KR100864517B1 - Method and system for gsm billing during wlan roaming - Google Patents

Abstract

The present invention relates to a method and system for billing and recording of services during roaming of mobile IP node 20 in a heterogeneous WLAN. According to the invention, the first call detail record is sent from the access server 23, 1001 to the billing module 1003, and the second call detail record is sent from the access server to the proxy module 1002. By the clearing module 1004, the service requested from the provider 1008 of the fixed network 1007 is billed, and / or the TAP file 1017 is sent to the GSM 1005 service provider 1006 for billing. do.

Roaming, WLAN, GSM, Access Point, Billing, Service Authorization, Mobile, SIM Card, Call Record

Description

METHOD AND SYSTEM FOR GSM BILLING DURING WLAN ROAMING}

The present invention relates to a method and system for seamless roaming in a heterogeneous WLAN, wherein for billing and billing, the mobile IP node comprises one or more access points assigned to an access server within the basic service area of the WLAN. The wireless interface requires access to the WLAN via the access server, and the mobile IP node is authenticated by IMSI stored in the IP card's SIM card. In particular, the present invention relates to a method for a mobile node in a heterogeneous WLAN.

In recent years, the number of global Internet users and thus the amount of information provided to them has grown exponentially. However, even though the Internet provides worldwide access to information, users generally do not have access to the information until they arrive at some network access point, for example, at an office, school, college or home. For example, the increasing availability of IP-enabled mobile units such as PDAs, cellular phones and laptops are changing our thinking about the Internet. The shift from fixed nodes in the network to more flexible requirements based on higher mobility has just begun. For mobile phone use, for example, this trend has been shown, inter alia, in new standards such as WAP, GPRS or UMTS. To better understand the difference between present reality and future IP connectivity, one can take the development of telephony towards mobility in the last 20 years as a comparison. In the business as well as the private sector, the need for independent global wireless access to the LAN (eg, at airports, cities, etc.) using laptops, PDAs, and the like is enormous. However, WLANs, for example based on IP, allow free roaming of users today and do not provide the services that GSM / GPRS has, for example. These services should also include security authentication and billing, i.e. inclusion of billing for services provided, as well as security mechanisms, as in GSM / GPRS. On the other hand, these services are also not provided by existing GSM / GPRS operators. Roaming between different WLANs is not only important. Despite the enormous increase in information technology (such as Internet access, etc.) and also the enormous increase in mobile phone usage, it is useful to combine both worlds. As users of mobile telephone technology become familiar, the combination of both worlds enables easy automatic roaming for wireless LANs. Thus, there is a need for service providers that enable standard-spanning roaming between different WLAN service providers, between WLAN service providers, and between GSM / GPRS service providers.

A computer network or local area network (LAN) typically consists of so-called nodes that are connected through physical media such as coaxial cables, twisted pair cables or fiber optic cables. These LANs are also known as wired LANs (wired fixed networks). In the last few years, cable-free LANs, or so-called wireless LANs, have also become more and more popular (for example, through development such as AirPort-System by Apple Computer, etc.). Wireless LANs are particularly well suited for connecting mobile units (nodes), such as laptops, notebook computers, personal digital assistants (PDAs) or mobile wireless devices (especially mobile wireless telephones) using the appropriate interface in the local computer network. The mobile node is equipped with an adapter that includes a transmitter / receiver as well as a controller card (such as an infrared (IR) adapter or a low frequency propagation adapter). The advantage of these mobile nodes is that they can be moved freely within the scope of a wireless LAN. The mobile nodes can communicate directly with each other (peer-to-peer wireless LAN), or send the mobile node's signal to a base station that amplifies the signal and / or passes it through. The base station may also include a bridge function. Through such a base station with a bridge function called an access point (AP), a mobile node of a wireless LAN can access a wired LAN. Typical network functions of an access point include sending a message from one mobile node to another, sending a message from a wired LAN to a mobile node, and sending a message from a mobile node to a wired LAN.

The physical range of the AP is referred to as a basic service area (BSA). If the mobile node is located within the AP's BSA and the AP is also within the mobile node's signal range (Dynamic Service Area (DSA)), the mobile node can communicate with the AP. In general, a number of APs are assigned to an access server, among other things, which manages and monitors the authentication of a mobile node, in particular by a user database. The entire area covered by the AP of the access server is known as a so-called "hot spot." Mobile nodes typically have a signal strength of 100 mW to 1 W. To connect a wireless LAN to a wired LAN, at the AP, whether a message (information frame) within the network is directed to a node within the wired LAN or to a node within the wireless LAN, and the message directs this information to the corresponding node. It is important to determine if it is necessary to transmit. For this purpose, the AP has a so-called bridge function, for example according to "IEEE Standard Std 802.1D-1990 Media Access Control Bridge (31-74 ff)". For these bridge functions, new mobile nodes in the wireless LAN are typically registered in the FDB (Filtering DataBase) of the AP within the range in which the node exists. For each information frame according to the LAN, the AP compares the target address with the address stored in the FDB (Media Access Control (MAC) address), and transmits, rejects or transmits the frame to the wired LAN or to the wireless LAN. .

In mobile network usage, existing IP access by the application to the mobile node will be interrupted if the user changes its position in the network. Alternatively, all connection and interface changes, such as changes to different hot spots and in particular to different networks (Ethernet, mobile radiotelephone networks, WLANs, Bluetooth, etc.), are also automatically performed so that the user should not be aware of the changes occurring. Can be run not interactively. This also applies for example during the use of real time applications. True Mobile IP computing always offers a number of benefits based on stable access to the Internet. In the case of such access, execution can also be configured freely and independently from the desk. However, the need for mobile nodes in a network distinguishes itself from the developments first mentioned in mobile wireless technology in various ways. Endpoints in mobile wireless systems are generally speaking human beings. However, in a mobile node, a computer application can execute interactions between other network participants without any human action or intervention. Extensive examples of this can be found in airplanes, ships and cars. Thus, in particular, mobile computing for Internet access can cooperate with other applications, for example with a positioning device such as satellite-based Global Positioning System (GPS).

One of the problems with mobile network access via Internet Protocol (IP) is that the IP protocol used to route data packets from the source address to the destination address (destination address) in the network uses so-called IP addresses. These addresses are assigned to fixed locations within the network, and similarly the telephone numbers of fixed networks are assigned to physical wall sockets. If the destination address of the data packet is a mobile node, this means that a new IP network address must be assigned with each network location change, which disables transparent mobile access. These problems have been solved by the Internet Engineering Task Force's Mobile IP standard (IETF REC 2002, Oct. 1996), where mobile IP allows a mobile node to use two IP addresses. One of these is a regular static IP address (home address) that specifies the location of the home network, while the other is a floating IP address that indicates the current location of the mobile node within the network. The assignment of the two addresses makes it possible to reroute the IP data packet to the correct current address of the mobile node.

