WO2004102876A1 - 無線lanアクセス認証システム - Google Patents
無線lanアクセス認証システム Download PDFInfo
- Publication number
- WO2004102876A1 WO2004102876A1 PCT/JP2003/012125 JP0312125W WO2004102876A1 WO 2004102876 A1 WO2004102876 A1 WO 2004102876A1 JP 0312125 W JP0312125 W JP 0312125W WO 2004102876 A1 WO2004102876 A1 WO 2004102876A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- terminal device
- access
- wireless terminal
- wireless
- authentication
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2854—Wide area networks, e.g. public data networks
- H04L12/2856—Access arrangements, e.g. Internet access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/50—Secure pairing of devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
Definitions
- the present invention relates to a wireless LAN access authentication system for performing access authentication of a wireless terminal device that transmits and receives wireless signals, and in particular, at least two or more wireless terminal devices that access the wireless terminal device through a wireless section that transmits the wireless signal.
- the present invention relates to a wireless LAN access authentication system in a network system in which a plurality of wireless LAN network systems having an access point unit are integrated.
- an access-authenticated state of the wireless terminal device is created in advance in an access point unit where the wireless terminal device of the user may hand over.
- There has been proposed a system in which access authentication to the access point unit is not required at the time of handover of the wireless terminal device so that prompt communication can be performed for example, the “2003 IEICE General Conference”. B — 6-19 4 See “A Study on Speeding Up Handover in Wireless LAN”).
- the authentication server searches for an access point that can be handed over by the user's wireless terminal device from the geographical information of the access point that is stored in advance, and stores the session key in the corresponding access point. To distribute.
- a peripheral access point unit to which the user's wireless terminal device can hand over holds the session key notified from the authentication server.
- the access point unit which communicates with the user's wireless terminal device, is held by the access point unit when the wireless terminal device performs handover. If the matching session key and the session key held by the wireless terminal device match, communication is permitted.
- the access point unit that first detects packet communication from the user's wireless terminal device notifies the authentication server of the user's wireless terminal device.
- the authentication server notifies the session key to an access point of a communication area in which the user's wireless terminal device has newly entered, and releases the session key to the access point outside the communication area. Request.
- the wireless LAN network system for example, an in-house wireless LAN network system and a public wireless LAN network system are integrated, and when the wireless terminal device moves between these network systems, this wireless terminal A network system that seamlessly continues the communication service of the device has been receiving attention.
- the authentication server is arranged at a center station that communicates with the plurality of wireless LAN network systems to centrally manage the wireless terminal devices.
- Network systems are conceivable.
- the wireless terminal device moves through the plurality of wireless LAN network systems and hands over to a new access point unit. Think about the case.
- the wireless terminal device and the authentication server of the center station are It is necessary to exchange the authentication number (authentication signal) between the two. Therefore, in the conventional wireless LAN access authentication system, the access authentication of the wireless terminal device and the distribution of a WEP key, which is an encryption key for encrypting a wireless signal transmitted in the wireless section, are accompanied. However, there is a problem that the time required for handover of the wireless terminal device is increased due to the access authentication procedure performed by the user and packet loss is caused.
- the authentication signal is exchanged between the wireless terminal device and the central station every time the wireless terminal device moves between a plurality of access points. Therefore, the occupancy of the control signal such as the authentication signal in the transmission line between the one center station and each of the wireless LAN network systems increases, and the transmission line band cannot be effectively used. Problems arise.
- the plurality of wireless LAN network systems are integrated, and the user ID and the WEP key used for access authentication of the wireless terminal ft are centrally managed by the center station. In such a large-scale network system, it is difficult to apply the communication method.
- the wireless terminal is connected between the plurality of wireless LAN network systems.
- the device In order for the device to be able to move seamlessly, it is necessary to distribute the WEP key to access points around each wireless LAN network system each time the wireless terminal device moves.
- control signal such as the authentication signal is transmitted through a transmission path between the center station and each of the plurality of wireless LAN network systems. Replace frequently There is no change in things.
- the authentication server of the center station manages positional information of the wireless terminal device and geographical information of each access point of the wireless LAN network system.
- the management of the geographical information of each access point by the authentication server of the center station further increases the load on the authentication server.
- An object of the present invention is to integrate a plurality of wireless LAN network systems.
- a wireless LAN access authentication system of the present invention includes a plurality of wireless LAN network systems and a center station that integrates and manages the plurality of wireless LAN network systems.
- Each of the plurality of wireless LAN network systems includes at least two or more access point units that wireless terminal devices that transmit and receive wireless signals access through a wireless section, and a data signal and a data signal between each of the access point units.
- a central station that relays transmission and reception of data signals and control signals between the gateway devices of the plurality of wireless LAN network systems, and Performing access authentication of the wireless terminal device accessed to the access point unit, and Wherein the encryption key used for encryption of the radio section processes the authenticated wireless terminal devices communicate wireless terminal ⁇
- a wireless LAN access authentication system in a network system comprising: an authentication server distributed to the access point unit; and wherein the wireless terminal is provided in each of the plurality of wireless LAN network systems and is in its own communication area. Access management for managing access status of the device to the authentication server and confirming whether the wireless terminal device has access to the authentication server when the wireless terminal device moves to a communication area of a new access point unit.
- the wireless terminal device which is provided in each of the plurality of wireless LAN network systems and manages a sign key distributed from the authentication server, and moves to a communication error of another access point unit, is operated by the access management means.
- the wireless terminal device communicates.
- An encryption key management means for distributing the encryption key of the radio section to the new access point section of the destination radio terminal apparatus and the wireless terminal device which comprises a.
- FIG. 1 is a schematic diagram showing a configuration of a wireless LAN access authentication system according to Embodiment 1 of the present invention.
- FIG. 2 is a sequence diagram showing an operation of access authentication in the wireless LAN access authentication system according to Embodiment 1 of the present invention.
- FIG. 3 is a block diagram showing a configuration of a gateway device of each wireless LAN network system used in the wireless LAN access authentication system according to Embodiment 1 of the present invention.
- FIG. 4 is a sequence diagram showing an operation of access authentication when a wireless terminal device moves in the wireless LAN access authentication system according to Embodiment 1 of the present invention
- FIG. 5 is a diagram showing Embodiment 2 of the present invention.
