TW200307428A - Access to PLMN networks for non-PLMN devices, and to issues arising in interfaces in general between PLMN and non-PLMN networks - Google Patents

Abstract

Interface device for interfacing between a PLMN network and a non-PLMN network, the PLMN network being configured to recognize cellular base stations as nodes thereof through which to mediate connections to cellular mobile devices, the non-PLMN networks each comprising a plurality of access points for mediating connections to network compatible mobile devices, and for which the network compatible mobile devices are not required to be cellular devices. The interface device is configured as a node of the PLMN network to appear to the PLMN network as a standard cellular base station, and comprises functionality to make non-cellular devices connecting to the non-PLMN network and attempting to access the PLMN network through the non-PLMN network appear as cellular devices to the PLMN network.

Description

200307428 发明, description of the invention (the description of the invention should state: the technical field to which the invention belongs, the prior art, the content, the embodiments, and the drawings)

[Technical field to which the invention belongs J. Field of the invention The present invention relates to a technology for providing a non-PLMN device with access to a PLmn network 5 and providing an interface between the PLMN network and a non-PLMN network. L Prior Art 3 Background of the Invention Due to the rapid growth of high-speed data access requirements. In the late 1990s, 28 Kbps was already very fast for web services. However, even 56 Kbps is now considered very slow for 10 network services, and 384 Kbps is considered as the average speed. With these higher transmission speeds, downloading complex web pages and "rich media" like continuous images is now practically feasible. Wireless vendors are now working hard to use wired experience to provide their customers. Today, mobile phone providers provide their mobile phone customers with only limited information instead of "multimedia, services. The typical data rate used in wireless communications today is 96 Kbps. GPRS will soon improve To 50 to 80 Kbps (theoretically can reach ⑴ Kbps), but it is still slow compared to the wired 384 Kbps. 2 ^ After solving the issue of the solver, mobile phone operators actively obtain additional authorized frequencies Broad and aggressive requirements require the engineering community to use existing and expected wireless quotas to find more efficient methods. But these actions take years and will cost considerable money. Unauthorized wireless networks have become very popular and available After obtaining 6 200307428, invention description high-speed wireless access. Unauthorized wireless network operation in the ISM (Industrial, Scientific and Medical) bandwidth and limited to very low power, which means that the frequency can be repeatedly IEEE 802.lib is an example of unlicensed technology, which is very affordable and very capable of providing speeds up to 10,000 Kbps. A 802.lib wireless local area network (LAN) that covers a small home or office and supports three computers can be purchased for about $ 500, and the device has become standard equipment on many computer production lines, including Dell and Apple Inc. 802.lib is just one of many wireless LAN technologies. Other technologies include HomeRF5 802.1 1, Bluetooth, etc. When these technologies were first introduced in wireless LANs for office and home needs (WLAN) was developed, but a new type of network service provider is using this technology is emerging. In terms of cost, these providers provide public access through 802. lib. 15 These networks are being installed At airports, cafes, etc. and other places where the public will use time to use computers. This embodiment is related to the problem of interface connection between wireless LAN and mobile phones or PLMN networks. High-speed unauthorized and authorized network access Technology can now be used to support speeds from 700 Kbps to 10 Mps and even higher. Examples of such wireless access technologies20 include Bluetooth and wireless LANs such as 802.11 (X). The domain has a very high speed to support a variety of media services such as video phone, continuous video, etc. PLMN users can use these non-PLMN access networks (Access Network: AN) to access high-speed multiple media services. 7 200307428 玖Description of the invention In many access places, the non-PLMN access network can carry a considerable amount of diverse media located in the access place. An example could be the field of sports, where the main source of diverse media would be almost Play moments of the game instantly. The multiple media can be transmitted through the 5 PLMN through communication. Keeping the multiple media away from the core network will reduce the burden on the network.

In order to make use of this data without becoming part of a huge pLMN network, it needs to support group-to-group (peer_to-Peer), group-to-area server, and group-to-network in an integrated manner. External connection types, so that a single connection client can take advantage of all connection types. This is because the user does not want to have group terminals, so supporting audio communication is also a key technical requirement. One issue involved in providing this interface connection is because the PLmn-type network is designed to ensure that only users of that network are devices that can prove that they are the owner of a particular 15 phone number. The purpose of these designs is to ensure that the bill can be guilty and generated correctly 'while other non-personal use is impossible and unauthorized access to the network is generally impossible. In the end, these mobile phone devices may be provided with a Subscriber Identity Module (SIM) as a security chip and algorithm to identify the device being used in the pLMN, and perform additional data based on the specific network architecture 20 Encrypt and decrypt, or they have identity information that the system uses to authenticate them to enter the network. SIM is a physical device that is confidential to avoid duplication and internal inspection. It means that 4 negative materials cannot be read externally and cannot be returned using disassembly components. The SIM is typically owned by the user and installed by the user on 8 200307428. Invention Description The device, typically a mobile phone, is used to access the network, which means the access The device has a SIM card carrier and a reader. The SIM concept is widely used and further allows the user to simply remove his SIM card from an existing device and place it in a new device to exchange the device that is being used to access the network. The device can maintain the same identity and phone number. SIM-based authentication is suitable for mobile phone devices connected directly to the PLMN. However, it is also considered to allow users to connect to a regional non-PLMN network such as a Bluetooth network and so on via a mobile phone. Furthermore, the non-PLMN network in this area can be used on a large number of devices, such as portable computers, PDA-type devices, and non-traditional mobile electronic devices, and non-standard mobile phone identification units, SIM or even A sim card carrier or similar device for a reader. Inferior devices are collectively referred to as "non-devices". It needs to provide basic equipment to allow these non-SIM devices to connect to the mobile phone network through the 15-domain network in the area, or at least allow them to access other networks, such as the Internet based on their mobile phone identification unit road. Furthermore, regional non-PLMN networks are very regional in nature. The user may want to use the device while using the device, however, he may easily find himself beyond the range of any convenient access point. More specifically, mobile users in a small or limited range can use any technology suitable for a small range in the range of 10 to 100 meters to be served by an area access point (AP). Each of these APs supports a network of local users. The communication link between each user and the router can be used to reduce transmission path loss, which can use transmission energy, interface level, and network load 200307428

10 15

发明 、 Explanation of invention It will vary within a wide range. If there is more than one AP operating in the area, no matter if multiple APs are installed at a single access point or they are installed in adjacent separate areas, it allows users to use different APs instead of being used or Services that have been considered using APs for better communication conditions. This question then determines whether another AP is available and allows the user to connect to that other AP. This problem is addressed through a wide range of feasible procedures collectively referred to as' 'handoff'. Another problem occurs when a user is equipped with a pair of technical terminals, such as mobile phones and wireless LAN, mobile phones and wired network access, etc., and the connection needs to be exchanged by the use-technology access point to Use another technology-access point. In this case, the logic normally associated with signal delivery will not be used; however, a different approach is needed to make the best use of such effective communication resources. MD prostitutes come out to provide internet connectivity in a small and confined area. The best known in this technology group are the 8G2 n frequency hopping and direct sequence wireless lan (WLAN) standards and Bluetooth technology. These technologies: The network is considered to operate independently. When a member of this network or a member of the network cannot obtain arbitrary data from the network access point, the reasons can be: Second, due to deteriorating communication conditions or network load, it has resulted in many negative consequences. One: It can be from the user's standpoint: it may remain suspended, and / or be disconnected from the network or supplied at an unacceptably low data rate. Existing solution = not% support to search * or convert the user to another way of working in the area 'that is' is not equivalent to the mobile phone handing over to the mobile for use 10 200307428 玖, the inventor Moved to another access point where you can meet their communication needs. Furthermore, no technical standards have been proposed to control the transition between technologies that provide services to these confined areas, and technologies that cover a wide area, such as mobile power, or technologies that cover large areas via wireless and wired connections. 5 conversions. It also needs to consider remote connection authentication, for example, authenticating a remote transaction or verifying that the correct user has been requested to pay by a remote service provider, and unless one of the networks can be accessed via a network such as the others The channel is used to provide a communication connection for authentication to the user. The interface connection is not complete between 10 networks. The network channel is not confidential or a user cannot confirm it. There are many transactions that do not require entities that are adjacent to the transaction to execute the transaction. These environments include ATM transactions, credit cards and other transactions made through electronic activities, and transactions made over the Internet. Generally speaking, the buyer's identity will not be established to a fairly high level in these transactions. These transactions involve the theft of user personal data and credit card numbers through unsecured and / or unauthenticated connections and the use of unsecured and / or unsecured connections. Today, electronic payment methods rely heavily on credit cards, which makes it difficult to levy 20 small payments, such as time spent on the Internet or small charges for downloading data items. There are many transactions that do not require entities that are adjacent to the transaction to execute the transaction. These environments include ATM transactions, credit card and other transactions over the phone, and transactions over the Internet. A 200307428 Rose, invention description The identity of the Bay side will not be established to a fairly high level in these transactions. These transactions allow users' personal data and credit card numbers to be stolen through unsecured and / or unauthenticated connections and the use of unsecured and / or unauthenticated communication technologies. 5 Today, electronic payment methods rely heavily on credit cards, which makes it difficult to tax J payments, such as time spent using the Internet, or small fees for downloading data items. Contents of the invention] Summary of the invention 10 According to the first feature of the present invention, it has an interface device with an interface connected between a PL_ network and a non-PL_ network. The above mentioned network is structured to confirm the honeycomb cells. The base station serves as a node connected to the cellular mobile device via a relay. Each of the above-mentioned non-PLMN networks includes a plurality of access points that are connected to a network-compatible mobile device through relay. The interface device does not need to be a honeycomb cell mobile device. The above interface device is structured to serve as a node of the PLMN so that the pLMN network serves as a base station thereof. The functions of accessing the above network are similar to that of the cellular network mobile device accessing the above PLMN network. 20 The device preferably includes a switching circuit interface for communication and a decapsulation interface for data and control use. Fortunately, the above PLMN network is a GSM network having an a interface or an interface, and the switching circuit interface can operate using the A interface and the decapsulating interface can operate using the Gb interface. 12 200307428 发明 Description of the invention Preferably, the PLMN network is a UMTS network with an IuCS interface and an IuPS interface, and the above-mentioned switching circuit interface can operate using the above-mentioned IuCS interface and the above-mentioned decapsulation interface can operate using the above-mentioned IuPS interface. 5 The device preferably includes a simulated honeycomb cell recognition gateway related to the security layer of the non-PLMN network and operable to determine that a connected device has been authenticated by the non-PLMN network, and is operable to respond to a PLMN A network authentication queue indicates that the above authentication has been successful. Preferably, the simulated honeycomb cell recognition gateway is a simulated SIM 10 gateway and the PLMN network is a GSM network. Preferably, the simulated honeycomb cell identification is a simulated ESN gateway and the PLMN network is a CDMA network. Preferably, the above-mentioned non-PLMN security layer is one of a group consisting of SSL, IPsec, TLS, SRP, and SSH, and 15 of the above-mentioned groups of authentication needs to allow the above-mentioned simulated SIM gateway to provide The authentication response is returned to the PLMN network. Preferably, the security layer can be set to a required level of security by the architecture. The device preferably includes a microphone for receiving a part of the sound transmission signal from the non-20 PLMN network for sound transmission, and receiving a sounded sound signal from the PLMN network for partial decoding. . The device includes a microphone, which is used to receive a part of the sound transmission signal from the non-PLMN network for sound transmission, and to receive the sounded sound signal from the PLMN network for partial decoding. 13 200307428 发明. Description of the invention Preferably, the device is constructed so that the above-mentioned PLMN network serves as a serving GPRS support node (SGSN) for packet data and as a base station for switching circuit data. Preferably, it further includes a function of authenticating a device connected to the non-PLMN network. The device preferably further includes a function of having a device connected to the above-mentioned non-PLMN network.

The device preferably includes a function of updating the location of a device connected to one of the non-PLMN networks described above. 10 The device preferably includes a function that allows a device to connect to one of the above non-PLMN networks to generate a service request. The device preferably includes a function of providing the above-mentioned PLMN network with connection control data standardized for the above-mentioned PLMN network to integrate corresponding activities into a complete bill. 15 The device is preferably structured to operate with a connection management unit of one of the non-PLMN networks described above, thereby obtaining non-PLMN network details from the quality of the connected users and the data exchanged. The device preferably includes the function of normalizing the above-mentioned details to become a PLMN-compliant specification. 20 The device preferably includes a honeycomb cell identification module associated with it to provide PLMN security functions, thereby allowing access to a PLMN network via the wireless LAN described above. Preferably, the honeycomb cell identification module is installed on the access card. Preferably, the above honeycomb cell identification module can be reversely installed at 14 200307428 (ii), the above description of the access card. Preferably, the honeycomb cell identification module is a SIM. Preferably, the device includes a SIM carrier and a SIM reader. 5 Preferably, the honeycomb cell identification module is a vertical honeycomb cell identification module. Preferably, the vertical honeycomb cell identification module is a vertical module including a SIM function. The device preferably includes the ability to exchange authentication signals with a LAN gateway to achieve network authentication. Preferably, the authentication signal is standardized to be transmitted between the gateway and the PLMN network, thereby obtaining a PLMN authentication. According to a second feature of the present invention, it provides a method for accessing a PLMN network via a non-PLMN network using a non-PLMN device, including the following: providing the above-mentioned non-PLMN device having a memory matching one of the above-mentioned non-PLMN networks; Remove the card, provide the access card with a honeycomb cell identification module, and provide the non-PLMN network with a gateway function to retain the honeycomb 20 cell identification signal between the non-PLMN device and the PLMN network. A third feature of the present invention is to provide a method for accessing a PLMN network via a non-PLMN network using a non-PLMN device, including: 15 200307428 玖. Description of the invention The above non-PLMN network is provided for authenticating the above A confidential authentication unit of a non-PLMN device, and a gateway function that provides the non-PLMN network with a function of the confidential authentication unit to operate the authentication unit and retain the authentication hive cells that are affected by the non-5PLMN network Identification signal to the above PLMN network

10 According to a fourth feature of the present invention, there is provided a method for operating a secure gateway between a PLMN network and a non-PLMN network to enable a non-PLMN device to authenticate for use in a PLMN connection. The method includes: : Authenticating the non-PLMN network by a first authentication protocol, and exchanging signals with the PLMN network by a honeycomb cell authentication protocol, which includes instructing device authentication by following the first protocol through authentication. According to a fifth feature of the present invention, there is provided a method of operating a secure gateway between a PLMN network 15 and a non-PLMN network to enable non-PLMN devices to authenticate and use in a PLMN connection. The method includes: : Exchange signals with the PLMN network through a honeycomb cell authentication collaboration to authenticate the non-PLMN network to connect to the device. According to a sixth feature of the present invention, there is provided a signal handover manager for managing a signal handoff of 20 units of a mobile device, which uses a network access point of a first mobile device and a second mobile device The network access points communicate with each other in a recognizable telecommunication working period. The first access point belongs to a first network and the second access point belongs to a second network. The managers can share Store each network and include: 16 200307428 玖, description of the invention, automatic device list ① matcher 'is used to perform matching between a mobile device unit that is not disconnected from a network and a connection to other networks ; And-the telecommunication working period maintainer 'is used in conjunction with the above mobile device unit matcher to transmit the 5 working periods between the mobile device units thus paired, thereby transmitting signals between these networks " The signal handover manager preferably includes a unit in a single area. The teleportation manager preferably includes decentralized functions on multiple internal networks and interactive networks. 10 Preferably, one of the networks is a PLMN network. Preferably, one of the networks is a wireless LAN network. Preferably, one of the networks is a wireless LAN network. a The signal delivery manager preferably further includes an active Lülidan 7L during the telecommunications work period. When the critical quality of the connection cannot be reached, it is determined by the current 15 network to instruct the mobile device unit to search. The surrounding network and its connection parameters are determined to identify an optimal network from the parameters and instruct the mobile device unit to connect to the optimal network. Preferably, the active management unit and the single source matcher of the mobile device are used together during the working period of the feeding letter, thereby using the above instruction to assist the matching of the 20 above. Preferably, the active management unit during the telecommunication work period is operable to determine whether the indicated matching has been successful, and when there is no successful connection, it is operable to instruct the mobile device unit to connect to the next best network. Preferably, the above-mentioned active management unit of the telecommunication working period is operable to continue. 17 200307428 (ii) Description of the invention The mobile unit is instructed to connect to the next best unit until a successful connection is indicated. The signal handover manager preferably includes a passive management unit during the telecommunication work period, which is used by the mobile setting unit to determine when the connection quality threshold cannot be met, to instruct the mobile device unit to search for nearby networks and determine Its connection parameters are used to identify an optimal network from the parameters and instruct the mobile device unit to connect to the network. Preferably, the signal delivery manager is further operable to instruct the mobile device unit to be disconnected from a first network and then connected to an optimal network. The signal delivery manager is preferably operable to indicate that the mobile device unit is connected to an optimal network and then disconnected from the current network. The signal delivery manager is preferably operable to lower the connection f on an existing network, thereby forcing the mobile device unit to cut off and search for another network. The signal handover manager preferably selects the best network for reconnection immediately, so as to lower the connection quality on the current network, and sends an instruction to the above-mentioned automatic unit to connect to the selected best network.佳 网络. The signal delivery manager preferably operates to provide a plurality of such mobile device unit identifiers that may be available on the network. The signal delivery manager preferably operates a mobile device unit identification code that may use the network. Preferably, the above-mentioned parameters include any of the following groups: a better access channel relative to the PLMN network, which can support a better distributed identity of the basic architecture of the Internet access proxy, The above may use 18 200307428. The invention explains the load conditions of the network. The above may obtain the general desirable parameters of the network, the Internet access number of the Internet access, and the information on the expected load conditions of the network that may be obtained above. Preferably, each of the first mobile device network and the second mobile device 5 network is a single-hotspot (Hotshot) wireless. Che Yejia also mentioned that the first and second networks are overlapping networks and one of the signal delivery. The mobile device unit is located at a point where the above networks overlap. Preferably, the first network and the second network each use the same network protocol. 10 车 交 佳 地 ’The first and second networks described above use different network protocols. Preferably, the first and second networks are non-overlapping. Preferably, the first network and the second network are different hotspots, respectively. 15 Preferably, the different hotspots have an area overlap and one of the mobile device units of the signal parent is located in the overlap area. Preferably, the aforementioned hot spots use a single communication protocol. Preferably, the aforementioned hot spots use different communication protocols, respectively. Preferably, the first network and the second network are pLMN 20 networks, respectively. Preferably, the first PLMN and the second Plmn network use a single communication protocol. Preferably, the first PLMN and the second pLMN network respectively use different communication protocols. 19 200307428 发明. Description of the invention Preferably, the first and second communication networks have overlapping areas and the signal delivery thereof in the mobile device unit is located in the overlapping area. It is a wireless local area network and the second network is a PLMN network. Preferably, 'the wireless LAN is located within the coverage area of the pLMN network.

The signal handover manager preferably includes a wireless LAN which is used to set a higher priority order than the above-mentioned PLMN-a priority order unit. 10 When a mobile device unit is located within its range, the signal is automatically signaled. Submit to the above wireless LAN. According to a seventh feature of the present invention, there is provided a signal handover method for a mobile device unit. The mobile seismic unit communicates with the above-mentioned parent number in a first and a second wireless network during a communication operation period. Between the individual 15 access points between the roads, the method includes providing a control point that is commonly used in both locations of the network; the control point determines the identity of the mobile device unit, whose connection has been Was interrupted and obtained information about its relative telecommunication work period; at the above control point, it was decided to form a new connection with the mobile device unit; 20 copies; at the above control point, the identity was matched to match with the mobile device unit. A telecom operation period in which the mobile device unit has suspended connection on a first access point and has been reconnected to a second access point 20 200307428 发明 Description of the invention According to an eighth feature of the present invention, it provides An authentication device includes: a communicator that communicates with an authenticated mobile device unit; and a verifier that is used with the authenticated mobile device unit to verify the communication. The 5 message is a preliminary authentication device; and a correlator that associates the verification with the activity request through a non-authentication device, thereby authenticating the activity request of the non-authentication device. Preferably, the authentication device is a GSM device and the authentication link is a GSM link. 10 Preferably, the authentication device is a CDMA device and the authentication link is a CDMA link. Preferably, the authentication device is a PDC device and the authentication link is a PDC link. Preferably, the authentication device is an EDGE device and the authentication link 15 is an EDGE link. Preferably, the authentication device is a WCDMA device and the authentication link is a WCDMA link. Preferably, the authentication device is a GPRS device and the authentication link is a GPRS link. 20 Preferably, the authentication device is an Iridium device and the authentication key is a watch network link. Preferably, the aforementioned security link involves a telecommunications service user identity module located in one of the encrypted mobile devices. Preferably, the above-mentioned security link involves one of the above-mentioned authentication devices. 21 200307428 发明 Description of the invention A telecommunications service user identity module. Preferably, the authentication device is a mobile phone. Preferably, the communication includes an electronic data communication. Preferably, the electronic data communication includes electronic message transmission. Preferably, the above electronic message transmission includes SMS message transmission. Preferably, the electronic message transmission includes WAp.