One of the most frequently used protocols for authentication of users in a wireless LAN is IEEE 802.1x (current version 802.11), an open source protocol from the Institute of Institute of Electrical and Electronics Engineers (IEEE) standards. IEEE 802.1x authentication allows authenticated access to IEEE 802 media such as, for example, Ethernet, Token Ring, and / or 802.11 wireless LANs. The 802.11 protocol uses either frequency hopping spread spectrum (FHSS) or direct sequence spread spectrum (DSSS) to generate 1 or 2 Mbps transmission in the 2.4 GHz band for wireless LANs, that is, wireless local networks. For authentication, 802.1x supports authentication Extensible Authentication Protocol (EAP) and Wireless Transport Layer Security (TLS). 802.11 also supports RADIUS. Although RADIUS support is optional in 802.1x, it is expected that most 802.1x authenticators will support RADIUS. The IEEE 802.1x protocol is a so-called port-based authentication protocol. It can be used in any environment in which the port, ie the interface of the unit, can be specified. For authentication based on 802.1x, three units can be differentiated. Consumer (Requester / Client) unit, authenticator and authentication server. The role of the authenticator is to authenticate the requestor. The authenticator and requestor are connected via, for example, a point-to-point LAN segment or an 802.11 wireless LAN. The authenticator and requestor have a so-called Port Access Entry (PAE), which is a defined port that defines a physical or virtual 802.1x port. The authentication server provides the authentication service required by the authenticator. In this way, the authentication server verifies the entitlement data supplied by the requestor with respect to the claimed identity.

The authentication server is generally based on the Remote Engineering Dial-In User Service (RADIUS) of the Internet Engineering Task Force (IETF). The use of RADIUS authentication protocols and billing systems is widespread in network units such as routers, modem servers, switches, and the like, and is used by most Internet Service Providers (ISPs). When a user dials in to an ISP, the user usually needs to enter a username and password. The RADIUS server verifies this information and authorizes the user to access the ISP system. The reason for the widespread use of RADIUS is, inter alia, that network units generally cannot cope with a large number of network users, each with different authentication data, because this exceeds, for example, the storage capacity of individual network units. . RADIUS allows central management of multiple network users (such as adding and deleting users). Thus, this is a necessary condition for the service of an ISP since the number of users reaches thousands or tens of thousands. RADIUS also creates some permanent protection against hackers. Remote authentication by RADIUS based on TACACS + (Terminal Access Controller Access Control System +) and Lightweight Directory Access Protocol (LDAP) is relatively secure for hackers. In contrast, many other remote authentication protocols are only temporarily protected, 0 or insufficiently protected, or not protected from hacker attacks. Another advantage is that RADIUS is currently the de facto standard for remote authentication, so RADIUS is also supported by almost every system that is not the case for other protocols.

The aforementioned Extensible Authentication Protocol (EAP) is actually an extension of the Point-to-Point Protocol (PPP) and is defined by the Request for Comments (RETF) 2284 PPP Extensible Authentication Protocol (EAP) of the IETF. By PPP, the computer can be connected to the server of the ISP, for example. PPP runs at the data link layer of the OSI model and sends TCP / IP packets from the computer to the ISP's server, which forms an interface to the Internet. Unlike the more traditional Serial Line Internet Protocol (SLIP) protocol, PPP functions more stably and has error correction. Extensible Authentication Protocol (EAP) is for example a token card, Kerberos at the Massachusetts Institute of Technology (MIT), strike off passwords, digital signatures, public key authentication and smart cards or so-called ICC. It is a very general level protocol that supports various authentication methods such as (Integrated Circuit Cards). IEEE 802.1x defines a specification, such as EAP, that must be composed of LAN frames. In communication in a wireless network via an EAP, a user requires access to a wireless LAN from a connection hub to an access point via wireless communication, ie a WLAN for requestor or remote access client. The AP then requests the identification of the user from the requester and sends the identification to the aforementioned authentication server, for example based on RADIUS. The authentication server allows the access point to recheck the identity of the user. The AP collects this authentication data from the requester and sends them to the authentication server terminating this authentication method.

In EAP, any authentication method creates a remote access connection. The precise authentication scheme is determined separately between the requester and the authenticator (meaning an access point to a remote access server, an Internet Authentication Service (IAS) server, or a WLAN). As noted above, the EAP thus supports a number of different authentication schemes such as, for example, general token cards, MD5-try, Transport Level Security (TLS) for smart cards, S / Key and future authentication technologies. The EAP permits an unlimited number of query / response communications between the requestor and the authenticator, so that the authenticator or authentication server requires specific authentication information, and the requestor, i.e. the remote access client, responds to it. As an example, the authenticator may request a username from a so-called security token card, then a personal identity number (PIN) and finally a token card value from the requestor. As such, an additional authentication level is executed during each query / response cycle. If all authentication levels are successfully answered, the requestor is authenticated. The specific EAP authentication scheme is referred to as the EAP type. Both, the requestor and the authenticator, must support the same EAP type so that authentication can be performed. As mentioned above, this is initially determined between the requestor and the authenticator. RADIUS-based authentication servers typically support EAP, which can send EAP messages to RADIUS servers.

Recently, an EAP-based method is also known for authentication of a user via the GSM Subscriber Identity Module (SIM) and the assignment of a session key to the user. GSM authentication is based on a query-response method, a so-called Challenge-Response Method. As an attempt (query), the authentication algorithm of the SIM card provides a 128-bit random number (commonly known as RAND). Then, a specific confidentiality algorithm for the individual operator is executed on the SIM card, which receives as input a random number (RAND) and a secret key (Ki) stored on the SIM card, which results in a 32-bit response ( SRES) and 64-bit key (Kc). Kc encodes data transmissions over the air interface (GSM Technical Specification GSM 03.20 (ETS 300 534): "Digital cellular telecommunication system (Phase 2); Security related network functions", ETSI (European Telecommunications Standards Institute, August 1997) . To generate multiple 64-bit keys (Kc), multiple RAND attempts are used for EAP / SIM authentication. These Kc keys are coupled to longer session keys. In EAP / SIM, the general GSM authentication method is additionally extended by RAND attempts with a Message Authentication Code (MAC), resulting in mutual authentication. In order to perform GSM authentication, the authentication server must have an interface with the GSM network. Thus, the authentication server acts as a gateway between the Internet Authentication Service (IAS) server network and the GSM authentication infrastructure. At the beginning of EAP / SIM authentication, for the first EAP request by the authenticator, the authentication server requests the International Mobile Subscriber Identity (IMSI) from the requester, especially the user. For IMSI, the authentication server is responsible for n GSM triplets for requests from the authentication center (AuC) of the corresponding cellular wireless network operator, commonly known as the Home Location Register (HLR) or the Visitor Location Register (VLR) in the GSM network. ). From the triplet, the authentication server acquires not only the session key, but also the message identification code (MIC) for n ^* RAND and the lifetime for the key (along with MAC_RAND). Using this, the authentication server can perform GSM authentication on the requestor or user's SIM card. Since the RAND is provided to the requester with the message authentication code (MAC_RAND), the requester can verify that the RAND is new and generated via the GSM network.

Recently, the so-called Transfer Account Account Interchange Group (TAP) protocol of the TADIG (Transferred Account Data Interchange Group) of the GSM Association has been known for billing of services acquired by mobile units in GSM networks. GSM is based on the concept of roaming, which allows users of mobile wireless devices to use mobile wireless devices in certain countries and networks. However, the billing of the service obtained by it is never a simple matter. Today, more than 400 GSM networks are operating worldwide, and there are also approximately 20,000 individual roaming agreements between network operators. Apparently, behind the simple concept of roaming, there is a very complex process of data acquisition, data distribution and data evaluation to enable billing. Transferred Account Procedure (TAP) is a method by which mobile wireless network service providers exchange roaming billing information. The following TAP2, TAP2 + and TAP3 were released on June 4, 2000. Although TAP is a more advanced protocol, TAP3 can be referred to as a standard today.