- FIG. 6 shows a wireless LAN access authentication system according to Embodiment 2 of the present invention.
- FIG. 7 is a block diagram illustrating a configuration of a wireless terminal device used in a wireless LAN access authentication system according to Embodiment 3 of the present invention.
- FIG. 8 is a block diagram showing another configuration of the wireless terminal device used in the wireless LAN access authentication system according to Embodiment 3 of the present invention.
- the gist of the present invention is that the access management means of each wireless LAN network system manages the access status of a wireless terminal device to an authentication server of a center that integrates a plurality of wireless LAN network systems, and communicates with a new access point unit. If it is confirmed that the wireless terminal device that has moved to the area has already accessed the authentication server, the wireless terminal device and the wireless terminal device and the wireless chain management device of each wireless LAN network system use the encryption key of the wireless LAN network system. This is to distribute to a new access point to which the wireless terminal device moves.
- FIG. 1 is a schematic configuration diagram showing a configuration of a network system using a wireless LAN access authentication system according to Embodiment 1 of the present invention.
- this network system consists of a center station 100, a head office wireless LAN network system 110, a branch office wireless LAN network system 120, and a public wireless LAN network system 13 It has 0.
- a center station 100 centrally manages a head office wireless LAN network system 110, a branch office wireless LAN network system 120, and a public wireless LAN network system 130. Also, the center station 100 It has a center station gateway device 101 and an authentication server 102.
- the headquarters wireless LAN network system 11 ⁇ has a headquarters @ gateway device 111 and access points 112, 113, 114 at the headquarters.
- communication is performed using wireless terminal devices 115, 116 such as notebook computers, PDAs, and mobile phones.
- the branch office wireless LAN network system 120 includes a branch office gateway device 121 and branch office access point units 122, 123, and 124.
- communication is performed using wireless terminal devices 125 and 126 such as a notebook computer, a PDA, and a mobile phone.
- the public wireless LAN network system 130 has a public gateway device 131 and public access point units 132, 133, and 134.
- this public wireless network 130 communication is performed using wireless terminal devices 135 and 136 such as a notebook computer, a PDA, and a mobile phone.
- the wireless terminal device accesses the head office wireless LAN network system 110, the branch office wireless LAN network system 120 or the public wireless LAN network system 130 for the first time.
- an access request is made to the desired access point unit (here, the in-house access point unit 114).
- the access of the wireless terminal device 116 is authenticated through a predetermined authentication procedure.
- This authentication procedure is performed, for example, based on the IEEE 802.1X protocol, based on the wireless terminal device 1 16 This is performed by accessing the authentication server 102 of the center station 100 via the internal gateway device 111 and the center station gateway device 101 of the center station 100.
- an identity is requested from the head office access point unit 114 to the wireless terminal device 116 that has made an access request to the head office access point unit 114. Is done.
- the wireless terminal device 116 transmits a response signal including the user ID of the user of the wireless terminal device 116 to the head office access point unit 114 in response to the request of the above-mentioned Idntity.
- the in-house access point unit 114 Upon receiving the response signal, the in-house access point unit 114 transmits an authentication signal for performing access authentication of the wireless terminal device 116 to the in-house gateway device 111.
- the wireless terminal device 1 16 in the head office wireless LAN network system 110 accesses the authentication server 102 of the center station 100 through the head office access point section 114. Has been described, but the same applies to other wireless terminal devices.
- Gateway devices 111, 122, 130 installed in each wireless LAN network system 110, 120, 130 of the network system using the wireless LAN access authentication system according to the first embodiment. 31 has the following configuration.
- FIG. 3 is a block diagram showing a gateway device having a configuration common to each of the gateway devices 11 1, 12 1, and 13 1.
- each of the gateway devices 1 1 1, 1 2 1, and 1 3 1 includes a data transmitting / receiving section 301, a switching section 302, a switching section 303, and a data transmitting / receiving section 30. 4. Equipped with a user access management section 305 and a WEP key management section 306.
- the data transmission / reception unit 301 transmits / receives data to / from the access point unit with which communication is performed.
- Switching section 302 selects a transmission path for data transmission / reception section 301.
- the switching section 303 is connected to the data transmission / reception section 304. Select the transmission path to be used.
- the data transmission / reception unit 304 transmits / receives data to / from the center station gateway device with which communication is performed.
- the user access management section 305 manages the access status of each wireless terminal device to be communicated.
- the WEP key management unit 303 manages an encryption key (WEP key) distributed from the authentication server 102 in association with the assigned wireless terminal device.
- the gateway device (herein, the in-house gateway device 111), for example, receives the access request from the wireless terminal device (here) by the response signal including the user ID transmitted from the access point unit 114. Then, confirm the access status of the wireless terminal device 1 16).
- the access-requested wireless terminal device 116 is the initial access wireless terminal device to be accessed for the first time, “no access” is registered in the user access management unit 304.
- the response is sent to the authentication server 102 via the center station gateway device 101 of the center station 100 which performs centralized management. Transfer the signal.
- the authentication server 102 Upon receiving the response signal, the authentication server 102 communicates with the wireless terminal device 1 16 that has requested access via the center station gateway device 101, the gateway device 111, and the access point unit 114. The authentication sequence is exchanged between the terminals to perform access authentication of the wireless terminal device 116 that has requested this access. Also, when the access authentication of the wireless terminal device 116 that has made the access request is completed as described above, the authentication server 102 transmits and receives the transmission / reception data of the wireless section to the wireless terminal device and each access point unit.
- the gateway device 111 registers, for example, the user ID of the wireless terminal device 116 whose access authentication has been completed in the user access management unit 3005, and Manage the access status of 6.
- the WEP key management unit 303 associates the distributed encryption key (WE P key) with the assigned wireless terminal device 116 to complete the access authentication. 1 Save the 6 WEP key.
- FIG. 4 is a sequence diagram showing an operation when such a wireless terminal device moving between access point units performs access authentication.
- the wireless LAN network system is an in-house wireless LAN network system 110
- the access point unit is an in-house access point unit 114.
- the wireless terminal device is referred to as a wireless terminal device 116
- the access point section of the other wireless LAN network system is referred to as an access point section 124 of a branch office wireless LAN network system 120.
