CN1855816A - First authentifaction method and system for mobile communication terminal - Google Patents
First authentifaction method and system for mobile communication terminal Download PDFInfo
- Publication number
- CN1855816A CN1855816A CNA2006100009247A CN200610000924A CN1855816A CN 1855816 A CN1855816 A CN 1855816A CN A2006100009247 A CNA2006100009247 A CN A2006100009247A CN 200610000924 A CN200610000924 A CN 200610000924A CN 1855816 A CN1855816 A CN 1855816A
- Authority
- CN
- China
- Prior art keywords
- mobile communication
- communication terminal
- access point
- authentication
- prior
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/062—Pre-authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/0005—Control or signalling for completing the hand-off
- H04W36/0011—Control or signalling for completing the hand-off for data sessions of end-to-end connection
- H04W36/0033—Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
- H04W36/0038—Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/08—Reselecting an access point
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a prior authentication method and system applied to mobile communication terminal. Mobile communication terminal need perform prior authentication before entering the adjacent access point, where the said mobile communication terminal makes a request to authentication server for prior authentication through the said adjacent access points. If the prior authentication is allowed, the said new access point sets the authentication information of the said mobile communication terminals to the state of prior authentication, and the said mobile communication terminals is informed of prior authentication successful, it relieves the connection with formerly access point, subsequently links with the said new access point and transmits/receives data each other. When mobile communication terminal is moving around wireless local LANs or mobile communication net enters into wireless local LANs, this invention can reduce the needless signals by utilizing prior authentication obtained from adjacent access point, where authentication server manages the state of mobile communication terminal.
Description
Technical field
The present invention relates to the first authentifaction method and the system of mobile communication terminal, particularly relate to a kind of first authentifaction method and system that between the wireless local local area network (LAN), moves or enter the mobile communication terminal of wireless local local area network (LAN) from mobile radio communication.
Background technology
Recently, except that the current mobile radio communication that service is being provided, develop a kind of public wireless local local area network (LAN) that is used to cover specific wireless data traffic larger area, and advance rapidly in the process of commercialization.
Generally speaking, the wireless local local area network (LAN) is meant between computer and computer, or between computer and other communication system, utilizes electric wave (RF:Radio Frequency) or the wireless local area network (LAN) that carries out data transmit-receive of light.The particularly main both at home and abroad wireless local local area network (LAN) that uses uses the frequency of 2.4GHz wave band now, serves as the main service that constantly enlarges with the IEEE 802.11b standard of maximum transfer rate 11Mbps.In this wireless local local area network (LAN), in order to carry out authentification of user, used IEEE 802.1x, used " EAP-MD5/TLS/TTLS " to wait as the authentication protocol between radio zone.Wherein, the mode of information such as authentication protocol use input address name (ID), password/certificate of certification between radio zone.
When utilizing this wireless local local area network (LAN) to use real-time application, mobile communication terminal obtains service after carrying out authenticating step.
; such as when using the services in real time such as voice (Voice over IP:VoIP) service of internet protocol-based; if mobile communication terminal handover/roaming or from mobile radio communication handover/roam to the wireless local local area network (LAN) between the wireless local local area network (LAN) then needs to carry out again authenticating step.Therefore, because this authenticating step, the middle situation that service disruption takes place causes service quality (Quality ofService:Qos) to descend.In order to address this is that, prior authentication (pre-authentication) mode has been proposed, with reference to the accompanying drawings, this prior authentication mode is described.
Fig. 1 is the structured flowchart that carries out the required system of mobile communication terminal authentication in advance in the existing wireless local local area network (LAN).
As shown in Figure 1, current mobile communication terminal 10 is in the state that is connected in the 1st access point (AP1) 21 and obtains service.At this moment, when handovers take place for mobile communication terminal 10, when attempting to be connected with the 2nd access point (AP2) 22, mobile communication terminal 10 needs the authentication of access authentication server 30 in order to be connected with the 2nd access point 22.Therefore, mobile communication terminal 10 is connected required prior authentication for carrying out with the 2nd access point 22, from the prior authentication-related information of the 1st access point 21 acquisitions of original connection.And mobile communication terminal 10 is given the 1st access point 21 message transmission of relevant the 2nd access point 22.
Even as above use prior authentication mode, still can append signaling, correspondingly cause postponing with the connect hours of the 2nd new access point 22.Therefore, in requiring real-time service,, cause being difficult to providing smoothly service because of service delay or data loss etc.
And, in certificate server, be not used in the information of the mobile communication terminal in mobile communication terminal that difference authenticates in advance and actual the use, so, can't distinguish particular terminal and be in prior authentication state or be in actual user mode.Therefore, if certificate server by the charge of time unit, then can duplicate the hidden danger of charge.