Most voice and data traffic in the GSM network arrives at a network other than the network where the mobile user is currently located. Regardless of whether a fixed network is involved or a mobile wireless network is involved, the operator of the local network charges for each call arriving at one of the users of the local network. Therefore, local fixed network operators enter into agreements with local mobile wireless network operators to simplify billing. Thus, the Swiss mobile wireless network operator does not need to enter into an agreement with the Canadian fixed network provider to bill for calls from Swiss mobile wireless network users to Canadian fixed network users. In general, Swiss fixed network providers already have agreements with Canadian fixed network providers regarding billing modes and rates, and Swiss mobile wireless network operators bill through Swiss fixed network providers according to the corresponding agreements. Fees are generally charged to the user either directly (retail billing) or through a service provider (wholesale billing). Billing modes for roaming of data traffic or roaming of voice traffic between different mobile wireless networks (PMN) are generated by the TAP protocol. Roaming call records are typically created as TAP records or as Cellular Intercarrier Billing Exchange Roamer (CIBER) records. CIBER records are used by mobile wireless network operators operating using AMPS-based technologies such as IS-95 CDMA, IS-136 TDMA and AMPS, for example. TAP is used, among other things, by GSM mobile wireless network service providers and is the main protocol for billing in the GSM-dominated domain.

Details of calls made by users located in a foreign network (VPLMN: Visited Public Land-based Mobile Network) are registered in the MSC (Mobile Switching Center) of the network. Thus, each call creates one or more call records. Although many providers use their own formats, the GSM standard for these records is defined in GSM 12.05. For billing, the MSC's call record is sent to the VPLMN's billing system. These call records are then converted into TAP format and assigned to individual users. Within the last 36 hours, TAP records are sent to individual mobile wireless network service providers. The TAP file additionally contains information about benefits or discount plans, any additional bilateral agreements and provider service tariffs (IOTs). TAP records are more generally transmitted either directly or through billing points such as, for example, clearing houses. When a home network operator (HPMN) receives a TAP record from a VPLMN, the TAP record is converted into a corresponding internal format and billed with the user's normal call record generated by the user in the home network. In the case of wholesale billing, in which the service provider bills the charges incurred by the user, HPMN may in particular rebuild the call according to its own tariff, for example the statement of accounts according to the call details for the user. Send the record to the service provider that creates.

TAP3 supports a number of services. TAP3 is now used between GSM service providers and GSM service providers, between GSM service providers and non-GSM service providers (inter-standard roaming), and also GSM service providers and satellite service providers. Used for billing between. Three basic service categories, voice, fax and so-called supplementary services, have already been supported since TAP1. Billing of Short Message Services (SMS), on the other hand, has a less simple attribute due to the use of Short Message Service Centers (SMS-C) by third parties. The following reasons make billing of SMS difficult: 1) while roaming, a roaming user may receive an SMS (MT-SMS), 2) while roaming, that the roaming user uses SMS-C of the home network Can transmit SMS (MO-SMS) at the point, and 3) while roaming, the roaming user can send SMS (MO-SMS) in that it uses SMS-C of foreign network. Thus, billing of SMS services is fully supported from TAP2 +. In addition, from TAP3, billing of Single Circuit Switched Data (SCSD), High Speed Circuit Switched Data (HSCSD), and General Packet Radio Service (GPRS) is supported. In addition, TAP3 supports all value-added services (VAS), such as, for example, billing for content. However, billing of value-added services (VAS) is often difficult because billing of the VAS is a prerequisite to having the service provider's permission for the billed service. Customized Application Mobile Enhanced Logic (CAMAL) is supported since TAP 3.4. CAMAL is particularly important for applications on prepaid services for roaming users, and may be very high in importance in the future. Another important application for TAP3 is the support of billing based on the Inter Operator Tariff (IOT). The IOT allows the home network service provider (HPMN) to check the tariffs and specific offers of the foreign service provider (VPMN) and send them to roaming users. Thus, for example, the VPMN may provide benefits or discounts for different calling services or call levels, and the HPMN may simply verify them and adapt the pricing table of the HPMN. The potential for billing of roaming services is a valuable tool for mobile network service providers, regardless of where they are now, and receives receipts and revenues in the case of interim discounts by VPMN. Or to prevent loss of resources. Starting from TAP3, the TAP protocol also includes detailed information, particularly where the call originated from or where the service was obtained from, and where the call is directed. This information helps to create an individual user's profile based on the user's behavior of providing important information to adapt and optimize the service to the user's needs. In particular, it can be used to provide certain location-based services, for example sports or concert events. Finally, in conjunction with the Returned Accounts Procedure (RAP) protocol, TAP3 also allows for differential error handling. Thus, among other things, with the RAP of the HPMN, the detailed TAP file can be checked for conformance and validity according to the TAP standard and, if necessary, discarded without billing for services to be lost.

However, the state of the art has various disadvantages. Indeed, for example in EAP-SIM, if a user has IMSI for a GSM provider, it is possible in wireless LAN technology to use an authentication method for authentication of the requestor or remote access client from the GSM network. It is also possible, in principle, to route (rerouting) the data stream to individual mobile remote access clients registered with the access server via the access point, for example by means of the Mobile IP of the Internet Engineering Task Force (IETF). However, many problems of mobile network usage that actually allow free roaming of users are not solved by it. One of the problems is that the requirements required by the GSM standard for security, billing and service authorization in IP networks are no longer there. This is in essence connected with the open architecture of the IP protocol. This means that in the IP standard, much data is absolutely necessary for full compatibility with the GSM network. Moreover, an access server, for example based on RADIUS, supplies a single data stream. It simply cannot be mapped to the multi-part data stream of the GSM standard. Another drawback in recent years is that today's wireless LANs are based on individual hot spots (ie, the basic service area of an access server's access point), which is provided by various software and hardware developers around the world. This makes it difficult to combine the two worlds because each of these gateway functions must be individually adapted to a particular solution. The technical specification for the GSM authentication interface may be referred to in Mobile Application Part (MAP) GSM 09.02 Phase 1 Version 3.10.0.

It is an object of the present invention to propose a novel method for mobile nodes in heterogeneous WLANs. In particular, without any difficulty (roaming), the user can be moved between different hot spots without having to struggle with registration, billing, service authorization, etc. with various WLAN service providers, i.e., the user can move to a mobile wireless technology such as GSM. As you get used to it, you will enjoy the same convenience.

These objects are achieved according to the invention through the elements of the independent claims. Furthermore, the preferred embodiment is in accordance with the dependent claims and the specification of the invention.

