Method for the access of the mobile terminal to the WLAN and for the data communication via the wireless link securely

US 8,726,022 B2
Filed: 08/05/2003
Issued: 05/13/2014
Est. Priority Date: 11/06/2002
Status: Active Grant

First Claim

Patent Images

1. A method for the secure access of a mobile terminal to a Wireless Local Area Network (WLAN) and for secure data communication via wireless link, wherein when a Mobile Terminal (MT) logs on a wireless Access Point (AP), the Mobile Terminal (MT) and the Access Point (AP) execute a two-way certificate authentication wherein a Mobile Terminal (MT) certificate and an Access Point (AP) certificate are transmitted to an Authentication Server (AS) through the Access Point (AP) and are authenticated through the Authentication Server (AS), then the authentication result of the Mobile Terminal (MT) certificate and the Access Point (AP) certificate are returned from the Authentication Server (AS) to the Access Point (AP) and the Mobile Terminal (MT) so that the Access Point (AP) obtains the authentication result of the Mobile Terminal (MT) and the Mobile Terminal (MT) obtains the authentication result of the Access Point (AP);

and the Mobile Terminal (MT) and the Access Point (AP) perform negotiation of secret key for conversation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link, which, combining the common key encryption technology and the symmetry encryption technology, has resolved the failure in WLAN to provide effective control on secure MT access, and overcome the limitation on the confidentiality of the data communication via wireless link. When MT logs on AP, both parts must perform the certificate authentication through AS. Only the MT holding the legitimate certificate can access to AP holing the legitimate certificate; MT and AP perform the negotiation of common key for conversation, complete the dynamic revision of the secret key in each authentication, each secret key and in the process of conversation to achieve confidential data communication. Anyway, the method has not only achieved control on the access of MT, but also ensured the security of MT access and high confidentiality of communication.

Citations

22 Claims

1. A method for the secure access of a mobile terminal to a Wireless Local Area Network (WLAN) and for secure data communication via wireless link, wherein when a Mobile Terminal (MT) logs on a wireless Access Point (AP), the Mobile Terminal (MT) and the Access Point (AP) execute a two-way certificate authentication wherein a Mobile Terminal (MT) certificate and an Access Point (AP) certificate are transmitted to an Authentication Server (AS) through the Access Point (AP) and are authenticated through the Authentication Server (AS), then the authentication result of the Mobile Terminal (MT) certificate and the Access Point (AP) certificate are returned from the Authentication Server (AS) to the Access Point (AP) and the Mobile Terminal (MT) so that the Access Point (AP) obtains the authentication result of the Mobile Terminal (MT) and the Mobile Terminal (MT) obtains the authentication result of the Access Point (AP);
- and the Mobile Terminal (MT) and the Access Point (AP) perform negotiation of secret key for conversation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link according to claim 1, wherein:
    - when MT logs on AP, MT and AP performs said two-way certificate authentication through AS;
      
      after said two-way certificate authentication is successfully performed, MT and AP perform said negotiation of the secret key for conversation.
  - 3. Said method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link according to claim 1, wherein:
    - when MT logs on AP, MT and AP inform one another of their respective certificate, and then they perform negotiation of secret key for conversation;
      
      after said negotiation of secret key for conversation is completed, MT and AT performs the two-way certificate authentication through AS, and meanwhile judge whether the certificate used by the other part is the same as the one informed by it such that if it is not the same, the authentication fails;
      
      if it is the same, the result of the authentication depends on the result of said two-way certificate identification.
  - 4. The method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link according to claim 1, wherein:
    - said two-way certificate authentication comprising the steps;
      
      1) when MT logs on AP, MT sends to AP the access authentication request message containing the MT certificate;
      
      2) after AP receives said access authentication request message, it adds the AP certificate to the message, then sends to AS the certificate authentication request message containing said MT certificate and AP certificate;
      
      3) after AS receives said certificate authentication request message, AS authenticates the AP certificate and MT certificate in said message, and then sends back to AP the certificate authentication response message containing the AS signature;
      
      4) after AP receives said certificate authentication response message, AP authenticates the AS signature, so as to obtain the result of authentication of the MT certificate, and then sends back to MT the certificate authentication response message comprising information in the access authentication response message; and
      
      5) after MT receives said access authentication response message, MT authenticates the AS signature and obtains the result of authentication of the AP certificate, so as to complete said two-way certificate identification between MT and AP.
  - 5. The method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link according to claim 1, wherein:
    - 1) when MT logs on AP, MT sends to AP the access authentication request message containing the MT certificate for said two-way certificate authentication;
      
      2) after AP receives said access authentication request message, it adds the AP certificate to the message, then sends to AS the certificate authentication request message containing said MT certificate and AP certificate for said two-way certificate authentication, and meanwhile begins with MT negotiation of the secret key for conversation;
      
