[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2006079953A1 - Authentication method and device for use in wireless communication system - Google Patents

Authentication method and device for use in wireless communication system Download PDF

Info

Publication number
WO2006079953A1
WO2006079953A1 PCT/IB2006/050213 IB2006050213W WO2006079953A1 WO 2006079953 A1 WO2006079953 A1 WO 2006079953A1 IB 2006050213 W IB2006050213 W IB 2006050213W WO 2006079953 A1 WO2006079953 A1 WO 2006079953A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
wireless communication
communication network
mobile terminal
network
Prior art date
Application number
PCT/IB2006/050213
Other languages
French (fr)
Inventor
Xiaohui Jin
Xiaoling Shao
Bo Liu
Robert James Davies
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Publication of WO2006079953A1 publication Critical patent/WO2006079953A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the present invention relates to wireless communication system, and more particularly to an authentication method and device for use in wireless communication system.
  • Wireless local area network (WLAN) technology and cellular network technology are complementary wireless communication network technologies. The complementarity of them is mainly shown as: WLAN is able to provide high-speed data services over a relatively small coverage range, and cellular networks, such as General Packet Radio Service (GPRS) and 3 rd -generation mobile communication network, are able to provide relatively low- speed speech and data services over a comparatively broad coverage range.
  • GPRS General Packet Radio Service
  • 3 rd -generation mobile communication network are able to provide relatively low- speed speech and data services over a comparatively broad coverage range.
  • SIM subscriber identity module
  • SIM card credential information subscriber identity information carried by a SIM card and resident in a mobile terminal so as to decide the subscriber's validity and the kind of service that can be provided to, through communication between a network and a cellular phone.
  • Authentication ensures that the network is being used by a paying customer and the call ends up with charging and generating actual revenue for the cellular operator.
  • there are two types of possible fraud a) Making "free” calls using a stolen SIM and/or equipment; and b) Making "free” calls using a clone SEVI.
  • cellular operators have set up a sophisticated fraud detection and management system. For example, cellular networks prohibit duplicate SIMs to be active simultaneously.
  • a SEVI cannot access cellular network from two different locations, such as different cells and/or MSCs access cellular networks.
  • WLAN networks can be categorized into three classes. a) Using SSID, media access control (MAC) address, and/or other specific identities compliant to the IEEE802.il standards to identify a WLAN user. b) Using username/password to authenticate a WLAN user. c) Using SIM-based information to authenticate a WLAN user.
  • SSID media access control
  • MAC media access control
  • the SIM-based authentication has inherent advantages over the first two classes.
  • SIM-based WLAN authentication methods such as EAP-SIM (Extensible Authentication Protocol-SIM), EAP ((Extensible Authentication Protocol) /AKA (Authentication and Key Agreement), SIM-based authentication over IEEE802.1x and so on.
  • EAP-SIM Extensible Authentication Protocol-SIM
  • EAP Extensible Authentication Protocol
  • AKA Authentication and Key Agreement
  • SIM-based WLAN authentication requires a SIM reader attached to the terminal device so that the authentication software can use the SIM credential.
  • MS represents mobile terminal in cellular networks and terminal device in WLAN networks for the purpose of unification.
  • Fig. 1 shows composite parts involved in the SIM-based WLAN authentication procedure.
  • the system comprises a mobile terminal 20, a wireless local area network 21 and AAA server 22.
  • the mobile terminal 20 has a SIM reader 201 and SIM 202.
  • the wireless local area network 21 has access points 211, 211', and an access controller 212.
  • the AAA server 22 includes an authentication server 221, subscriber information unit 222, and secure WLAN connection unit 223.
  • AAA server 22 has a secure connection 223 to HLR (Home Location Register) of cellular network:
  • the EAP-SIM client resident in the mobile terminal, starts the authentication process by sending the authentication request to the AAA server 22 through wireless communication link provided by the WLAN network 21.
  • the AAA server 22 issues a challenge through the wireless communication link provided by the WLAN, which is then forwarded to the SIM reader 201 by the EAP-SIM client.
  • the EAP-SIM client communicates with the SIM 202 through the SIM reader, and the SIM computes the response according to corresponding cellular authentication algorithms.