These objects are achieved by the present invention, in particular through a computer-use method for billing and recording of services during roaming of mobile IP nodes in heterogeneous WLANs, which accordingly provides a way for a mobile IP node to establish a wireless interface within the basic service area of the WLAN. Access to the access point, the primary service area of the WLAN includes one or more access points assigned to the access server, and the mobile IP node accesses the IMSI stored in the SIM card of the mobile IP node as required by the access server. Sending to the server, the IMSI of the IP node is stored in the database of the SIM-RADIUS module, and by means of the SIM user database and the SIM gateway module, the SIM-RADIUS module is capable of WLAN access to the GSM data corresponding to the data channels and signals of the GSM network. Supplements logical IP data channels in a user-specific manner, Authentication and / or service authorization of the mobile IP node by call and data channel is performed at the HLR and / or VLR of the GSM network based on the IMSI of the SIM card of the mobile node, and by the billing gateway interface, the billing module is connected to the access server. Accessing, and by the billing gateway interface, the first call detail record of the mobile IP node is sent from the access server to the billing module, the billing gateway interface including an assigned billing management database having a configuration profile of each access server, The second call detail record of the IP node is sent to the proxy module, which captures at least the provider and / or duration of the acquired service and / or the identification of the mobile IP node and sends it to the billing module. The billing module records the data of the proxy module and the first call detail record. Generate a TAP file corresponding to the obtained service on the basis, and transmit the TAP file with the billing command to the clearing module, wherein the billing command includes at least user-specific and / or service-provider-specific billing data, and clearing The module bills the service obtained by the user to the provider of the fixed network and / or sends the TAP file to the GSM service provider for billing. In a variant embodiment, the first call detail record may comprise only SIM-based authentication information, for example. As a variant embodiment, the second call detail record may be generated based on the identification of the service provider having at least the IP address of the mobile IP node and the service obtained by the mobile node. The billing management database may include, for example, the GSM identification and / or IP address of the service provider and / or user. The first call detail record of the mobile IP node transmitted from the access server to the billing module may be generated, among other things, SIM-based, while the second call detail record sent from the access server to the proxy module may be, for example, RADIUS data. IP-based can be generated as This has the advantage that seamless roaming is possible, among other things, between different heterogeneous WLANs. The combination of WLAN technology, in particular IP network and GSM technology, enables roaming of users without the user having to struggle with registration, billing, service authorization, etc. in different WLAN service providers. This means that users will enjoy the same convenience as they become familiar with mobile wireless technology such as GSM for example. At the same time, it is possible to combine the benefits of the open IP world (such as access to the global Internet) and the benefits of the GSM standard (security, billing, service authorization, etc.) in a completely new way. The invention also enables a roaming method in a WLAN without the need to install a corresponding module in each access server. Alternatively, by using RADIUS, the infrastructure (WLAN / GSM) may not be changed.

In a variant embodiment, the data stream of the mobile node is transmitted from the access point through the mobile wireless network service provider during access to the WLAN. This has the advantage, among other things, that the mobile wireless network provider has complete control over the data stream. In this way, the mobile wireless network provider can in particular provide service authorization, perform detailed billing, and integrate security mechanisms. Among other things, mobile wireless network providers can thus combine the uncontrollable open IP world, including, for example, the Internet with the benefits of the GSM world. This is especially important in recent years, for example with regard to liability issues of providers or service vendors.

In another variant embodiment, the TAP file is generated based on at least Inter Operator Tariffs (IOT) as well as Public Mobile Network (PMN) TAP identification codes. In cooperation with or as a standalone variant, for example, the billing management database may also be considered to include Inter Operator Tariffs (IOTs) as well as Public Mobile Network (PMN) TAP identification codes. This variant embodiment has the advantage, among other things, that the home network service provider (HPMN) can simply verify the IOT of the foreign network service provider (VPMN) in which the user is currently (roaming). As such, the VPMN may offer a discount for a particular connection, for example, and the HPMN may check that they have been applied correctly. Regardless of the currency level of VPMN or any discount program, HPMN can also simply bill each connection and / or each call according to their own tariff. Regardless of whether the user is currently located in a foreign network and / or in the home network, the possibility of determining a fee for the service can be very useful for billing the service to HPMN, for example in VPMN. Loss of certain rate reductions can be avoided. By the same token, first a certain billing plan for HPMN will thus be achieved, such as a specific fee for access to the home network and / or the user's home country and / or currency within a national community, for example Europe. Can be.

It should be emphasized here that in addition to the method according to the invention, the invention also relates to a system for carrying out this method.

1 is a block diagram schematically illustrating a method and system for authentication of a user during roaming in a heterogeneous WLAN in accordance with the present invention, wherein the mobile IP node 20 is connected to the SIM card 201 through an interface with contacts. Connected to and access the WLAN's access points 21, 22 by means of a wireless connection 48, the WLAN's access server 23 being the SIM card at the VLR 37 and / or HLR 37 of the GSM mobile wireless network. Authenticate the mobile IP node 20 based on the IMSI stored in 201.

FIG. 2 is a block diagram schematically illustrating a method and system for authentication of a user during roaming in a heterogeneous WLAN according to the present invention, wherein the mobile IP node 20 is connected to the SIM card 201 via an interface with contacts. Connected to and access the WLAN by a wireless connection 48, which is connected to the GSM mobile wireless network, in particular the HLR 37 and / or the VLR 37, via an access server 23, and GRX (GRX: GPRS). It is connected to a Gateway GPRS Support Node (GGSN) 50 via a Roaming eXchange (51) module, and via an Internet service provider 52, via a clearing system 53 for billing of acquired services, and also clearing. Connected to the corresponding billing system 55 of the Internet service provider 52 via the system operator 54.

FIG. 3 is a block diagram schematically illustrating a method and system for seamless roaming in a heterogeneous WLAN according to the present invention, where the interface 371 for authentication and the interface for SS7 are provided by the method and system according to the present invention. 372, through the interface 531 for service authorization and the interface 532 for billing, the open IP world is connected to a more limited GSM world.

4 is a block diagram schematically illustrating the setup of an IEEE 802.1x port-based authentication method, wherein the requestor or remote access client 20 authenticates at the authentication server 23 via the authenticator or remote access server 21. WLAN is based on IEEE 802.11.

FIG. 5 is a block diagram schematically illustrating a variant embodiment for SIM authentication with Extensible Authentication Protocol (EAP), where a GSM-based challenge-response method is used.

FIG. 6 is a block diagram schematically illustrating a structure for billing (billing and charging) and recording of a service in a mixed environment of GSM networks 63 and 64 and / or a fixed network (PSTN) according to the state of the art. 6 illustrates the role of the TAP protocol during GSM billing and charging between different network service providers 61, 62, 63, 64.

FIG. 7 schematically illustrates a structure for billing (billing and charging) and recording of a service between a GSM home network service provider 80 and a GSM foreign network service provider 81 according to the state of the art using the TAP protocol. Block diagram.

FIG. 8 is a block diagram schematically illustrating a method and system for charging and billing or recording a service during roaming of a mobile IP node 20 in a heterogeneous WLAN in accordance with the present invention, and thus from access servers 23 and 1001. FIG. A first call detail record is sent to billing module 1003, a second call detail record is sent from proxy server to proxy module 1002, and provider 1008 of fixed network 1007 by clearing module 1004. The service obtained from the system is billed (1016), and / or a TAP file 1017 is sent to the service provider 1006 for billing to the GSM 1005.