      3) after AS receives said certificate authentication request message, AS authenticates the AP certificate and MT certificate in said message, and then sends back to AP the certificate authentication response message containing AS signature for said two-way certificate authentication;
      
      4) after AP receives said certificate authentication response message, AP authenticates the AS signature, so as to obtain the result of authentication of the MT certificate, and then sends back to MT the certificate authentication response message as the access authentication response message for said two-way certificate authentication; and
      
      5) after MT receives said access authentication response message, MT authenticates the AS signature and obtains the result of authentication of the AP certificate, so as to complete the process of said two-way certificate identification between MT and AP, and then MT performs the corresponding processing to complete said negotiation of secret key for conversation.
  - 6. The method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link according to claim 1, wherein:
    - 1) when MT logs on AP, MT sends AP the access authentication request message containing the MT certificate for said two-way certificate authentication;
      
      2) after AP receives said access authentication request message, it adds the AP certificate to the message, then sends to AS the certificate authentication request message containing said MT certificate and AP certificate for said two-way certificate authentication;
      
      3) after AS receives said certificate authentication request message, AS authenticates the AP certificate and MT certificate in said message, and then sends back to AP the certificate authentication response message containing AS signature for said two-way certificate authentication;
      
      4) after AP receives said certificate authentication response message, AP authenticates the AS signature, so as to obtain the result of authentication of the MT certificate, AP judges the result of authentication. If the authentication is not successful, AP sends back to MT said certificate authentication response message as the access authentication response message for said two-way certificate authentication;
      
      If the authentication is successful, AP begins to consult with MT the secret key for to conversation while it sends back to MT said access authentication response message; and
      
      5) after MT receives said certificate authentication response message, MT authenticates the AS signature and obtains the result of authentication of the AP certificate, so as to complete said two-way certificate identification between MT and AP, and then MT performs the corresponding processing to complete said process of negotiation of secret key for conversation.
  - 7. The method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link according to claim 1, wherein:
    - 1) when MT logs on AP, each part informs the other of its own certificate, then they complete said negotiation of secret key for conversation, and, meanwhile, MT also completes informing AP of the access authentication request identification;
      
      2) AP sends to AS the certificate authentication request message containing the MT certificate and AP certificate for said two-way certificate Authentication;
      
      3) after AS receives said certificate authentication request message, AS authenticates the AP certificate and MT certificate in said message, and then sends back to AP the certificate authentication response message containing AS signature for said two-way certificate authentication;
      
      4) after AP receives said certificate authentication response message, AP authenticates the AS signature, so as to obtain the result of authentication of the MT certificate, and then sends back to MT said certificate authentication response message as the access authentication response message for said two-way certificate authentication; and
      
      5) after MT receives said access authentication response message, MT authenticates the AS signature, and then judges whether the AP certificate is the same as the one AP informed of before negotiation of secret key for conversation such that if it is not the same, the authentication fails;
      
      if it is the same, MT obtains the result of the authentication of the AP certificate from the message, so as to complete said two-way certificate authentication process between MT and AP.
  - 8. The method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link according to claim 1 wherein:
    - said access authentication request message also comprising the access authentication request identification.
  - 9. The method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link according to claim 1, wherein:
    - said certificate authentication request message also comprising the access authentication request identification, or also comprising the access authentication request identification and AP signature.
  - 10. The method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link according to claim 1, wherein:
    - said certificate authentication response message also comprising, before the signature filed of AS, the information of the result of the MT certificate authentication and those of the AP certificate authentication.
  - 11. The method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link according to claim 1, wherein:
    - said access authentication response message is identical with said certificate authentication response message.
  - 12. The method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link according to claim 1 wherein:
    - said access authentication request identification is a string of random data or authentication serial number.
  - 13. The method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link according to claim 1, wherein:
    - said information of MT certificate authentication result comprising the MT certificate, and the MT certificate authentication result and the AS signature, or comprises the MT certificate and the MT certificate authentication result.
  - 14. The method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link according to claim 1, wherein:
    - said information of the AP certificate authentication result comprises the AP certificate, the AP certificate authentication result, the access authentication request identification and the AS signature, or comprises the AP certificate, the AP certificate authentication result and the access authentication request identification.
  - 15. The method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link according to claim 1, wherein;
    - when MT intends to access to the designated AP, the MT must first of all obtain the relevant information of the AP or the certificate of the AP.
  - 16. The method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link according to claim 1, wherein:
    - said negotiation of secret key for conversation refers to MT or AP using AP'"'"'s or MT'"'"'s common key and their respective own private key to generate the secret key for conversation.
  - 17. The method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link according to claim 1, wherein:
    - said negotiation of secret key for conversation comprising;
      
