Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L67/00—Network arrangements or protocols for supporting network services or applications
  • H04L67/01—Protocols
  • H04L67/04—Protocols specially adapted for terminals or networks with limited capabilities; specially adapted for terminal portability
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04W—WIRELESS COMMUNICATION NETWORKS
  • H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
  • H04W12/06—Authentication
  • H04W12/069—Authentication using certificates or pre-shared keys
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
  • H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/16—Implementing security features at a particular protocol layer
  • H04L63/162—Implementing security features at a particular protocol layer at the data link layer
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04W—WIRELESS COMMUNICATION NETWORKS
  • H04W84/00—Network topologies
  • H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
  • H04W84/10—Small scale networks; Flat hierarchical networks
  • H04W84/12—WLAN [Wireless Local Area Networks]

Definitions

• the present invention is directed to the use of the Internet web technology to perform a home location register function in a wireless access network.
• HLR Home Location Register
• SS7 Signaling System #7
• PSTN Public Switched Telephone Network
• RADIUS server provides such function.
• a description of RADIUS is provided by an Internet article, RFC2138 Remote Authentication Dial-In User Service (RADIUS) by C. Rigney, et al., April 1997 which is available at WWW.IETF.ORG (Internet Engineering Task Force) .
• RADIUS Remote Authentication Dial-In User Service
• This system has only been used for Public Switched Telephone Network access.
• Traditional mobile communications roaming methods protocols may not satisfactorily support the roaming function of the Internet Protocol (IP) based wireless access system describe in the above co-pending application 09/432,824. There is therefore a need for provision of HLR functions and roaming in an IP based wireless access system whereby the above disadvantages may be alleviated.
• IP Internet Protocol
• a wireless access network system as claimed in claim 13.
• a RADIUS arrangement for use in a wireless access network system, as claimed in claim 25.
• a network controller for use in a wireless access network system, the network controller having a RADIUS client for use with a RADIUS server in authorising user access to the network, as claimed in claim 26.
• a computer program element comprising computer program means for performing the method of operation in a wireless access network system, as claimed in claim in claim 27.
• a method of operating a cellular wireless Internet access system using RADIUS Remote Authentication Dial-In User Service which is normally used for dial-up Internet access over the PSTN (Public Switched Telephone Network) where the user utilizes a portable subscriber terminal with a directly attached antenna for communicating in a wireless manner via a cellular network to an integrated network controller and then to a target Internet Service Provider (ISP), comprising the steps of providing the subscriber terminal with an access network operator identifier and user identifier and password, both related to said access network operator.
• the subscriber terminal requests Internet access from the integrated network controller.
• the integrated network controller requests verification of the user from the RADIUS server of the operator.
• the RADIUS server verifies the user identifier and password.
• the integrated network controller receives an acceptance message.
• the integrated network controller connects to a layer two tunneling protocol network server and a targeted Internet service provider and the subscriber terminal begins an Internet session.
• FIG. 1 is a block diagram of an Internet system illustrating the present invention.
• FIG. 2 is a flow chart illustrating the method of FIG. 1 of the present invention.
• FIG. 3 is a diagram illustrating the method of FIG. 1 of the present invention.
• FIG. 4 is a block diagram similar to FIG. 1.
• FIG. 5 is a flow chart for FIG. 4,
• FIG. 6 is a data format diagram.
• Each wireless access user has a personal computer PC and a UMTS user equipment (UE) 21' and 22' with a directly attached antenna 20 and is connected by typical data connections such as an RS232, USB or Ethernet to the PC.
• the user equipment is termed a portable subscriber terminal, operating in conjunction with its associated PC.
• the wireless access user is described in the above co- pending application and is a part of a UMTS/UTRAN system 23 as described in the above co-pending application, which communicates in a wireless manner via a UTRAN network to an integrated network controller (INC) 24, via a link 1.
• INC integrated network controller
• Such controller may be connected by wire or otherwise to an Internet system or web 31.
• the controller 24 includes an RNC or Radio Network Controller 26, which controls and allocates the radio network resources and provides reliable delivery of user traffic between a base station (NODE B) and subscriber terminal.
• An SGSN (Serving General Packet Radio Service Node) 27 provides session control.
• a RADIUS element designated RADIUS client 28 is incorporated to provide authentication and other functions.
• the Internet protocol network 31 is connected to INC 24 by an Internet Protocol connection 32 and then to a UMTS access network operator 35, through its Layer 2 Tunneling Protocol Network Server 35', having a RADIUS server 34.
• RADIUS server unit 34 may, for example, be in the user's home area of San Francisco (S.F.) and is the home Radius server. Thus, this is the server for both authentication and accounting functions as described in the above co- pending application.
• the user would communicate via the network 31 with target Internet service provider 36 through its Layer 2 Tunneling Protocol Network Server LNS 36'.
• the user's subscriber terminal may be in New York (N.Y.)
• he is a roaming user, who must use a partner access network operator.
• RADIUS server 37 N.Y.
• UMTS access network operator 38 which has a roaming agreement.
• that operator 38 would have an LNS unit 38' .