- the moving wireless terminal device 1 16 detects a beacon (call sign and carrier) from the new access point section 124 of the movement destination, and accesses the new access point section 124. Make a request and perform the access procedure for the specified wireless section.
- a beacon call sign and carrier
- the moving wireless terminal device 116 When the moving wireless terminal device 116 completes the access procedure, it receives a request for Id e nti t y from the new access point section 124 to perform the access authentication. In response to the request of I denit ity, the wireless terminal device 116 transmits a response signal including the user ID to the new access point unit 124 of the movement destination.
- the access point unit 124 that has received the response signal transmits a response signal from the wireless terminal device 116 to the gateway device 121. Based on the response signal including the user ID sent from the access point section 124, the gateway apparatus 122 receives a request from the user access management section 304 for an access request. Check the access status of one wireless terminal device 1 16.
- the gateway device 121 Searches for the WEP key assigned to the wireless terminal device 1 16 that has performed the communication, and replaces the WEP key registered in advance with the new access point section 124 to which the mobile device has been moved and the wireless device requested to access. Redistributed to terminal devices 1 16
- the wireless terminal device 1 16 to which the WEP key has been distributed in this way and the access point section 124 have encrypted the transmission / reception data of a predetermined wireless section using the redistributed WEP key. Perform communication.
- the user access management unit 300 and the WEP key management unit 303 manage the access status of the wireless terminal device and the assigned WEP key, and also perform a time-out function (not shown).
- the registration to the wireless terminal device for which there is no access request for a certain time is deleted, and the wireless terminal device is turned off and moved to another domain.
- the wireless LAN access authentication system includes: an access status of the wireless terminal device of the user; and a WEP protocol for each of the gateway devices 111, 121, and 131.
- the configuration is such that the user access management unit 304 and the WEP key management unit 303 that manage the keys are provided, but these user access management unit 300 and the WEP key management unit 303 are It is also possible to adopt a configuration in which the wireless LAN network system is separated from the gateway device and arranged independently in each of the wireless LAN network systems.
- the access authentication and the distribution of the WEP key when the wireless terminal device moves to access a new access point are performed by each wireless terminal. Since it can be performed by the gateway devices 11 1, 12 1, 13 1 arranged in the LAN network system, the time required for the access authentication procedure accompanying the movement of the wireless terminal device can be reduced. Can be
- the time required for handover when the wireless terminal device moves is reduced, and the time between each wireless LAN network system and the center station 100 is reduced.
- the number of authentication signalings can be significantly reduced, and the effective use of the bandwidth of the transmission path can be realized.
- the wireless LAN access authentication system includes, in addition to the function of the wireless LAN access authentication system according to the first embodiment of the present invention, the access time and the communication packet amount of the wireless terminal device with which communication is performed. It has a function to count
- the authentication server of the center station 100 is provided to the wireless terminal device when the access time or the communication packet amount of the wireless terminal device to communicate reaches a predetermined amount. Re-authentication with 102 and distribution of a new encryption key are required.
- FIG. 5 shows a configuration of a gateway device used in the 'wireless LAN access authentication system according to the second embodiment.
- the gateway device used in the wireless LAN access authentication system according to the second embodiment components having the same functions as those of the gateway device 300 shown in FIG. Detailed description is omitted.
- gateway apparatus 500 used in the wireless LAN access authentication system according to the second embodiment is different from user access management section 300 in the first embodiment of the present invention in that An access management unit 501 is provided.
- the user access management section 501 of the gateway device 500 includes an access time management section 502 and a communication packet amount management section 503.
- the access time management unit 502 counts the access time of each wireless terminal device that is communicating.
- the communication packet amount management unit 503 communicates with each of the communicating wireless terminal devices. Counts the amount of incoming packets.
- FIG. 6 is a sequence diagram showing an operation of the wireless LAN access authentication system according to the second embodiment up to re-authentication of a wireless terminal device (here, wireless terminal device 116) and redistribution of an encryption key. It is.
- the wireless terminal device 116 when access authentication between the wireless terminal device 1 16 that has made an access request and the authentication server 102 is completed, the wireless terminal device 116 starts communication with a desired network system. At the same time, the access time management unit 502 and the communication packet amount management unit 503 of the gateway device 500 start counting the access time and the bucket amount of the wireless terminal device 116.
- the wireless terminal device 1 16 communicating via the access point section 114 moves and attempts to communicate via the new access point section 124
- the mobile terminal apparatus 1 16 to be moved and the new access point section 1 24 to be moved to Redistributed.
- the moving wireless terminal device 116 communicates using the same encryption key as the encryption key distributed at the time of the initial access authentication.
- the gateway device 500 becomes A request signal is sent to the accessing wireless terminal device 116 so as to perform re-authentication and encryption key redistribution procedures with the authentication server 102 of the center station 100.
- the registered content of the access status of the wireless terminal device 116 of the user managed by the user access management unit 501 of the gateway device 500 is changed to the content that the re-authentication is required. Be changed.
- the communication mode of the wireless LAN access authentication system is based on the authentication transmitted from the wireless terminal device 116. The mode is switched to a mode in which the authentication signal is transferred to the authentication server 102 of the center station 100.
- the wireless terminal device 1 16 that has received the re-authentication and the redistribution request signal of the encryption key transmits an authentication request signal to the access point section 124, as shown in FIG. A series of authentication sequences is started.
- a new encryption key (WEP key) is issued from the authentication server 102 to the wireless terminal device 116 and a new access destination.
- the point unit 124 is distributed, and the wireless terminal device 116 communicates with the new access point unit 124 at the destination by encrypting the transmission data using the new encryption key.
- the gateway device 500 stores the new encryption key in the WEP key management unit 310 and the wireless terminal device again in the access time management unit 502 and the communication packet amount management unit 503. Start counting the access time and bucket volume in 1 16.
- the access time management section 502 of the gateway apparatus 500 and the communication bucket quantity management section 503 are used by the wireless terminal apparatus 11 1 6 access time and packet volume are managed.
- the wireless terminal device 116 is provided with the authentication server 1 of the center station 100. Between 0 and 2, it is required to perform procedures for re-authentication of access authentication and redistribution of encryption keys.
- the wireless terminal device and the wireless terminal device are accessed.