Preferably, the electronic message transmission includes an email. Preferably, the electronic message transmission includes £ 1 ^ 8. Preferably, the above electronic message transmission includes] ^ 1 ^ 18. Preferably, the communicator includes a function of initiating the communication by transmitting an activation signal from one of the authentication devices, and a function of receiving a reply to one of the activation messages from the authentication device, and authorizing the above activities. request. Preferably, the communicator has a function of receiving initiation communication from one of the authentication device and one of the non-authentication device, and has a function of transmitting a reply to the initiation message, and authorizes the activity request. Chau Jia, the communicator includes a function of receiving communication from an external device, and a link established between the authentication device and the non-authentication device. This is to authorize the activity request. 20 Preferably, the communicator involves a function of receiving a message from the authentication device and completing the function of the communication by transmitting a response to the confidential authentication device, thereby authorizing the activity request. Preferably, the communicator includes a function of inserting an identification code in the response to a requester and inputting through the non-authentication device, and the above-mentioned 22 200307428 玖, the invention description verifier further includes determining whether the identification code has passed The non-authentication device is received. Preferably, the communicator is operable to use an automatic voice to communicate with the authentication device. 5 Preferably, the authentication device is used with a paid account, and the device further includes a function of charging the paid account to the requesting activity. , ¥ Preferably, the requested activity is an Internet browsing activity or a point-of-sale activity. 10 Preferably, the requested activity is access to a network. Preferably, the device can be operatively connected to the non-authenticated device via a Bluetooth access point. Preferably, the device can operate to connect to the non-authentication device through at least one WLAN access point. 15 Preferably, the device can be connected to the non-authenticated device via a TCP / IP. Preferably, the communicator is operable with a telephone number obtained by the non-authentication device to communicate with the authentication device. Preferably, the above-mentioned communicator is operable to obtain the identity information from the non-authentication device, and 20 is used to form the above-mentioned association. _ · Preferably, the non-authentication device is one of the following groups, including:-credit card,-smart card, an infrared device, a Bluetooth device, a pda '-a portable computer' _ 固 ^ Computer , And — computer network. Preferably, the device includes a counter. If the above communication is not 23 200307428, the invention description is completed within a predetermined number of times to calculate the connection authentication failure. Preferably, the device includes a device for logging in to the non-authentication device. One of the login functions. 5 Preferably, the correlator is connected to an authenticator to indicate that the activity request is allowed.

Preferably, the authentication communicator is operable to communicate the authentication to an external gateway related to the non-authentication device. Preferably, the authentication communicator is operable to communicate the authentication to a server related to the request activity described above. Preferably, the authentication communicator is operable to communicate the authentication by using a change in a path table on a router. According to a ninth feature of the present invention, a personal transaction card compatible with an ATM machine is provided, which includes an ATM transfer number and 15-mobile phone number in ATM reading format. The mobile phone number is the same as the personal transaction card.

use together. Preferably, the numbers are stored in a magnetic strip. Preferably, the above number is stored in an internal integrated circuit. According to a tenth feature of the present invention, there is provided an authentication method including: 20 communicating with an authentication device through a confidential link; verifying that the communication is with an expected authentication device; and associating the communication with a non-authentication device Verify and an activity request, thereby authenticating the activity request of the non-authenticated device. 24 200307428 (ii) Description of the invention Preferably, the authentication device is a GSM device and the authentication link is a GSM link. Preferably, the authentication device is a CDMA device and the authentication link is a CDMA link. 5 Preferably, the authentication device is a PDC device and the authentication link is a PDC link. Preferably, the authentication device is an EDGE device and the authentication link is an EDGE link. Preferably, the authentication device is a WCDMA device and the authentication 10 link is a WCDMA link. Preferably, the authentication device is a GPRS device and the authentication link is a GPRS link. Preferably, the authentication device is an iridium network device and the authentication link is a silver network link. 15 Preferably, the authentication key includes a confidential link that involves a telecommunications service user identity module that is located in the authentication device. Preferably, the security link includes a telecommunications service user identity module involved in the authentication device. Preferably, the authentication device is a mobile phone. 20 Preferably, the communication includes electronic data communication. Preferably, the electronic data communication includes electronic message transmission or SMS message transmission. Preferably, the method includes the function of initiating the communication by receiving an activation message to the authentication device and receiving the above-mentioned 25 200307428 from the authentication device. Description of the invention The function of replying to the activation message, and authorizing the activity request. Preferably, in the method, the above-mentioned communication involves receiving a flood message from the above-mentioned authentication and completing the above-mentioned communication by sending a reply to the above-mentioned authentication device, thereby authorizing the above-mentioned activity request. Preferably, the method includes inserting a password into the reply to a requester to input through the non-authentication device, and determining whether the password has been received through the non-authentication device. Preferably, the method includes using an automatic voice to communicate with the authentication. Preferably, the authentication device is used with a pay account, and the method further includes charging the pay account for the requested activity. In Chedi, the above pursuing activities are one of a group or activity including an Internet browsing activity, a point of sale activity, and access to an Internet. Preferably ' The method includes the use of either infrared or Bluetooth. Preferably, the non-authentication center is a TCP / IP link. Preferably, the method includes obtaining a telephone number for the non-authentication device to communicate with the authentication device. Preferably, the above-mentioned non-authentication device is one of the following group including: a credit card, a smart card, an infrared device, a Bluetooth device, a PDA, a portable computer, a fixed computer, and A computer network. Preferably, the method includes a counter for calculating the connection authentication failure if the communication is not completed within a predetermined number of times. Preferably, the method includes logging in to one of the non-authentication devices. 26 200307428 玖2. Invention description record function. The car method, the delta method, includes an indication that the above-mentioned activity request has been permitted. Preferably, the above instruction is output to one of the external gateways associated with the above authentication device. Preferably, the instruction is output to a server related to the requested activity.

Preferably, the above instructions are output by adding a change to a routing table on a router. 10 Schematic illustrations In order to better understand the present invention and show how the present invention is useful, reference will now be made by purely illustrating and accompanying drawings

The drawings are now described in detail with specific reference numerals, highlighting the 15 features that are shown by way of example and only illustrating the purpose and discussion of the preferred embodiments of the present invention in order to provide what they believe is the most useful and easy to understand The principles and concepts of the present invention are particularly contested. In this regard, there is no intention to show the structural details of the present invention to the extent that a basic understanding of the present invention is required, and the description and reference to the drawings make those skilled in the art aware of the many kinds of the present invention that are integrated into present life. In the accompanying drawings: Fig. 1 is a simplified representation of SIM, Fig. 2 is a simplified block diagram of display-SIM operation, and Fig. 3 is a display according to the first embodiment of the present invention. The client device is connected to the -rail_network through the -virtual_gateway and from 27 200307428, a description of the invention is a simplified schematic diagram of connecting to a PLMN network, Figure 4a is a more detailed display of Figure 3 A simplified block diagram of one embodiment, including a secondary system that simulates a SIM gateway. Figure 4b is a simplified comparison diagram showing another solution to provide 5 PLMN services through a non-PLMN network. Figure 4c is an exemplary diagram showing a handheld device and a card that can be inserted into it, making it suitable for use with Bluetooth and similar non-PLMM networks. Figure 5 is based on this A simplified flowchart of one embodiment of the invention. 10 shows a non-SIM device connected through a non-PLMN network to a PLMN network through a virtual SIM gateway. Figure 6 shows a typical PLMN network infrastructure. FIG. 7 is a schematic view of an embodiment of the present invention. A schematic diagram showing the use of a virtual base station controller as an interface to the PLMN network, FIG. 8 is a schematic diagram of a preferred embodiment of the present invention, which shows a wireless LAN and a The protocol layer and packet data authentication between PLMN networks. Figure 9 is a schematic diagram of a preferred embodiment of the present invention, which shows the protocol layer and switching circuit information between a LAN and a PLMN network. FIG. 10 is a schematic diagram of a preferred embodiment of the present invention, which shows a protocol layer related to the connection between GPRS and a wireless LAN. FIG. 11 is a comparison of a protocol according to the present invention. A schematic diagram of one of the preferred embodiments, which shows the protocol layer related to the provision of switching circuit support services through PLMN and wireless networks 28 200307428 发明 Description of the invention, Figure 12 is one of the preferred embodiments of the present invention A schematic diagram showing a virtual SGSN + used as an interface between a wireless LAN and a PLMN, FIG. 13 is a schematic diagram showing a wireless LAN and a wireless LAN according to a preferred embodiment of the present invention. Of a PLMN network The protocol layer and the encapsulation data authentication, FIG. 14 is a schematic diagram according to a preferred embodiment of the present invention, which shows the agreement layer providing the encapsulation support service 10 between a wireless LAN and a PLMN. FIG. Is a schematic diagram of a preferred embodiment of the present invention, which shows a protocol layer for providing switching circuit support services between a wireless LAN and a PLMN. FIG. 16 is a preferred implementation of the present invention. One example is a schematic diagram, where 15 shows a coordination layer between a wireless LAN and a PLMN to provide packetized data traffic management. FIG. 17 is a schematic diagram showing a overlay according to a preferred embodiment of the present invention. A common area and a wireless network connected to a hotspot center point can be used to coordinate handovers between networks. FIG. 18 is a schematic diagram of a preferred embodiment of the present invention. Shows that a wireless network exists within the coverage area of a honeycomb cell or a PLMN network. FIG. 19 is a schematic flowchart of a preferred embodiment of the present invention, which is shown as a signal communication between two networks. Pass the whole Management, 29 200307428 玖, description of the invention 5 FIG. 20 is a schematic flowchart according to a preferred embodiment of the present invention, which illustrates the signal delivery from the viewpoint of a mobile device unit, and FIG. 21 is a diagram according to the present invention. A schematic flowchart of one of the preferred embodiments, showing another embodiment of the signal delivery procedure, FIG. 22 is a simplified schematic diagram illustrating a common center point 2 ^ Non-overlapping WLANs, FIG. 23 is -Simplified schematic diagram, explaining that each of the two overlapping muscle papers is-different hotspots-part and has a common center point outside these hotspots. 10 Figure 24 is a variation of the plot of Figure 23, where This hotspot does not overlap. Layer 15-Figure 25 illustrates two overlapping PLMN networks, Figure 26 illustrates two non-overlapping PLMN networks, and Figure 27 is a simplified block according to yet another preferred embodiment of the present invention. It shows a certification authority. Figure 28 is a simplified illustration showing one of the devices used in the security link of Figure 27. Figure 29 is a simplified illustration showing one of the devices used in the non-security link of Figure 27. , -20 Figure 30 is based on One of the inventions is a simplified block diagram of another embodiment of a certification authority, specifically allowing control access to a wired or wireless 1 ^ 8 1 ^, and FIG. 31 is one of the operations of the authentication machine of FIG. 27 Simplified flowchart, where the setting can be started by any device, confidential or non-secure, including 30 200307428. The invention description is set by a different device.

I [Real Way] I Detailed description of the preferred embodiment The embodiment of the present invention provides a connection from a non-PLMN network to a PLMN 5 network via an interface. The invention described below provides an interface between the non-PLMN network and the PLMN network, which enables the PLMN network to detect units accessed via the non-PLMN network as if they were accessing the PLMN network, The same is true of those units that access the PLMN network through the radio access network of the PLMN. Therefore, the PLMN network 10 detects non-PLMN networks that provide services to the supported device, and is simplified as part of the PLMN network. The present invention includes a set of elements that interact as a system that allows its users to access different resources from a non-PLMN or a PLMN without the need for a device that can be connected to the PLMN physical interface (for example, 15 a mobile phone). Some of the components described herein are installed on devices that access the PLMN network or the non-PLMN network, and some components are within the gateway between the non-PLMN network and the PLMN network. Some embodiments use codes proving the user of the mobile phone, as produced by the mobile phone switchboard (for example, IMSI and Ki within a GSM SIM, or MIN and ESN within a 20-CDMA device) — Other embodiments do not use such codes. These embodiments do not require any modification to the PLMN infrastructure; they require additional new units for seamless access between the non-PLMN network and the PLMN network. A system that allows access from a non-PLMN to a PLMN must be able to perform up to 31 200307428 玖 Description of the invention The following two actions are missing.

1. An authenticated user, i.e., proves that the user in the PLMN that requested access to its resources or other resources to request payment for the PLMN account is the authenticated user of the PLMN. In some examples, this authentication includes the right to allow access to specific services in addition to the proof of identity. The PLMN must not be able to distinguish between accesses initiated by a non-PLMN and its own access network via the PLMN, whether it is a wireless or other physical communication architecture. This must be done because the PLMN must be confirmed and the access request is actually associated with a valid account for the particular requested service. 10 2. Enable the transmission of user traffic between non-PLMN and PLMN. The PLMN must not be able to distinguish between the traffic originating from a non-PLMN or to a non-PLMN and the traffic between the PLMN's own access network to the user or from the user.

All embodiments are related to 15 authentication and confidentiality of access to the access device other than the PLMN, where the service can request a payment to a PLMN account associated with the access device during access. The second embodiment describes the entity unit responsible for causing the PLMN to detect the access as if it were done via a standard honeycomb cell node; the characterized entity units are therefore designed to simulate a honeycomb cell node. 20 These nodes are connected to both a non-PLMN and a PLMN; they can exist in the PLMN infrastructure in the same way as the nodes they simulate. The VBSN (Virtual Base Station Controller) seems to have the PLMN as a BSS); in this case, the simulated node is a BSC. The VSGN + seems to make the PLMN a 32 200307428. Description of the invention Cell phone switching node, that is, a SGSN with closed switch data or an MSC with circuit switch data. The VBSC and the VSGN + can perform both functions. They participate in the authentication of the non-PLMN access device to the PLMN network; and they can transmit information flows from the non-PLMN network to the PLMN network. In two of these embodiments, an access device with a SIM, and hybrid network authentication, the authentication is based on accessing the PLMN itself by the user provided by the PLMN operator (and the PLMN operator provided to them). Access the network with the same identification parameters of the PLMN operator) to provide tokens to one of the 10 users, for example, for a GSM PLMN system, those that exist within a SIM, or typically directly Stored in a honeycomb cell phone). In another two embodiments, an SSG (simulated SIM gateway) and a virtual SIM, the substitute symbol is replaced by a virtual substitute number, and the virtual substitute symbol is a software package that simulates one of the substitute symbols. In the first embodiment, the virtual substitute symbol is installed in the gateway (VBSC or VSGN +). In the previous embodiment, the software package is installed in the non-PLMN access device. The system supports many different authentication methods. The simulated hive cell node (VBSC or VSGN +) plays a basic role in each authentication method. We classify these authentication methods (and the examples individually) into the following categories.

1. PLMN-type authentication of the end-user access device-In these authentication methods, the end-user access device includes a SIM: the following includes an embodiment in which the SIM is a true SIM and the SIM is It is a virtual SIM 33 200307428 (i.e., an embodiment of the invention description (ie, the SW SIM of the GSM system and the stored cell phone identification code of the non-GSM network). A physical SIM may be installed in the device, it may be installed in the access card, a dedicated card, or with other peripheral devices (for example, embedded disks). In these methods, the 5 mobile phone cell node (the VBSC or the VSGSN +) obtains the honeycomb cell phone authentication information from the end user and compares it with the authentication data that has been stored in its database. Yes, or compare it with the certification data taken from the PLMN infrastructure. Hybrid network authentication is a one-way phase about or initiating the simulated honeycomb 10-cell node with authenticated and authenticated authentication data. 2. The non-PLMN identification of the access device is received by the simulator gateway (existing within the node that simulates the PLMN infrastructure, such as a honeycomb cell node)-the SIM gateway (SSG). The authentication information and the honeycomb cell network believe that the device has a physical surrogate symbol / hive cell 15 density and response just like any honeycomb cell phone. The gateway actually authenticates devices using different authentication protocols, typically the Internet type. The non-PLMN gateway uses the identification code of a node with special priority, and the mobile phone network provides this node. 3. Involves the authentication of the user's PLMN device, such as Hive Cell 20, a phone linking a non-authenticated non-PLMN access device to an authenticated PLMN access device by correlating between two access devices, for example, hive Cell phone. Hybrid network authentication allows the user to access the non-PLMN based on the user being an authorized user of the PLMN. It assumes that it has a VBSC or VSGSN + used to provide access from a non-PLMN to a PLMN. Regarding 34 200307428 (ii), the invention has three examples for this type of authentication; i. The PLMN provides an access code each time the user requests access to the non-PLMN. This method requires simultaneous communication between the networks and the user's manual insertion. 5 ii. Automatically access the node once. One way is to have a client unit in the non-PLMN device to automatically process the program, which may be extended or even used by the PLMN device (honeycomb cell phone) to automatically transfer the access code to the non-PLMN access device The client unit in. iii. Activation of a virtual SIM. In this system, a relationship between the PLMN device 10 and the non-PLMN device is used to activate authentication information of the non-PLMN device with a virtual SIM or another authentication system (possibly used by the SSG) The non-PLMN device. The user can then be authenticated by the PLMN and access the PLMN via the non-PLMN without being included in the scope of the PLMN. 15 A feature of the present invention is to provide an interface that can be used to connect to a non-

A virtual SIM gateway between a PLMN network and a PLMN network. The gateway performs authentication suitable for communicating with the access device, such as a typical Internet Protocol environment authentication on the entire PLMN network; after it has satisfied that it has been authorized to connect a device, it then represents the storage device. The access device grants 20 rights to the PLMN network itself, as if it had a SIM on a device (including the same honeycomb cell identification code that does not use SIM in those networks). On the other hand, the two gates can be integrated together, and the intermediate steps of one certification are based on the intermediate steps of other certifications. For example, the gateway can pass requests, queries, and responses from one link to another. If the information is transmitted to the PLMN, then the gateway is encrypted so that it appears to have the SIM (or the same hive cell identification code). Another implementation of the present invention is to use a SIM on the non-SIM device, and it is best to integrate the SIM into the connection card of the device. Therefore, different types of 5 WLAN and other connection cards for integrated SIMs can be provided.

When it is better not to integrate and use a SIM in the access device, then another architecture exists that uses a different authentication option: configure the connection device with a virtual SIM. The virtual SIM may be stored in another access device 10 having its algorithm embedded in a processor in the access device, that is, software without special hardware. In detail, a hybrid network authentication which will be described later can be used to authorize the activation of the virtual SIM installed in the remote connection device. A virtual device is configured to be authenticated through VBSC or VSGSN, which will be described in detail later. It finally exists between the non-PLMN network and the PLMN network, and it can generate 15 virtual virtual SIMs or other A false triplet (rand, sres, ke) of its equivalent (MIN, ESN) in the network, or other authentication information, such as a user name and password that can be authenticated by the analog SIM gateway, And provided to the network, if a user will be able to access the network through the PLMN and the simulation node, the simulation node will exchange the same or equivalent data with the PLMN. However, if this method is used, then the PLMN does not directly authenticate the user (ie, does not verify that he has the SIM or equivalent mobile phone cell ID in the device he owns), but instead relies on the gateway Device. The gateway can then provide charging information to the PLMN 〇 36 200307428 玖, the description of the invention is to point out that when a virtual SIM is used in the access device, then the simulated PLMN gateway is preferably With the function of authenticating a virtual sim. Another feature of the present invention is to provide a virtual base station controller, which provides 5 interface functions, so that the non-PLMN network appears to the PLMN network, such as the same cellular cell base station controller. This concept can even be extended to simulate a honeycomb cell base station, so the 1 ^] ^ 1 ^ network appears as the same or multiple honeycomb cell base stations. Basically, all providers are a proxy server type configuration. An extended function to the virtual base station controller allows peer-to-peer connections in the non-10 PLMN network, peer-to-peer connections within the extraordinary ^^ network, and export to the network to be used by the PLMN network The connection managed by the road. Another feature of the present invention is to provide the honeycomb cell network to agree to access to the honeycomb cells through different paths through a non-honeycomb cell device. 15 The concept of allowing devices related to the honeycomb cell device to connect to the honeycomb cell network via a local area network is extended to a network of honeycomb cells configured with a honeycomb cell module or a non-SIM-like device. Another feature of the present invention is to provide a method for mobile device users to maintain a seamless connection, which is independent of the different communication networks that they can access, and whether it is moved from one connection type to another. Before introducing at least one embodiment of the present invention in detail, it can be understood that the present invention is not limited to the application of the following description and the description in the drawings. The present invention may be applied to other embodiments or may be different. The method is implemented or executed. Furthermore, it can be understood that the terms used herein and the terms 37 200307428 玖, invention description words are used for the purpose of illustration and are not to be considered as limiting. The Sim SIM Gateway / Reference Reference No. 1B | is shown here for the purpose of-a schematic diagram showing a typical attack on a mobile phone device. The _1 () is a small module of a SIM card carrier and reader 12 inserted in the cellular telephone device 14. The SIM provides the identification code of the honeycomb cell phone device and allows it to connect to the honeycomb cell phone network consistently. ίο 15 20 Please refer to Fig. 2, which is called-Simplified Block Diagram, which is shown in the SIM subsystem. The sm 10 includes an authentication sub-system 16 'for performing a confidential identity to ensure that the network is a legitimate user of the phone number, and an encrypted sub-system that encrypts voice and data communications from the network, and Decrypts incoming voice or data communications from the network, using algorithms such as A5. Of course, it should be noted that other encryption systems or completely different encryption systems can also be used. Encryption and decryption are performed using one of the messages supplied for authentication by the network. The correct type of authentication and encryption to be used depends on the network. In the authentication, a random number RAND is sent to the SIM by the network, where it is used as an input to a one-way function A3. The SIM returns the function in rotation, where the base station compares the SRES of the previous action performed by the system to apply RAND to A3. If the response complies with SRES, then the connected device is authenticated. Please refer to FIG. 3, which is a schematic diagram showing a remote device connected to a honeycomb cell or a pLMN network through a local area network. The device 20, however, has the processing power to allow it to identify itself, although it is implemented in a way that does not match or meets the requirements of the PLMN network. This device 20 does not require 38 200307428. Invention Description If it is a mobile phone or has a SIM. This device is referred to herein as a non-PLMN device. The device 20 is connected to a non-PLMN network 22, which may be typically a LAN network with one wireless access point. The LAN typically uses TCP-IP as a communication protocol. The LAN is connected to the PLMN or honeycomb cell network 26 through an analog SIM gateway 24 5. The analog SIM gateway 24 provides a bridge between the TCP-IP authentication and encryption protocol and the PLMN protocol, and thus allows the device 20 to be confidentially identified by the PLMN network, even if it does not have a SIM. As shown in Figure 3, the connection 10 between the device 20 and the gateway is protected using any standard TCP / IP security protocol, such as secure socket link (SSL), TLS, Ispec It is any security encryption and authentication technology typically used in IP networks. It will be described in further detail later. This security technology is used in the device 20 to unambiguously identify itself to the gateway. On the other hand, other security protocols such as IPSec can also be used for this purpose; that is, the term SSL when used in this interpretation is integrated to mean that anything that can be used to protect the device and the gate Any security protocol for data transmitted between routers, including those operating at a lower level and not using a socket. After the gateway has determined the identity of the connected device, it performs a SIM matching identification procedure with the PLMN network, wherein the gateway indicates that the PLMN has been authorized for the connected device. The authorization procedure will be explained in more detail in Figure 5. Please refer to FIG. 4A, which is a simplified diagram showing the embodiment of FIG. 3 in detail, and particularly the internal subsystem of the gateway 24. Elements that are the same as those in the previous drawings are given the same reference numerals and will not be referenced again unless it is necessary to understand the present invention. The simulated SIM gateway 24 includes a database subsystem 28, an access subsystem 30, an interaction subsystem 32, and a PLMN subsystem 34. The different secondary systems can be installed on many servers or the entire gateway can be installed in a single server 5 depending on the required scale of operation. The gateway is preferably located in a secure location to protect the possibility of physical damage to the system. However, as will be explained later, the gateway does not store any information that would compromise SIM security requirements. The access subsystem 28 generally includes standard LAN security devices. Typically, an SSL socket is established at the connection device 20. The access subsystem identifies the device and notifies the PLMN subsystem 34. The PLMN secondary system communicates to the PLMN network 26, of which a connection is required. The gateway is structured to look like a standard mobile phone cell base station, or a standard SGSN, a standard base station controller, or a standard MSC for the PLMN network, which transmits a standard SIM Identity information to the PLMN secondary system. When the device does not have a SIM, the secondary system will not pass any identity data to the device. In addition, it briefly checks that the SSL or other TCP / IP-based authentication protocol is successful and sends a standard SIM confirmation to the PLMN network. 20 If the information flow transmitted by the end-user access device to the PLMN is needed, and then when it needs to provide a match with the PLMN network, the PLMN sub-system 34 can also perform encryption and transmission of outgoing data and sound Decryption of incoming voice and data. The interaction subsystem provides a bridge between the IP-based access subsystem and the mobile phone cell protocol of the PLMN system used. The database system includes data of users of the LAN, so individual users can be authorized and given access to the appropriate services. Please refer to FIG. 4B, which is a simplified comparison diagram showing another embodiment that allows non-PLMN devices to access a PLMN network. As described above, the non-PLMN device is required by the PLMN network to do the following: 1) The user authenticates that the PLMN sends a random number (RAND) to the access unit. In order to be authenticated, the access unit must respond to the correct number (SRES). The access device determines the 10 SRES by inputting the RAND to the SIM, wherein the secret A3 algorithm processes this action and the SRES is the output. The SRES is returned to the PLMN, where it is compared to the expected value. In the device using another honeycomb cell identification system, the access unit provides MIN and ESN in a first access, and the TMSI and ESN are immediately behind, so that it can perform similar authentication for the PLMN. 15 2) Data or Voice Encryption-Digitally held information (voice or data) sent to the PLMN by the access device is encrypted to avoid eavesdropping. In the example of a GSM network, the SIM encrypts the data stream using the A5 algorithm and an internally generated dense message derived from the RAND. Different algorithms for the same purpose are defined for CDMA and other networks. 20 The above requirements can be implemented by providing access to a SIM (or equivalent cell phone identification data) of the non-PLMN network, and this can be implemented by integrating the SIM into the user terminal carry out. The SIM can be integrated into the device itself, integrated into a separate access card or module, or a SIM carrier and reader can be a part of the network access card. For non-SIM type cellular networks, the cellular identification data can be stored in the user terminal, a special smart card or the access card. The access cards used for non-PLMN devices use quite a few types of access technologies, including Bluetooth, wireless local area network (802.11X) and wired 10/100 Ethernet. The specifications of these cards include standard PCMCIA, CompactFlash and other specifications.