• FIG. 2 illustrates the typical home operation of the system using RADIUS servers where after start as shown in step 1, the integrated network controller (INC) receives a session request from the mobile wireless user (UE) for Internet access.
• the numbered steps of FIG. 2 correspond to the communication paths illustrated in FIG. 1.
• INC 24 requests access verification for the mobile wireless user from the RADIUS server 34.
• the link 2 is illustrated in network 31.
• the decision is made by RADIUS server 34 whether to accept or reject the user as shown by the accept and reject paths and verifies the user ID and password.
• Each user has both a user identifier, a user password, and also includes an identification for its access network operator 35.
• step 9 the INC 24 tears down the session and it comes to an end.
• the integrated network controller receives the accept message (see the link 4 in the network 31 in FIG. 1) with the subscribed-to-tier of service, roaming indicator (in this case it would be negative) and target ISP.
• step 5 see the link 5 in FIG. 1) the INC 24 connects to the LNS 36' of the target ISP 36 and the user does an end-to-end negotiation for ISP access with LNS 36'. Then the Internet session, between the user' s PC and the target ISP begins.
• FIG. 3 illustrates the normal authentication, connection and session tear down between the INC radius client 28 and the home server 34.
• access is requested and then accepted in 42.
• the connection is made as shown in 43 via a layer 2 tunneling protocol tunnel to the target ISP.
• a user disconnect notification is provided to the radius server 34 as discussed in the above co-pending application.
• FIG. 4 is very similar to FIG. 1 and simplified with the links 1, 2, 4, 5 being the same as illustrated in FIG. 1.
• the user is attempting to gain access via UMTS roaming where access is desired with the partner or operator 38 with a roaming agreement.
• step 1 the INC 24 receives a session request from the wireless user as before. Then, in step 2 the INC 24 requests access verification for the mobile wireless user from the radius server 34.
• the access network operator identifier which has been supplied to the UE 21' and 22' is sent up via the radius client 28 and the SGSN 27 but identifies a different UMTS access network operator, with whom this operator has a roaming agreement.
• the users 21 and 22, as illustrated in FIG. 4 are now out of their home territory as shown by the access network operator ID.
• step 3' the radius server 34 determines that this is a request from a roaming user (based on operator ID sent up in the request) and it forwards (link 3', FIG. 4) the request to the partner operator radius server 37.
• the partner radius server 37 verifies user ID and password. If no verification occurs, then a rejection and tear down occurs as shown in steps 8 and 9 similar to FIG. 2. However, if acceptance occurs then in step 10 via the link 10 as shown in FIG. 4 between partner operator 38 and home operator 35, the home radius server 34 receives the accept and passes it on to the INC 24. In step 4 and the link 4 shown in FIG. 4 (similar to that of FIG.
• step 5 the INC 24 receives the accept message with the subscribed-to-tier of service, the roaming indicator (which in this case is positive) , and the subscribed-to ISP.
• the INC 24 connects to the LNS of the target ISP 36. Again, the user begins a session.
• the message types, structure and encoding are standard as outlined in the RFC 2138 above. As shown in those standards, the data packets all have pre-assigned attributes which are given a standard attribute number. To facilitate the additional functionality required for a RADIUS server to perform the HLR function, the standard attributes are required and also additional attributes. These are all contained in the code format of FIG. 6 where octets relate to the data octets and the box labeled TYPE relates to the attribute number. In the RADIUS system, attribute number 26 is a vendor-specific attribute. Morever, this is believed to be the most convenient way in order to interface with the standard RADIUS system.
• FIG. 6 is a basic code format which would be modified for each particular function and, thus, it illustrates in general the basic code format.
• a user name attribute is included (that is, type number 1) and the data of the octet string takes the form of a network access identifier (NAI) defined by an attribute number 32.
• NAI network access identifier
• the vendor specific attribute which differentiates this system from the standard PSTN system would in the box of FIG. 6 labeled IPW-Type and have the number 10 to show a NODE B ID (that is, the base station ID) .
• the identification of that ID would actually be in the VALUE box as shown in FIG. 6.
• Another vendor-specific attribute is the ISP name indicated in the IPW-Type box by the number 9, and the actual name would be expressed as a string octet as indicated in FIG. 6.
• the present system provides a tier of service value which is related to the data capacity which the ultimate subscriber terminal is to have and also the latency.
• latency is defined as a time lag between the beginning of a request for data and the moment it begins to be received.
• tier of service is indicated by IPW-Type attribute number 1 and in the value field the following enumerated values are provided starting from a low level to a high level.

Landscapes

• Engineering & Computer Science (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Computer Security & Cryptography (AREA)
• Mobile Radio Communication Systems (AREA)
• Small-Scale Networks (AREA)

Applications Claiming Priority (3)

Publications (1)

Family

ID=24511458

Family Applications (1)

Country Status (7)

Cited By (1)

Families Citing this family (11)

Family Cites Families (10)

• 2001
  • 2001-07-27 WO PCT/GB2001/003385 patent/WO2002011467A2/en not_active Application Discontinuation
  • 2001-07-27 EP EP01953216A patent/EP1410569A2/de not_active Withdrawn
  • 2001-07-27 CA CA002384890A patent/CA2384890A1/en not_active Abandoned
  • 2001-07-27 JP JP2002515858A patent/JP5083718B2/ja not_active Expired - Lifetime
  • 2001-07-27 MX MXPA02003159A patent/MXPA02003159A/es unknown
  • 2001-07-27 GB GB0118391A patent/GB2369271B/en not_active Expired - Lifetime
  • 2001-07-27 AU AU75711/01A patent/AU784411B2/en not_active Ceased

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events