- the encryption key (WEP key) used between the access point and the access point unit is updated, thereby preventing unauthorized access to the wireless terminal device by decrypting the WEP key.
- the wireless LAN access authentication system includes an S card as an information card on which ID information used when each wireless terminal device is access-authenticated by the authentication server 102 of the center station 100 is recorded.
- An IM (Subscriber Identity Module) card is installed, and the user ID used for the above-mentioned access authentication is extracted from this SIM card and the access authentication procedure is performed.
- FIG. 7 is a block diagram showing a configuration of a wireless terminal device used in the wireless LAN access authentication system according to the third embodiment.
- the wireless terminal device 700 includes a wireless LAN IZF (access interface for wireless LAN) 701, a SIM card 702, an EAP client 703, and a WEP client 704.
- a wireless LAN IZF access interface for wireless LAN
- SIM card 702 SIM card
- EAP client 703 EAP client 703
- I EEE802.1x (EAP: Exte nsi ble e Au t he n t i c a t i o n P ro t o c o l)
- the user ID recorded in the SIM card 702 is also registered in the authentication server 102 of the center station 100. Further, the wireless terminal device 700 performs encryption and decryption using the encryption key assigned from the authentication server 102 after the access authentication by the WEP client 704.
- FIG. 8 is a block diagram showing a configuration of another wireless terminal device used in the wireless LAN access authentication system according to the third embodiment.
- the wireless terminal device 800 includes a cellular wireless IZF 801 and a cellular authentication client 802 in addition to the configuration of the wireless terminal device 700 shown in FIG. That is, this wireless terminal device 800 is an access interface for wireless LAN.
- this wireless terminal device 800 is an access interface for wireless LAN.
- a cellular wireless I / F 801 as an access interface for cellular wireless is provided.
- the user ID recorded on the SIM card 702 is given to the EAP client 703 and used for access authentication on the wireless LAN network system side.
- the user ID recorded on the SIM card 702 is also given to the cellular authentication client 802 that performs authentication on the cellular wireless network system side, and is also used for access authentication on the cellular wireless network system side. used.
- the user ID of the SIM card 702 mounted on the wireless terminal device 700 or the wireless terminal device 800 is used for access authentication.
- the user information used for access authentication for example, A similar authentication procedure can be performed using user information recorded on a UIM (User Identity Module 1e) card mounted on a next-generation mobile phone.
- UIM User Identity Module 1e
- the wireless LAN access authentication system even if the user changes the model of the wireless terminal device, the authentication ID for this user at the time of access authentication is not changed, and In addition to being able to centrally manage the user ID and the billing for the user, it is also possible to centralize access authentication and billing for both network systems, the cellular wireless network system and the wireless LAN network system.
- a wireless LAN access authentication system includes a plurality of wireless LA, N network systems and a center station that integrates and manages the plurality of wireless LAN network systems, and the plurality of wireless LAN network systems.
- Each of the systems includes at least two or more access point units in which a wireless terminal device that transmits and receives wireless signals accesses through a wireless section, and a gateway device that relays transmission and reception of data signals and control signals between the access point units.
- the center station includes: a center station gateway device that relays transmission and reception of data signals and control signals between the gateway devices of the plurality of wireless LAN network systems; and the wireless device that is accessed by the access point unit.
- An authentication server that authenticates access to a terminal device and distributes an encryption key used for encrypting a wireless section in which the access-authenticated wireless terminal device communicates to the wireless terminal device and the access point unit.
- a wireless LAN access authentication system in a system, wherein the wireless LAN access authentication system is disposed in each of the plurality of wireless LAN network systems and manages a status of access to the authentication server of the wireless terminal device in a communication area of the wireless LAN network system.
- the wireless terminal Access management means for confirming whether or not the device has access to the authentication server; and an access key for managing an encryption key provided in each of the plurality of wireless LAN network systems and distributed from the authentication server, and providing another access point.
- the wireless terminal device When it is confirmed by the access management means that the wireless terminal device that has moved to the communication error unit has already accessed the authentication server, the wireless terminal device transmits the encryption key of the wireless section with which the wireless terminal device communicates to the wireless terminal device. And a cryptographic key managing means for distributing the terminal device and a new access point to which the wireless terminal device has moved to.
- the access management unit checks the access status of the wireless terminal device to the authentication server.
- the encryption key management unit stores the encryption key in the wireless terminal device and the destination of the wireless terminal device. Will be distributed to new access points. Thereby, the wireless terminal device, which has been confirmed to have already accessed the authentication server, exchanges the authentication signal with the authentication server of the center station when moving to the new access point unit. Without doing so, access to the desired wireless LAN network is allowed.
- the access accompanying the movement of the wireless terminal device The time required for an authentication procedure for authentication can be reduced, handover of the wireless terminal device to the new access point unit can be easily performed, and the wireless LAN network and the The number of control signals such as authentication signals between one center station (the number of authentication signaling) can be greatly reduced, and effective use of the bandwidth of the transmission path can be realized.
- a wireless LAN access authentication system employs a configuration in which the access management unit and the encryption key management unit are provided in the gateway device.
- each gateway device of each wireless LAN network since the access management means and the encryption key management means are provided in each gateway device of each wireless LAN network, the configuration of each wireless LAN network can be simplified. Can be.
- the access management means manages at least one of an access time and a communication packet amount of each of the wireless terminal devices; When the amount reaches a predetermined amount, a configuration having a management unit that requests the wireless terminal device to re-authenticate is adopted.
- the encryption key of the wireless section with which the wireless terminal device communicates is updated by requesting the wireless terminal device to re-authenticate from the management unit on the date when the access amount reaches the predetermined amount. It becomes possible. Therefore, according to this configuration, it is possible to prevent impersonation access of an unauthorized wireless terminal device due to decryption of the encryption key.
- a wireless LAN access authentication system includes: an information card in which the wireless terminal device records ID information; wherein the wireless terminal device has an ID for authentication at the time of access authentication of the wireless terminal device.
- the configuration uses the ID information ⁇ recorded on the information card.
- ID information recorded on an information card (for example, a SIM card or a UIM card) of the wireless terminal device is used as an authentication ID at the time of access authentication of the wireless terminal device. Therefore, according to this configuration, the user Even if the user changes the model of the wireless terminal device, the authentication ID at the time of the access authentication of the user is not changed, and the user ID and the charging to the user can be centrally managed.