For personal digital assistants and laptops, the access card can often be built-in. More likely, it may be provided with an add-in card, such as a CompactFlash (or PCMCIA) add-in card. One standard that has been established includes Bluetooth cards with CompactFlash specifications. The card is modified to include a SIM carrier and the Bluetooth driver software is modified to include the SIM card reader and controls. The SIM carrier and card reader can be added to a wireless LAN card, such as the 802.lib protocol in CompactFlash or PCMCIA format.

Figure 4 is based on the GSM / GPRS network. The upper part of the figure shows the current standard method in which GPRS can be used completely. The SIM card and control software are normally installed in the GPRS access card. The GPRS access card is installed in the User Device, which is typically a digital assistant, laptop or mobile phone. The principle of this method is shown in Figure 4B. In Figure 4B, a comparison is shown between the upper half of the figure and the lower half of the figure. In the upper half, standard GPRS is used and SIM access is through a GPRS access. The card 36 is provided, and in the bottom half, a non-PLMN network 42 200307428, area arbitration and SIM access between invention descriptions are provided through a Bluetooth access card 38. In the lower part of the figure, the GPRS access card 36 is replaced by a Bluetooth access card 38. The control software is installed on this same card. The Bluetooth access card is installed in the user equipment and communicates through the Bluetooth network. 5 ° GPRS messages are transmitted via the Bluetooth and on the edge of the network. Bluetooth transmission is replaced by standard GPRS transmission as shown in the figure. The advantage of the above method over that shown in Figure 4A is that the SIM is included in an access card device. The specified value is restricted to a special card, which means that the solution can be implemented on the 10 non-pLMN device based solely on providing SIMs, and essentially no additional functions must be provided to any relevant network. Subscribers are provided with access to all network services. All access and encryption uses standard and complete unmodified PLMN technology. The supplier can be protected from fraud because it is based on its own security system. The access network switchboard is protected from being spoofed by the same 15 attempts and tests of the PLMN system. Please refer to FIG. 5, which is a flowchart of a method for obtaining access to the cellular wireless or pLMN network through a LAN connection through a non-SIM device. The figure refers to the embodiment of FIG. 4A. In contrast, the device in Figure 4B is connected in a complete standard way. According to Fig. 5, the device is connected to the LAN in the initial step 20, and then an SSL software data structure (socket) is established in the next step S2. The connection to the LAN is preferably performed using a standard web browser, and it is best to support an SSL software architecture or other CP / _certificate protocol. The software data structure is standard and can typically use 64, 128-bit encryption keys or other communications. The 2003 200307428 玖, description of the invention agrees to encrypt the key data string to encrypt communication, thereby providing communication security from eavesdropping. Once the software data structure is established, it is used in the second-stage verification operation, including a first step S3, in which the server authenticates itself to the connecting client. The server authentication is usually achieved by using a system 5 signed for certification, such as the x.509 standard server certification, which reconfirms that the connecting device communicates with a server that has been confirmed and can be traced if necessary. Once the server has authenticated itself to the device, then at step S4, the user is usually required to provide a username and password. This is best performed using a standard dialog. The user name and password are compared with the database of the server data and the server can then determine the connection agreement that the connecting device is given. If steps 3 and 4 successfully communicate and coordinate between the gateway and the device, then in step 5, the gateway prompts that the pLMN-connection is needed. In step 6, the PLMN responds by providing a SIM secret triple code 15 (tHplet). The triple code includes a random number RAND, from the SIM to one of the random triple codes. Encryption key Kc. In the normal example of the -SIM device, ran ^ is sent to this _, which is used as an input for a one-way function. The SIM sends back the function output, where the base station is compared with SRES. If the response matches SRES, the connection device is authorized. However, in this example, the connection device is not a strike device. In step 37, instead, the PLMN system 43 simply and successfully authenticates the connected device in steps 3 and 4, and then sends an authentication response to the PLMN. In step 8, the gateway uses the money key Kc in subsequent communications to encrypt data and sound. The voice is preferably always in this room. 44 200307428 发明, description of the invention The SSL is used to decrypt on the router, and the A5 algorithm and the encryption key Kc can be used to re-encrypt in succession according to the requirements of the PLMN network. The advantages of the above embodiments can be added to the network user, the LAN switchboard, and the PLMN or cellular network switchboard. The network user uses all the encryption provided by a standard PLMN, but can use a low-cost device to connect or simply use a device that was easily available at the time without the need for any special hardware kit. For this LAN switchboard, it can provide a full set of connection services based on its own TCP / IP authentication technology. Finally, for the PLMN switchboard, this embodiment provides a device for the network user to connect via the LAN, which can have a full set of services, to ensure that its response will be accepted by the LAN switchboard. Although the above example has described the GSM system using a standard A or Gb interface, this embodiment can be used in addition to GPRS, EDGE, WBCDMA, UMTS, 3G, CDMAone, CDMA2000, 3GPP 15, 3GGP2, PDC and other PLM standard. The above list is not the owner, and it is expected that additional agreements will be added to the PLMN domain over time. The non-PLMN network can typically be a wired LAN, Bluetooth, 820.11 (x), wireless LAN or the like . 20 Although the above has been described for SIMs and GSM, the same solution is used in any system as cellular network identification and / or security, and specifically includes MIN and ESN in CDMA networks. Example: One of the above examples can be connected to a PDA using an 802.11 access card. According to the above embodiment, this connection can be achieved when the PDA is provided with a GSM compatible SIM.

Virtual SIM 5 Please refer to FIG. 4C, which is a simplified comparison diagram.

A variation of a non-PLMN device accessing a PLMN network. This method is suitable when the connection to the PLMN is needed for authentication and accounting purposes, but no user traffic is exchanged between the access device and the PLMN. As mentioned above, in this method, the end-user access device is equipped with 10 virtual SIMs. The simulated honeycomb cell node (VBSC or VSGSN +) has an authentication database, all of which have authentication information for network users who need a pseudo-SIM (or other method to simulate the authentication substitute code for identification of the honeycomb cell). The virtual SIM can initiate or use the information in many ways, at least some of which can only be used for an access or access attempt. In detail, the hybrid network authentication described later in 15 can be used to authenticate the virtual SIM installed on a remotely connected device, and to use the identity of the honeycomb cell and the information stored in the simulated honeycomb cell node The certification information of the library is relevant. One of the devices equipped with a virtual SIM is authenticated by a VBSC or a VSGSN. As will be described in detail later, it preferably exists between the non-PLMN network and 20 channels of the PLMN network, and it can generate virtual SIMs or False triple codes of other equivalents in other networks (rand, sres, kc). However, if this method is used, the PLMN does not directly authenticate the user (ie, does not confirm that he has SIM or equivalent cellular identity in the device he owns), but relies on the gateway. The gateway can provide further accounting information later. 2003200328 玖, invention description to the PLMN, or the accounting information can be based on the non-PLMN, or both. When it is intended that they do not include SIM s or other hardware-based identifiers (smart cards or their equivalents) for non-PLMN to PLMN connections, the virtual SIM method may be used for access devices; or It can be used for non-PLMN-to-PLMN connections, where the PLMN does not support integrated SIM-based authentication-for example, CDMA. In this method, a virtual (usually software) SIM is installed on the remote device. The remote device does not have a SIM. The SSG is replaced by an assigned gate 10 router, which generates a false triplet to the remote device. The gateway and the remote device share the virtual SIM secret key (which is stored in the simulation cell node authentication database). The gateway uses it to generate the triple code (RAND, SRES, KC), and to generate a GSM-like challenge to the remote device (that is, RANDP. The triple code can be used for the GSM authentication protocol. Co-calculation algorithm to generate (for example, HMAC-SHA-1 or HMAC-MD5). The requirements of the same algorithm will be used by the virtual SIM and the simulated honeycomb cell node (VBSC or VSGSN +). The remote device then uses the The virtual SIM responds to the challenge, and sends SRES to the simulated honeycomb cell node (via the non-PLMN network). When the authentication process is successfully completed, the end user accesses the device and the simulated honeycomb cell node after 20 Sharing an encryption key (Kc) as in the GSM system, it is not known to others. The end user access device and the simulated honeycomb cell can use this encryption key to encrypt the traffic between them. However This encryption key cannot be used to encrypt the traffic that is assigned to the PLMN network, because the 47 200307428 玖, invention description PLMN does not have this encryption key. SIM or USIM can be implemented in this way. Unlike SIM - a software SIM can be copied, making use of virtual SIM authentication protocol includes the replication mechanism 5 detects the virtual base station controller (VBSC).

Please refer to Figure 6, which is a simplified block diagram of a standard GSM network configuration. A base station system (BSS) 40 supports remote location mobile devices 42. It is connected to a circuit-switched network through an MSC 44, in this case the PSTN, and it is connected to a packet-switched network through an SGSN, like 10 is the Internet. The key points to observe are that the base station interface to the MSC is using the A interface for circuit switched connections and the Gb interface for packetized connections. These interfaces can be used by the VBSC as detailed later to make the PLMN look like any other BSS in the GPS network.

Please refer to FIG. 7 for a simplified block diagram showing one of the non-PLMN networks 48. It is connected to the GSM network of FIG. 6 by a virtual base station controller VBSC 50 interface. The same elements as in the previous drawings are given the same reference numerals, and will not be described again unless necessary in the understanding of the present invention. The non-PLMN network 48 is connected to the remote device 52 and its own network server 20 in any typical network type through a series of access points. A SIM server 56 is shown provided with an analog SIM gateway, or a virtual SIM server certification of the type described above. As shown in the standard base station in FIG. 6, the VBSC 50 uses the A interface to reach a circuit-switched network such as the PSTN and the GB network to achieve a packet-switched network. The VBSC (Virtual Base Station Controller) is a proxy gateway between the non-PLMN access network (Bluetooth, 802.11, etc.) and the PLMN. The VBSC is connected to the PLMN through the A and Gb interfaces. There are interfaces that the PLMN uses to communicate with a BSC and therefore the appearance of the VBSC treats the PLMN as a BSC. 5 The VBSC 62 communicates with an access device 52 using one of the non-PLMN networks, such as a PDA, or a laptop. The communication is performed by a client application software installed on the access network or a network server, and is performed using a communication channel based on TCP / IP or other matching standard protocols. For the VBSC, communication is needed for the SIM server as an authentication and encryption service. The end user access device may have a virtual SIM installed therein, and the SIM server may be compared to a virtual SIM verifier, or it may be an analog SIM gateway as described above. The VBSC may also preferably communicate with a packet of data on the access device or a circuit-switched software client. The client can be used by 15 people on the network to get requested specific services like corporate VPN, Internet access, access to a server or voice exchange connection within the cellular network. The access The device client application software is typically download software as an application, especially when the access device is a PDA or a notebook computer.

20 The VBSC 50 serves as an interface between the access, non-PLMN, network and the PLMN, and preferably supports a wide range, which can communicate through the A and Gb interfaces, respectively. The VBSC starts and responds to messages to and from the PLMN, and interacts with components between the access network to perform these functions. The selected function is described later. 49 200307428 玖, description of invention

Please refer to Figs. 8 and 9, which respectively show a simplified signal plane of one SIM service to the Gb interface and a simplified signal plane of one SIM service to the A interface. The correct interface connection of the security structure between the PLMN and the non-PLMN network is such that the interface looks like part of a PLMN base station (BTS) or 5 base station subsystem (BSS). FIG. 8 shows a serial mobile device 52 connected to a wireless LAN network through an access point 54. The wireless LAN uses its own protocol, the RF-based protocol, including the MAC from the client to the LAN connection, and the client-to-VBSC connection and other network protocols within the network. VBSC 62 functions as a relay between the network protocol signal and the 10 PLMN signal. Obtaining the correct signal content requires the mobile device to have built-in SIMs or an analog SIM gateway of the type described above to be used.

The Gb interface is used to transmit signals between the VB SC and the SGSN providing GPRS service support points. The standard access is obtained by the Hive Cell Basic 15 architecture: the HLR certification on Gr, and the data channel on Gn. To GGSN, accounting information on Ga to Ga and so on. A Gs interface 68 is used to transfer data with a mobile switching MSC. It should be noted here that the VSGSN + preferably always has a packet of data towards the mobile interface; however, towards the network, it can use a packet or circuit. That is to say, specifying the VSGSN makes the non-PLMN access network appear as one of the encapsulation data, SGSN, and BSC as circuit-switched data. Note that only the honeycomb cell protocol is illustrated in Figure 8, so the Internet connection can be used as a switching station. The SGSN 66 is preferably used as a relay between the Gb and Gs interfaces. 50 200307428 发明 Description of the invention. Note that the MSC is only considered for circuit-switched data. It is equivalent to the SGSN for the exchange of information in sub-packages. Figure 9 shows the authentication plane for circuit-switched data. The same elements as those in the previous drawings are given the same reference numerals, and will not be explained unless it is necessary to understand the present invention. Figure 9 is the same as Figure 8 except that the SGSN phase is omitted, and the A protocol 70 is used for direct communication between the VBSC 62 and the MSC 68. Please refer to FIG. 10, which is a simplified diagram of a communication protocol plane for displaying a packet switching transmission channel service. Elements 10 that are the same as those in the previous drawings are given the same reference numerals, and will not be explained again unless it is necessary to understand the present embodiment. A GPRS network server 72 transparently connects the Gn interface 74 to the SGSN 66. For each element in the figure, a different available protocol layer is shown. A data access client runs GPRS application software, typically including 15 such as a WAP browser. The communication path used is the same as that shown in FIG. 8 above. Although not shown in the figure, the application software can gain access to the PLMN GPRS network through the gateway GPRS support node GGSN 76 as shown in FIG. 6. When downloading to the access device, the data access client is typically composed of standard GPRS software protocol components and communicates with the VBSC through the TCP / IP channel. On the VBSC, the transport layer is preferably replaced with BSSGP (BSS GPRS Protocol) to be compatible with the SGSN. Furthermore, in the VBSC, the radio connection control layer message number is provided to support the BSSGP when needed. 51 ^ 0307428 发明, description of the invention See Figure 11 of the Yuexiang Township Examination, which is shown in the circuit switching service provided. 2 Different components on the different components of the agreement-simplified agreement block diagram. On the large diagram of the communication path as shown in FIG. 7 and the same components as the previous figure are given the same reference numerals, and will not be explained again except when it is necessary to understand this embodiment. As described above, after the access device has been authenticated, it can be connected to a packet data connection or a circuit switched connection. Figure u illustrates circuit-switched services. Connection t has a specific discussion of sound. Those skilled in the art will understand that facsimile and Hs data are processed by analogy. 10 In terms of sound access, the connection 52 preferably includes a telephone keypad and a display and audio server. If the device is in the form of an electric tongue, it's like a Bluetooth wireless phone, and then these structures are used in the device and the client only needs a source to access the data channel. : If the device is a standard PDA or laptop, then the client 15 preferably includes a soft phone button and display and 1 including tritium audio support. This yttrium structure is already standard in IP phone clients today. structure. Speech is best transmitted using AMR (Adaptive Multi-Rate ...), which is the standard currently used in GSMpLMN. This sound propagation can be performed on the client or on the VBsc. 20'Each of the possible advantages and disadvantages is as follows ... 1. The sound transmitter in the mobile device has a reduced AMR sound transmission in the access device. The advantage of LAN audio and audio is that it has obvious processing requirements on the access device to exchange and execute the sound transmission and synchronize with the re-frame of the AMR packet on the VBSC. 52 200307428 (ii) Description of the invention The wireless LAN transmission channel is generally expected to generate the time delay to guide the need for resynchronization. Passing the packet through the channel may encounter division, but because of the sound transmission, only when the full frame has been received and reconstructed can the VBSC send it to the MSC through the A interface. 5 2. Sound Propagator on the VBSC Another technology used on the client is a light weight sound propagation technology that has been used to pass sound over IP. On the VBSC, the light weight code is then preferably transcoded into AMR. When the wireless LAN is a Bluetooth-based wireless network, sound propagation can be distributed together on the client. This is a circuit-switched channel designed specifically for sound by the Bluetooth wireless network protocol. It supports both 32 Kbps ADPCM and 64 Kbps PCM. If the Bluetooth sound channel is used, then the only sound propagation required is in the VBSC. One disadvantage of the architecture in which the sound transmitter is placed on the VBSC is that the 15 wireless LAN finally carries a sound channel with a relatively high data rate. This results in a loss of channel capability, especially since this capability must ensure that its immediate characteristics are maintained. As shown in the above drawings, the VBSC 62 is installed on the LAN. However, it can be changed to be installed following a PLMN device, typically 20 for the carrier exchange. The advantage of the foregoing method is that a VBSC failure may affect only one LAN. The latter example allows a single VBSC to serve many LANs, followed by cost savings, but higher levels of reliability are needed. The VBSC provides an agreement between the LAN and the cellular network 53 200307428 玖, description of the invention

Bridging, which allows the two to work together as one unity. Therefore, telecommunications service providers can use non-PLMN networks (Bluetooth, 802.lib, etc.) to provide telecommunications service users with 3G services when no other users are available, whether for bandwidth reasons or because The receiving device does not have complicated 5 circuits to receive them. Therefore, for example, most mobile phones cannot receive any simple images, but most basic PDAs that can be connected to the LAN network can receive quite complex images. Telecom service users can be provided with high-speed, rich experience by the non-PLMN network itself, while having full access to standard voice and data services. Telecommunications services allow 10 users to additionally be provided with complete payment and service profiles via the standard PLMN network. Telecommunications service providers have access to low-cost access networks to allow them to reduce their prices to provide telecommunications service users. The use of telecommunications services can be provided through the integration of security agencies like one of the SIM gateways to provide privacy on the Internet. Similarly, simultaneous voice and data communications were provided.