1 illustrates an architecture that can be used to achieve the authentication of the present invention. 1 is a block diagram schematically illustrating a method and system for authentication of a user during roaming in a heterogeneous WLAN. Reference numeral 20 in FIG. 1 relates to a mobile IP node having the necessary infrastructure, including hardware and software components that can be used arbitrarily to achieve the method and / or system described in accordance with the present invention. The mobile node 20 may be all so-called Customer Premise Equipment (CPE), among other things provided for use at various network locations and / or in various networks. These include all IP-enabled devices such as PDAs, mobile cordless phones and laptops, for example. The mobile CPE or node 20 also has one or more different physical network interfaces that can support a plurality of different network standards. The physical network interfaces of mobile nodes are, for example, Wireless Local Area Network (WLAN), Bluetooth, Global System for Mobile Communication (GSM), Generalized Packet Radio Service (GPRS), Unstructured Supplementary Services Data (USSD), Universal Mobile (UMTS) Telecommunications System) and / or an interface to Ethernet or another wired LAN (Local Area Network). Thus, reference numeral 48 is for example a mobile wireless network, for example IEEE wireless 802.1, for example including a Bluetooth network, GSM and / or UMTS, etc. for installation in a roofed-over area. A wireless LAN based on x, also a wired LAN, ie a local heterogeneous network, in particular a heterogeneous network such as a Public Switched Telephone Network (PSTN). In principle, when the features according to the invention are presented, the method and / or system according to the invention can be achieved with a given LAN, without regard to a particular network standard. The interface 202 of the mobile IP node may not only be a packet-switched interface when used directly by a network protocol such as Ethernet or Token Ring, but also a Point to Point Protocol (PPP), Serial Line Internet (SLIP). It may also be a circuit-switched interface that can be used with a protocol such as Protocol (GPRS) or Generalized Packet Radio Service (GPRS), ie an interface that does not have a network address such as, for example, a MAC or DLC address. As partly mentioned, for instance with a particular short message (e.g., Short Message Services (SMS), Enhanced Message Services (EMS)), over a LAN, or e.g., Unstructured Supplementary Services Through signaling channels such as Data or other technologies such as Mobile Execution Environment (MExE), Generalized Packet Radio Service (GPRS), Wireless Application Protocol (WAP) or Universal Mobile Telecommunications System (UMTS), or via IEEE wireless 802.1x, or Communication may take place over another user information channel. The mobile IP node 20 may include a mobile IP module and / or an IPsec module. The primary task of mobile IP involves rerouting the IP packet with mobile node 20 as the authentication and destination address of IP node 20 in the IP network. For additional mobile IP specifications, see also the Internet Engineering Task Force (IETF) RFC2002, IEEE Comm. See Vol. 35 No. 5 1997 et al. Mobile IP specifically supports IPv6 and IPv4. Mobile IP functionality may be preferably combined with the security mechanism of the IP security protocol (IPsec) module to ensure secure mobile data management on the public Internet. IP security protocol (IPsec) generates a packet- or socket-method authentication / confidence mechanism between network hubs using IPsec. One of the flexibility of IPsec is that in particular it can be configured not only packet-based but also for individual sockets. IPsec supports IPvx, in particular IPv6 and IPv4. For the sake of detail, the IPsec-specification is described, for example, in Pete Loshin: IP Security Architecture; Morgan Kaufmann Publishers; 11/1999 or A Technical Guide to IPsec; James S et al .; CRC Press, LLC; 12/2000, and the like. Although IPsec has been used as an example in describing the use of security protocols in relation to IP levels in this embodiment, all other security protocols or security mechanisms may be possible, or even omission of security protocols, in accordance with the present invention. .

In addition, via an interface with contacts, the mobile IP node 20 is connected to a Subscriber Identity Module (SIM) card 201 in which an international mobile subscriber identity (IMSI) of a GSM network user is stored. For authentication, the mobile IP node 20 requires access points 21 and 22 to access the WLAN via the air interface 202 within the basic service area of the WLAN. As mentioned above, different WLANs of different hot spots may employ heterogeneous network standards and protocols such as WLAN, Bluetooth, etc., for example, based on IEEE wireless 802.1x. The basic service area of the WLAN includes one or more access points 21, 22 assigned to the access server 23. The mobile IP node 20 transmits the IMSI stored in the SIM card 201 of the mobile IP node 20 to the access server 23 according to the request of the access server 23. The IMSI of the mobile IP node 20 is stored using the SIM-RADIUS module 30. Based on the IMSI, the logical IP data channel of the WLAN is supplemented in a user-specific manner for the GSM data corresponding to the data channel and signal of the GSM network using the information stored in the SIM user database 34. The GSM system includes a so-called traffic channel which is a data channel and a so-called signaling channel which is a control signal channel. Traffic channels (e.g., TCH / FS, TCH / HS, TCH / F9,6 / 4.8 / 2.4 and TCH / H4.8 / 2.4, etc.) are reserved for user data, while signaling channels (e.g., Common Control Channels (CCCH), Random Access Channels (RACH), Dedicated Control Channels (DCCH), Cell Broadcast Channel (CBCH, etc.) are used for network management and control functions. Logical channels cannot be used simultaneously through the interface, but can only be used in some combination according to the GSM specification. By the SIM gateway module 32, the Mobile Application Part of the SS7 / MAP function (Signaling System 7 (SS7) / GSM standard of the International Telecommunications Union (ITU) required for performing authentication of an IP node based on GSM data )) And the SIM-RADIUS module 30 is created by the SIM user database 34 and the SIM gateway module 32 based on the IMSI of the SIM card 201 of the mobile node 20 based on the VLR of the GSM network. (Visitor Location Register) 37 and / or HLR (Home Location Register) 37 performs authentication of the mobile IP node. ITU's SS7 communication protocol is used for so-called out-of-band signaling where Service Switching Points (SSPs), Signal Transfer Points (STPs) and Service Control Points (SCPs) (also frequently designated as SS7 nodes) are used. Characterized by high speed line switching accordingly. Out-of-band signaling is signal transmission in which the same data channel is not used for data transmission or voice transmission. To this end, a separate digital channel (signal channel) is created, through which signals can be transmitted between two network components, typically at 56 or 64 Kbits / s. SS7 architecture is understood so that each network component (node) can exchange signals with any other SS7-capable node, although not directly connected to each other.