- an information card for example, a SIM card or a UIM card
- a wireless LAN access authentication method includes a plurality of wireless LAN network systems and a center station that integrates and manages the plurality of wireless LAN network systems,
- Each of the plurality of wireless LAN network systems includes at least two or more access point units that wireless terminal devices that transmit and receive wireless signals access through a wireless section, and data signals between the access point units.
- a gateway device that relays transmission and reception of control signals, and wherein the center station relays transmission and reception of data signals and control signals between gateway devices of the plurality of wireless LAN network systems.
- a wireless LAN access authentication method in a network system comprising: an authentication server that distributes an encryption key used for encryption of a wireless section in which the authenticated wireless terminal device communicates to the wireless terminal device and the access point unit. And managing the access status of the wireless terminal device in each of the wireless LAN network systems to the authentication server, and when the wireless terminal device moves to a communication area of a new access point unit, the wireless terminal device An access management step for confirming whether or not there is access to the authentication server, and a wireless terminal device managing an encryption key distributed from the authentication server and moving to a communication area of another access point unit in the access management step. If it is confirmed that the authentication terminal has already accessed the authentication server, the wireless terminal The encryption key of the section was to have, an encryption key management step of distributing the new access point section of the destination of the radio terminal apparatus and the wireless terminal terminal apparatus.
- the access management step includes the step of An access status to the authentication server is confirmed. Then, when it is confirmed that the wireless terminal device has already accessed the authentication server, the encryption key is stored in the encryption key management step as a new destination of the wireless terminal device and the movement destination of the wireless terminal device. Distributed to various access points. Accordingly, the wireless terminal device, which has been confirmed to have already accessed the authentication server, does not exchange an authentication signal with the authentication server of the center station when moving to a new access point unit. However, access to the desired wireless LAN network is permitted. Therefore, according to this configuration, it is possible to reduce the time required for an authentication procedure for access authentication accompanying the movement of the wireless terminal device.
- the number of control signals such as an authentication signal between each of the wireless LAN networks and one of the centers can be significantly reduced. Further, according to this configuration, it is possible to effectively use the bandwidth of the transmission path.
- An authentication server includes: a plurality of wireless LAN network systems; and a center station that integrates and manages the plurality of wireless LAN network systems.
- Each of the AN network systems includes at least two or more access point units that wireless terminal devices that transmit and receive wireless signals access through wireless sections, and gateway devices that relay transmission and reception of data signals and control signals between the access point units.
- the center station comprises a wireless LAN in a network system having a center station gateway device that relays transmission and reception of data signals and control signals between the gateway devices of the plurality of wireless LAN network systems. In the access authentication system, access authentication of the wireless terminal device is performed.
- An authentication server arranged in the center station for performing access authentication when the wireless terminal device accesses a predetermined access point section of each of the wireless LAN networks; and LAN network gateway equipment And an encryption key distributing means for collectively distributing encryption keys in a wireless section accessed by the wireless terminal device to the device.
- a gateway device includes a plurality of wireless LAN network systems and a center station that integrates and manages the plurality of wireless LAN network systems, and the plurality of wireless LAN network systems.
- Each of the wireless LAN systems has at least two or more access points where wireless terminal devices that transmit and receive wireless signals access through wireless sections, and the center station is a gateway device of each of the plurality of wireless LAN network systems.
- a center station gateway device for relaying transmission and reception of a data signal and a control signal between the wireless terminal device and a wireless section that performs access authentication of the wireless terminal device accessed to the access point unit and communicates with the access-authenticated wireless terminal device.
- the wireless terminal device and the access A wireless LAN access authentication system in a network system having an authentication server to be distributed to a wireless LAN access point, a wireless LAN access authentication system, and a wireless communication system. Transmitting / receiving means for transmitting / receiving the control signal, managing the access status of the wireless terminal device in each of the wireless LAN networks to the authentication server, and moving the wireless terminal device to a communication area of a new access point unit.
- Access management means for confirming whether or not the wireless terminal device has access to the authentication server, and managing the encryption key distributed from the authentication server by the access management means and a communication area of another access point unit.
- the wireless terminal device that has moved to Encryption key management means for distributing the encryption key of the wireless section with which the wireless terminal device communicates to the wireless terminal device and a new access point to which the wireless terminal device has moved when it is confirmed that Have, Configuration.
- the access status of the wireless terminal device in each of the wireless LAN networks to the authentication server is managed by the access management means of the gateway device.
- the access management means can confirm whether or not the wireless terminal device has accessed the authentication server. Further, when it is confirmed that the wireless terminal device has already accessed the authentication server, the gateway device transmits the encryption key of the wireless section by the encryption key management means to the wireless terminal device and the wireless terminal. It can be distributed to a new access point to which the terminal device moves. Therefore, according to this configuration, it is possible to shorten the time required for the authentication procedure accompanying the movement of the wireless terminal device, and it is possible to easily perform handover of the wireless terminal device to a new access point unit.
- the access management means manages at least one of the access time of each of the wireless terminal devices and at least one of the communication packet amounts, When the access amount reaches a predetermined amount, a configuration having a management unit for requesting the wireless terminal device to re-authenticate is adopted. In this configuration, when the access amount reaches a predetermined amount, the management unit requests the wireless terminal device to re-authenticate, and updates the encryption key between the wireless sections with which the wireless terminal device communicates. It becomes possible. Therefore, according to this configuration, it is possible to prevent impersonation access of an unauthorized wireless terminal device due to decryption of the encryption key.
- a wireless terminal device includes a plurality of wireless LAN network systems and a center station that integrates and manages the plurality of wireless LAN network systems.
- wireless terminals that transmit and receive wireless signals pass through wireless sections.
- a central station gateway device for relaying transmission and reception of data signals and control signals between the respective gateway devices; and access authentication by performing access authentication of the wireless terminal device accessed to the access point unit.