In addition, when certificate server is not supported multiple login (Log in) to a user, also can't authenticate in advance.
Summary of the invention
Therefore, the object of the present invention is to provide and a kind ofly moving between the wireless local local area network (LAN) or when mobile radio communication enters the wireless local local area network (LAN), utilizing adjacent new access point to authenticate required method and system in advance when mobile communication terminal.
For achieving the above object, method of the present invention is as the first authentifaction method when mobile communication terminal enters neighboring access points, it is characterized in that comprising following several steps: above-mentioned mobile communication terminal is by above-mentioned neighboring access points, to the step of the prior authentication of certificate server request; If above-mentioned new access point is permitted above-mentioned prior authentication, then the authentication information of above-mentioned mobile communication terminal is set to prior authentication state, notifies the step of prior authentication success to above-mentioned mobile communication terminal; Above-mentioned mobile communication terminal releasing is connected with former access point, carries out step of connecting with above-mentioned new access point; Above-mentioned mobile communication terminal and above-mentioned new access point receive the step that sends data.
For achieving the above object, system of the present invention is as authenticate required system in advance when mobile communication terminal enters neighboring access points, it is characterized in that comprising following several sections: above-mentioned mobile communication terminal, it authenticates in advance by above-mentioned new access point request, if authenticate licensed, then before removing, after the connection of access point, be connected, receive with above-mentioned new access point and send data with above-mentioned new access point; Above-mentioned new access point, if above-mentioned prior authentication is licensed, the authentication information of the above-mentioned mobile communication terminal of above-mentioned new access point is set to prior authentication state, notifies prior authentication success to above-mentioned mobile communication terminal; Certificate server, if receive the request of prior authentication from above-mentioned mobile communication terminal, it judges whether to permit prior authentication.
Adopt the present invention, when mobile communication terminal is moving between the wireless local local area network (LAN) or when mobile radio communication enters the wireless local local area network (LAN), utilize adjacent new access point to obtain authentication in advance, therefore certificate server can manage the state of above-mentioned mobile communication terminal, reduces unnecessary signaling.
Describe the present invention below in conjunction with the drawings and specific embodiments, but not as a limitation of the invention.
Description of drawings
Fig. 1 is the structured flowchart that carries out the required system of mobile communication terminal authentication in advance in the existing wireless local local area network (LAN);
Fig. 2 is the structured flowchart of the required system of mobile communication system authentication in advance of the embodiment of the invention;
Fig. 3 is the flow chart that the mobile communication terminal of the embodiment of the invention is carried out prior authenticating step when entering the wireless local local area network (LAN).
Wherein, Reference numeral:
22: the 2 access points of 21: the 1 access points
30: certificate server 110: mobile communication terminal
122: the 2 access points of 121: the 1 access points
130: certificate server
Embodiment
With reference to the accompanying drawings, describe useful embodiment of the present invention in detail.It should be noted that in the following description only the required part of action and effect of the present invention is understood in explanation, the explanation of part is omitted in addition, to prevent to obscure main idea of the present invention.
In an embodiment of the present invention, mobile communication terminal is authenticated required method during handover/roaming in advance between the wireless local local area network (LAN) describe, before the method explanation, explanation is authenticated in advance the structure of required wireless local local area network (LAN).It should be noted that wherein first authentifaction method is not only applicable to the situation of mobile communication terminal handover/roaming between the wireless local local area network (LAN), and, be suitable for too from the situation of mobile radio communication handover/roam to wireless local local area network (LAN).
Fig. 2 is the structured flowchart of the required system of mobile communication system authentication in advance of the embodiment of the invention.
As above-mentioned shown in Figure 2, the wireless local local area network (LAN) by with access point (the Access Point:AP1 of mobile communication terminal 110 wireless connections, AP2) 121,122, carry out above-mentioned mobile communication terminal 110 authentications and constitute with the certificate server (RADIUS Server) 130 of above-mentioned access point 121,122 wired connections.
Prior authentication and actual user mode that above-mentioned certificate server 130 is preserved mobile communication terminal 110.
Above-mentioned mobile communication terminal 110 becomes prior authentication state to certificate server 130 authentication attempts after success, if realize transceive data later on, then become actual user mode.
With reference to the accompanying drawings, illustrate in having the wireless local local area network (LAN) of as above structure, when mobile communication terminal is mobile between the wireless local local area network (LAN), authenticate required method in advance.
Fig. 3 is the flow chart that the mobile communication terminal of the embodiment of the invention is carried out prior authenticating step when entering the wireless local local area network (LAN).
