Method for establishment of a service tunnel in a WLAN
First Claim
1. A method for establishment of a service tunnel in a Wireless Local Area Network (WLAN), comprising:
- (A) a service authentication authorization unit making authentication and authorization to a WLAN user terminal which requests a service and then judging whether the authentication and authorization is successful, and if successful, generating service authorization information including a shared communication key used for communication between the WLAN user terminal and a destination Packet Data Gateway (PDG), and otherwise, ending the current procedure of tunnel establishment;
(B) the service authentication authorization unit sending to the PDG the service authorization information that includes the shared communication key; and
,(C) the PDG, based on the shared communication key in the service authorization information, establishing a trust relation with the WLAN user terminal through negotiation, and if establishment of the trust relation is successful, the destination PDG allocating tunnel resources for the WLAN user terminal, negotiating parameters and completing the establishment of the tunnel, and otherwise, ending the current tunnel establishment procedure.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed herein is a method for the establishment of a service tunnel in a wireless local area network (WLAN). The method includes a service authentication authorization unit making authentication and authorization to a WLAN user terminal currently requesting a service, and judging whether the authentication and authorization is successful. If successful, the method includes generating service authorization information that includes a shared communication key used for communication between the WLAN user terminal and a destination packet data gateway (PDG), and otherwise ending the procedure. The method further includes the service authentication authorization unit sending to the destination PDG the generated service authorization information including the shared communication key, and the destination PDG, according to the shared communication key, establishing a trust relation with the WLAN user terminal through negotiation with the WLAN user terminal. If the establishment of the trust relation is successful, the destination PDG allocates tunnel resources for the WLAN user terminal, negotiates parameters and then establishes a tunnel with the WLAN user terminal, and otherwise, ends the procedure. As a result, a secured service data tunnel may be established between the user terminal and the PDG.
-
Citations
22 Claims
-
1. A method for establishment of a service tunnel in a Wireless Local Area Network (WLAN), comprising:
-
(A) a service authentication authorization unit making authentication and authorization to a WLAN user terminal which requests a service and then judging whether the authentication and authorization is successful, and if successful, generating service authorization information including a shared communication key used for communication between the WLAN user terminal and a destination Packet Data Gateway (PDG), and otherwise, ending the current procedure of tunnel establishment; (B) the service authentication authorization unit sending to the PDG the service authorization information that includes the shared communication key; and
,(C) the PDG, based on the shared communication key in the service authorization information, establishing a trust relation with the WLAN user terminal through negotiation, and if establishment of the trust relation is successful, the destination PDG allocating tunnel resources for the WLAN user terminal, negotiating parameters and completing the establishment of the tunnel, and otherwise, ending the current tunnel establishment procedure. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A service authentication authorization unit for establishment of service tunnel in Wireless Local Area Network (WLAN), comprising:
-
an authentication and authorization sub-unit, configured to make authentication and authorization for a WLAN user terminal which requests a service; a judging sub-unit, configured to judge whether the authentication and authorization is successful; a generating sub-unit, configured to generate service authorization information, the service authorization information including a shared communication key used for communication between the WLAN user terminal currently requesting a service and a destination Packet Data Gateway (PDG), if the judging sub-unit determines that the authentication and authorization is successful; and a sending sub-unit, configured to send to the destination PDG the service authorization information including the shared communication key.
-
-
22. A system for establishment of service tunnel in Wireless Local Area Network (WLAN), comprising:
-
a WLAN user terminal, configured to request a service; an service authentication authorization unit, configured to make authentication and authorization for the WLAN user terminal, judge whether the authentication and authorization is successful;
if the authentication and authorization is successful, generate service authorization information including a shared communication key used for communication between the WLAN user terminal currently requesting a service and a destination Packet Data Gateway (PDG), and configured to send to the PDG the service authorization information that includes the shared communication key;
if the authentication and authorization is failed, configured to end the current procedure of tunnel establishment;the destination PDG, configured to establish a trust relation with the WLAN user terminal through negotiation based on the shared communication key in the received service authorization information, and if the establishment of the trust relation is successful, the destination PDG further configured to allocate tunnel resources for the WLAN user terminal currently requesting the service, negotiate parameters and complete the establishment of the tunnel;
otherwise, the destination PDG configured to end the current procedure of tunnel establishment.
-
Specification