- ID information recorded on an information card (for example, SIM card or UIM card) of the wireless terminal device is used as an ID for authentication at the time of access authentication of the wireless terminal device. Therefore, according to this configuration, even if the user changes the model of the wireless terminal device, the authentication ID for this user at the time of access authentication is not changed, and the user ID and the user ID are not changed. The charge can be centrally managed. '
- the present invention is applied to a wireless LAN access authentication system of a wireless terminal device in a network system in which a plurality of wireless LAN network systems having at least two or more access points for a wireless terminal device to access through a wireless section are integrated. be able to.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP03748558A EP1528706A1 (en) | 2003-05-15 | 2003-09-24 | Radio lan access authentication system |
US10/527,200 US7127234B2 (en) | 2003-05-15 | 2003-09-24 | Radio LAN access authentication system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2003137830A JP2004343448A (ja) | 2003-05-15 | 2003-05-15 | 無線lanアクセス認証システム |
JP2003-137830 | 2003-05-15 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2004102876A1 true WO2004102876A1 (ja) | 2004-11-25 |
Family
ID=33447270
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2003/012125 WO2004102876A1 (ja) | 2003-05-15 | 2003-09-24 | 無線lanアクセス認証システム |
Country Status (6)
Country | Link |
---|---|
US (1) | US7127234B2 (ja) |
EP (1) | EP1528706A1 (ja) |
JP (1) | JP2004343448A (ja) |
KR (1) | KR100704202B1 (ja) |
CN (1) | CN1682487A (ja) |
WO (1) | WO2004102876A1 (ja) |
Families Citing this family (58)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7480939B1 (en) * | 2000-04-28 | 2009-01-20 | 3Com Corporation | Enhancement to authentication protocol that uses a key lease |
US6947768B2 (en) * | 2001-09-28 | 2005-09-20 | Kabushiki Kaisha Toshiba | Base station apparatus and terminal apparatus |
JP2005109823A (ja) * | 2003-09-30 | 2005-04-21 | Nec Corp | レイヤ2スイッチ装置、無線基地局、ネットワークシステム、および無線通信方法 |
US20050114261A1 (en) * | 2003-11-21 | 2005-05-26 | Chuang Guan Technology Co., Ltd. | Payment system for using a wireless network system and its method |
JP4982031B2 (ja) | 2004-01-16 | 2012-07-25 | 株式会社日立製作所 | コンテンツ送信装置、コンテンツ受信装置およびコンテンツ送信方法、コンテンツ受信方法 |
US7565529B2 (en) * | 2004-03-04 | 2009-07-21 | Directpointe, Inc. | Secure authentication and network management system for wireless LAN applications |
US20070186099A1 (en) | 2004-03-04 | 2007-08-09 | Sweet Spot Solutions, Inc. | Token based two factor authentication and virtual private networking system for network management and security and online third party multiple network management method |
JP4645049B2 (ja) | 2004-03-19 | 2011-03-09 | 株式会社日立製作所 | コンテンツ送信装置およびコンテンツ送信方法 |
US8526914B2 (en) * | 2004-06-04 | 2013-09-03 | Alcatel Lucent | Self-synchronizing authentication and key agreement protocol |
JP4689225B2 (ja) * | 2004-10-15 | 2011-05-25 | パナソニック株式会社 | 無線ネットワークシステム、無線端末収容装置及び通信装置 |
JP4648405B2 (ja) * | 2004-12-22 | 2011-03-09 | テレフオンアクチーボラゲット エル エム エリクソン(パブル) | 分散ピコセルモビリティ |
JP4527553B2 (ja) * | 2005-01-17 | 2010-08-18 | Necインフロンティア株式会社 | 携帯通信端末およびユーザ認証方法 |
WO2006080079A1 (ja) * | 2005-01-28 | 2006-08-03 | Mitsubishi Denki Kabushiki Kaisha | 無線ネットワークシステムおよびそのユーザ認証方法 |
US20060223499A1 (en) * | 2005-03-30 | 2006-10-05 | Pecen Mark E | Broadcast subscription management method and apparatus |
FI20050491A0 (fi) * | 2005-05-09 | 2005-05-09 | Nokia Corp | Järjestelmä varmenteiden toimittamiseksi viestintäjärjestelmässä |
JP2006323707A (ja) * | 2005-05-20 | 2006-11-30 | Hitachi Ltd | コンテンツ送信装置、コンテンツ受信装置、コンテンツ送信方法及びコンテンツ受信方法 |
JP5040087B2 (ja) | 2005-09-06 | 2012-10-03 | 富士通株式会社 | 無線通信ネットワークのセキュリティ設定方法、セキュリティ設定プログラム及び無線通信ネットワークシステム |
GB2430114B (en) * | 2005-09-13 | 2008-06-25 | Roke Manor Research | A method of verifying integrity of an access point on a wireless network |
EP2763443B1 (en) | 2005-12-01 | 2019-05-22 | Ruckus Wireless, Inc. | On-demand services by wireless base station virtualization |
KR100695103B1 (ko) * | 2006-01-20 | 2007-03-14 | 에스케이 텔레콤주식회사 | Pan 정보 통합 관리 시스템 및 방법과 이를 위한이동통신 단말 |
US7715562B2 (en) | 2006-03-06 | 2010-05-11 | Cisco Technology, Inc. | System and method for access authentication in a mobile wireless network |
CN101496387B (zh) | 2006-03-06 | 2012-09-05 | 思科技术公司 | 用于移动无线网络中的接入认证的系统和方法 |
JP2007266877A (ja) * | 2006-03-28 | 2007-10-11 | Sanyo Electric Co Ltd | 端末切替方法およびそれを用いた端末切替装置 |
US7788703B2 (en) | 2006-04-24 | 2010-08-31 | Ruckus Wireless, Inc. | Dynamic authentication in secured wireless networks |
US9071583B2 (en) | 2006-04-24 | 2015-06-30 | Ruckus Wireless, Inc. | Provisioned configuration for automatic wireless connection |