In 300 steps, the 1st access point 121 in mobile communication terminal 110 and current the connection receives and sends voice and bag data.At this moment, in 310 steps, if above-mentioned mobile communication terminal 110 enters, that is, be handed off to adjacent wireless local local area network (LAN), then mobile communication terminal 110 need be from certificate server 130 access authentications.Have only access authentication, mobile communication terminal 110 could be connected with the access point of above-mentioned wireless local local area network (LAN), receives continuously to send data.
Above-mentioned mobile communication terminal 110 is near behind above-mentioned the 2nd access point 122, and in 320 steps, above-mentioned mobile communication terminal 110 transmits the prior authentication request message that is used to authenticate in advance to above-mentioned the 2nd access point 122.So, in 325 steps, after the 2nd access point 122 is confirmed prior authentication request message, prior authentication request message is transferred to certificate server 130.So certificate server 130 is confirmed the prior authentication request message of above-mentioned reception, judge whether to permit the prior authentication of above-mentioned mobile communication terminal 110.
In 330 steps, when prior authentication is licensed, after the 2nd access point 122 receives prior authentication success message from above-mentioned certificate server 130, in 335 steps, to the prior authentication success message of mobile communication terminal 110 transmission.Behind this prior authentication success, in 336 steps, above-mentioned the 2nd access point 122 and the mobile communication terminal 110 of certificate server 130 at prior authentication success are the terminal authentication information setting prior authentication state.
In 340 steps, the mobile communication terminal 110 that obtains above-mentioned prior authentication transmits the releasing connection message in order to disconnect with the connection of current the 1st access point 121 that is connected, and in 350 steps, transmits the request connection message in order to be connected with the 2nd access point 122.
In 360 steps, mobile communication terminal 110 receives to connect from above-mentioned the 2nd access point 122 finishes message.At this moment, in 365 steps, whether the above-mentioned mobile communication terminal 110 that obtains authentication in advance before the 2nd access point 122 is confirmed is the actual terminals used of beginning.
In 370 steps, the 2nd access point 122 is finished along with connection and is received the transmission data.At this moment, in 375 steps, above-mentioned the 2nd access point 122 is used to notify above-mentioned mobile communication terminal 110 whether to be in the actual user mode message of actual user mode to certificate server 130 transmission.So in 376 steps, the authentication information of certificate server 130 above-mentioned mobile communication terminals 110 is set to actual user mode.
In sum, the present invention has following effect, promptly, when mobile communication terminal is moving between the wireless local local area network (LAN) or when mobile radio communication enters the wireless local local area network (LAN), utilize adjacent new access point to obtain authentication in advance, therefore certificate server can manage the state of above-mentioned mobile communication terminal, reduces unnecessary signaling.
Certainly; the present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art work as can make various corresponding changes and distortion according to the present invention, but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention.
Claims (8)
1. the first authentifaction method of a mobile communication terminal, the first authentifaction method at when mobile communication terminal enters adjacent new access point is characterized in that, comprises following several steps:
Described mobile communication terminal is by above-mentioned neighboring access points, to the step of the prior authentication of certificate server request;
If described new access point is permitted described prior authentication, then the authentication information of described mobile communication terminal is set to prior authentication state, notifies the step of prior authentication success to described mobile communication terminal;
Described mobile communication terminal releasing is connected with former access point, carries out step of connecting with described new access point;
Described mobile communication terminal and described new access point receive the step that sends data.
2. the first authentifaction method of mobile communication terminal according to claim 1 is characterized in that, also comprises following several steps:
Send data if described new access point and described mobile communication terminal receive, then confirm the step of the actual use of described mobile communication terminal;
Described new access point is in the step of the message transmission of actual user mode to described certificate server to the described mobile communication terminal of expression.
3. the first authentifaction method of mobile communication terminal according to claim 2 is characterized in that, also comprises: the authentication information of the described mobile communication terminal of described certificate server is set to the step of actual user mode.
4. the first authentifaction method of mobile communication terminal according to claim 1 is characterized in that, also comprises: if described prior authentication is licensed, the authentication information of the described mobile communication terminal of described certificate server is set to the step of prior authentication state.
5. the prior Verification System of a mobile communication terminal at authenticate required system in advance when mobile communication terminal enters adjacent new access point, is characterized in that, comprises following several sections:
Mobile communication terminal authenticates in advance by described new access point request, if authenticate licensed, then remove with being connected of access point in the past after, be connected with described new access point, with described new access point reception transmission data;
New access point, if described prior authentication is licensed, the authentication information of the described mobile communication terminal of described new access point is set to prior authentication state, notifies prior authentication success to described mobile communication terminal;
Certificate server if receive the request of prior authentication from described mobile communication terminal, then judges whether to permit prior authentication.
6. the prior Verification System of mobile communication terminal according to claim 5 is characterized in that, if described prior authentication is licensed, the authentication information of the described mobile communication terminal of then described certificate server is set to prior authentication state.