The virtual VSGN addition has made the interface between the non-PLMN and the PLM network efficient and allows the non-PLMN part of the network to provide its own contribution to the user experience, a well-known VSGN addition (VSGN + ) Is provided with a support group of 20 peer-to-peer, peer-to-local server and peer-to-peer network communication. The exchange connection to a PLMN network is as it should be. An integral part of the network. In particular, the VSGSN enables the non-PLMN access network to simultaneously present a serving GPRS support node (SGSN) for packetized data and a BSC for circuit switched data. 54 200307428 (1) Description of the invention A standard service GPRS support node is responsible for transmitting and receiving data within its geographic service area to and from these mobile base stations. Its work includes encapsulation routing and delivery ’mobile management (attachment / separation and location management), logical connection management, and authentication and charging functions. The location of the SGSN 5 temporarily stores the location information of the GPRS user (eg, the current hive cell, the current VLR) and the user data (eg, IMIS) in the SGSN. Where it is used). The meaning of naming the Plus refers to functions that support circuit-switched communications, which are usually not part of the GPRS and therefore cannot be supported by a standard SGSN. 10 In order to provide this integrated functionality, the interface is required to provide, in particular, the following services: authenticate and document the telecommunications service user, update the location of the telecommunications service user (or support incoming messages or phone calls), 15 Support service requests generated by users of this telecommunications service, integrate activities into a complete request form, and provide a range of other support services. The virtual base station controller (VBSC) enables the above services as described above, but does not enable group-to-peer, group-to-local server, and group-to-offline Network communication. The VSGSN + integrates all the VBSC functions and support for group-to-group and group-to-offline network connections.

Now returning to Figure 6 and an important point to observe is that the BBS 40 interfaces with the MSC through the A interface as a circuit switched connection. The SGSN 55 200307428 玖, invention description 46 is connected to the MSC / VLR 44 through the Gs interface, to AuC / HLR 78 through the Gr interface, and to the rest of the network interface through the Gn interface. These interfaces are used by VSGSN + to make the PLMN both a standard BSS and a standard SGSN, and will normally form part of the PLMN network.

Please refer to Fig. 12, which is a simplified block diagram for showing the whole of the VSGN + and how it is configured into the network environment. Elements that are the same as those in the previous drawings are given the same reference numerals and will not be described unless necessary for an understanding of the present invention. A wireless LAN 48 has a SIM server 56 10 as before but additionally has a connection manager 82 and an area server 82, the latter carrying media-rich data specific to the LAN. The network is connected to a VSGSN + unit 84, which is connected between the LAN and the PLMN in a fairly similar manner to the VBSC in the previous figure.

The VSGSN + 84 exchanges connections with the PLMN as if it were a standard 15 SGSN; it can also use an additional A interface. The Gs and Gr and Ga interface connections are used to communicate with the MSC / VLR 44 and HLR 78 and CGF (not shown) in this general PLMN network function. These network functions are like authentication, Book, service summary and flow measurement including accounting, for example, through the Ga interface to the CGF. In comparison, the amount of transmitted data flows through the Gn interface to the IP cloud of the telecommunications service provider. However, the different Gx interfaces are functionally different, and they are typically provided on the same transmission medium. The circuit-switched voice control and the individual transmission signals are again communicated through the VSGSN + through the A interface. The sub-PLMN local area network is configured with a connection manager 80 as previously described, 56 200307428 (ii), description of the invention to establish its group-to-group and group-to-area server and group-to-offline network server. The connection manager 80 provides the total number of data moved between the VSGSN and the connected unit by providing the identity of the connected unit. This information is used by the VSGSN to normalize dialing detailed input. The specification is that the 5 PLMN expects to come from a standard SGSN, and the call detail record is requested by the PLMN to perform its call management function. The VSGSN + initiates and responds to messages from the PLMN, and interacts with components within the access network to perform these functions. Please refer to Fig. 13, which shows the protocols that can be obtained in different parts of the LAN PLMA interface 10, and is especially used by certifiers. This figure is the same as Figure 8 except that the Gb interface is replaced by the Gs interface 86. The VBSC 62 is replaced by the VSGSN + 84, which operates similar to a bridge between the LAN protocol and the PLMN network protocol. More specifically, the figure shows the agreements that are registered between the MSC / VLR 68 of the PLMN 15 and the LAN SSG when the VSGSN + 84 interface is connected. Figure 13 focuses on the packet switching side, that is, data transmission. For sound, etc., the interconnection with the MSC on the A interface is similar. Please refer to FIG. 14, which is a simplified diagram showing one of the network and protocol environment of the data transmission PLMN server 90. The VSGSN + r interface connection 20 is between the LAN and the PLMN as shown in Figure 12 above. In addition to some Internet connections, if available, the access client 52 executes standard GPRS applications, which may typically include services accessed on the cellular IP network as special email, video data, etc. . Communication is based on this information and protocol as shown in Figure 14. Although not shown, 57 200307428 28, invention description Application can gain access to the PLMN GPRS network outside the GGSN. The data access client can be combined by standard GPRS software protocol components and can communicate with the VSGSN + through TCP / IP.

Please refer to FIG. 15, which is a simplified diagram showing a circuit between the circuit switching service network and the network environment. Once again, the VSGSN + application serves as an interface between the LAN 60 and the PLMN, and at this time connects to the MSC 44 through the A interface. The sound compression and sound transmission are the same as those described in the above VBSC.

Please refer to FIG. 16, which is a simplified explanatory diagram for displaying the network protocol environment and explaining the management of decentralized data circulation. As mentioned above, the VSGSN + 84 is used to support non-PLMN networks. It can provide connection types including group-to-group, group-to-server and group-to-offline networks. All such connection types are best established and managed by the connection manager 80. The VSGSN + obtains the circulation management information from the connection manager node and formats it into a message group compatible with the PLMN format. At least, the Call Detail Records (CDRs) mentioned above are generated in this way. Figure 16 shows the message traffic of the data service. Circuit-switched communications are replaced in a similar manner by replacing the Gs interface with the A interface. t 20 As for the VBSC described above, the VSGSN + can be installed at the wireless LAN location or at the telecommunications service provider switching center. The interchange of benefits between cost and reliability is used as described above. If a centralized VSGSN + is used, it is best to have a high level of usability. When most non-PLMN access networks are located very close to each other 58 200307428 玖, description of the invention, a centralized VSGSN + will most likely be the best method. In addition to the above-mentioned advantages of the VBSC, the VSGSN + provides support for group-to-group, group-to-server, and group-to-offline network communications without being affected by the PLMN with loss of visibility and control. . 5 VSGSN + Summary The VSGSN + performs the following tasks: (1) Questions on the authentication of the mobile device using the appropriate method of the mobile device, whether it has a SIM and uses a standard or proprietary method. In some examples, the VSGSN + interface is required to connect to the HLR; this is the reason why 10 Gr is required; and (2)-the role of standard mobile devices for the network, if it is to connect to the MSC of the network to exchange data, go through the A or Gs interface, if it wants A standard SGSN connected to the decapsulation device uses Gb. If the role of SGSN is adopted and it is directly connected to a GGSN (the Gn interface, it is carried for the real 15 one channel, regardless of what data the mobile device is exchanging ). It should be noted here that the VBSC is the most common special example of the VSGSN +. Signal Handoff (Handoff) The signal handoff feature of the present invention adds signal handoff to communication control in many wireless networks that currently do not have this capability. Effective signal handover allows the user to get all the benefits of a wireless LAN when he is within range but still moving, because when he leaves the range, the connection is by connecting to another wireless LAN or if It has an appropriate client and is retained by connecting directly to the PLMN network. 59 200307428 发明, Description of Invention 5 In order to provide all solutions, five general examples are considered as follows, each of which has a secondary instance: 1. Intra Hot Spot signal delivery a) In overlapping wireless networks WNs operate with the same technology b) Non-overlapping WNs operate with the same technology c) Overlapping WNs operate with different technologies 2. Inter Hot Spot signal delivery 9 a) Operate with the same or different technologies between overlapping hotspots b) Operate with the same or different technologies between non-overlapping hotspots 10 3. Internal wireless wide area network (PLMN) signal delivery a) Overlapping Different technologies operate between PLMNs b) Different technologies operate between non-overlapping PLMNs 4. Signal delivery between wireless area and wide area network a) Signal delivery from area to wide area network 15 • ► b) Signal Handover from Wide Area to Local Network 5. Connect and reconnect to the WWAN (Hive Cell, GPRS) network via a wired network such as Internet Exposure Explain conceptually the following examples It is covered by the signal handover feature of the present invention: '20 1. The signal handover is commanded by a network control unit or the user's activation; 2. The network maintains a strong working period logic to consider the signal Submit and temporarily lose communication. This working period can be continued after communication has been established on the new network. The system can determine that the user has been disconnected from a network 60 200307428, added to another network in the description of the invention, and can then restart an interrupted I operation period; 3. Hard signal delivery or soft signal delivery Delivery can be supported. There is no interruption in the soft signal handover, and the connection to the new network is established when the communication is still valid on the original network 5; 4. The signal handover can be through the ap communication protocol (the intermediate access control Or MAC). This may require a modification of the existing agreement. If this option is unavailable, the system logic can support the "80 external control to initiate communication with another AP, and then establish the working period. Although Hachi also does not know that a signal delivery has occurred, has been The AP supporting communication until now preferably responds as if the user has left the network. At the same time, the AP-to-communication has been transmitted preferably responding as if the same new user (and a new working period) has been Access to its network. 5. The logic is best to support all systems or a part of the system, including 5 hot spots, the mother can include one or more Aps. The hot spots can be operated using the same or Different LAN technologies or connection protocols, such as 802.11, Bluetooth, etc., and one or more wide-area technologies or communication protocols, such as' GPRS, CDMA2000, Reflex. 6. This logic is best to determine the search priority and should be Good faith delivery 20 is the APs that require the same technology, APs of different technologies; LAN and WAN technologies; and different wide area technologies. 61 200307428 It is explained that it is best to connect the early% through the logical continuum designed for the service controller, and the service batch is maintained during the communication period of the mobile phone of the second system. These working periods θ 户 # / 4 T 子 4 的 Independent communication between the mobile device and another service, "The other body is the # end of the working period (the mobile device is defined as the near end). This service is not available in real-time. It is a service of exchange or packet exchange, voice / data / sound on data. When the mobile device changes its access channel, the service钱 交 送 @ 此 可以 Yun These works are continued. The working period is defined in any agreement, standard or non-standard that is common to the mobile device to the service control. This working period is implemented as currently in use The mobile unit and the level above the access unit are as follows:-wireless wide area network (WWAN),-wireless local area network (WLAN), Internet, intranet, psTN, etc. Therefore, it was added 15 The network in this example Included among others (including ⑺ ^, EDGE and CDMA honeycomb cell data), different 8021 wlaNs lone buds ISDN 'X · 25, frame relay (prame Reiay). The various types of signal delivery are The discussion is as follows. For the purpose of clarification of the concept, each definition illustrates a specific example, for example, the parenthesis between wlan & wwan 2 0. The direct emphasis, in fact, includes one or more of the definitions above. One of the methods is that the complex signal delivery logic can operate on the same mobile device and be activated when it needs to be improved. For example, a mobile device that has lost communication within a WLAN can try to perform signal delivery to the Another wireless network, and finding a possible signal 62 200307428 玖, the invention description is handed over to a WWAN, so when more than one question action can be implemented, the mobile device, its service control or even the hotspot controller can Choose to use signal delivery with higher priority or advantage. The continuous service is ensured by the multi-packaging network, which does not integrate the configuration letter 5 delivery or signal delivery capabilities. This service is continually implemented by signal delivery performed on a level above the network flood. The actual details vary depending on the type of wireless network supported by the signal delivery. Please refer to FIG. 17 for a simplified overview diagram of the two-area wireless networks WN1 and WN2 with overlapping portions. The two-area wireless networks 10 are controlled by the same hotspot center point 100. The first wireless network WN1 includes an access point API that controls one of the four telecommunication service user units sul ~ Su4. The second wireless network WN2 has an access point AP2 which controls one of the two telecommunication service user units SU5 to SU6. The mobile device service user (Mobile subscibler: MS) unit SU4 15 is now serviced by an API, that is, it is part of WN1. When the communication conditions within this WN1 become unacceptable, it may be due to degraded signal reception on SU4 or API (for example, due to movement or interference), or because the load within WN1 is too high, A signal delivery is performed, in which SU4 becomes a part of WN2 and the same work performed through the WN1. ♦ 20 SU4 continues through WN2 to the present. It is clearly shown with reference to FIG. 18, which is a simplified schematic diagram for showing that an area wireless network 110 operates within an area covered by a wide area network 112. The local wireless network 110 includes an access point (AP) m which is set to be controlled, although, on the other hand, it can be a hotspot center as shown in FIG. 63 200307428 (the invention description). Point controlled. The wide area network exposure 112 is controlled by a WAN 116. Many telecommunications service subscriber units SU operate in each network. A particular telecommunications service user unit is passed between the two networks, i.e. it has been operated between WAN 12 and passed to the WN 1105 'or vice versa. Many solutions have been proposed for the implementation of signal delivery while maintaining operation of the radio conferencing user within the network during working hours. These solutions are designed to support a wide range of mobile devices and network capabilities. It is necessary to 'out' the solutions described here, regardless of whether they use hard or soft signal delivery, which can support the sharing of resources to reduce hardware costs and reduce There is more than one type of interference typically occurring in a single mobile unit. Solution 1-Handover of internal hotspot signals between overlapping wireless networks-Same technology 15 L Continue to forcefully switch wireless network communication at the same working period level. Reference is now made to Figure 19, which shows signal handovers using the same technique between interactive overlay networks. When either the network or the mobile device recognizes that the communication conditions are unacceptable, the corresponding individual leaves the communication. The user device may simply leave and switch to another wireless network, or the Ap may include a service outage, which actively gives up the user. In this example,

The MS is trying to join another network, in this case WN2. Once the communication is re-established, the central point logic decides that there is a request (waiting or plug-in) from a user device and that the request work period is automatically rejoined. When the assigned central point logic (CP logic within the AP) is implemented, the AP 64 200307428 发明. Invention description Controls whether the accepted wireless network is notified to the secondary MS by pushing or pulling logic-month Seeking work. In the example of miscellaneous logic, the AP of the pre-serving wireless network starts to notify the AP of the receiving wireless network (and other adjacent wireless networks that may be b) during the request period; the pull logic It means that the information of the AP that received the previous 5 wireless network request was added to the new network's request time. 2 // The hard network control signal delivery with the assistance of the Regional Wireless Mobile Association is shown in Figure 20, which is a simplified flowchart to show how the signal delivery is performed without assistance from the mobile device. . In this implementation, a second receiver within a nearby wireless network measures the reception from the user that needs to be signaled. The second receiver may be a separate receiver or simply include a number of time slot slots allocated for this purpose to the ordinary AP receiver to work. The decision to hand over the mobile device signal from one WN to another WN if 15 is the centralized logic is determined by the cp, or by the service ^ and the APs ready to receive WNs. If this logic determines that the ready-to-receive WNs can & improve communication services, each time it measures one of the communication characteristics of the mobile device to the AP and its loading conditions (one or both), the signal Delivered. 20 The mobile device transmits the signal from WN of the service to the received%! ^ In the following two ways: a) If the mobile device can receive wireless network selection control, its command signal is delivered to the selected ( (Received) WN, including if it is possible to transmit the WN communication parameters to speed up the signal delivery process; 65 200307428 玖, invention description b) If the mobile device cannot accept wireless network selection control, it will give up by denying service Service to WN; then the mobile device tries to log in to another WN 'and only the selected (receiving) WN accepts its request to join the network. 5 3. Mobile device handed over by hard network control signal In this implementation, the wireless mobile device in the area looks for additional channels to measure and determine the communication conditions of other networks and sends this information to the Ap. The network infrastructure can be centralized or decentralized, based on which? Regionally maintain the information or send the information to the CP. 10 The wireless mobile device in the area searches for additional channels when only one of the following conditions is met: a) The mobile device is programmed to perform the search within the normal interval and the end of the interval is reached. The search interval can be pre-programmed or controlled via the AP transmission. 15 b) The mobile device is commanded by the ^ to search for additional channels. This will typically happen when the AP decides that a signal delivery may be needed. C) The mobile device is commanded by the cp or decentralized wCp logic to perform a search for additional it tracks. This search is needed to support real-time hotspots (Hot