US9769655B2 (en) | 2006-04-24 | 2017-09-19 | Ruckus Wireless, Inc. | Sharing security keys with headless devices |
US20090298514A1 (en) | 2006-09-14 | 2009-12-03 | Shah Ullah | Real world behavior measurement using identifiers specific to mobile devices |
US9445353B2 (en) | 2006-09-14 | 2016-09-13 | Omnitrail Technologies Inc. | Presence platform for passive radio access network-to-radio access network device transition |
KR100875921B1 (ko) | 2006-12-07 | 2008-12-26 | 한국전자통신연구원 | 서로 상이한 rfid 시스템에서의 키 분배 방법 |
WO2008108207A1 (ja) * | 2007-03-06 | 2008-09-12 | Nec Corporation | 認証システム、認証方法及びプログラム |
EP2133811A4 (en) * | 2007-03-30 | 2014-10-22 | Nec Corp | USER AUTHENTICATION CONTROLLER, USER AUTHENTICATION DEVICE, DATA PROCESSING DEVICE, USER AUTHENTICATION CONTROL METHOD AND THE SAME |
CN101436931B (zh) * | 2007-09-04 | 2013-07-10 | 财团法人工业技术研究院 | 无线通信系统中提供安全通信的方法、系统、基站与中继站 |
US10778417B2 (en) | 2007-09-27 | 2020-09-15 | Clevx, Llc | Self-encrypting module with embedded wireless user authentication |
US11190936B2 (en) * | 2007-09-27 | 2021-11-30 | Clevx, Llc | Wireless authentication system |
US10181055B2 (en) | 2007-09-27 | 2019-01-15 | Clevx, Llc | Data security system with encryption |
KR101397038B1 (ko) * | 2007-11-27 | 2014-05-20 | 엘지전자 주식회사 | 패스트 핸드오버를 위한 핸드오버 연결식별자 할당방법 |
WO2009069902A2 (en) * | 2007-11-27 | 2009-06-04 | Lg Electronics Inc. | Method of handover |
US8619988B2 (en) * | 2008-01-31 | 2013-12-31 | Alcatel Lucent | Method and apparatus for virtual Wi-Fi service with authentication and accounting control |
KR101405914B1 (ko) * | 2008-07-23 | 2014-06-12 | 삼성전자주식회사 | 디바이스를 ap에 등록하는 방법 및 그 장치 |
JP5372711B2 (ja) * | 2009-11-13 | 2013-12-18 | アラクサラネットワークス株式会社 | 複数認証サーバを有効利用する装置、システム |
US20110255465A1 (en) * | 2010-04-16 | 2011-10-20 | Chang Hong Shan | Wimax voip service architecture |
US9442178B2 (en) | 2010-04-23 | 2016-09-13 | Qualcomm Incorporated | Hybrid tracking device |
CN102685743B (zh) * | 2011-03-16 | 2015-10-07 | 中国移动通信集团北京有限公司 | 一种接入wlan网络的方法、系统及设备 |
JP6066997B2 (ja) | 2011-05-01 | 2017-01-25 | ラッカス ワイヤレス, インコーポレイテッド | 遠隔ケーブルアクセスポイントリセット |
CN102223633B (zh) * | 2011-07-06 | 2013-12-04 | 华为技术有限公司 | 一种wlan认证的方法,装置和系统 |
JP5755961B2 (ja) * | 2011-07-14 | 2015-07-29 | 株式会社東芝 | カード装置、機器および制御方法 |
CN104255059A (zh) * | 2011-10-12 | 2014-12-31 | 欧姆尼特雷尔有限责任公司 | 用于被动无线电接入网到无线电接入网设备的转变的呈现平台 |
CN103139023A (zh) * | 2011-11-25 | 2013-06-05 | 华为技术有限公司 | 用户接入控制的方法、网络设备及系统 |
US8756668B2 (en) | 2012-02-09 | 2014-06-17 | Ruckus Wireless, Inc. | Dynamic PSK for hotspots |
CN103249047B (zh) | 2012-02-10 | 2018-11-23 | 南京中兴新软件有限责任公司 | 无线局域网热点的接入认证方法及装置 |
US9092610B2 (en) | 2012-04-04 | 2015-07-28 | Ruckus Wireless, Inc. | Key assignment for a brand |
US9237448B2 (en) * | 2012-08-15 | 2016-01-12 | Interdigital Patent Holdings, Inc. | Enhancements to enable fast security setup |
CN104662863B (zh) * | 2012-09-24 | 2019-03-01 | 阿尔卡特朗讯公司 | 触发通信网络中的用户认证 |
CN104284332A (zh) * | 2014-09-26 | 2015-01-14 | 中兴通讯股份有限公司 | 一种鉴权方法及无线路由器 |
CN104469758B (zh) * | 2014-12-25 | 2018-07-27 | 上海迈外迪网络科技有限公司 | 多设备安全登录方法 |
CN104469757B (zh) * | 2014-12-25 | 2018-01-16 | 上海迈外迪网络科技有限公司 | 安全登录方法 |
US10637655B1 (en) * | 2018-01-09 | 2020-04-28 | Amdocs Development Limited | System, method, and computer program for providing seamless data access from different internet service providers |
US11792288B2 (en) * | 2019-09-09 | 2023-10-17 | Extreme Networks, Inc. | Wireless network device with directional communication functionality |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH05183507A (ja) * | 1992-01-06 | 1993-07-23 | Nippon Telegr & Teleph Corp <Ntt> | 移動通信認証方法 |
JPH099349A (ja) * | 1995-06-20 | 1997-01-10 | Nec Commun Syst Ltd | 認証制御方式 |
JPH1013956A (ja) * | 1996-06-21 | 1998-01-16 | Nec Corp | ユーザ認証方式 |
JPH11225183A (ja) * | 1998-02-06 | 1999-08-17 | Ntt Chuo Personal Tsushinmo Kk | 接続判定システム |
JP2002118560A (ja) * | 2000-10-04 | 2002-04-19 | Ntt Communications Kk | 無線通信システム |
JP2002125270A (ja) * | 2000-10-18 | 2002-04-26 | Oki Electric Ind Co Ltd | 移動端末接続方法 |
JP2002247047A (ja) * | 2000-12-14 | 2002-08-30 | Furukawa Electric Co Ltd:The | セッション共有鍵共有方法、無線端末認証方法、無線端末および基地局装置 |
JP2002300154A (ja) * | 2001-03-30 | 2002-10-11 | Toshiba Corp | 無線通信機能を有する電子装置及びその認証方法 |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FI105746B (fi) | 1995-09-29 | 2000-09-29 | Nokia Mobile Phones Ltd | Integroitu radioviestintäjärjestelmä |
JP3673149B2 (ja) * | 2000-07-11 | 2005-07-20 | クラリオン株式会社 | 無線lanの高速ローミング方法 |
GB2366948B (en) * | 2000-09-15 | 2004-01-21 | Roke Manor Research | LAN user protocol |
JP2002125069A (ja) | 2000-10-16 | 2002-04-26 | Mitsubishi Electric Corp | Ip電話システム、無線ip電話機および無線lan基地局 |
US7389412B2 (en) * | 2001-08-10 | 2008-06-17 | Interactive Technology Limited Of Hk | System and method for secure network roaming |
CN1268093C (zh) * | 2002-03-08 | 2006-08-02 | 华为技术有限公司 | 无线局域网加密密钥的分发方法 |