      1) MT secretly chooses an integer a, from which to calculate the integer f(a), combines the integer f(a) and the MT signature on it into the secret key negotiation request message, and transmits it to AP;
      
      said f is a function rendering integer a from the integer f(a) incalculable;
      
      2) after it receives said secret key negotiation request message, AP secretly chooses an integer b, from which to calculate the integer f(b), combines the integer f(b) and the AP signature on it into the secret key negotiation response message, and transmits it to MT;
      
      said f is a function rendering integer b from the integer f(b) incalculable; and
      
      3) AP calculates g(b, f(a)), and MT calculates g(a, f(b)) after it receives said secret key negotiation response message, as the secret key for conversation in the process of communication;
      
      said g is a function rendering the calculation of g(a, f(b))=g(b, f(a)) possible.
  - 18. The method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link according to claim 1, wherein:
    - said negotiation of secret key for conversation comprising;
      
      1) AP secretly chooses an integer b, from which to calculate integer f(b), combines the integer f(b) and the AP signature on it into the secret key negotiation request message, and transmits it to MT;
      
      said f is a function rendering integer a from the integer f(b) incalculable;
      
      2) after it receives said secret key negotiation request message, MT secretly chooses an integer a, from which to lo calculate the integer f(a), forms the integer f(a) and the MT signature on it into the secret key negotiation response message, and transmits it to AP;
      
      said f is a function rendering integer a from the integer f(a) incalculable; and
      
      3) MT calculates g(a, f(a)), and AP calculates g(a, f(b)) after it receives said secret key response message, as the secret key for conversation in the process of communication;
      
      said g is a function rendering the calculation of g(a, f(b))=g(b, f(a)) possible.
  - 19. The method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link according to claim 1, wherein:
    - said negotiation of secret key for conversation comprising;
      
      1) MT or AP generates a string of random data, and sends them to AP or MT as the secret key negotiation request message after encryption using the common key of AP or MT;
      
      2) After it receives said secret key negotiation request message from MT or AP, AP or MT uses its own private key for decryption, obtains the random data generated by the other part;
      
      then AP or MP generates again a string of random data; and
      
      sends them to MT or AP as the secret key negotiation response message after encryption using the common key of MT or AP; and
      
      3) After it receives said secret key negotiation response message from AP or MT, MT or AP, uses its own private key for decryption, obtains the random data generated by the other part;
      
      both MT and AP utilizes the random data generated by the other part and itself to generate the secret key for conversation.
  - 20. The method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link according to claim 1, wherein:
    - said negotiation of secret key for conversation comprising;
      
      1) MT or AP generates a string of random data, and, after it utilizes the common key of AP or MT for encryption, attaches its own signature as the secret key negotiation request message, and transmits it to AP or MT; and
      
      2) after AP or MT receives said secret key negotiation request message from MT or AP, it utilizes the common key of MT or AP to authenticate the signature, and then utilizes its own private key to decrypt the encrypted message received;
      
      both MT and AP uses the random data as the secret key for conversation.
  - 21. The method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link according to claim 1, wherein:
    - said negotiation of secret key for conversation also comprising negotiation of the communication algorithm used in the process of communication.

22. A method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link, wherein when a Mobile Terminal (MT) logs on a wireless Access Point (AP), the Mobile Terminal (MT) and the Access Point (AP) execute a two-way certificate authentication wherein a Mobile Terminal (MT) certificate and an Access Point (AP) certificate are transmitted to an Authentication Server (AS) through the Access Point (AP) and are authenticated through the Authentication Server (AS), then the authentication results of the Mobile Terminal (MT) certificate and the Access Point (AP) certificate are returned from the Authentication Server (AS) to the Access Point (AP) and the Mobile Terminal (MT) so that the Access Point (AP) obtains the authentication result of the Mobile Terminal (MT) and the Mobile Terminal (MT) obtains the authentication result of the Access Point (AP).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
China Iwncomm Co., Ltd
Original Assignee
China Iwncomm Co., Ltd
Inventors
Tie, Manxia, Zhang, Bianling, Tang, Houjian, Zhang, Ning, Ye, Xumao
Primary Examiner(s)
Zecher, Cordelia
Assistant Examiner(s)
AVERY, JEREMIAH L

Application Number

US10/534,067
Publication Number

US 20060143458A1
Time in Patent Office

3,934 Days
Field of Search

None
US Class Current

713/169
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/0869   for achieving mutual authen...

H04L 63/10   for controlling access to d...

H04W 12/041   Key generation or derivation

H04W 12/069   using certificates or pre-s...

H04W 8/00   Network data management

H04W 80/04   Network layer protocols, e....

H04W 84/12   WLAN [Wireless Local Area N...

Method for the access of the mobile terminal to the WLAN and for the data communication via the wireless link securely

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method for the access of the mobile terminal to the WLAN and for the data communication via the wireless link securely

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links