Spot) analysis of communication conditions and allow redistribution of 20 WNs when necessary or for testing purposes. "The CP (or decentralized CP logic within the AP) then decides the optimal WN for which a 订 ° subscription device can deliver signals. This decision is based on the reported communication conditions of the Xuan, the WNs Download conditions and the services required for this action. The Ap controls the Na and is prompted. 66 200307428 玖, Invention Description-Yan Erdong, refer to one of the two methods in the discussion shown in Figure M— The number ^ is handed over from the service's Na to the receiving Jane. When the second mobile device can accept the wireless network selection control, its operation, fools the parent to the selected (receiving) WN, including: If the 4WN communication parameters can be transmitted to speed up the signal delivery process.) Shiguo Haihe can not give up the service by denying service when it cannot accept wireless network selection control; then the mobile device Try and record to another -WN, and only the selected (received) wn accepts its request to join the network. 10 4. Mobile devices controlled by hard signal delivery In this implementation, the area is wireless Mobile devices are searching for additional channels at a time when the quality of services is gradual Satisfied, or when it receives a command to parentally transmit a signal to a better channel of a different WN. Talking about a mobile device and then performing all wireless network searches and measurements, it can receive and decide which one is the best The network to be switched. The conditions that determine the best WN to switch may include measurement of communication characteristics and network load. The mobile device then leaves the WN that provides services to it. The choice is reserved for the mobile device Before leaving the WN, a reminder is delivered to speed up the signal delivery process. After leaving the current service WN, the mobile device tries to enter the WN selected for signal delivery. The system can Recognize that the mobile device has switched from its current serving WN to a new WN for signal delivery and to ensure that it resumes its telecommunications work period via the new WN. 67 200307428 发明, invention description Although in the signal delivery method In the preferred embodiment of the invention, there is no need for network assistance, this option can be reserved to enable the signal delivery as described with network assistance. Network assistance can Provided in any of the following: 辨识 Identification of receivable neighboring WNs, that is, their communication parameter 5 requirements, for example, to avoid logging into WNs belonging to other systems; (11) information on load conditions and Available parameters of other adjacent WNs; and (export) information on the expected load conditions of the service WN. 5. Network command, action control, hard signal delivery 10 Now refer to Figure 21, which is a display implementation. The network control existing in either the CP or the AP determines that the service WN cannot support the mobile service communication conditions. The network control may or may not determine a possible neighboring network with support service capabilities; if this capability is It was decided that the network control (via the AP communication) delivered the information on the communication parameters that could use WNs to 15 wireless mobile devices in the area. The mobile device then searches for other WNs that can support its service request. In a preferred embodiment of this method, the time unit multiplexing of the mobile unit has a search of neighboring networks for communication within the service WN, thus minimizing the impact of the signal delivery service. When this is not feasible, an alternative embodiment is guaranteed, in which the mobile device accesses and searches for neighboring WNs off the service network. In these embodiments, the mobile device may use data provided by the network or use it in an arbitrary search. Based on this search, the mobile device decides which WN will hand over the signal and tries to access this WN. 68 200307428 (ii) Description of the Invention If the mobile device does not successfully access the selected one, the mobile access attempts to access the next-best job based on its search results, and so on. 1 After the access has been successfully completed, the network confirms that this is a re-trust of the previous telecom 5 telecom working period and that the telecom working period continues with Shi Wei. 6. Soft handoff (Soft handoff) Four of the above five methods with hard signal handover can also use soft (soft), signal handover. The term "soft" signal delivery is used here to refer to the seamless continuity that is maintained during the transition from on-the-job transfer to another Satoshi, regardless of the telecommunications work of wireless mobile phones in the area Whatever the activity, including those that are continually based on the timeline of communication, will have no effect. The soft signal handover as supported by this embodiment can be implemented by establishing communication between the mobile device unit and the second Ap before leaving the current serving AP. In another method, 纟 can also be achieved by switching between WNs quickly so that there is no interruption in communication during telecommunications work. The soft signal handover can be achieved, for example, when the second Ap uses the design as an outward communication and is traditionally listening to one of the current mobile devices 20. In the opposite example, where the mobile device unit is active, the mobile device may use a time slot that is designed to listen to an active adjacent system. There are many methods discussed below to implement soft signal delivery within a WN. a) Soft network control signal delivery without the assistance of a regional wireless mobile device 69 200307428 Inventory In this implementation, the second receiver in the adjacent wireless network measures the reception of the signal transmission requested by the user . The second receiver may be a separate receiver or for this purpose some time slot in the normal Ap receiver control scheme. 5 Network control provides accurate parameters of the new service AP to the mobile device and provides signal delivery control to the new service WN, so there is no interruption in telecommunication services. i. b) Mobile devices with soft network control signal delivery assistance In this implementation, wireless mobile devices in the area search for additional channels to measure and determine the communication conditions of other networks and send this information to change the Ap, It maintains the information regionally or sends the information to the CP based on the centralized or decentralized infrastructure. The HS network (centralized or decentralized) now selects a new service WN based on the information provided by the mobile device and the operating status of its WNs. 15 The network control provides accurate parameters of the new service AP to the mobile device and provides signal handover control to the new service WN. To ensure uninterrupted communication, the mobile device now establishes communication within the new service WN without cutting off its old WN communication. Once m communication is established, the mobile device is disconnected from the WN that has served it. A variation -20 implementation allows the mobile device to send a reminder before leaving the WN. c) Mobile device for soft signal handover control In this implementation, the wireless mobile device in the area searches for additional channels when the quality of the service is gradually not satisfied, or (ii) when it receives a command to perform signal handover To a preferred channel in a different WN. 70 200307428 发明 、 Explanation of the invention / 4 sets of 4 and then performs the search and measurement of all wireless networks, and then, can receive and determine which is the best network to be switched. Conditions that determine the best WN to be switched may include the traffic or network load being measured. 5 Move the device and then prompt the network controller to indicate which one it chooses. Briefly hand it over as a signal and wait for a confirmation or the end of time, in which it establishes communication with the 4 new WN without cutting off the current one. After the communication has been established, " Hai mobile phone is separated from the WN which has been served. The choice is reserved for the mobile device to send out a reminder signal 10 before leaving the WN. " Child C) Network command, set «Set soft signal delivery. This method is always used when the network control existing in the cp or Ap is determined to violate the service WN cannot support the mobile service communication conditions. The network control may or may not determine possible neighboring networks with support service capabilities; if the 15 capabilities are determined, the network control (via the AP communication) delivers information on the communication parameters of the available WNs Wireless mobile devices in the area. Once the mobile device has the possible WNs, the procedure continues as in the previous example (soft signal handover of action control). The intra-hot spot handoff of non-heavy WNs operating with the same technology. Please refer to FIG. 22, which is a simplified schematic diagram showing one of two sub-overlapping WNs within the same hot spot, and it is connected to a single center point 100. The hotspot may include additional WNs. When a mobile device unit is disconnected from a WN communication, and at the same time, the communication conditions are not allowed to establish communication with 71 200307428, invention description Another WN, it is assumed that the use is not within the scope of the hotspot. It may be that the hotspot actually covers the mobile device unit, but it cannot be supported now, however, this example is best handled in the same way as the mobile device is usually outside the covered area. However, the pause time can be constant or changeable, and the logical communication of the mobile device unit can be maintained or frozen. The pause can be defined differently according to circuit switching communication and packet communication, or sound and data. -Until the end of the suspension, communication with the mobile device unit is assumed to be lost. 10 If the mobile device unit accesses another WN while the communication is continuing, the hotspot is best to immediately control the time horizon as the first signal handover example defined above (at the telecommunication working level, continuous wireless Powerful switching of network communication). Operating with different technologies, the internal hotspot signal delivery between WNs 15 # —The embodiment is also described by Figure 22, the difference is that in this example, the WNs operate with different technologies, such as 8 〇 2ub wireless network (Wi-Fi) and Bluetooth. Because different technologies are used, it has no effect on whether these WNs overlap or not; the assumption is that the mobile device unit will perform signal delivery before another WN establishes communication. 20 Preferably, the signal delivery is performed in the same technical operation as described in detail above. The overlapping WNs are often performed in a similar manner and are described in detail above. As before, the mobile unit is not considered as if it has been disconnected from a network. Instead, for a fixed or adjustable time-out period of 72,200,300,428, 发明, invention description and 3, the logical communication of the mobile device unit is retained or frozen, which is maintained during the telecommunications work period. Request status. The pause can give different definitions to the switching circuit communication and the block communication. At the end of the suspension, communication with the mobile unit was assumed to be lost. Tongtong Rou was defined as missing and a new communication was re-established. The hot spot controller, or any connection logic on it, checks the user's mobile device unit to establish communication during the requested telecommunications work period. If the hotspot connection logic successfully establishes and maintains the communication unit (working period) of the mobile device unit, the hotspot control immediately regards 10 as a continuous wireless network at the level of the telecommunication working period. An example of the handover of the signal as defined above for the strong switching of communications, and the telecommunication working period or such telecommunication working periods are re-established within a short period of time without loss of data. Internal hotspot signal delivery between overlapping hotspots using the same or different technology15 The signal delivery embodiment defined above can be extended to include the mobile meta access to _WN belonging to different hotspots, rather than by A new WN controlled by the same hot spot is the overlapping wNs shown in FIG. 23 and the non-overlapping WNs shown in FIG. 24. In the example of Figure 24 (overlapping WNs), the signal handover is considered to have many similarities as described by the signal handoff between 20 pairs of these WNs in the same hot spot. All the signal handing techniques mentioned above are used in this example as well as hard and soft signal handing. Internal hotspot signal delivery between non-overlapping hotspots with the same or non-overlapping technology-The embodiment is provided with internal hotspot signal delivery when the hotspot is non-overlapping. 73 200307428 玖 Example of invention description. This example is shown in Figure 24, which shows a hotspot controller 110 and two non-overlapping hotspots HS1 and HS2. Within each hotspot is a wireless LAN, WN1 and WN2, respectively. The hotspot can use the same or different technologies. This embodiment operates in the same way as an example of 5 non-overlapping WNs within the same hotspot, as described above with respect to Figure 23, and when the mobile device unit is outside the scope of any view. Described by the temporary loss of communication. The above solution can also be applied to the example in Fig. 24. The hotspot controller 110 is to control any one of these hotspots or to exchange at least information between the hotspots such as 10, which ensures that the mobile device unit's telecommunications working period is maintained; Not lost. On the other hand, the hotspot that served the mobile device unit last time maintained the telecommunication working period in a conscientious state. Keeping the telecommunications working period open can be performed by not providing instructions for communication with the mobile device. The other components in the system 15 ensure that as long as no such information is provided, and at least for the time required for the suspension, these telecommunication work periods can be truly maintained in this frozen state. Please refer to FIG. 24, which assumes that the mobile device was last served in the wireless network wm, and the wireless network network side is located within the 20 hotspot HS1. After the mobile device loses the communication or service in the side, and then when it comes to the area covered by the car in the hot spot HS2, it establishes communication with this wireless network. Information related to the establishment of this communication is delivered to the hotspot controller 11 whether the controller is processed in a centralized or decentralized manner. A search is then performed to determine whether there is a freeze telecommunication operation period of the mobile device M. If a frozen telecommunications operation is discovered during the period, it is re-established to ensure that no communications are lost. The selected communication technology supports this signal handover procedure with the same example of signal handover between W N s in the same hot spot. 5 This embodiment therefore ensures that transmissions between WNs of the same hot spot or different hot spots maintain the same seamless characteristics. The internal PLMN signal delivery between overlapping PLMNs operated by different technologies is shown in FIG. 25, which is a simplified summary diagram for explaining the signal delivery between overlapping PLMNs. It is a network with two honeycomb cells. road. 10 Two PLMNs, PLMN1 120 and PLMN2 122 overlap. Each PLMN has an access point 124 and 126, respectively, and the access point is finally connected to a common logic controller 128. Now referring to an embodiment shown in FIG. 25, an improved method is provided to provide a mobile device unit that can receive 15 of the two PLMNs within the area covered by the two PLMNs that it is currently in. signal. That is, the two PLMNs use the same technology or the mobile device unit can be connected using two technologies. The data communications used by this mobile device (including voice over IP VoIP) are now served by PLMN1 120. The quality of the service became difficult to accept, and the mobile device was instructed to search, or it searched on its own, another service. The result of this search indicates that it is to be serviced by PLMN2 122. According to this embodiment, the mobile device unit is preferably served by the service controller 128. The service controller is typically operated by a service that is not one of the PLMNs 75 200307428 (Invention Description), although in some examples it may actually belong to one of the PLMN bearers. As will be explained later, the embodiment will provide simultaneous and continuous services at the same time. If the mobile device can be configured to maintain synchronous communication with both PLMNs 5 'and for the simpler example, the mobile device leaves communication with the PLMN1. And then establish communication with PLMN2. When the service provided to the mobile device within PLMN1 becomes unreachable, whether due to poor communication conditions, load or other conditions within pLMN1, the mobile device unit searches for another service. The service controller freezes the ongoing telecommunication work period of the mobile device to become the longest transient state of a preset pause, where the pause can be fixed or can be set. The logical communication of the mobile device unit is therefore retained or frozen, while the physical communication is not operating or is being re-established. The pause can be defined differently by sound or different types of data. Prior to the suspension, communication with the mobile device was assumed to be lost. Subsequent selective techniques were proposed to use the signal handover between these pLMNs. 1. Continuously perform strong switching of wireless network communication at the time of telecommunication work. 2 When the PLMN, service controller or mobile device unit recognizes the communication conditions, the opposite end will abandon the communication when it cannot be received. The flood season abandoned by the service controller is best to let the mobile device unit decide that the communication must be switched by transmitting a control signal to a mobile device unit or by interrupting the telecommunication work flow. The mobile device unit can then be switched as long as 76 200307428 发明, description of the invention without communication and search for another PLMN, or the PLMN1 stops service to effectively disconnect from the mobile device unit. In these two cases, the mobile device unit found that another PLMN exists in the area and tried to join its network, in this case it is PLMN2. Once the communication is re-established, the service 5 controller recognizes that one or more requested telecom working periods exist in the reconnected mobile device unit and the telecom working period (or such telecom working periods) is therefore identified as an automatic Join. Another embodiment uses the service control logic present in the PLMN. In this example, the PLMN accepting the mobile device unit discovers whether the mobile device unit has been subsequently served and has requested (frozen) the telecommunication work period by contacting the PLMNs operating within the 10 area; on the other hand A PLMN that maintains an open working period may notify neighboring PLMNs. 2. Mobile device unit assisted by hard network control signal delivery In yet another embodiment, the mobile device unit searches for and identifies another acceptable PLMN before leaving the PLMN, where the PLMN is now acceptable or Available for use. The mobile device then sends a notification to the service controller or to another entity to control the logic of its entity communication. This entity then instructs the mobile device to switch to the new PLMN, where the new PLMN is determined to be acceptable for each defined logical condition (working relationship, 20 load conditions, mobile device service application contract, etc.). The wireless mobile unit in the area searches for the range covered by another PLMN when any of the following conditions are met: a) The mobile unit is programmed to perform the search normally. The search interval can be preset via the service controller or communication logic controller instructions. 77 200307428

10 15

发明, description of the invention First set or control. b) The mobile device is instructed by the service controller or communication logic controller to search for additional channels. This typically occurs when the latter decides that signal delivery is needed. The service logic (or equivalent communication control logic) can then determine if the action unit is healthy enough to actually hand over the signal to another PLMN. This decision is based on the response communication conditions, the load conditions of the participating PLMNs, and the services required by the mobile device. If this signal is deemed worthwhile, the PLMN will be prompted. The mobile device is preferably handed over to the receiving WN by the service's WN in one of two ways: a) If the mobile device can accept wireless network selection control, it is ordered to hand over to the device. Select (receive) PLMN. This signal delivery preferably includes the transmission of the PLMN communication parameters to speed up the handover process; b) if the mobile device cannot accept the wireless network selection control, it is removed from the service because the network refuses to provide it to it PLMN. 1 · Mobile device controlled by hard signal handover In another embodiment, the wireless mobile device in the area searches for another PLMN coverage when the 20⑴ service quality is considered as unsatisfactory, or (ii) when it receives When a command from the service controller 128 or similar communication control logic is requested to switch to a better communication service. The mobile device then executes it to search and measure all PLMNs and determine which one is the best PLMN that can be switched. Determining which 78 200307428 发明, invention description The possible conditions for the best PLMN to be switched include the characteristics of the measured communication conditions or any other relevant parameters that can be provided by that particular PLMN. The mobile device is disconnected from the PLMN which is now serving it. In a preferred embodiment, the mobile unit sends a prompt to speed up the signal delivery process before leaving the PLMN. Before leaving the serving PLMN, the mobile device unit attempts to join the PLMN that has been selected for signal delivery. The service controller 128 recognizes that the mobile device unit has passed 10 from the previous serving PLMN signal to a new PLMN, typically by matching it to a previous requested work period, and via the new PLMN. Restarted its working period. In one of the preferred embodiments of the signal handover method described above, no network assistance is needed. However, in another embodiment, network assistance is used. 15 Network assistance is typically provided to any of the following: ⑴ Acceptable identification of adjacent PLMNs, that is, the provision of their communication parameters, such as avoiding attempts to log in to other areas that operate within the area but cannot be Accepted PLMNs; (ii) information on load conditions or other applicable parameters of adjacent PLMNs 20; and (iii) information on the load conditions of the serving PLMN's network. 1. Network Command, Action Control, Hard Signal Handover One embodiment again includes a hard signal handover, which is a network command but is controlled by the mobile device unit. This embodiment is implemented when there is 79 200307428 (the invention description in the service controller or other communication control logic during the telecommunication work period logic determines that the service PLMN cannot support the mobile device communication conditions). Network control may or may not determine the possible availability of nearby networks with the capability to support the service. If a capability is identified, then the network control preferably transmits information related to possible PLMN communication parameters to the wireless mobile unit in the area. The mobile device then searches for other PLMNs that can support its service request. In the preferred embodiment of the present invention, the mobile unit unit time follows the communication of the PLMN service in the delta-hailing service to multiplex search for adjacent networks, so the impact of the signal delivery service is minimized. When signal delivery is not feasible, one option for this mobile device unit is to take out of service pLMN # and search for it instead of using adjacent PLMNs. In both examples, the mobile phone can use a search previously provided by the service controller network or perform an arbitrary search. 15 Based on the search, the mobile device decides whether to perform signal delivery to another PLMN and tries to access this plmN. If the mobile device does not successfully access the selected pLMN, the mobile device attempts to access the next best PLMN as indicated by its search results, and so on. 20 After the access has been successfully completed, the service controller confirms that the connection is actually restarted during the telecommunication operation period and thereby can reduce the continuity of the "operating period." 2. Soft signal delivery ( s〇ft Handoff) Three of the above four embodiments using hard signal handover are also 80 200307428 玖, invention description can be implemented using soft signal handover. As mentioned above, the term "soft signal" used herein «MMaintain seamless and continuous communication when switching from -PLMN to another_plmn, and will not affect the telecommunication satellite activities within the regional wireless mobile device, including those based on time-limited continuous communication. That is to say, there are restrictions on time-limited communication, such as TCP, and time-limited applications' such as signal flow. Regarding the soft signal handover, no telecommunications work period was frozen, so there would be no perceived service degradation. 15 The soft signal delivery supported by this example can be implemented by establishing communication between the mobile device unit and the second PLMN before leaving the PLMN that is currently serving. On the other hand, it can be achieved by switching the PLMNs so fast that there is no interruption in communication during telecommunication work. To support the latter condition, the service controller 128 may submit previous data to the mobile device unit. This previous information can be temporarily maintained in the service during the signal delivery. The mobile device logic can also switch to a mode that requires one of the lesser data to extend the time supported by the buffer to provide continuous services if the user of the mobile device unit can accept it. If the common service is in the second PLMN It can be used between networks, at least in the direction of the mobile device's transmission, then the letter 20 delivery can be soft. So that the candidate PLMN can use its own resources to listen to the mobile device before the signal handover actually occurs; or conversely, when the mobile device starts to be responsible for the soft signal handover, and then still connected to the first The mobile device unit of a PLMN may use its own resources to monitor the neighboring PLMN. 81 200307428 发明, description of the invention Many methods represent the implementation of this soft signal delivery through the following embodiments: a) Soft network control signal delivery without mobile device assistance In this embodiment, in this adjacent (candidate ) The second receiver within PLMN has been prompted by the service controller of the mobile device that it may need it. After being handed over, it measures the received signal from the mobile device. The second receiver may be a dedicated receiver which may include temporarily available # resources or simply some time slots within the PLMN work plan for this purpose. 10 The service controller provides the parameters of the new PLMN to the mobile device unit so that there is no interruption in service. b) Mobile device assists soft PLMN signal handover. One further embodiment includes soft signal handover from a PLMN to another PLMN with assistance from the mobile device unit. In this embodiment, the mobile device searches for additional channels to measure and determine communication conditions of other PLMNs and delivers the information to the service controller or similar communication control logic. Whether the service controller or similar communication control logic is centralized or decentralized, based on the operating status of the mobile device unit and the PLMNs, a new service PLMN is selected in 20 states. Preferably, the PLMNs provide this status information to the service controller / communication logic to support the mobile device. The service controller then provides the parameters of the new service PLMN to the mobile device. Furthermore, if the new service PLMN can receive it. The service controller provides signal handover control / indication to the new service PLMN. 82 200307428 发明. Description of the invention In order to ensure uninterrupted communication, the mobile device unit now establishes communication within the new service PLMN without interrupting old PLMN communication. Once communication is established, the mobile device is disconnected from the old PLMN. In a change, the mobile unit sends a reminder 5 signal before leaving the PLMN. c) Control of soft signal handover by mobile device One embodiment is related to soft signal handover from one PLMN to another PLMN under the full control of the mobile device unit. Compared with the previous embodiment, it is only mobile device assistance. In this embodiment, the mobile device searches for a channel of additional PLMNs by itself when (i) the quality of the service gradually fails to meet the better service that it cannot obtain within the current PLMN, or (Π) its Receive a command to signal delivery to another PLMN. The mobile device then performs the search and participates in measuring all 15 wireless networks it can receive. From the results of this measurement, it can be decided which one is to switch the best network. The conditions that determine the best PLMN to be switched include the measured communication characteristics and the network load if there is propagation from the service controller or when the service controller is available. The mobile device then prompts the service controller / communication logic 128, then 20 PLMNs it chooses to do the signal delivery and wait for a confirmation or time is over, that point is that it establishes communication with the new PLMN without The current PLMN is interrupted. After the communication is established, the mobile unit is detached from the PLMN that has served it. In a change, the mobile device sends an alert signal before leaving the PLMN. 83 200307428 玖. Description of the invention d) Network command, mobile control soft signal handover. One embodiment includes a network command signal handover, but once commanded by the network is completely under the control of the mobile device unit At the time of implementation. This method is implemented when the mobile device service control / communication logic controller determines that the service PLMN cannot support the mobile device service communication conditions. Service control may or may not determine possible adjacent PLMN networks with support service capabilities. If the capability is determined, the service control then transmits the data on the available communication parameters of the PLMN to the wireless mobile device in the area. 10 — But the mobile device owns the candidate PLMN, and the process continues as in the previous mobile control soft signal handover embodiment. It should be noted here that the above PLMN concept can be extended to any type of wireless wide area network (WWAN). Such extended use is anticipated to be included within the scope of the present invention. 15 Interactive PLMN signal delivery with non-overlapping PLMNs operating with different technologies. 0 Please refer to Figure 26, which is a simplified schematic diagram illustrating one of two non-overlapping PLMN networks with a common service / communication logic controller. Two networks PLMN1 130 and PLMN2 132, each with individual access points 134 'and 136. A mobile device unit 138 is on the edge covered by the PLMN1, and the coverage of -20 and PLMN2 is nearby without any real overlap. For illustrative purposes, it may be that the PLMNs have overlap in some areas but do not include the current MS area, but as long as the mobile device unit 138 can be reached, this does not affect operation. The logic controller 140 is located at a point where both of the PLMN networks can access. 84 200307428 发明. Description of the invention The embodiment for processing signal handover in the example in Fig. 26 is one of the special description examples of the overlapping PLMN signal handover. Once the mobile device MS is out of communication with a PLMN, it is PLMN1 in this example, and its working period is maintained (frozen) by the service controller 14 5. The service controller freezes the ongoing mobile device telecommunications operating period, most often to a preselected maximum length of time. Therefore, the logical communication of the mobile device unit will be maintained or frozen, while the actual communication is inoperable or is being established. The maximum time length can be defined for sound and different types of data. At the end of the suspension, communication with the bank's mobile unit 38 was assumed to be lost. When communication with the present PLMN is lost, each logic in the mobile device unit typically contacts another PLMN service continuously or intermittently. When it enters the coverage of another PLMN, in this example PLMN2, it establishes communication with the PLMN2, but within the preferred 15 embodiment, the mobile device unit provides it after joining the PLMN network The address of the service controller. The δH # parent transfer procedure is implemented in this example at the telecommunication working time level without involving the PLMN. When the mobile device unit re-establishes communication with the service controller 140, the service controller checks any telecommunication work periods that the bank 20 mobile device still requests, that is, those suspensions that have ended and have not been maintained by them Participants cut off telecommunications work periods. The only requirement is that the mobile device can communicate with the service controller via the PLMN which is now in use for communication. 85 200307428 (ii) Description of the invention Signal handover between wireless area and wireless wide area network A further embodiment is related to signal handover between free wireless LAN and WAN. More specifically, an additional embodiment of the present invention illustrates on one hand the signal delivery for a dual-mode mobile device with access to a wireless wide area network 5 like a PLMN (e.g. GPRS), and the other explicitly A hot spot in a location supported by one or more wireless local area networks, such as 802.11 WLAN or a Bluetooth, is served by one or more access points. These wide area or local area networks are referred to herein using the term "communication modes,". The plot of interest is illustrated in Figure 10 and Figure 18. As before, the mobile device unit is The service controller is designed to connect with a logical entity. The service controller is responsible for supporting the working period of the mobile communication. In this example, the purpose of the signal delivery is to support the use of the best communication device in the mobile device. In the flood, each defined system service condition is limited by the w WAN and the WLAN. The typical service system conditions are the best service quality and the lowest cost, but other conditions can be used to control the communication flow of the system. Within the mobile device client, the service controller and the communication network (the WWAN and the WLAN). It will be understood because the hotspots are all within the range of the WWAN and fall below the critical level The problem of service quality does not occur. Another embodiment considers an example in which a mobile device unit has the power to search for another communication mode, and considers that it has the ability to search for another communication again. Mode, but only by interrupting the current communication mode. 86 200307428 玖, invention description The logic used in the presently preferred embodiment simply operates by preferentially automatically correlating with the WLAN connection. This means that regardless of When the hotspot connection and PLMN connection are available, the hotspot connection is more popular. In this embodiment, a mobile device unit is connected to a PLMN when it detects the presence of a 5 WLAN. When the The WLAN service has priority, and the mobile device unit attempts to connect to the WLAN. The method by which the mobile device unit verifies whether the WLAN can be used and establishes communication with its service controller via the WLAN is as described above and will not be repeated here. During a signal delivery process, the mobile device unit is connected to the new network 10 and establishes communication with the service controller again. On the other hand, the service controller establishes communication with the mobile device unit. The opening Of the hive cell telecommunications work period is maintained as long as it is needed, and at least until the reconnected mobile device is identified or suspended The maintenance of this working period in a hive cell data service means that the hive cell data protocol is used and user data is truly transmitted via any access channel used, such as in WLAN. This To ensure that the hive cell service will not be affected even when a non-hive cell channel is used in mobile device access. If considered, the access channel that is actually used can be a channel of the actual type that can be thought of, In particular, the area 20 LAN can be used by users. To further clarify this, a telecommunications service user of a GPRS network can access its cellular service via one of the gateways discussed above. The service controller in this example Can be implemented within the GPRS gateway or as a separate entity. The mobile device uses the WLAN to access, as long as the service of the WLAN 87 200307428 玖, description of the invention The quality is acceptable, for each condition defined within the mobile device client, the service controller or both. When the mobile device detects that the service quality within the WLAN hotspot is “unacceptable” or when it is instructed by its service controller, its last 5 searches for WWAN access. If the communication is still in the WLAN, it can be used. The mobile device can prompt its service controller about the requirements of signal delivery and its search for different access paths, including WWAN access. A different embodiment has the service controller instructing the mobile device unit to deliver a signal to the WWAN. It can be a general command or it can be a WWAN access specifically designated to operate within the area where the mobile device is located. Handover of signals from the wireless area back to the wireless wide area network therefore always or almost always occurs when the mobile device's WLAN connection is severely degraded or lost and the mobile device detects the WWAN (e.g., PLMN) that can be used , GPRS). In general, it means that the mobile unit is simply out of range of the WLAN. The various signal handover methods discussed above can generally be used in the WLAN-to-WWAN example of the month. Five different embodiments are discussed as follows: 1. Having continuous "powerful switching of wireless networks 20 in telecom working level"-Embodiment-When the hotspot controller, service controller or mobile device recognizes that the communication conditions are unacceptable At that time, the opposite end gives up communication. The communication abandoned by the service controller will be by transmitting a signal to hand over the control signal to the mobile device or by interrupting the telecommunication working period to the point at which the mobile device unit determines that communication must be switched. The ms is then simply 88 200307428 (ii) Description of the invention Abandon communication and look for a WWAN access to switch, or abandon communication when it no longer obtains services from the WLAN. In either case, if the MS finds a WWAN activity in the area, it will try to log in to it. Once the communication is established again, the service controller recognizes that the requested telecommunication working period for the one or more of the 5 mobile device units and the identified telecommunication working period (or telecommunication working periods) are automatically re-renewed. Join. Another embodiment of the present invention relates to an example in which service control logic exists in a WLAN hotspot. In this example, the service controller within the WLAN discovers whether the mobile device 10 has been subsequently serviced by contacting the WLAN controller and thereby has unrequested (frozen) telecommunication working hours. 2. The mobile device assists in handing over network control signals. In this embodiment, the mobile device is still connected and disconnected from the WLAN, and searches and recognizes before the gradual degradation of service of the WLAN despite an unacceptable service quality. An acceptable WWAN operation. The mobile device then sends the details of the identity data it generated for the service controller to the service controller, or to another entity that actually controls the logic of the actual communication. If its decision is to define logical conditions for each acceptable (roaming agreement, load conditions, mobile device telecommunications service contract, etc.), the entity then instructs or causes the mobile device to switch to the WWAN. The handover of the mobile device from the service's WLAN to the receiving WWAN is in one of two ways: a) If the mobile device can receive wireless network selection control, it is ordered to handover to the WWAN. Preferably, if possible and needed, the transmission package 89 200307428 (ii), the description of the invention includes the WWANit news, thereby speeding up the money process. b) If the mobile device cannot accept the wireless network selection control, it simply disconnects from the service's WLAN by interrupting the service; at that time, the mobile unit attempts to log in to the WWAN and access its service control logic. 5 series. — 3. Mobile device control hard signal handover. In a further example, the mobile device unit searches for WWAN coverage in: > when: 逐渐 the quality of the service gradually fails to meet; and 10 (11) when it receives from the service controller Or a private order similar to the communication control logic is required to be delivered to another preferred communication service. The mobile device then performs one of a search for one or more WWANs that it can detect, and decides which one is the best to be switched. Priority selection is usually granted by its original telecommunications service provider, 15 but specific logic within the mobile client or control from the WLAN can change this priority. The mobile device is then detached from what has served it if it has not been switched off. In a variant implementation of this embodiment, the mobile device sends out a prompt to speed up the signal delivery process and improve the control during system and telecommunication work before leaving the WLAN. After being disconnected by the serving WLAN, the mobile device unit attempts to add to the selection for signal delivery. The service controller preferably decides that the mobile device unit has been signaled to the WWAN from the previously served WLAN, identifies the corresponding telecommunication working period and allows the working period 90 200307428 玖, invention description or such working period via a new Connection restarted. Although network assistance is not required in the preferred embodiment of the signal delivery method, an additional embodiment is provided to implement network-assisted signal delivery. Network assistance can be provided by any of the following: 5 ⑴ Accept the identity of neighboring WWANs, that is, provide their communication parameters, such as avoiding attempts to log into known operations within this area but not acceptable due to other factors WWANs;

