wireless link; the packet filtering method executed by the network connection computer comprising; determining a source address of a message, and rejecting the message if that message has at least one network connection rejection characteristic, the at least one network connection rejection characteristic being at least one of the source address of the message indicates the message is from a mobile computer, the source address of the message indicates that the message is from the access network, the source address of the message indicates the message is a MOMBASA-internal message, the message conforms to the Internet Group Management Protocol, and the message conforms to the Independent Multicast-Sparse Mode protocol; and wherein the network connection computer and the authentication verification computer are configured to execute an overload control method by providing a communication protocol for the communication elements in order to prevent a malfunction of the communication elements as a result of an attack. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for providing a mobile telecommunication service via a communication network configured to transmit messages based upon an Internet protocol, comprising:
-
transmitting a message via a multicast process within an access network for mobile computers; connecting a plurality of access points in the access network to the communication network via a network connection computer, each access point having or being connected to an access point connection computer; establishing a communication connection between the access network and a mobile computer to communicate with the access points; establishing and managing trusted relationships between a plurality of communication elements of the communication network via the authentication verification computer; executing at least one packet filtering method for security protection of the communication network at boundaries of the access network when receiving and transmitting messages via at least one of the network connection computer and at least one of the access point connection computers; the at least one packet filtering method comprising at least one of a packet filtering method executed by the network connection computer and a packet filtering method executed by at least one of the access point connection computers; the packet filtering method executed by the network connection computer comprising; determining a source address of a message, and rejecting the message if that message has at least one network connection rejection characteristic, the at least one network connection rejection characteristic being at least one of the source address of the message indicates that the message is from a mobile computer, the source address of the message indicates the message is from the access network, the source address of the message indicates the message is a MOMBASA-internal message, the message conforms to the Internet Group Management Protocol, and the message conforms to the Independent Multicast-Sparse Mode protocol; and the packet filtering method executed by at least one of the access point connection computers comprising; determining a source address of a message, and rejecting the message if that message has at least one access point connection rejection characteristic, the at least one access point connection rejection characteristic being at least one of the source address identifying a non-mobile communication element that originates from a wireless link, message information that indicates the message arrives at an upstream interface and originates from a wireless link, and the message is an advertisement message from an access point that arrives at an input-side interface and originates from a wireless link; and executing an overload control via the network connection computer and the authentication verification computer via a communication protocol for communication elements of the communication network in order to prevent malfunction of one of the communication elements as a result of an attack. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
-
Specification