  • the EAP-SIM client forwards this response to the AAA server to check the response and provide access appropriately.
  • the WLAN operator can get the SEVI credential, which serves as identity information of users and cellular operators and wish to be reserved only by users and cellular operators. Potential risks are left if the information is known by a third party (e.g. some untrustworthy WLAN operators).
  • Peer-to-Peer wide area network connection and service level agreement are needed for all WLAN operating equipment and cellular operating equipment, otherwise some WLAN networks cannot provide services for some cellular networks' subscribers. In the case of numerous WLAN and cellular networks in a region, it is hard to establish a full-mesh network among them. If a WLAN owner only sets up service level agreement (SLA) with operator A, it cannot provide service for operator B's subscribers, which limits its revenue. Therefore, there is a need for a novel authentication method and device using wireless communication system, in order to overcome the above-described disadvantages in the prior art.
  • SLA service level agreement
  • the present invention provides a method of authentication performed in a first wireless communication network, including the steps of: (a) receiving an authentication request from a mobile terminal, said authentication request being used to request authentication for said mobile terminal and a second wireless communication network so that said mobile terminal can communicate with said second wireless communication network; (b) authenticating said mobile terminal and said second wireless communication network in accordance with said authentication request; and
  • the present invention further provides a device of authentication performed in a first wireless communication network, comprising: receiving means for receiving an authentication request from a mobile terminal, said authentication request being used to request authentication for said mobile terminal and a second wireless communication network so that said mobile terminal can communicate with said second wireless communication network; processing means for authenticating said mobile terminal and said second wireless communication network in accordance with said authentication request; and transmitting means for notifying said mobile terminal and said second wireless communication network of results from the authentication.
  • the present invention further provides a method of authentication in a mobile terminal, including the steps of:
  • the present invention further provides a device of authentication performed in a mobile terminal, comprising: communicating means for exchanging with a second wireless communication network information used for authentication; transmitting means for transmitting to a first wireless communication network an authentication request for requesting said first wireless communication network to perform authentication for said mobile terminal and said second wireless communication network, wherein said authentication request contains said information used for authentication; and receiving means for receiving authentication results from said first wireless communication network.
  • the present invention further provides a method of authentication performed in a second wireless communication network, including the steps of:
  • the present invention further provides a device of authentication operating in a second wireless communication network, comprising: communicating means for exchanging with a mobile terminal information used for authentication; processing means for cooperating with a first wireless communication network in authenticating said second wireless communication network; and receiving means for receiving notification of authentication results from said first wireless communication network.
  • cellular subscribers' SIM credential will never be transferred over the insecure WLAN radio link; WLAN owner will never get all information of cellular subscribers' SIM credential; attack from mendacious WLANs can be detected and prevented; and attack from mendacious MSs can be detected and prevented.
  • Fig. 1 is a block diagram of authentication procedure in WLAN
  • Fig. 2 shows a system used for SIM-based asymmetric authentication according to an embodiment of the present invention
  • Fig. 3 shows SIM-based asymmetric authentication according to an embodiment of the present invention.
  • Fig. 4 shows WLAN-initiated SIM-based asymmetric authentication according to an embodiment of the present invention.
  • Authentication according to the present invention employs an asymmetric authentication approach, which prevents the transfer of cellular subscribers' identity information (e.g. SIM credential) on the insecure WLAN radio link.
  • identity information e.g. SIM credential
  • a SIM-based asymmetric authentication approach is proposed.
  • wireless overlay network cellular networks have stronger and more mature security property than WLAN networks.
  • cellular networks have a very successful business operating mode characterized in larger coverage, stronger roaming function, mature AAA (Authentication, Authority, Accounting) systems, and large numbers of subscribers.
  • AAA Authentication, Authority, Accounting
  • cellular network always play dominating roles during the cooperation with other networks.
  • WLAN owners usually called as WISPs (Wireless Internet Service Provider)
  • WISPs Wireless Internet Service Provider
  • the approach proposed in the present invention utilizes cellular networks' secure channel, existing authentication and accounting system, to provide secure authentication for WLAN networks.