(ii) information on service conditions or other available parameters of neighboring WWANs, such as if their services are known or expected to have problems in the area 10; and (iii) the expected availability of WLANs in that service. 4. Network command, mobile device control hard signal delivery

Another embodiment is related to the delivery of a network command signal. Following this order, the signal delivery itself is controlled by the mobile device unit. The 15 method is to implement control during the telecommunication work period that exists in the service controller or its communication control logic to determine that the service W L A N cannot support mobile service communication conditions. Network control can be used to determine the WWANs that may be available within the service area, but this is not necessary. If this user is determined, the network control sends information about communication parameters related to the candidate WWANs to the mobile device unit. The mobile unit is now searching for any WWAN that can support its service request. In a preferred embodiment of the method, the mobile device unit searches for its WWANs in a time-multiplexed manner, while trying to maintain communication with the WLAN to provide its users with a predetermined level of service. 200307428 发明, the impact of the invention description delivery service is minimized. When this is not feasible, a change implementation allows the mobile device to get out of the WLAN access and only search for WWAN services. In both embodiments, the mobile device may use data previously provided by the service controller network or perform an arbitrary search. 5 Based on the search, the mobile device decides if there is a place to perform — the signal is delivered to the WWAN, and if so, it tries to access the WWAN. # If the mobile device cannot successfully access the first WWAN attempted, it will then try to access the next best 10 WWAN in its search results, and so on. After the access is successfully completed, the service controller confirms that this is a restart of the previous telecommunications work period or the previous majority of telecommunications work periods to ensure that the telecommunications work period continues. 5. Soft Signal Handover 15 Three of the above four embodiments related to hard signal handover • It can also be implemented to provide soft signal handover. As explained above, the term soft signal handover used here refers to maintaining a seamless and continuous communication when switching from the WLAN to the WWAN, without affecting the activities of the telecommunication work period within the wireless mobile devices in the area , Package or those with limited time continuous communication-20 persons. The difference is that no telecommunications work period is frozen and therefore no degradation in service is noticed. The soft signal delivery supported by the present invention can be established by establishing communication with the mobile device unit of the WWAN before leaving the service WLAN, or by joining the WWAN so fast that it will not work in telecommunications when leaving the WLAN. 92 200307428通讯 Communication was interrupted during the description period of the invention. To support the latter condition, the service controller may first provide data to the mobile device. This previously provided information can be temporarily stored to maintain service during the signal delivery. The mobile device logic can also switch to a degraded mode that requires less data to extend the time supported by the buffer. The continuous service that 5 users of the mobile device unit can receive. One variation of the soft signal handover embodiment considers that the mobile device unit can join the WWAN and effectively perform the signal handover before leaving the WLAN. Soft signal delivery can be network-controlled or mobile-controlled. 10 a) Network control soft signal delivery In the network control embodiment, the mobile device unit searches each of its own logic or each command from the service / communication control WWAN channel to measure and determine them. Communication usability. Usability information is then forwarded to the service controller or similar communication control logic, of which 15 can be centralized or decentralized as described above. The service controller or similar communication control logic can now select the new service WWAN based on the data provided by the mobile device unit and the operating status of the WWANs. The latter can be achieved by the WWANs providing this status information to the service controller or the communication logic supporting the mobile device. 20 The service controller can provide parameters of the new service WWAN to the mobile device or signal delivery control / instruction to the selected WWAN. To ensure uninterrupted communication, the mobile device unit preferably establishes communication within the WWAN before disconnecting its WLAN connection. b) Mobile device control soft signal delivery 93 200307428 发明, invention description In the implementation of the mobile device control, the channel of the WWANs search activity of the mobile device unit is when (i) there is an indication that the quality of the service has not been met; ii) It receives a command to deliver a signal to a WWAN. The latter five may occur when the service controller receives a previous notification indication that the WLAN service is to be disconnected.

The mobile device would then preferably perform a search for all available wireless networks that are now available on the street, and decide which one is the best one to switch to. The conditions that determine which is the best WWAN to switch over may include 10 measured communication characteristics and network load, if broadcast from the service controller or is available from the service controller.

The mobile device unit then prompts the service controller / communication logic which WWAN has been selected for the signal delivery and waits for a confirmation or the end of a pause (minimum pause may be zero), which is established on 15 communications of the WWAN Without interruption with that WLAN. After communication has been established, the mobile device is disconnected from the WLAN that has served it. In a variant embodiment, the mobile device sends a prompt before leaving the WLAN. The reverse procedure for handing over signals from this WWAN to WLAN is similar. However, as mentioned above, in this example, the signal delivery need not be initiated because the service quality from the 20 WWAN has been degraded. They are described as follows: The mobile device needs to periodically check its defined logic for available WLANs. This is because that part of the WLAN is covered by the WWAN service range. On the other hand, a hotspot itself may include a device transmitted by a mobile device in a detection area to automatically send instructions to the mobile device. 94 200307428 玖 Description of the invention unit to find the WLAN. Signal delivery from the WWAN to the WLAN rarely requires loss of WWAN communication. However, the signal handover techniques discussed include situations where the mobile device joins the WLAN and establishes communication with the service controller via the WLAN before disconnecting the WWAN (the 5th final soft signal handover), and the action The situation where the device loses its WWAN connection and successfully builds communication with the WLAN sometime later and re-establishes its telecommunications working period. These embodiments include, in addition to the establishment of the normal communication protocol of the intermediate media, the signal delivery between the WLAN and the WWAN must additionally support the activity of the mobile device unit being signaled. These supporting activities can be a WWAN book or a different encryption program, so the mobile device accepted by the WWAN can be determined based on authentication and encryption that cannot be transmitted by the WLANs communication. Signal handover between wireless WAN and Internet15 The concept of signal handover has been extended to a WWAN mobile device such as a GPRS communication device unit, which can sometimes be accessed later via the Internet or other wired networks The WWAN service controller and WWAN service. The embodiments include an example in which the WWAN and the Internet are connected simultaneously and one connection is completed while the other connection is disconnected. 20 For the above embodiment, the variation implementation can use all previous signal delivery methods. Furthermore, the logic installed in the mobile device client or the service / communication controller can provide priority when WWAN and Internet connections are available at the same time. In the preferred embodiment, the Internet connection is 95 200307428 (the invention is preferred) and the WWAN traffic is transmitted to the service / controller via the Internet in this example. The money delivery technologies suitable for switching between the two networks include the following: · Strongly continuous switching of network communications during the working period of the mobile phone 5 胄 The mobile device unit or the service controls the test service -Available within higher priority networks. For example, in the above preferred example of the Internet, the mobile device is disconnected from the IΛ of the lower priority network and then the mobile device tries to add another Network and control of connection to the service. Once the communication is re-established, the service controller logic recognizes that it has requested one or more telecommunication work periods for the mobile device unit and that the work period or those work periods are automatically continued. 2 > Mobile-device-assisted hard-network control signal delivery In a non-compliant embodiment, the mobile device unit establishes communication via the two networks without controlling the path of the telecommunication work period. The service controller can control the disengagement at the service level via 15 lower priority networks, thereby forcing mobile devices to try and establish services via the higher priority network. The service controller then prompts the mobile device for its decision, and many variations can be implemented as follows. The decision to signal the delivery of the mobile device from one network to another is therefore dependent only on the service controller. a) If the mobile device can accept the network selection control from its service / communication controller, it can be commanded to the selected (receiving) network. It can be additionally sent with communication parameters to speed up the signal delivery process. 96 200307428 (ii) Description of the invention b) If the mobile device cannot accept the control of non-existent network selection, then simply deny the service to leave the service network; and force it to try and log in to another network. 3 · Mobile device assists handover of hard network control signals 5 In this implementation, the possibility of wireless mobile devices in the area searching for another service and determining communication conditions within another network. The information collected by the service / communication controller (SCC) 128 or 140 is then sent. The mobile device unit searches the other network when one of the following conditions is met: 3 a) The mobile device unit is programmed to perform a normal interval search. The search room can be pre-programmed or controlled by a command from the SCCC 128. b) —Hardware instructions are provided to indicate that another service is available. A paradigm may be a hardware indication that 100BasedT is valid. > e) The mobile device is searched for another network by the 3 (:(: ι28) command. This typically occurs when the -external service decides this available possibility in every piece of information provided by the mobile device. The mobile device unit is handed over from its previous service network signal to the selected network in one of two ways: 1 If the mobile device can accept the SCCC controller, it is ordered to To send to the selected network, including if the communication parameters are sent to speed up the signal delivery process; month transmission—) If the mobile device cannot accept the wireless network selection control, its hunting is interrupted by the service Disconnect from the service network. In this example, the mobile device 97 200307428 (the invention description) tries to connect via other networks until it contacts the scc and the telecommunications work period is re-established. 4. Mobile device Controlling hard signal handover In mobile device control hard signal handover, the mobile device searches for another 5 network connections when (0 it detects the availability of a higher priority network, (ii) the quality of the network Gradually dissatisfied, or ( m) When it receives a command, the signal is delivered to another network as defined above.