As shown in Fig. 5, authentication of the mobile IP node 20 may be performed by Extensible Authentication Protocol (EAP). For example, the following challenge-response method may be adopted for an EAP-based method for assigning a session key to a user by a GSM Subscriber Identity Module (SIM) and for authenticating the user. The authentication algorithm of the SIM card provides a 128-bit random number (RAND) as a challenge. Then, a specific confidentiality algorithm for the individual operator is executed on the SIM card which receives as input a random number (RAND) and a secret key (Ki) stored on the SIM card, from which the 32-bit response (SRES) and 64-bit key are derived. Generate (Kc). Kc encodes data transmissions over the air interface (GSM Technical Specification GSM 03.20 (ETS 300 534): "Digital cellular telecommunication system (Phase 2); Security related network functions", European Telecommunications Standards Institute (ETSI), August 1997). Play a role. For authentication, multiple RAND attempts are used to generate multiple 64-bit keys (Kc). These Kc keys are coupled to longer session keys. Fig. 4 schematically shows the setup between the mobile IP node 20, the access point 21 and the access server 23 in the IEEE 802.1x port-based authentication method, where the mobile IP node 20 (remote access) The client / requester is authenticated at the access server 23 (authentication server) via the access point 21 (authenticator). In this embodiment, the WLAN is based on IEEE802.11. In order to perform GSM authentication, SIM gateway module 32 is configured with an Internet Authentication Service (IAS) server network and GSM authentication infrastructure, i.e., access points 21 and 22 or access server 23 and HLR 37 or VLR ( 37) serves as a gateway between. At the beginning of EAP / SIM authentication, the access server 23 uses the first EAP request 1 from the mobile IP node 20 via the access points 21, 22, in particular the user's International Mobile Subscriber. Requires identity. It is sent by the mobile IP node to the access points 21, 22 via an EAP response 2. In accordance with the triplet request from the VLR 37 or the HLR 37, the access server 23 receives the n GSM triplet with IMSI. Based on the triplet, the access server 23 can receive not only the session key but also the message authentication code for n ^* NAND and the lifetime for the key (with MAC_RAND). In a third EAP step 3, the access server 23 then sends an EAP request of type 18 (SIM) to the mobile IP node 20, for example, and receives a corresponding EAP response 4. The EAP data packet of the SIM type additionally has a specific subtype field. The first EAP request / SIM is subtype 1 (start). This packet contains a list of EAP / SIM protocol version numbers supported by the access server 23. EAP Response / SIM 4 (see FIG. 5) of the mobile IP node 20 receives the version number selected by the mobile IP node 20. The mobile IP node 20 must select a version number specific to the EAP request. The EAP response / SIM (start) of the mobile IP node 20 also includes lifetime implications and random numbers (NONCE_MT) for the keys, which were generated by the mobile IP node. All subsequent EAP requests contain the same version as the EAP Response / SIM (Start) data packet of the mobile IP node 20. As discussed above, to perform GSM authentication, this variant embodiment includes a SIM gateway module 32 that acts as a gateway between the access server 23 and the HLR 37 or VLR 37. After receiving the EAP response / SIM, the access server 23 receives the n GSM triplet from the HLR / VLR 37 of the GSM network. From the triplet, the access server 23 calculates MAC_RAND and session key K. The calculation of the message authentication code (MAC_RAND) and the encryption value of MAC_SRES and SIM-generated session key (K) is described, for example, in the document "HMAC: Keyed-Hashing for Message Authentication" by H. Krawczyk, M. Bellar and R. Canetti ( RFC2104, Feb. 1997). The next EAP request 5 (see Fig. 5) of the access server 23 is a type SIM and a subtype attempt. The request 5 includes the RAND attempt, the lifetime of the key determined by the access server 23, and the message authentication code (MAC_RAND) for the challenge and lifetime. After receipt of the EAP request / SIM 5, the GSM authentication algorithm 6 is executed in the SIM card and calculates a copy of MAC_RAND. The mobile IP node 20 checks whether the calculated value of MAC_RAND is equal to the received value of MAC_RAND. If the two values do not match, the mobile IP node 20 stops the authentication method and does not transmit any authentication value calculated by the SIM card to the network. Since the RAND value is received with the message authentication code (MAC_RAND), the mobile IP node 20 can guarantee that the RAND is new and generated by the GSM network. If all the checks are correct, the mobile IP node 20 sends an EAP response / SIM 7 which includes the MAC_SRES of the mobile IP node 20 as a response. The access server 23 checks whether the MAC_SRES is correct, and finally sends an EAP Success Data Packet 8 (see Fig. 5) indicating that authentication of the mobile IP node 20 succeeded. The access server 23 may additionally send the received session key with the authentication report (EAP success) to the access points 21, 22. In the case of successful authentication, a location update is performed at the HLR 37 and / or the VLR 37, and the mobile IP node 20 receives a corresponding entry in the customer database of the access server and sends a message to the mobile IP node 20. Usage of the WLAN is released. As mentioned above, this has the advantage of enabling automatic roaming among different heterogeneous WLANs, among others. The combination of GSM technology and, in particular, WLAN technology in IP networks, enables roaming of users without the need for registration, billing, service authorization, etc. with individual WLAN service providers, i.e., users can use mobile radios such as GSM for example. As you get used to the technology, you will enjoy the same convenience. At the same time, it is possible to combine the benefits of the open IP world (such as access to the global Internet) and the benefits of the GSM standard (security, billing, service authorization, etc.) in a completely new way. The invention also enables a roaming method in a WLAN without the need to install a corresponding module in each access server. Alternatively, by using RADIUS, the infrastructure (WLAN / GSM) may not be changed.

2 and 3 show how to open through interface 371 for authentication and interface 372 for SS7, interface 531 for service authorization and interface 532 for billing in the method and system according to the present invention. A block diagram schematically illustrating whether the IP world 57 is connected to a more limited GSM world 58. As such, reference numeral 38 represents a different mobile wireless network service provider with an assigned HLR / VLR 37. As a variant, it is possible for the data stream of the mobile IP node 20 to be transmitted from the access points 21 and 22 via the mobile wireless network service provider 38 during access to the WLAN. This allows the mobile wireless network service provider 38 to approve user-specific service authorizations for different service users based on authentication by IMSI and / or to perform user-specific billing of acquired services. However, service authorization may be performed directly by the module 214, for example, at the access points 21, 22. In addition, in the case of FIG. 2, the mobile IP node 20 is connected to the SIM card 201 through an interface having a contact, and accesses the WLAN by a wireless connection 48. The WLAN is connected to the GSM mobile wireless network, in particular the HLR 37 and / or the VLR 37, via the access server 23 and through the Gateway GPRS Support Node (GGSN) via the GPRS Roaming eXchange (GRX) module 51. 50), the Internet service provider 52 and the clearing system 53 for billing of the acquired service.

In an embodiment that extends from the above-described embodiment, the SIM user database 34 includes a synchronization database 36 and a synchronization module 35 to change or delete a user dataset existing during authentication or to insert a new user dataset. , The comparison of the databases 34, 36 is performed periodically, and / or initiated via a change in the synchronous database 36 and / or through the disturbance of the SIM user database 34. The synchronization module 35 and the synchronization database 36 may be achieved through hardware or via software as discrete network components such as, for example, discrete IP nodes and / or GSM components, such as other components in accordance with the present invention. Or may be assigned to and / or composed of another system component. In this variant embodiment, the mobile wireless network service provider 38 changes or deletes existing user datasets in the same manner as in the previous user database, i.e. without having to purchase or maintain additional systems or new users. Inserting a dataset can be handled.

FIG. 6 is a block diagram schematically illustrating a structure for billing (billing and charging) and recording of a service in a mixed environment of GSM networks 63 and 64 and / or a fixed network (PSTN) according to the state of the art. Meanwhile, FIG. 7 schematically illustrates a structure for billing (billing and charging) and recording of a service between a GSM home network service provider 80 and a GSM foreign network service provider 81 according to the latest technology using the TAP protocol. The block diagram shown. Recently, the so-called Transfer Account Account Interchange Group (TAP) protocol of the TADIG (TADIG) of the GSM Association is known for billing and billing of services acquired by mobile units in GSM networks. In Fig. 6, reference numerals 61 and 62 denote fixed network service providers (PSTN / ISDN). Reference numeral 70 denotes normal billing and charging of fixed network calls between modern fixed network service providers. Reference numeral 71 denotes billing and charging between different GSM mobile wireless network service providers 63, 64 by the TAP protocol. Reference numeral 72 denotes the wholesale billing described above, while reference numeral 73 denotes the retail billing. Reference numerals 65 and 66 denote GSM service providers. Thus, users 57, 58 are billed by wholesale billing 72 via service provider 65, 66 or by retail billing 73 via GSM mobile wireless network service provider 63, 64. Billed directly. 7 shows a possible data exchange between two network operators 80, 81 based on TAP. Call details 813 by a user 90 located in a foreign network (VPLMN) Visited Public Land-based Mobile Network (VPLMN) 81, 902 are registered in the Mobile Switching Center (MSC) 812 of the network 81. . Thus, each call generates one or more call records 813. Although many providers use their own formats, the GSM standard for these records is defined in GSM 12.05. For billing, the call record 813 of the MSC 812 is sent to the billing system 811 of the VPLMN 81. These call records 813 are then converted to TAP format 814 and assigned to individual users 90. Within the last 36 hours, the TAP record 814 is sent to the individual mobile wireless network service provider 801 of the home network 80. The TAP file 814 additionally includes information about benefits or discount plans, all additional bilateral agreements, and an Inter Operator Tariff (IOT). TAP records are more generally transmitted either directly or through billing points such as, for example, clearing houses. When the home network operator (HPMN) 801 receives the TAP record 814 from the VPLMN 811, the TAP record is converted into the corresponding internal format 802, and the user is prompted by the home network 80. Billed together with the normal call record of user 90, In the case of wholesale billing, where the service provider 82 bills the charges incurred by the user 90 (901), the HPMN 801 may in particular rebill the call according to its own tariff, for example the user The record 802 is sent to the service provider 82 which generates 821 the bill 83 according to the call details for 90. In this way, as a result, the user 90 is always billed through the HPMN 801.