  • SIM credential refers to some credential information stored in SIM card and used to identify subscriber's identity during network communication. If someone's SIM credential is leaked to other person, it is possible to masquerade this subscriber without being detected by the network.
  • mobile station communicates with the WLAN to exchange WLAN information and part of the MS's information between the MS and the WLAN, the part of the MS's information being limited to prevent computing out the MS's credential information; next, the MS transmits authentication notification to an authentication server of the cellular network so as to notify the MS of the request for authentication in the WLAN, the authentication notification containing the MS's information and WLAN information; afterwards, the authentication server of the cellular network communicates with the MS and the WLAN and verifies the MS and the WLAN; then, having verified the MS and the WLAN, the authentication server notifies the WLAN of accepting the authentication request of the MS; and lastly, after the notification by the authentication server, the WLAN confirms the authentication request of the MS.
  • MS mobile station
  • Fig. 2 shows a system used for SEVI-based asymmetric authentication according to an embodiment of the present invention. As shown in Fig. 2, there are defined four network units.
  • Mobile terminal 30, which is able to access cellular network 31 and WLAN network 33, and comprises an authentication- aid module 301 for accomplishing the asymmetric authentication for the WLAN network.
  • the authentication- aid module 301 comprises: communicating means for exchanging information used for authentication with the WLAN network, transmitting means for transmitting to the cellular network 31 an authentication request for requesting the cellular network 31 to authenticate the mobile terminal 30 and the WLAN network 33, and receiving means for receiving authentication results from the cellular network 31.
  • Cellular network 31 can be existing cellular mobile network, such as GSM network, besides the following enhanced authentication server 311.
  • the authentication server 311 comprises: receiving means for receiving an authentication request from mobile terminal 30, processing means for authenticating the mobile terminal 30 and WLAN network 33 in accordance with said authentication request, and transmitting means for notifying the mobile terminal 30 and the WLAN network 33 of authentication results.
  • WLAN network 33 refers to networks, which are compliant to the IEEE802.il standards, except for the following authenticator 331.
  • the authenticator 331 comprises: communicating means for exchange information used for authentication with mobile terminal 30, processing means for cooperating with cellular network 31 in authenticating the WLAN network 33, and receiving means for receiving notification of authentication results from the cellular network.
  • Transmission network (Cloud) 32 which provides inter-connection between authentication server 311 and authenticator 331, can be dedicated channel or public Internet using RADIUS, DIAMETER or other protocols.
  • the authentication server 311 of the cellular network 31 can authenticate MS's identity utilizing SIM credential of MS 30 and appropriate algorithms. Besides the conventional authentication functions, the authentication server 311 can also communicate with the authenticator 331 of the WLAN network 33 to verify identity of the MS 30.
  • the authenticator 331 of the WLAN network 33 can communicate with the authentication server 311 of the home cellular network 31 of the MS 30 to exchange identity application and information of the MS 30.
  • symmetrical authentication authentication information is transferred between MS 30 and cellular network 31 when the MS 30 wants to be authenticated in the cellular network 31, or between the MS 30 and WLAN network 33 when the MS 30 wants to be authenticated in the WLAN network 33.
  • symmetrical authentication in symmetrical authentication, authentication information is transferred between MS 30 and cellular network 31 when the MS 30 wants to be authenticated in the cellular network 31, or between the MS 30 and WLAN network 33 when the MS 30 wants to be authenticated in the WLAN network 33.
  • the MS 30 Having been authenticated by the cellular network 31, the MS 30 communicates with its corresponding node through the cellular network 31.
  • Step S40 After detecting an available WLAN network 33, the MS 30 communicates with or monitors the WLAN to get necessary identification information, such as the WLAN's ID and address.
  • This WLAN identification information should be enough to exclusively identify a WLAN network in a certain range.
  • the WLAN gets some of the MS's identification information, such as its MAC address, a random number, portion of its SIM code and MSISDN code, or other information.
  • An important identifier, the MS's temporary ID can be set by the MS, or by the WLAN, or negotiated by them. The temporary ID must be unique in a certain range in a period to exclusively identify the MS in this WLAN.