The mobile device unit performs the search and determines the signal delivery priority order to obtain measurements obtained by another network. In one example of this measurement, the mobile device can be true-to-defined ip and measure the response delay. The mobile device then disconnects from the network that has served it and connects via the selected other network. In a variant implementation, the mobile device sends out a reminder to speed up the signal delivery process before leaving its current service network. When the mobile device tries to join the network it has chosen to hand over as a signal, the system determines that the mobile device has been handed over from its previous serving network signal parent to the new serving network, and expects to restart that it can recognize 20 existing telecom working periods or multiple telecom working periods. Although there is no need for network assistance in the preferred embodiment of this signal delivery method, a variation implementation is included to perform this signal delivery with network assistance. Network assistance can be provided by any of the following: (0 identity of network parameters may be obtained, including 98 200307428 of the WWANs, invention description better access channel, and Internet supporting a better decentralized SCCC infrastructure Accessing proxy ip; (η) load conditions or other accessible parameters of different access networks or access points (e.g. different telephone numbers to access the Internet "and 5 (iii) the service network Information on the load conditions of the future network (for example, for some internal network connections) 5. Network command, mobile device control hard signal delivery Network command mobile device control hard signal delivery is implemented when the SCC 128 and Any one of 140 finds that communication conditions are unacceptable or have a periodic check that requires 10 higher priority connections. Network control may or may not determine a possible alternative network with support service capabilities. If this The capability is determined, and the SCC 128 sends information on the available network communication parameters or network access to the mobile device unit. The mobile device then searches for information that can support its service request. Network. In a preferred embodiment of this method, the mobile device searches for another network without interrupting its current connection, thereby minimizing the impact of signal delivery. An example is to dial many Internet A network access number to decide to use the Internet before disconnecting from a wireless GPRS connection. When this is not possible, one option is to provide the mobile device first to disconnect from its service network and only search for another after 20 minutes. A network. In the two embodiments, the mobile device can use the data previously provided by the network or perform any search. Based on this search, the mobile device determines which network is to be signaled and tested. If the mobile device does not successfully access the selected network, then the 99 200307428 玖, invented the explainer to control Kang ', search, and fruit 4 access-the best network And so on. The start and connection are expected. The expected or pre-timed timing is that after the access has been completely successful and the connection to the SCC 128 and 14G has been established, the SCC confirms that New connection is the previous The resumption of the telecommunications working period or previous multiple telecommunications working periods is best done in one of the previously described ways to ensure the continuity of the telecommunication working period. 6. Soft signal handovers with hard signal handovers Four of the five methods can also be implemented using soft signal handover. As mentioned above, the term "soft signal handover" as used herein refers to the conversion when accessed from one network to another. In order to maintain the seamless and continuous communication, it will not affect the activities during the telecommunication work period of the wireless mobile devices in the area, including continuous communication based on the time limit. 0 15 The soft signal delivery supported by this embodiment can Mobile communications with the sec J28 and 140 are established through a new service network before leaving and the current service network. On the other hand, soft signal handover can be achieved by switching the network connection fast enough to enable communication without interruption during telecommunication operations. 20 s noon methods are discussed later to implement soft signal handover. a) Mobile device assists software network control signal delivery In the first software signal delivery embodiment, the wireless mobile device in the area searches for another network and determines communication conditions. Then send usable information to the SCC 128, 140 〇 100 200307428 玖, description of the invention The SCC connection and continuation works determine which network and when to perform the signal delivery. It provides signal handover parameters to the mobile device; and optionally provides signal handover control to a proxy node or an entity controlled within the WWANi. The latter may be needed if there is further information suggesting that the connection is about to be lost, or due to distorted identification under 5 robust conditions, or that one of the entities supporting the communication is about to be removed, thereby To ensure continuous communication. Therefore, in order to ensure uninterrupted communication, the mobile device preferably establishes communication within the new service network without interrupting its current network communication. Once communication with the new network is established 10 access to the SCC 128 and 140, the mobile device is disconnected from the network that already serves it. In a variant implementation, the mobile device sends a reminder before disconnecting from the network. b) The mobile device controls the soft signal handover in a second soft signal handover embodiment, which is now controlled by the mobile device for 15 yuan. The mobile device searches for additional channels when (i) a higher priority network Road conditions are detected; (ii) the service quality is gradually not being met; or (out) when it receives a command as a signal for delivery to another network. The mobile device unit itself performs a search, which performs measurements on different networks with pre-defined 20 or stylized priorities and categorizes them into a determined priority order to switch between select-better networks. In a variation, the mobile device does not need to search all possible replacement networks, it only needs to search the top n networks among the available networks. In a specific embodiment, ㈣. The conditions for determining the best network to switch to may include the measurement of 101 200307428, the communication characteristics of the invention, and the network load. The mobile unit indicates that the SCC network has been selected for the signal delivery and waits for the end of a confirmation or pause time, in which it establishes communication with the new network without disconnecting from the network currently serving. After communication 5 is established, the mobile device is disconnected from the network that has served it. In a variant implementation, the mobile device sends an alert signal before leaving the network it is currently serving. c) Network command, mobile device controls soft signal handover. One embodiment includes a soft signal handover commanded by the network but followed by the mobile device. The signal delivery is performed when the SCC determines that the service network cannot support the mobile device service communication conditions. The SCC may or may not identify possible alternative networks with capabilities to support communication services to the mobile device. If these capabilities are identified, the SCC then sends information on the communication parameters of the identified network to the 15 mobile device units. Once the mobile device has access data that could replace the network, the procedure continues as the mobile device controls the soft signal line of the previous embodiment. Signal Handling Conclusions All of the above implementations provide features currently available within wireless LANs. The soft signal handover solution may provide smoother continuous services. However, since all the solutions are based on the decapsulation of the mobile device side, continuous service can be achieved by the soft and hard signal handover embodiments. 102 200307428 发明. Description of the invention Hybrid network authentication Mobile communication provides a higher level of personalization. For example, a GSM phone provides a SIM card, which provides each user with a personal communication function associated with his mobile phone service provider's account. CDMA-type mobile devices have similar personalization features. According to an embodiment of the invention, a user is given the ability to set a transaction in his deposit via any unencrypted or encrypted device ', the transaction being confirmed or authorized via his / her mobile phone. Authorization can be as simple as asking him to send a simple reply via an SMS message sent to one of his mobile phones. On the other hand, the user can send an SMS message from his own mobile phone to a unique number for him. The transaction then charges the mobile phone account. Unlike a credit card or other account, one advantage of charging a mobile account is that the phone account is specifically set up to charge a small amount of money at a single time. These embodiments therefore provide a way to provide low-cost products and services on the Internet 15, which previously made it difficult because credit card companies charge small amounts of fees. This embodiment is also used to provide a combination between a non-authenticated and an authenticated device. Once the non-authenticated device has been authorized, secret authentication information can be installed in it. This certification data can be further used to provide a link between the non-certified device and the PLMN certified device. This method can be used to activate a virtual SIM (please refer to the previous description). Reference is now made to Fig. 27, which is a simplified block diagram showing a certification authority according to a first preferred embodiment of the present invention. In Fig. 27, it is shown that the communicator 110 'is typically a honeycomb cell Internet portal, including an SMS portal. Optionally, this Internet portal may include a WAP portal in addition to or instead of 103 200307428 (Invention Note) The SMS portal. The communicator can communicate with a first personalization device 112 through an authentication key 114, such as a GSM or CDMA and any extended type of link. Links such as GSM provide not only authentication but also encryption 5 functions. This function is preferably provided but not a necessary condition of the present invention. A basic embodiment only requires authentication and non-rejection of the transmission. Generally speaking, this communication is a digital communication, such as an SMS or GPRS data message, although, as will be explained later, voice can also be used. The communication preferably utilizes user authentication, which is one of the characteristics of GSM or CDMA. Additional authentication can be provided by a link 114 and the device 112 with additional support for encryption. In addition, it provides a correlator 116 that can perform the positive identity information of the first personalization device 112, and can connect the authentication with another activity or a server 118 or similar device via a non-authentication chain The node 120 receives a request for activity 15 from a requesting device 122. In this article, a non-authenticated link is a link that cannot be positively identified by the user or the requesting device, and specifically includes a general Internet link. The inability to identify the requesting device may be because there is no strong certification authority like a SIM card, or because the link itself is unencrypted, and ~ allowed and eavesdropped and imitated or other reasons. The mechanism of Figure 27 therefore allows the unclassified problem to be solved by requesting an additional communication through an authentiable link. In general, a mobile phone device is a personalizable device that can be authenticated, and by requesting an extra trip of communication through a mobile phone link, a telecommunications service provider can determine that a request is genuine. In addition, the mobile phone is related to the charging account 104 200307428, invention description, and the service provided is to allow the identified customer to be charged directly. As will be explained later, the communication link journey of the communication may be before or after the non-certification journey, as long as the two journeys can be successfully related, and a non-exhaustive list of changes will be described later. Beyond this, many non-certified trips can be associated with a single certified trip. Of course, the present invention is not limited to use in mobile phones and any encrypted personalization device that cannot be imitated to communicate through a secure link. The correlator 116 is preferably connected to an authentication communicator 123 to instruct the server 11 8-a given activity request is approved. On the other hand, the authentication communicator 123 may transmit the authentication to an external proxy server or gateway related to the non-authentication device. In a further variation implementation, the authentication communicator may send the authentication to any device or network node responsible for managing the activities of the request purpose. In yet another embodiment, the authentication communicator 123 may transmit 15 authentications by using changes to the routing table on a router. In addition to GSM and CDMA, a non-complete list of other systems that can be used to provide encryption links includes IS-136, PDC, EDGE, WCDMA, GPRS, Irdium, and GlobalSta. The term CDMA includes the IS-95 standard and its 2.5 and 3G versions, which are well known and correspond to 20 1XRTT and 3XRTT. Please refer to FIG. 28, which shows a GSM device 124 like one of the mobile phones. The GSM device 124 includes a SIM including one or more integrated circuits, and at least one of the integrated circuits includes the personalized data supporting authentication, encryption, and decryption of the secure link. The 105 200307428 发明, description of the invention SIM identifies the mobile phone and does not allow other devices to imitate the phone, so it provides authentication and confidential access to a charging account corresponding to one of the individual phone users. Although in the above, the assumption is based on the fact that the message transmission itself is a message transmission, the present invention is not limited to this. The security link 114 is also encrypted for voice communication and can provide an automatic voice message creation function in the communicator 110 to create a message from a pre-recorded message section. In addition, it can provide an artificial sound. Either way, an audio message can be sent to the personalized device through the secure link. The 10-tone message can, for example, identify the transaction and can request the use of a button press to complete a positive response. In a particularly preferred embodiment of the present invention, a device corresponding to a possible user of a service requests the service through the unsecured link. The unsecured link can be any type of network, in particular an open network like 15 疋 Internet, or other digital or analog networks4, and can include a LAN, a wireless LAN (WLAN), In particular, any WLAN corresponding to the IEEE 802.11 standard includes 80211, 802, claw, 802.11a ... g, and so on. in. During the login process, it identifies its secret link, for example by 20 given-related mobile phone number. The identity information can be retrieved from the storage memory or manually entered by the user. The correlator 116 receives the data (e.g., a mobile phone number). It may need to translate the received personal information into different identity information suitable for the communicator 100, and it can be performed by the correlator itself or through external translation 106 200307428, invention description service to Implementation, such as by accessing-home location register (h_ — register: HLR). The correlator 116 then uses the communicator 110 to contact the mobile phone in an appropriate manner ... The timer 123 is operated, which determines the user of the mobile phone-to reply and confirm the identity of the user at a fixed time. In addition or in other respects, the —error counter 124 counts the number of times that authentication has not been successfully established, and stops the authentication operation when the —critical number is reached. In this example, the operation of Wu Hai is started at the same time with the non-authentication device 122 that is in contact with the temple server and the personal device 112 that is in contact with the communication server. The correlator 116 establishes a link between the two communications and authorizes service to the non-authenticated device. One way to ensure that the user authentication is not stolen is to provide a password to the authenticateable device 112 in response. The password is then entered by the user in the non-authentication device a], so it is clarified that the user of the non-authentication device 122 is the same as the user of the authentication device 15 and this action is intentionally completed. If this password embodiment is used, the authentication link number is encrypted so that the password is not exposed. On the other hand, the password is only used a limited number of times, such as only one, in which case the authentication link need not be encrypted. As explained later, because the login 20 name used by the non-authenticated device is the MSISDN, that is, the mobile phone number, it may allow a spoofed user to detect different MSISDN values. This snooping may cause the mobile phone to receive a service request, and if the user is not alert, the user may inadvertently authorize the service to those fraudulent users. The problem can be reduced by requesting the non-encrypted device to use a password in addition to the MSISDN 107 200307428 (invention description). Another solution is for the mobile device unit to start the §Hai§tolerance sequence. The user sends an sms to the communication device, which then responds to the 忒 working period with a temporary password for one of the telecommunication working periods. The user uses the pDA or other non-authenticated device to connect to the server 118 via the 5 Internet, and enters his username • (MSISDN) and the temporary password. On the other hand, the communicator provides a temporary identification number and password to ensure that the user is obscured and the user enters the Φ temporary identification number and secret phrase pair. The transmission of the identification number from the authentication device to the non-authentication device can be manual or via some regional wired or wireless communication links. The correlator or the communicator confirms that the access information, such as the temporary password or identity information, is provided when the MSISDN related and service is authorized. Preferably, in this embodiment, the SMS transmission is completed before the mobile terminal 15 (personal digital assistant, laptop, etc.) is activated. ® In a further implementation of the above, the SMS may include a quasi-random number, in which the user needs to copy or be transmitted to his non-authenticated device to complete the authentication, thereby reducing the risk of stealing the authentication. The requested event can be an Internet browsing event. The use of the 5 Haibao fork link associated with a toll account " 20 allows a small number of tolls. One problem with the Internet so far has been the tendency to reply to credit cards. The requested activity may be the browsing itself, or it may include activities related to purchases, use of paid services, and the like. Therefore, the user can go to an online bookstore or the like and complete it by entering his mobile phone number instead of his credit card number. 108 200307428 发明, invention description Squat. He then received a message on his mobile phone and responded to the message to complete the transaction. The Internet activity can be another FTP-type activity or an activity that does not involve backward browsing, such as continuous data application, email, etc. 5 In another embodiment, the non-authentication device 122 may be a credit card or a smart card, and the requested activity may be a point of sale activity, such as using -atm. In this connection, reference may be made to FIG. 29, which is a simplified diagram of a card 128 having a memory unit 130 for display, such as a smart card or credit card. The memory unit 130 may be part of a 10-body circuit on a smart card, or it may be a magnetic strip such as on a conventional credit card. Preferably, the memory unit 130 includes the standard transaction information such as an ATM number, and a further set of numbers in addition to allow authentication of the mobile phone number. However, this has the disadvantage of a wrong phone number. The number may be entered. In another embodiment, the further number is an encoded version of one of the mobile phone number. The coded version is an encrypted version, in which one month b is used to deselect the side phone number. On the other hand, a password can be used, which is a simple account number in a lookup table. The latter version is particularly confidential because if a computer hacker knows the code on the lookup table, it can only substitute a different phone number. The user inserts his credit card into the ATM in the usual way. The card transmits the user's telephone number, or a password relative to the telephone number, which is used to generate a telephone call to the user's mobile phone. The user either responds to the mobile phone or enters the ATM—group of specially generated PIN numbers to be used in the communication. In the preferred embodiment, the use is to reply and enter at the same time 109 200307428 玖, invention description Enter the PIN number. The requested activity may be, for example, access to a network, that is, the messenger requests access to a LAN or access to the Internet or the like. It therefore makes it possible to provide the ability to roam the Internet and use regional resources to log in to the Internet while traveling or not in the neighborhood of its own Internet provider. · In particular, the network to which access may be requested may be through a wireless LAN access point or an infrared access point or through one of the Bluetooth access points. Wireless LAN or infrared or Bluetooth is to provide flexible network access to all devices in the vicinity of such access points, and this embodiment allows potential users to be identified and charged for the service. 15 In a further embodiment, after the user has transmitted the quasi-random number or the password to his own non-authenticated device, the number or password may be used multiple times to authorize an event. Because multiple transmissions of the number or password are exposed to replay attacks, the multiple authorization can use the quasi-number / password as a seed key to a challenge response agreement. For example, if a virtual SIM is installed in the non-authenticated device, then the virtual SIMiKi (refer to the description of the SIM above) can be set as the quasi-number / password (Ki is originally used in the generation of SRES, and Kc From RAND). -20 Another variation with a higher level of security is to use the above-mentioned quasi-numbers / passwords to authenticate the establishment of a secure channel (by IPsec, tls, SSL ’SSH, etc.). The key Ki can be transferred between the correlator and the non-certified data, and can then be used as a seed for the execution of the challenge response. As discussed above, the communicator gets a phone number, whether it is 110 200307428, the concise description of the invention, or an encoded or encrypted version of the phone number from the non-certified device. This number is preferably used to establish communication with the secure mobile device. However, in those embodiments, the communication is initiated by the secure mobile device, and the mobile number is preferably used for premium and non-certified links where links have been established. According to the above, the non-authentication device can be a credit card, a smart card, an infrared device, a Bluetooth device, a pda, a durable computer, a mobile computer, a fixed computer, and a computer network or any other device that can use infrared or blue Or wireless LAN or HomeRF or wired or other types of communication to establish a communication. Reference is now made to Fig. 30, which is a simplified block diagram showing still another embodiment of a verification device according to the present invention, the elements of which are shown in more detail. Like a PDA 130, a non-authenticated device communicates wirelessly to a LAN / WAN 134 via a network access point. The LAN itself can be wired or wireless. The LAN can be directly (or indirectly) connected to a honeycomb cell The Internet authentication portal 136 may be a device that provides the user with access to the Internet or any other network or service. The entrance ι36 preferably allows the pdA 130 as a standard Internet authentication device that can log in normally. This login procedure can be performed manually or automatically when needed. The user's mobile phone number can be used as the login user name or as a separate part of the login process. The portal starts executing a timer to suspend the authentication after a predetermined time limit. Alternatively, the portal can also set a counter to limit the number of login attempts to reduce the number of intrusions by hackers. The remote entrance is directly or indirectly connected to a short message service center SMS-C 138 111 200307428 玖, description of the invention

, Which is a network unit for managing SMS messages. The SMS-C 138 sends an SMS message to the SIM protected by the mobile phone 146 through the MSC 140, the BSC 142, and the cellular cell base station 144. The user thus receives a request telling him to press reply to activate its network connection. In a further 5 it is emphasized that the user can be asked to provide a password. The SMS itself is usually encrypted and the SIM supports authentication to make it clear that only the intended mobile phone is responding. The mobile phone responded to the SMS. All SMS messages have an original location, and the SMS message being transmitted may have the phone number of the authenticator to allow a reply to reach the authenticator. The user who uses the LAN is then authenticated to access the Internet or other data networks through the LAN, and the LAN he uses can then charge his mobile phone.

Please refer to FIG. 31, which is a diagram illustrating verification through a non-authentication channel of an authentication channel according to an embodiment of the present invention. In FIG. 31, the authentication of the link includes the steps of communicating through an authentication chain 15 having one of the authentication devices, and verifying the authentication procedure using the link, wherein the communication is with an expected mobile phone device through A non-certified second channel or link to establish a second link. One stage is then combining or associating the verification with an activity request through a non-authentication device. Once the two channels or links have been combined, then authentication on the first link is used to allow requests on the other link 20 as described above, thereby allowing activity requests for the non-authenticated device. The combined steps can be performed by using an identification telephone number provided by the authentication device. The authentication step preferably includes sending a message to the authentication mobile device, and a reply can be expected as explained above. As mentioned above, for the present invention, it is not important which one of the two links is completed by 112 200307428, the description of the invention is completed first, or whether they are completed at the same time # 1 舌面. Each possibility is accompanied by advantages and disadvantages to provide a legitimate embodiment of the invention. 5 10 In one case, communication was initiated by a non-authenticated device. The system sends a message to the relevant authentication device to request approval. The user of the device returns his approval and the authentication is done here or the system sends a password to the authentication device. The user receives the password and inputs or copies or sends the password to the non-authentication device 'and thus completes the authentication. In another case, the communication request is initiated by the authentication device. The system sends a «code or your messenger name and password to the authentication device. The password 'or user and password are copied or transmitted to the non-authentication device, and the non-authentication device relays the password back to the system and the authentication has been established. The above procedures are only used in the initial communication establishment, or in a special 々In the example, ', used in _ to start communication. After that, the —secure communication channel was set up between the system and the non-authentication device, and it used additional identification codes / numbers to provide access to the system next time. During the future song storage, the system adds additional identification codes / passwords and optional prompts for the authentication device. This preferred embodiment saves the need to set up an authentication channel with the authentication device after the first communication. 20 In the preferred embodiment, the authentication method does not require any specific hardware or software to be installed on the PDA 13o. The pDA works using a standard browser and a standard web interface unit. In another embodiment, the software is installed to support the defined procedure and assist or eliminate manual user actions, such as address entry and identification in the certificate 113 200307428 5 发明, certificate of invention and non-certified information. Data transfers. The telecommunications service user does not need to know any new numbers and passwords, and the mobile phone number (MSISDN) can be used as a username. The mobile device terminal 46 is a standard authentication unit. This terminal can be only voice, only SMS, only WAP, only GPRS, only 3 G, and any other data communication or a combination. Authentication of the requested service requires possession of the user-specific SIM or USIM or similar device. 10 The service does not require any specially provided database. The user identity is the MSISDN or similar identification code (like IMIS). No new password needs to be provided or remembered by the user. However, a variant embodiment requires the provision of a database, such as when using a RADIUS server. A RADIUS server is an authentication server used to authenticate access to a communication system. The authentication is based on the RADIUS or remote authentication dial-in user server protocol. A single web server 122 can be used to support many telecommunications service providers. It should be noted that certain features of the present invention are described in the embodiments of -20 for clarity, and they can also be used in combination in a single embodiment. Conversely, many features of the invention have been illustrated in a single instance for the sake of brevity, which may also provide separation or other suitable sub-combinations. The present invention therefore provides an authentication system including the use of a mobile phone secure channel to secretly transmit an authorization code 114 200307428 which may be used to authorize some other services. Conclusion of the Embodiment In the above, it provides a series of embodiments in which a seamless interface between the honeycomb cell or PLMN environment and the wireless LAN ring mirror is provided therebetween. This interface allows the hive cell enabling unit to be moved from one environment to another without requiring the user to notice it, so it can utilize regional resources with higher data rates and wireless LAN when available. The non-honeycomb cell enabling unit is enabled to connect to the wireless LAN and access the hive cell environment through the LAN. 10 The features of the invention described in the individual embodiments for the sake of clarity may also be combined into a single embodiment. Conversely, for the sake of brevity, the different features of the invention described in a single embodiment may also be separate or any suitable subcombination. Those skilled in the art should understand that the present invention is not limited to those shown and described in 15 above. However, the scope of the present invention is defined by the scope of the attached patent application and includes combinations and sub-combinations of the above-mentioned different features, and those skilled in the art can make changes and modifications after reading the foregoing description. [Brief description of the formula] 20 FIG. 1 is a simplified representation of a SIM, FIG. 2 is a simplified block diagram showing a functional operation of a SIM, and FIG. 3 is a diagram showing a client according to a first embodiment of the present invention The device is connected to a non-PLMN network through a virtual SIM gateway and connected to a PLMN network from there. A simplified schematic diagram, 115 200307428 玖, description of the invention Figure 4a is an embodiment showing Figure 3 in more detail One is a simplified block diagram, which includes a secondary system that simulates a SIM gateway. Figure 4b is a simplified comparison diagram showing another solution for providing a PLMN service through a non-PLMN network. Figure 4c is an exemplary diagram showing a handheld device and a card that can be inserted into it, making it suitable for use with Bluetooth and similar non-PLMM networks.

Fig. 5 is a simplified flowchart according to an embodiment of the present invention, showing a non-SIM device connected through a non-PLMN network to a PLMN network through a virtual SIM gateway 10, and Fig. 6 is a display A schematic diagram of a typical PLMN network infrastructure. FIG. 7 is a schematic diagram according to an embodiment of the present invention, which shows the use of a virtual base station controller as an interface to the PLMN network.

FIG. 8 is a schematic diagram of a preferred embodiment of the present invention, and FIG. 15 shows a protocol layer and packet data authentication between a wireless LAN and a PLMN network, and FIG. 9 is a comparison according to one of the present invention. A schematic diagram of one of the preferred embodiments, which shows the protocol layer and switching circuit data authentication between a LAN and a PLMN network, FIG. 10 is a schematic diagram of a preferred embodiment according to the present invention. Shows the protocol layers related to the connection between GPRS and a wireless LAN. FIG. 11 is a schematic diagram according to a preferred embodiment of the present invention. It shows the support services for switching circuits through PLMN and wireless networks. Provide the relevant protocol layer, 116 200307428. Description of the invention. Figure 12 is a schematic diagram of a preferred embodiment of the present invention, which shows that a virtual SGSN + is used as an interface between a wireless LAN and a PLMN. FIG. 13 is a schematic diagram of a preferred embodiment of the present invention, and FIG. 5 shows a protocol layer and packet data authentication between a wireless LAN and a PLMN network. FIG. 14 is one of the present invention. One of the preferred embodiments The figure shows a protocol layer for providing packetization support services between a wireless LAN and a PLMN. 10 FIG. 15 is a schematic diagram showing a wireless LAN and a wireless LAN according to a preferred embodiment of the present invention. A protocol layer for providing switching circuit support services between a PLMN. FIG. 16 is a schematic diagram according to a preferred embodiment of the present invention, which shows a packet data flow management pipe provided between a wireless LAN and a PLMN. 15 Coordination layer of the management, FIG. 17 is a schematic diagram according to a preferred embodiment of the present invention, which shows a common area and a wireless network connected to a hotspot center point, which can be used to coordinate In the handover between networks, FIG. 18 is a schematic diagram of a preferred embodiment of the present invention. FIG. 20 shows that a wireless network exists within the coverage area of a cellular cell or a PLMN network. FIG. Is a schematic flowchart according to a preferred embodiment of the present invention, which shows the entire principle of signal transmission between two networks. FIG. 20 is a schematic flowchart according to a preferred embodiment of the present invention. Figure 117 200307428 玖2. Description of the invention, which illustrates the signal delivery from the viewpoint of the mobile device unit. FIG. 21 is a schematic flowchart according to one of the preferred embodiments of the present invention, which shows another embodiment of the signal delivery procedure. The figure is a simplified outline diagram illustrating two non-overlapping WLANs with a common center point. Figure 23 is a simplified outline diagram illustrating that each of the two overlapping WLANsts is a part of a different hot spot and the range of these hot spots. There is a common center point outside. Figure 24 is a variation of the plot in Figure 23, where the hotspot does not have 10 stacks, Figure 25 illustrates two overlapping PLMN networks, and Figure 26 illustrates two non-overlapping PLMN networks. FIG. 27 is a simplified block diagram showing a certification authority according to another preferred embodiment of the present invention. FIG. 28 is a simplified illustration showing one of the devices used in the security link of FIG. 27. The figure is a simplified illustration showing one of the devices used in the non-secure link of Fig. 27. Fig. 30 is a 20M block diagram of a further embodiment of a certification authority according to the present invention. Controlling access to one Or wireless LAN, and Figure 31 is a simplified flowchart illustrating one of the authentication machine 27 of FIG capable of operation 'wherein the setting means may be any of a start, confidential or non-confidential, including set by a different device. 118 200307428 Description of invention [Representative symbols of main components of the drawing] 10 ... Subscriber identity module (SIM) 12 .... 51. Card carrier and reader 14 ... Hive cell phone device 16 ... Authentication sub-system 18 … Encryption secondary system 20… connecting device 22… .non-PLMN network 24… simulation SIM gateway (SSG) 26… PLMN / honeycomb network 28 .. database subsystem 30 .. access subsystem 32..Interworking sub-system 34..PLMN sub-system 36 " .GPRS access card 38..Bluetooth access card 40 ... Base station system (BSS) 42..Mobile device

44 .. MSC 46 ... Serving GPRS Support Node (SGSN) 48 ... Non-PLMN Network 50 .. Virtual Base Station Controller (VBSC) 52 .. Remote / Mobile 54 .. Access Point 56 .. 51. Server 60 .. Wireless LAN network 62 .. Virtual base station controller (VBSC) 64 ". Gb interface 66 .. Service GPRS support node (SGSN) 69 .. Gs interface 7 0… protocol 72 .. GPRS network server 74 .. Gn interface 78… AuC / HLR 80… connection manager 82. .area server 84..VSGSN + 90 ... PLMN server 100… Hotspot center point 110 .. Area wireless network 112 .. Wide area network (WAN) 114. Access point (AP) 116 ... WAN center 119 200307428

发明, Description of the invention 123 ... Authentication communicator 140 ... MSC 128 ... Service / communication controller 142 ... BSC (SCC) 144 ... Base station 130 ... Personal digital assistant 146 ... Mobile phone (PDA) 120,132 ... PLMN1 138 ... Mobile device 122,132 ... PLMN2 138 ... Short message service center 134,136 ... Access point (SMS-C) SU1 ~ SU6 ... Telecom service user 140 ... Service / communication controller unit (SCC) WN1, WN2 ...