8 is a block diagram schematically illustrating a method and system for billing and recording of a service during roaming of a mobile IP node 20 in a heterogeneous WLAN according to the present invention, where the mobile IP node 20 is a basic service of the WLAN. The access points 21 and 22 of the WLAN are accessed via the air interface within the area. The basic service area of the WLAN includes one or more access points 21, 22 assigned to the access servers 23, 1001. Through the individual access points 21, 22, the mobile IP node 20 connects to the access server 23, 1001 to the SIM card 201 of the mobile IP node 20 according to the request 23, 1001 of the access server. Send the stored IMSI. IMSI of IP node 20 is stored in database 31 of SIM-RADIUS module 30. By means of the SIM user database 34 and the SIM gateway module 32, the SIM-RADIUS module 30 uses the logical IP data channel of the WLAN in a user-specific manner for GSM data corresponding to the data channel and signal of the GSM network. Replenish By supplementing the signal and data channels, the HLR 37 and / or VLR of the GSM network (based on the IMSI of the SIM card 201 of the mobile node 20, as shown in Figs. At 37) authentication and / or service authorization of the mobile IP node 20 is executed. For billing and billing, billing module 1003 accesses access servers 23 and 1001 by billing gateway interface 1031. Via billing gateway interface 1031, a first call detail record of mobile IP node 20 is transmitted from access server 23, 1001 to billing module 1003. Billing module 1003 includes an assigned software and / or hardware-achieving module, whereby it can obtain CDR files from access servers 23, 1001 via billing gateway interface 1031, and bill CDR files. And transmit to module 1003 and / or proxy module 1002. For example, downloads occur periodically, such as daily and / or as required by access servers 23 and 1001 and / or as required by billing module 1003 and / or as required by proxy module 1002. Can be. This first call detail record may be specified in billing module 1003 with, for example, a file application identifier defined. The first call detail record may include, for example, SIM-based authentication information. The SIM-based authentication information includes not only the so-called transmission cut-off time stamps (e.g., as defined in GSM PRD TD.57 for example), but also the file number and hot spot ID for the sequence of acquired files. Can be. To enable simple access to the access server, the CDRs may be stored on the access server, for example, in three different directories. For example, a directory with open files (i.e. files that are still to be changed), directories with files that are actually closed (i.e. no longer changed) but marked as not sent, and finally closed and ready to be sent. The directory containing the file. The billing gateway interface 1031 includes an assigned billing management database 1032 having a configuration profile of each access server 23, 1001. This means that the billing module 23, 1001 can obtain the communication profile for the predetermined access server 23, 1001 of the hot spot from the billing management database 1032. The billing management database 1032 includes all necessary profiles and operational configurations required for data exchange and operation in the GSM service provider 1006, WLAN service provider and hot spots. Billing management database 1032 may include, in particular, the GSM identification and / or IP address of the service provider and / or user, for example. In particular, based on information from the billing management database 1032, a billing command (total amount, etc.) for a CDR (IP address, etc.), a TAP file (PMN code (Public Mobile Network Identification Code), IOTs), a WLAN service provider, etc. ) And hot spot authorization (signaling, etc.) for the GSM service provider. As a variant embodiment, in particular an automatic update method for the billing management database by the signaling gateway module may be considered. This update method enables consistent current authentication and / or authorization of billing module 1003 to various access servers 1001. In addition, a second call detail record of the mobile IP node 20 is sent to the proxy module 1002, where the proxy module 1002 is at least the provider and / or duration and / or mobile IP of the acquired service. Capture the identification of node 20 and send it to billing module 1003 (1012). The download can be generated by the aforementioned module achieved via software and / or hardware, which module can obtain CDR files from the access servers 23, 1001 via the billing gateway interface 1031, and the CDR files May be sent to the billing module 1003 and / or the proxy module 1002. For example, downloads occur periodically, such as daily and / or as required by access servers 23 and 1001 and / or as required by proxy module 1002 and / or as required by billing module 1003. Can be. The second call detail record may be generated, for example, based on the identification of the service provider having at least the IP address of the mobile IP node and the service obtained by the mobile node. This means that the first call detail record of the mobile IP node sent from the access server to the billing module is generated, among other things, SIM-based, while the second call detail record sent from the access server to the proxy module is for example RADIUS information. It is created on the basis of IP-based. Data from the second CDR is required for billing and clearing, among other things, of the services of WLAN service providers and users. The billing module 1003 generates a TAP file 1014 corresponding to the obtained service, and transmits the TAP file to the clearing module 1004 together with the billing command 1013. This means that the incoming IMSI-certified CDRs are each converted to TAP format. The TAP file may also be generated based on, for example, an Inter Operator Tariff (IOT) as well as a Public Mobile Network (PMN) TAP identification code. In cooperation with or as a stand-alone variant, for example, the billing management database may also be considered to include an Inter Operator Tariff (IOT) as well as a Public Mobile Network (PMN) TAP identification code. Billing command 1013 includes at least user-specific and / or service-provider-specific billing data. The clearing module 1004 may bill the service obtained by the user 1008 to the provider 1008 of the fixed network 1007 and / or 1016, or may use the GSM 1005 service provider for billing (1016). 1006) may transmit the TAP file 1017. It is mentioned that all modules and / or network components according to the invention can be achieved via hardware as well as through software. In addition, data streams of the mobile IP node 20 may be transmitted from the access points 21 and 22 through the mobile wireless network service provider during access to the WLAN. Accordingly, the mobile wireless network service provider can gain complete control over the data flow of the user. In this way, the mobile wireless network service provider can also provide service authorization, especially to the IP world, perform detailed billing, and integrate security mechanisms. Among other things, mobile wireless network service providers can thus combine the uncontrollable open IP world, including the Internet, with the benefits of the GSM world. This is especially important in recent years, for example with regard to accountability issues of providers or service vendors.

Claims (18)