  • Step S50 The MS transmits an authentication request (including necessary information) to the authentication server 311 so as to notify that it wants to be authenticated within the specific WLAN network 33 using the temporary ID.
  • the information is generated by authentication- aid module 301 located in the MS and includes identification information of the MS and the WLAN, such as temporary ID, SIM credential, and information of the specific WLAN. From the aspect of the cellular network 31, all the identification information provided by the MS 30 should exclusively identify the MS 30 and the WLAN 33 in a certain range.
  • Step S60 The authentication server 311 authenticates the MS. Receiving the MS's SIM credential, the authentication server can verify the MS and its profile (such as identification information, service type, subscription records and the like). If the MS is not legal, the application is out of the registered profile, or the WLAN is in the black list, then the authentication will fail.
  • the verification method can be checking HLR/VLR database or using challenge-response method.
  • Step S61 According to the WLAN information provided by the MS, the authentication server 311 can authenticate the WLAN network.
  • the authentication server 311 According to the WLAN information provided by the MS, the authentication server 311 can authenticate the WLAN network.
  • Step S70 After the successful verification of the MS 30 and the WLAN 33, the authentication server 311 sends messages to the authenticator 331 that is located in the WLAN network, to notify the validity of the MS and the WLAN.
  • Step S71 The authentication server 311 sends messages to the MS 30 to inform the validity of the WLAN network 33.
  • Step S80 After receiving the notification, the authenticator 331 accepts the MS's validity and sends back a response message to the authentication server 311.
  • Step S81 The authenticator 331 confirms the MS's authentication application.
  • the cellular network starts authenticating the mobile terminal and the WLAN upon receipt of the authentication request initiated by the mobile terminal, or the authentication request based on the WLAN.
  • the authentication application is initiated from the authenticator 331 of the WLAN network 33.
  • the decision authority is still in the control of the authentication server 311 of the cellular network 31. The difference is that information transferred over the WLAN radio network 33 and obtained by WLAN owners is different.
  • steps S40' ⁇ S81' are explained in detail in Fig. 4.
  • the MS 30 communicates with its corresponding node through the cellular network 31 after being authenticated by the cellular network 31.
  • Step S40' is substantially identical to step S40 in Fig. 3.
  • the information to be exchanged between the MS and the WLAN should be limited to prevent eavesdroppers from computing out the MS's credential information. The difference is that the information must be adequate for the WLAN authenticator 331 to compute out the MS's home network. Therefore, the WLAN can locate the MS's home authentication server 311.
  • the mobile country code (MCC) and mobile network code (MNC) of IMSI, country code (CC) (optional) and national destination code (NDC) of MSIDSN should be transmitted to the authenticator 331 if the MS supports NAI [RFC2486], or the APN (Access Point Name) should be transmitted to the authenticator 331 if the MS supports it. This information is enough for the WLAN to compute the MS's home network, but not enough to compute the
  • the exchange procedure can be encrypted (predefined or negotiated) or in plain text.
  • Step S50' is substantially identical to step S50 in Fig. 3.
  • Step S51' After computing out the MS's home network and the authentication server 311, the authenticator 331 sends an authentication application to the authentication server 311 to verify the MS.
  • Many methods can be used to deal with the problem when the authentication application of the authenticator 331 arrives at the authentication server 311 before the MS's message. For example, the authentication server 311 starts a timer when the authentication application arrives. If the timer expires before the MS's notification arrives, the authentication fails. Consequently, the MS's authentication fails.
  • Step 60' is substantially identical to step S60 in Fig. 3.
  • Step 61' is substantially identical to step S61 in Fig. 3.
  • Step 70' is substantially identical to step S70 in Fig. 3.
  • Step 71' is substantially identical to step S71 in Fig. 3.
  • the authentication server 311 sends messages to the MS to notify the validity of the WLAN network, or refuses to authentication because of failure of the WLAN authentication.
  • Step 80' is substantially identical to step S80 in Fig. 3.
  • Step 81' is substantially identical to step S81 in Fig. 3.
  • the SIM-based asymmetric authentication of the present invention it is not necessary to wholly transmit the complete information of the MS's credential over the insecure WLAN air interface, so that the secure information of users can be protected maximally.