120

Claims (2)

200307428 Patent application scope 1. An interface device connected between a PLMN network and a non-PLMN network. The above PLMN network is structured to confirm that the cellular cell base station is connected as a relay to the cellular cell mobile device. Nodes, each of the aforementioned non-PLMN networks includes a plurality of access points that are relay-connected to the network compatible 5 mobile device, the network compatible mobile device does not need to be a cellular cell mobile device, and the interface device is structured As a node of the above PLMN so that the above PLMN network serves as a base station and has the function of connecting a non-honeycomb cell mobile device to the above non-PLMN network and accessing the above network, thereby acting like 10 honeycombs Cell mobile devices access the same PLMN network as described above. 2. The interface device described in item 1 of the scope of patent application includes a switching circuit interface for communication and a sub-encapsulation interface for data and control use. 3. The interface device described in item 1 of the scope of patent application, wherein the above 15 PLMN network is a GSM network with an A interface or a Gb interface, and the above-mentioned switching circuit interface can operate using the above-mentioned A interface and the above The decapsulation interface can operate using the above-mentioned Gb interface. 4. The interface device according to item 1 of the scope of patent application, wherein the PLMN network has one of an IuCS interface and an IuPS interface 20. The UMTS network and the above-mentioned switching circuit interface can operate using the above-mentioned IuCS interface and the above-mentioned decapsulation interface can operate using the above-mentioned IuPS interface. 5. The interface device described in item 1 of the scope of patent application, including a simulated honeycomb cell identification gate related to the security layer of the above-mentioned non-PLMN network 121 200307428, patent application scope and operable to determine a connection device Has been authenticated by the non-PLMN network, and is operable to respond to a PLMN network authentication queue to indicate that the authentication has been successful. 6. The interface device as described in item 5 of the scope of patent application, wherein the above-mentioned analog honeycomb cell recognition gateway is an analog SIM gateway and the above-mentioned PLMN network is a GSM network. 7. The interface device according to item 6 of the scope of patent application, wherein the above-mentioned simulated honeycomb cell identification is an analog ESN gateway and the above-mentioned PLMN network is a CDMA network. 10 8. The interface device according to item 5 of the scope of patent application, wherein the non-PLMN security layer is one of the group consisting of SSL, IPsec, TLS, SRP, and SSH, and one of the above groups The authentication needs to allow the analog SIM gateway to provide the authentication response to the PLMN network. 15 9. The interface device according to item 8 of the scope of patent application, wherein the security layer can be set to a required level of security by the architecture. 10. The interface device according to item 1 of the scope of patent application, further comprising a microphone for receiving a part of the sound transmission signals from the non-PLMN network for sound transmission and receiving from the above PLMN network. 20 of the transmitted sound signals are used for partial decoding. 11 · The interface device according to item 1 of the scope of patent application, further comprising a microphone for receiving a part of the sound transmission signals from the non-PLMN network for sound transmission and receiving from the above PLMN network The transmitted sound signal is used for partial decoding. 122 200307428 Scope of patent application 12. The interface Pei Zhi described in item 1 of the scope of patent application is structured so that the above PLMN network serves as a service GPRS support node (SGSN) and as a switching circuit for decapsulating data. Information of one base station. 5 13. The interface device according to item 12 of the scope of patent application, which further includes a function of authenticating a device connected to one of the above-mentioned non-PLMN networks. 14. The interface device according to item 13 of the scope of patent application, which further includes a function of registering to connect to one of the above non-PLMN networks. 15. The interface device according to item 12 of the scope of patent application, which further includes a function of updating the position of one of the devices connected to the non-PLMN network mentioned above. 16. The interface device as described in item 12 of the scope of patent application, which further includes a function that allows connection to a device connected to one of the above-mentioned non-PLMN networks to generate a service request. 17. The interface device according to item 1 of the scope of patent application, which further includes the function of providing the above-mentioned PLMN network with connection control data standardized for the above-mentioned PLMN network, which can integrate corresponding activities into a complete bill . 18. The interface device described in item 12 of the scope of the patent application, which is structured to operate with one of the connection management units of the non-PLMN network described above, thereby] obtaining non-PLMN from the quality of the connected user and the data exchanged Network details. 19. The interface device described in item 18 of the scope of patent application, which further includes the above-mentioned details obtained by standardization to become a pLMN compatible specification. 123 200307428 10 15 20.-An access card for use in a wireless LAN includes a honeycomb cell identification module associated with it to provide a PLMN security function, thereby allowing access to a PLMN network through the wireless LAN. 21. The access card according to item 20 of the scope of patent application, wherein the honeycomb cell identification module is installed on the access card. 22. The access card according to item 20 of the scope of patent application, wherein the honeycomb cell identification module can be reversely installed on the access card. 23. The access card as described in claim 20, wherein the cellular identification module is a SIM. 24. The access card as described in item 23 of the patent application scope, further comprising a SIM carrier and a SIM reader. 25. The access card as described in item 20 of the patent application scope, wherein the honeycomb cell identification module is a vertical honeycomb cell identification module. 26. The access card according to item 25 of the scope of patent application, wherein the vertical honeycomb cell recognition module is a vertical module including a SIM function. 27. The access card described in item 20 of the scope of patent application includes the function of exchanging authentication signals with a LAN gateway to achieve network authentication. 28. The access card described in item 27 of the scope of patent application, wherein the authentication signal is standardized and can be transmitted between the gateway and the PLMN network to obtain the PLMN certification. 29. A method for accessing a PLMN network via a non-PLMN network using a non-PLMN device, comprising: providing the non-PLMN device with an access card matching one of the non-PLMN networks, 124 -.20 200307428 The scope of the patent application is to provide the access card with a honeycomb cell identification module, and provide the non-PLMN network with a gateway function to retain the honeycomb cell identification signal between the non-PLMN device and the PLMN network. 5 30.-A method for accessing a PLMN network via a non-PLMN network using a non-PLMN device, comprising: providing the non-PLMN network with a confidentiality authentication unit for authenticating the non-PLMN device, and providing the above The non-PLMN network has a gateway function related to the confidential authentication unit 10, so as to operate the authentication unit and retain the identification signal of the honeycomb cells that affects the authentication of the non-PLMN network to the PLMN network. 3 1 · —A method of operating a secure gateway between a PLMN network and a non-PLMN network to enable non-PLMN devices to authenticate and use the PLMN connection. The method includes: An authentication protocol for authenticating the non-PLMN network and exchanging signals with the PLMN network through a honeycomb cell authentication protocol includes instructing the device to perform device authentication by using the first protocol to instruct subsequent authentication. 32. A method of operating a secure gateway between a PLMN network and a non-PLMN network to enable non-PLMN devices to authenticate and use the PLMN connection, the method includes: through a honeycomb cell authentication protocol to communicate with The above-mentioned PLMN network was exchanged with the signal range of 125 200307428 and applied for a patent, thereby authenticating the above-mentioned non-PLMN network to connect to the above device. 33 · A kind of signal handover (i.e. signal handover manager) for managing mobile device units, which is used between a first mobile device network access point and a first mobile device network access point. The first access point belongs to a first network, and the second access point belongs to a second network. The managers can access each of them collectively. The network and includes a mobile device unit matcher 'for performing matching between a mobile device unit that is not disconnected from a network and a connection to other networks; and a telecommunications service period maintainer, similar to the above The mobile device unit matcher is used to transmit the working period between the paired mobile device units, thereby transmitting signals between the networks. 34. The signal delivery manager according to item 33 of the patent application scope, comprising a unit in a single area. 35. The signal delivery manager as described in item 33 of the scope of patent application, including decentralized functions on most internal networks and interactive networks. ^ The signal delivery manager according to item 33 of the patent application scope, wherein one of the above networks is a PLMN network. 37 • The signal delivery manager according to item 33 of the patent application scope, wherein one of the above networks is a wireless LAN network. 8. The signal delivery manager according to item 36 of the cb σ month patent scope, wherein one of the above networks is a wireless LAN network. 126 200307428 Patent application scope 39. The signal delivery manager described in item 33 of the patent application scope also includes an active management unit during the telecommunication work period. When the critical quality of the connection cannot be reached, it is now used. The network is used to instruct the mobile device unit to search the surrounding network and determine its 5 connection parameters, so as to identify an optimal network from the parameters and instruct the mobile device unit to connect to the best network. 40. The signal delivery manager as described in item 39 of the scope of patent application, wherein the active management unit of the electric finger is used together with the mobile device unit matcher, thereby using the above instructions to assist the above match. 41. The signal delivery manager as described in item 39 of the scope of patent application, wherein the active management unit during the telecommunication work period is operable to determine whether the indicated match has been successful, and when there is no successful connection, it can operate the instruction The above mobile device unit is connected to the next best network. 15 42 · h The signal delivery manager described in item 39 of the scope of patent application, wherein the active management unit during the telecommunication work period is operable to continue to instruct the mobile device unit to connect to the next best unit until a successful connection is indicated until. 43 ·% The signal delivery manager described in item 33 of the scope of patent application, including-passive management unit during telecommunication work period, used to determine by the above mobile device unit when the connection quality threshold cannot be met It is said that the above mobile device unit searches for a nearby network and determines its flail majority so as to identify an optimal network by the above parameters and instruct the above mobile placement unit to connect to the above network. 127 307428 The scope of application for patent application · The signal delivery manager described in item 33 of the scope of application for patent application, and more # 2 can be disconnected from the above-mentioned automatic device unit and connected to a network佳 网络. The signal transfer manager described in item 5 of the 5 + ° patent scope can be connected to an optimal network and then cut off by the current network. 6. The signal delivery manager as described in item 33 of the scope of the patent application, which can be known to reduce the connection quality on the current network, thereby forcing the aforementioned mobile device unit to cut off and find another network. road. 10 The 47mf patent scope of the signal delivery device described in item 33, its immediate selection-the best network for reconnection, to reduce the current network connection and transmission-instructions to the above mobile unit to connect To the best network selected above. 1 48. The signal delivery manager as described in item% of the scope of the patent application, which serves as a unit identification code for most of the above-mentioned mobile devices that may use the network. The signal delivery manager described in Item 33 of Shishen's patent scope, it also operates to provide an identification code for the above mobile device unit that may use the network. 〇2〇C Λ 丄, υ The signal delivery manager described in the above item, wherein the above parameters include any of the following groups: a better access channel relative to the PLMN network, which can support Internet access with a better decentralized ssc basic architecture The identity code of the agent, the above may use the load conditions of the network. The above may obtain the general and desirable 128 200307428 of the network, the scope of patent application, parameters, the network access number of the Internet access, and the information on the expected load conditions of the network that may be obtained above. A The signal delivery manager according to item 33 of the scope of patent application, wherein the first mobile device network and the second mobile device network are wireless LANs of Hotspot respectively. 52. The signal delivery manager according to item 51 of the scope of the patent application, wherein the first and second networks are one of the overlapping network and the signal delivery. The mobile device unit is located at a point where the above networks overlap. on. 53. The signal delivery manager as described in claim 33 of the patent scope, wherein the first and second networks mentioned above use the same network protocol, respectively. 54. The signal delivery manager according to item 33 of the scope of patent application, wherein the first network and the second network each use different network protocols. 55. The signal delivery manager according to item 51 of the scope of patent application, wherein the first and second networks are non-overlapping. 15 56. The signal delivery manager according to item 33 of the scope of patent application, wherein the first network and the second network are different hotspots. 57. The signal handover manager according to item 56 of the scope of patent application, wherein the different hotspots have an area overlap and a mobile device unit of the signal handover is located in the overlap area. 20 58. The signal delivery manager according to item 33 of the scope of patent application, wherein the above-mentioned hot spots use a single communication protocol. 59. The signal delivery manager as described in item 33 of the scope of the patent application, wherein the above-mentioned hot spots of the Haihe network respectively use different communication protocols. 60. The signal delivery manager as described in item 33 of the scope of patent application, of which 129 200307428, scope of patent application The above-mentioned first network and the above-mentioned first network are PLMN networks, respectively. 61. The signal delivery manager according to item 60 of the scope of patent application, wherein the first PLMN and the second PLMN network use a single communication protocol. 62. The signal delivery manager according to item 60 of the patent application scope, wherein the first PLMN and the second PLMN network use different communication protocols, respectively. 63. The signal delivery manager according to item 60 of the scope of the patent application, wherein the first and the second communication networks have an overlapping area and one of the mobile device units of the signal parent is located in the overlapping area. 64. The signal delivery manager according to item 33 of the patent application scope, wherein the first network is a wireless local area network and the second network is a PLMN network. 65. The signal delivery manager according to item 33 of the patent application scope, wherein the wireless local area network is within the coverage area of the PLMN network. 66. The signal delivery manager according to item 33 of the scope of patent application, including a unit for setting the wireless local area network as a priority order with a higher priority than the above pLMN, so that a mobile device unit is located in it. When it is within range, the signal is automatically delivered to the wireless LAN. 67. A signal handover method for a mobile device unit, the mobile device unit communicates during a communication work period, and the signal handover is between individual access points between a first and a first wireless network The method includes 130 200307428. The scope of patent application includes: providing a control point at a location common to both of the above networks; the above control point determines the identity of the mobile device unit, whose connection has been interrupted and Obtain information on its relative telecommunication working period; determine the identity of the new connection with the mobile device unit at the control point; match the identity at the control point to match the existence of the telecommunication working period with one of the mobile device units , Where the mobile device single 10 yuan has terminated the connection on a first access point and has been connected to a second access point. 6 8. —The authentication device includes: a communicator that communicates with a certified mobile device unit; a verifier that is used to verify with the certified mobile device unit 15 that the communication is a preliminary authentication device; and a correlator Associate the verification with the activity request through a non-authenticated device, thereby authenticating the activity request of the non-authenticated device. 69. The device according to item 68 of the scope of patent application, wherein the authentication device is a GSM device and the authentication link is a GSM link. 20 70. The device according to item 68 of the scope of patent application, wherein the authentication device is a CDMA device and the authentication link is a CDMA link. 71. The device according to item 68 of the scope of patent application, wherein the authentication device is a PDC device and the authentication link is a PDC link. 72. The device described in item 68 of the scope of patent application, wherein the above-mentioned authentication device is an EDGE device and the above-mentioned authentication link is an EDGE link. 73. The device according to item 68 of the scope of patent application, wherein the authentication device is a WCDMA device and the authentication link is a WCDMA link. 5 74. The device according to item 68 of the scope of patent application, wherein the authentication device is a GPRS device and the authentication link is a GPRS link. 75. The device according to item 68 of the scope of patent application, wherein the authentication device is an Iridium device and the authentication link is an Iridium network link. 10 76. The device according to item 68 of the scope of patent application, wherein the security link relates to a telecommunications service user identity module located in one of the encrypted mobile devices. 77. The device according to item 68 of the scope of patent application, wherein the above-mentioned confidential link involves the identity of a telecommunication service user located in one of the above-mentioned authentication devices 15 Module. 78. The device described in claim 68, wherein the authentication device is a mobile phone. 79. The device described in claim 68, wherein the communication includes an electronic data communication. 80. The device described in item 79 of the scope of patent application, wherein the electronic data communication includes electronic message transmission. 81. The device according to item 68 of the scope of patent application, wherein the above electronic message transmission includes SMS message transmission. 82. The device described in item 80 of the scope of patent application, in which the above-mentioned electronic newsletter 132 200307428, and patent application scope information transmission includes WAP. 8 3. The device according to item 80 of the scope of patent application, wherein the electronic message transmission includes an email. 84. The device as described in claim 80, wherein the electronic message transmission includes EMS. 85. The device according to item 80 of the scope of patent application, wherein the above-mentioned electronic message transmission includes MMS. 86. The device according to item 80 of the scope of patent application, wherein the communicator includes a function of activating the communication by transmitting an activation signal from one of the authentication devices, and having a function of receiving the activation of the communication from the authentication device. One of the functions of the reply is to authorize the above event request. 87. The device according to item 80 of the scope of patent application, wherein the communicator has a function of receiving start communication from one of the authenticated device and the non-authenticated device, and has a function of transmitting the start message. The function of reply, besides authorizing the above activity request. According to the farm equipment described in item 80 of the scope of the patent application, the communicator in # includes a function of receiving initiation communication from an external device, and a communication device established between the authentication device and the non-authentication device. Keying 'This is a request to authorize the above activity. 89. The device according to item 80 of the scope of patent application, wherein the communicator involves a function of receiving a message from one of the authentication devices and a function of completing the communication by transmitting-responding to the confidential authentication shock 'It This authorizes the above event request. 133 200307428 The scope of the patent application is the device described in item 86 of the patent application scope, wherein the communicator includes a function of inserting an identification code in the above reply to a requester and inputting through the non-authentication device, and the verifier further includes It is determined whether the above identification code has been received through the above-mentioned non-authenticated device. 91. The above-mentioned communicator 92. can be operated using an automatic voice to communicate with the above-mentioned authentication device. The device described in item (1) of the patent application, wherein the authentication device is used with a paid account. 10 The device further includes a function of charging the paid account for the above requesting activity. As stated in item 68 of the scope of patent application, the requested activity is an Internet browsing activity or a point-of-sale activity. The device according to item 68 of the application, wherein the requested activity is access to a network. 15 95. The device according to item 68 of the scope of patent application, which can be connected to the above non-authenticated device via a Bluetooth access point. • 20 93. 94.% The device described in item 68 of the scope of patent application, which can be connected to the above non-authenticated device via a> WLAN access point. 97. The device according to item 68 of the scope of patent application, which can be connected to the non-authenticated device through a TCP / IP. 98. The device according to item 68 of the scope of patent application, wherein said communicator is operable to obtain a telephone number for said non-authenticated device to communicate with said authenticated device. The device described in item 68 of the scope of patent application, in which the above communicator 134 200307428, the scope of patent application, can be used to obtain identity information from the non-authenticated device to form the above association. 100 · The device described in item 68 of the patent scope, wherein the non-authentication device is one of the following groups, including: a credit card, a smart 5 smart card, an infrared device, a Bluetooth device , A PDA, a portable computer, a fixed computer, and a computer network. 101. The device according to item 68 of the scope of patent application, further comprising a counter, which is used to calculate the connection authentication failure if the communication is not completed within a predetermined number of times. Π) H) 2_ The device described in φPlease refer to item 68 of the patent scope, and further includes a login function for registering one of the non-authenticated devices. The device described in item 68 of the patent scope, wherein the correlator is connected to an authenticator to indicate that the activity request is allowed. The device as described in item (2) of the Chinese Patent Application, wherein the above-mentioned authentication device is operable to communicate with the above-mentioned authentication to an external gateway related to the above-mentioned non-authentication device. 105. The device described in item 1 () 3 of the patent scope, wherein the authentication communicator is operable to communicate the authentication to a server related to the request activity. 20 Η) 6. The farm equipment described in item 68 of the patent scope, wherein the authentication communicator is operable to communicate the authentication by using a router—a change in a path table. 107. A personal transaction card compatible with ATM machines, including an ATM transfer number and a mobile phone number in ATM reading format, the above action 135 200307428 10 15 The scope of patent application and telephone number is used with the above personal transaction card. 108. The personal transaction card described in item 107 of the patent application scope, wherein the above number is stored in a magnetic stripe. 109. The personal transaction card described in item 107 of the scope of patent application, wherein the above number is stored in an internal integrated circuit. 110. An authentication method including: communicating with an authentication device through a confidential link; verifying that the communication is with an expected authentication device; and associating the authentication with an activity request through a non-authentication device to authenticate Activity request for the non-authenticated device. 111. The method as described in claim 110, wherein the authentication device is a GSM device and the authentication link is a GSM link. 112. The method according to item 110 of the scope of patent application, wherein the authentication device is a CDMA device and the authentication link is a CDMA link. 113. The method as described in claim 110, wherein the authentication device is a PDC device and the authentication link is a PDC link. 114. The method as described in claim 110, wherein the authentication device is an EDGE device and the authentication link is an EDGE link. 115. The method according to item 110 of the scope of patent application, wherein the authentication device is a WCDMA device and the authentication link is a WCDMA link. 116. The method as described in claim 110, wherein the authentication device is a GPRS device and the authentication link is a GPRS link. 117. The method as described in item 110 of the scope of patent application, wherein the above-mentioned authentication 136 200307428 fe, scope of patent application device is a silver network device and the above authentication link is a silver network link. 118. The method as described in item 11G of the patent scope, wherein the authentication link includes a confidential link that involves one of the telecommunication service user identity modules that is located within the authentication suit. 119. The method as described in item ⑴ of the scope of patent application, wherein the security link includes a telecommunications service user identity module that is involved in the authentication device. The method as described in the patent claim «paring item, wherein the authentication device is a mobile phone. ίο 15 ⑵ · The method described in item 11G of the Chinese patent, wherein the above communication includes electronic data communication. 122. The method described in item 121 of the scope of patent application, wherein the electronic data communication includes electronic message transmission or SMS message transmission. 123. The method described in item 122 of the scope of patent application includes the function of initiating the communication by receiving an activation message to the authentication device and receiving a reply to the activation message from the authentication device, and authorizing the above activities request. 124. The method according to item 123 of the scope of patent application, wherein the communication involves receiving a message from the authentication device and completing the communication by sending a reply to the authentication device, thereby authorizing the activity request. The method described in item 124 of the scope of patent application includes inserting a reply to the above-mentioned reply to the requester to input through the non-authentication device and determining whether the password has been passed through the non-authentication device. 137 20 200307428 20 Pick up and receive patent applications. 126. The method described in the Patent Scope, as described above, includes the use-automatic voice communication with the above authentication. 127. For the method of applying for item No. 110 of the patent scope, in which the above authentication Γ fee account is used together, the above method further includes charging the payment account for the above-mentioned solicitation activities. 128. The method described in item 110 of the scope of patent application, wherein the above request activity is "one of the group or activity includes-Internet browsing activity, point of sale activity, and access to a network. 129. If applying The method of patent scope No. 110 means using one of infrared rays or bluetooth. 13 〇 The method of K described in the patent scope No. 丨 10, wherein the above non-authentication center is a TCP / IP chain 131. As described in item 110 of the scope of patent application < Wanfa, including a telephone number obtained by the non-authentication device and the authentication device is placed in the same place. • As described in item 110 of the scope of patent application Method, wherein the above non-authentication device is one of the following groups, including:-credit card,-smart card,-infrared device '-Bluetooth device,-PDA, a portable computer, a fixed computer, and —Computer network. ⑴. The method described in item (2) of the patent scope includes a counter. If the communication is not completed within the predetermined number of times, it is used to calculate the connection authentication failure. 1 34. As described in item 10 of the scope of patent application, your method further includes a login function to log in one of the non-authentication devices. 138 200307428 Pick up, scope of patent application 135. As described in the scope of patent application 10th .. The method includes an instruction to output the above-mentioned activity request has been allowed. 136. The method of θ ^ < as described in item 135 of the scope of patent application, wherein the above-mentioned finger is output to the external authentication device related to the external- Gateway. 137. If the method of applying for patent No. 135 does not refer to the method I, where the above means output to the _feeder related to the requested activity. 138. As described in No. 135 of the patent scope Method, where the above refers to the output by adding a change to the table on the router 139