7. the prior Verification System of mobile communication terminal according to claim 5, it is characterized in that, if receiving, described new access point and described mobile communication terminal send data, then confirm the actual use of described mobile communication terminal, the message transmission that the described mobile communication terminal of expression is in actual user mode is given described certificate server.
8. the prior Verification System of mobile communication terminal according to claim 7, it is characterized in that, if described certificate server receives the information of the described actual user mode of expression, then the authentication information of described mobile communication terminal is set to actual user mode.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020050036509A KR100619998B1 (en) | 2005-04-30 | 2005-04-30 | Method and system for in mobile communication station |
KR1020050036509 | 2005-04-30 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1855816A true CN1855816A (en) | 2006-11-01 |
CN100583763C CN100583763C (en) | 2010-01-20 |
Family
ID=37195687
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200610000924A Expired - Fee Related CN100583763C (en) | 2005-04-30 | 2006-01-12 | First authentification method and system for mobile communication terminal |
Country Status (2)
Country | Link |
---|---|
KR (1) | KR100619998B1 (en) |
CN (1) | CN100583763C (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100998704B1 (en) * | 2008-12-08 | 2010-12-07 | 경북대학교 산학협력단 | High speed handover method in the wireless LAN having a plurality of mobility domain |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3870081B2 (en) | 2001-12-19 | 2007-01-17 | キヤノン株式会社 | COMMUNICATION SYSTEM AND SERVER DEVICE, CONTROL METHOD, COMPUTER PROGRAM FOR IMPLEMENTING THE SAME, AND STORAGE MEDIUM CONTAINING THE COMPUTER PROGRAM |
KR20030052775A (en) * | 2001-12-21 | 2003-06-27 | 아이피원(주) | Method for protecting cutting off data stream transmission at authentication in WLAN |
JP2003198557A (en) | 2001-12-26 | 2003-07-11 | Nec Corp | Network, and wireless lan authenticating method to be used therefor |
KR100882431B1 (en) * | 2002-06-25 | 2009-02-05 | 주식회사 케이티 | A Method of reducing authentication delay for mobile host by simplified authentication token |
-
2005
- 2005-04-30 KR KR1020050036509A patent/KR100619998B1/en active IP Right Grant
-
2006
- 2006-01-12 CN CN200610000924A patent/CN100583763C/en not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
KR100619998B1 (en) | 2006-09-06 |
CN100583763C (en) | 2010-01-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8078175B2 (en) | Method for facilitating a handover of a communication device, communication device, application server for facilitating a handover of a communication device, and communication system arrangement | |
AU2005236981B2 (en) | Improved subscriber authentication for unlicensed mobile access signaling | |
US7864732B2 (en) | Systems and methods for handoff in wireless network | |
EP2658301B1 (en) | Non-mobile authentication for mobile network gateway connectivity | |
US8199720B2 (en) | Method for handover between heterogenous radio access networks | |
KR101538005B1 (en) | Data stream transmission method and related device and system | |
EP1597866B1 (en) | Fast re-authentication with dynamic credentials | |
EP1693995B1 (en) | A method for implementing access authentication of wlan user | |
CN102006646B (en) | Switching method and equipment | |
CN1505314A (en) | A method for fast, secure 802.11 re-association without additional authentication, accounting, and authorization infrastructure | |
US20090290556A1 (en) | Wireless network handover with single radio operation | |
US20050025182A1 (en) | Systems and methods using multiprotocol communication | |
US8891498B2 (en) | Method for wireless network re-selection in a plurality of networks environment | |
JP4557968B2 (en) | Tight coupling signaling connection management for connecting wireless and cellular networks | |
CN1604520A (en) | Control method for wireless communication system, wireless communication device, base station, and authentication device in communication system | |
EP1424810B1 (en) | A communication system and method of authentication therefore | |
WO2004084463A3 (en) | Method and apparatus for performing a handoff in an inter-extended service set (i-ess) | |
WO2008110432A1 (en) | Method and arrangement for the composition of a first and a second communication access network | |
CA2583182C (en) | Reducing handoff latency for a mobile station | |
CN100583763C (en) | First authentification method and system for mobile communication terminal | |
CN103067993B (en) | Wireless terminal and make its method switched between two kinds of wireless networks | |
KR100623291B1 (en) | Handoff system for relating cdma2000 with portable internet and method therof | |
KR100623292B1 (en) | Method for handoff of relation from portable internet to cdma2000 network | |
Mathonsi | Optimized handoff and secure roaming model for wireless networks | |
Prajapati et al. | Design and deployment of Wi-Fi service inside running metro trains |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C17 | Cessation of patent right | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100120 Termination date: 20110112 |