US6965674B2 (en) * | 2002-05-21 | 2005-11-15 | Wavelink Corporation | System and method for providing WLAN security through synchronized update and rotation of WEP keys |
US20030235305A1 (en) * | 2002-06-20 | 2003-12-25 | Hsu Raymond T. | Key generation in a communication system |
US7440573B2 (en) * | 2002-10-08 | 2008-10-21 | Broadcom Corporation | Enterprise wireless local area network switching system |
US7020438B2 (en) * | 2003-01-09 | 2006-03-28 | Nokia Corporation | Selection of access point in a wireless communication system |
US20040181692A1 (en) * | 2003-01-13 | 2004-09-16 | Johanna Wild | Method and apparatus for providing network service information to a mobile station by a wireless local area network |
US7263357B2 (en) * | 2003-01-14 | 2007-08-28 | Samsung Electronics Co., Ltd. | Method for fast roaming in a wireless network |
US7142851B2 (en) * | 2003-04-28 | 2006-11-28 | Thomson Licensing | Technique for secure wireless LAN access |
-
2003
- 2003-05-15 JP JP2003137830A patent/JP2004343448A/ja not_active Withdrawn
- 2003-09-24 KR KR1020057007866A patent/KR100704202B1/ko active IP Right Grant
- 2003-09-24 EP EP03748558A patent/EP1528706A1/en not_active Withdrawn
- 2003-09-24 CN CNA038218690A patent/CN1682487A/zh active Pending
- 2003-09-24 WO PCT/JP2003/012125 patent/WO2004102876A1/ja not_active Application Discontinuation
- 2003-09-24 US US10/527,200 patent/US7127234B2/en not_active Expired - Lifetime
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH05183507A (ja) * | 1992-01-06 | 1993-07-23 | Nippon Telegr & Teleph Corp <Ntt> | 移動通信認証方法 |
JPH099349A (ja) * | 1995-06-20 | 1997-01-10 | Nec Commun Syst Ltd | 認証制御方式 |
JPH1013956A (ja) * | 1996-06-21 | 1998-01-16 | Nec Corp | ユーザ認証方式 |
JPH11225183A (ja) * | 1998-02-06 | 1999-08-17 | Ntt Chuo Personal Tsushinmo Kk | 接続判定システム |
JP2002118560A (ja) * | 2000-10-04 | 2002-04-19 | Ntt Communications Kk | 無線通信システム |
JP2002125270A (ja) * | 2000-10-18 | 2002-04-26 | Oki Electric Ind Co Ltd | 移動端末接続方法 |
JP2002247047A (ja) * | 2000-12-14 | 2002-08-30 | Furukawa Electric Co Ltd:The | セッション共有鍵共有方法、無線端末認証方法、無線端末および基地局装置 |
JP2002300154A (ja) * | 2001-03-30 | 2002-10-11 | Toshiba Corp | 無線通信機能を有する電子装置及びその認証方法 |
Also Published As
Publication number | Publication date |
---|---|
KR100704202B1 (ko) | 2007-04-06 |
US7127234B2 (en) | 2006-10-24 |
US20060007897A1 (en) | 2006-01-12 |
CN1682487A (zh) | 2005-10-12 |
JP2004343448A (ja) | 2004-12-02 |
KR20050084926A (ko) | 2005-08-29 |
EP1528706A1 (en) | 2005-05-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2004102876A1 (ja) | 無線lanアクセス認証システム | |
US8972582B2 (en) | Method and apparatus enabling reauthentication in a cellular communication system | |
KR101438243B1 (ko) | Sim 기반 인증방법 | |
EP2547134B1 (en) | Improved subscriber authentication for unlicensed mobile access signaling | |
CN101496387B (zh) | 用于移动无线网络中的接入认证的系统和方法 | |
US7542455B2 (en) | Unlicensed mobile access (UMA) communications using decentralized security gateway | |
CN102594895B (zh) | 网络节点、移动性信息服务器、wtru及方法 | |
US20120184242A1 (en) | Methods and Systems for Enhancing Wireless Coverage | |
US20030120920A1 (en) | Remote device authentication | |
US8600356B2 (en) | Authentication in a roaming environment | |
JP4312378B2 (ja) | 無線atm通信網のatm移動体端末とatmアクセス・ノードとの間の安全な通信のための認証方法および認証装置 | |
US9686722B2 (en) | Method and device for accounting in WiFi roaming based on AC and AP interworking | |
JPWO2007097101A1 (ja) | 無線アクセスシステムおよび無線アクセス方法 | |
JP5254704B2 (ja) | 中継局および無線通信中継方法 | |
US20020056001A1 (en) | Communication security system | |
DK1379053T3 (en) | Procedure for transferring a user ID password pair and wireless network | |
JP2004040651A (ja) | 通信方法、通信装置、端末装置及び通信サービス提供サーバ | |
JP4680017B2 (ja) | 交換機及び通信システム | |
CN117354868A (zh) | 专网系统、专网数据处理方法、专网接入方法及装置 | |
KR20050084805A (ko) | Wlan 로밍 중에 gsm 인증을 위한 방법 및 시스템 | |
Hecker et al. | A new control access solution for a multi-provider wireless environment | |
ZA200501089B (en) | Method system for GSM authentication during WLAN Roaming |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): CN KR US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2003748558 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2006007897 Country of ref document: US Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10527200 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 20038218690 Country of ref document: CN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020057007866 Country of ref document: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 2003748558 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 1020057007866 Country of ref document: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 10527200 Country of ref document: US |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2003748558 Country of ref document: EP |