A computer-use method for billing and recording of a service during roaming of a mobile IP node in a heterogeneous WLAN, A mobile IP node accesses an access point via a wireless interface within a basic service area of a WLAN, the basic service area of the WLAN includes one or more access points assigned to an access server, and the mobile IP node includes the access point. According to the request of the server, IMSI stored in the SIM card of the mobile IP node is transmitted to the access server, the IMSI of the mobile IP node is stored in the database of the SIM-RADIUS module, By means of a SIM user database and a SIM gateway module, the SIM-RADIUS module supplements the logical IP data channel of the WLAN in a user-specific manner with respect to GSM data corresponding to the data channel and signal of a GSM network, and the mobile IP node. Authentication and service authorization of the is performed on the HLR and VLR of the GSM network based on the IMSI of the SIM card of the mobile IP node, By a billing gateway interface, a billing module accesses the access server, a first call detail record of the mobile IP node is sent from the access server to the billing module, and the billing gateway interface is configured to configure the configuration profile of each access server. Has an assigned billing management database, The second call detail record of the mobile IP node is sent to a proxy module, which captures at least the provider and duration of the acquired service and the identification of the mobile IP node, and sends it to the billing module. Send, The billing module generates a TAP file corresponding to the obtained service based on the data of the proxy module and the first call detail record, and transmits the TAP file to the clearing module together with the billing command. At least user-specific and service-provider-specific billing data, wherein the clearing module bills a service obtained by the user to a provider of a fixed network, and the TAP file to a GSM service provider for billing. To transmit Computer-use method for billing and recording of services during roaming of mobile IP nodes in a heterogeneous WLAN. The method of claim 1, The first call detail record is generated based at least on an IP address of the mobile IP node and an identification of the service provider having a service obtained by the mobile IP node. Computer-use method for billing and recording of services during roaming of mobile IP nodes in a heterogeneous WLAN. The method according to claim 1 or 2, The data stream of the mobile IP node is transmitted from the access point through a mobile wireless network service provider during access to the WLAN. Computer-use method for billing and recording of services during roaming of mobile IP nodes in a heterogeneous WLAN. The method according to claim 1 or 2, The TAP file is generated based on at least Inter Operator Tariffs (IOT) and Public Mobile Network (PMN) TAP identification codes. Computer-use method for billing and recording of services during roaming of mobile IP nodes in a heterogeneous WLAN. The method according to claim 1 or 2, The billing management database includes GSM identification and IP addresses of service providers and users. Computer-use method for billing and recording of services during roaming of mobile IP nodes in a heterogeneous WLAN. The method according to claim 1 or 2, The billing management database includes Inter Operator Tariffs (IOT) and Public Mobile Network (PMN) TAP identification codes. Computer-use method for billing and recording of services during roaming of mobile IP nodes in a heterogeneous WLAN. The method according to claim 1 or 2, The SIM-based second call detail record of the mobile IP node is sent from the access server to the billing module, and the IP-based first call detail record is sent from the access server to the proxy module. Computer-use method for billing and recording of services during roaming of mobile IP nodes in a heterogeneous WLAN. A system for billing and recording of services during roaming of mobile IP nodes in heterogeneous WLANs, The system includes at least one WLAN each having a basic service area, wherein the basic service area of the WLAN includes one or more access points assigned to an access server, the access point communicating with the mobile IP node. A wireless interface for the mobile IP node to include a SIM card for storing IMSI, The access server comprises a SIM-RADIUS module, a SIM user database and a SIM gateway module to supplement the WLAN's logical IP data channel in a user-specific manner with respect to GSM data corresponding to the data channel and signal of the GSM network. The authentication and service authorization of the mobile IP node are executed in the HLR and VLR of the GSM network based on the IMSI of the SIM card of the mobile IP node, The access server may include a billing module having a billing gateway interface for access to the access server, the first call detail record of the mobile IP node may be transmitted from the access server to the billing module, and the billing gateway The interface includes an assigned billing management database having the configuration of an individual access server, By the proxy module, a second call detail record of the mobile IP node may be downloaded from the access server, and at least the provider, duration and identification of the mobile IP node of the service obtained by the proxy module are captured. Can be sent to the billing module, By the billing module, a TAP file corresponding to the obtained service can be generated, and the TAP file can be sent with the billing command to the clearing module, the billing command being at least user-specific and service-provider- Containing specific billing data System for billing and recording of services during roaming of mobile IP nodes in heterogeneous WLANs. The method of claim 8, By the access server, the second call detail record may be generated based on at least an IP address of the mobile IP node and an identification of the service provider having a service obtained by the mobile IP node. System for billing and recording of services during roaming of mobile IP nodes in heterogeneous WLANs. The method according to claim 8 or 9, The data stream of the mobile IP node is transmitted from the access point through a mobile wireless network service provider during access to the WLAN. System for billing and recording of services during roaming of mobile IP nodes in heterogeneous WLANs. The method according to claim 8 or 9, The TAP file includes at least information about Inter Operator Tariffs (IOT) and Public Mobile Network (PMN) TAP identification codes. System for billing and recording of services during roaming of mobile IP nodes in heterogeneous WLANs. The method according to claim 8 or 9, The billing management database includes GSM identification and IP address of the service provider and the user. System for billing and recording of services during roaming of mobile IP nodes in heterogeneous WLANs. The method according to claim 8 or 9, The billing management database includes Inter Operator Tariffs (IOT) and Public Mobile Network (PMN) TAP identification codes. System for billing and recording of services during roaming of mobile IP nodes in heterogeneous WLANs. The method according to claim 8 or 9, The SIM-based first call detail record of the mobile IP node is sent from the access server to the billing module, and the IP-based second call detail record is sent from the access server to the proxy module. System for billing and recording of services during roaming of mobile IP nodes in heterogeneous WLANs. A computer-use method for billing and recording of a service during roaming of a mobile IP node in a heterogeneous WLAN, A mobile IP node accesses an access point via a wireless interface within a basic service area of a WLAN, the basic service area of the WLAN includes one or more access points assigned to an access server, and the mobile IP node includes the access point. According to the request of the server, IMSI stored in the SIM card of the mobile IP node is transmitted to the access server, the IMSI of the mobile IP node is stored in the database of the SIM-RADIUS module, By means of a SIM user database and a SIM gateway module, the SIM-RADIUS module supplements the logical IP data channel of the WLAN in a user-specific manner with respect to GSM data corresponding to the data channel and signal of a GSM network, and the mobile IP node. Authentication or service authorization of the is performed on the HLR or VLR of the GSM network based on the IMSI of the SIM card of the mobile IP node, By a billing gateway interface, a billing module accesses the access server, a first call detail record of the mobile IP node is sent from the access server to the billing module, and the billing gateway interface is configured to configure the configuration profile of each access server. Has an assigned billing management database, A second call detail record of the mobile IP node is sent to the proxy module, which captures at least the provider or duration of the acquired service or the identification of the mobile IP node and sends it to the billing module. Send, The billing module generates a TAP file corresponding to the obtained service based on the data of the proxy module and the first call detail record, and transmits the TAP file to the clearing module together with the billing command. At least user-specific or service-provider-specific billing data, wherein the clearing module bills a service obtained by the user to a provider of a fixed network, or the TAP file to a GSM service provider for billing To transmit Computer-use method for billing and recording of services during roaming of mobile IP nodes in a heterogeneous WLAN. The method according to claim 1 or 2, The billing management database includes a GSM identification or IP address of a service provider or user. Computer-use method for billing and recording of services during roaming of mobile IP nodes in a heterogeneous WLAN. A system for billing and recording of services during roaming of mobile IP nodes in heterogeneous WLANs, The system includes at least one WLAN each having a basic service area, wherein the basic service area of the WLAN includes one or more access points assigned to an access server, the access point communicating with the mobile IP node. A wireless interface for the mobile IP node to include a SIM card for storing IMSI, The access server comprises a SIM-RADIUS module, a SIM user database and a SIM gateway module to supplement the WLAN's logical IP data channel in a user-specific manner with respect to GSM data corresponding to the data channel and signal of the GSM network. The authentication or service authorization of the mobile IP node is performed in the HLR or VLR of the GSM network based on the IMSI of the SIM card of the mobile IP node, The access server may include a billing module having a billing gateway interface for access to the access server, the first call detail record of the mobile IP node may be transmitted from the access server to the billing module, and the billing gateway The interface includes an assigned billing management database having the configuration of an individual access server, By the proxy module, a second call detail record of the mobile IP node may be downloaded from the access server, and at least the provider, duration and identification of the mobile IP node of the service obtained by the proxy module are captured. Can be sent to the billing module, By the billing module, a TAP file corresponding to the obtained service can be generated, and the TAP file can be sent with the billing command to the clearing module, wherein the billing command is at least user-specific or service-provider- Containing specific billing data System for billing and recording of services during roaming of mobile IP nodes in heterogeneous WLANs. The method according to claim 8 or 9, The billing management database includes a GSM identification or IP address of the service provider or the user. A system for billing and recording of services during roaming of mobile IP nodes in heterogeneous WLANs.

Images