  • the asymmetric authentication of the present invention can be extended to exchange of encrypted keys.
  • the keys pass through the authenticator 331, the authentication server 311 and the MS, but they are never transmitted over the WLAN air interface. Therefore, users' information security can be protected maximally.
  • the asymmetric authentication of the present invention further has the function of preventing the attack from a mendacious WLAN. Sometimes, a mendacious WLAN or mendacious equipment pretends as another legal WLAN to get cellular subscriber's information. It accepts the MS's connection and authentication request, and asks the MS to send its credential information. If the MS sends out the information, its credential is leaked.
  • the verification of the WLAN network i.e. steps S70 and S71 of SIM-based asymmetric authentication in Fig. 3 and steps S70' and S71' of WLAN- initiated SIM-based asymmetric authentication in Fig. 4, can detect any mendacious WLAN and inform the MS not to apply for authentication and submit it with respect to that network.
  • the asymmetric authentication of the present invention further has the function of preventing the attack from a mendacious MS.
  • MSs A and B are both legal subscribers of a cellular network.
  • MS B wants to attack MS A.
  • MS B pretends as MS A and files authentication application with a WLAN.
  • the WLAN sends an authentication application to the cellular network for MS A, and MS B sends the relative information to the cellular network pretending as MS A.
  • the cellular network will approve the authentication and the traffic for MS A will be forwarded to the WLAN.
  • the denial- of- service occurs on MS A, which is more likely to happen when MSs A and B are in the same cell.
  • SIM-based asymmetric authentication approaches by checking the HLR/VLR database and/or communicating with MS, i.e.
  • SIM-based asymmetric authentication according to the present invention there are such advantages as: cellular subscribers' SEVI credential will never be transferred over the insecure WLAN radio link; WLAN owner will never get all information of cellular subscribers' SIM credential; the attack from mendacious WLANs can be detected and prevented; and the attack from mendacious MSs can be detected and prevented.
  • Some credentials used between WLAN and MS can also be transmitted in this asymmetric authentication process, such as encryption algorithm used in WLAN air interface and so on.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention discloses an authentication method performed in a first wireless communication network, including the steps of: (a) receiving an authentication request from a mobile terminal, said authentication request being used to request authentication for said mobile terminal and a second wireless communication network so that said mobile terminal can communicate with said second wireless communication network; (b) authenticating said mobile terminal and said second wireless communication network in accordance with said authentication request; and (c) notifying said mobile terminal and said second wireless communication network of results from the authentication.

Description

AUTHENTICATION METHOD AND DEVICE FOR USE IN WIRELESS COMMUNICATION SYSTEM
FIELD OF THE INVENTION The present invention relates to wireless communication system, and more particularly to an authentication method and device for use in wireless communication system.
BACKGROUND OF THE INVENTION Wireless local area network (WLAN) technology and cellular network technology are complementary wireless communication network technologies. The complementarity of them is mainly shown as: WLAN is able to provide high-speed data services over a relatively small coverage range, and cellular networks, such as General Packet Radio Service (GPRS) and 3rd-generation mobile communication network, are able to provide relatively low- speed speech and data services over a comparatively broad coverage range.
Naturally, integrating WLAN and cellular network to serve users who need both high-speed wireless access as well as anytime- anywhere connectivity is the best to both of the technologies. One of the crucial problems is that how to provide strong security on authentication both in WLAN and cellular networks. SEVI-based authentication in cellular networks
In cellular networks, a relatively mature authentication method is authentication based on subscriber identity module (SIM), the basic principle of which is to authenticate subscriber identity information (SIM card credential information) carried by a SIM card and resident in a mobile terminal so as to decide the subscriber's validity and the kind of service that can be provided to, through communication between a network and a cellular phone. Authentication ensures that the network is being used by a paying customer and the call ends up with charging and generating actual revenue for the cellular operator. But there are two types of possible fraud: a) Making "free" calls using a stolen SIM and/or equipment; and b) Making "free" calls using a clone SEVI. To prevent such problems, cellular operators have set up a sophisticated fraud detection and management system. For example, cellular networks prohibit duplicate SIMs to be active simultaneously.
Until now, for current authentication mechanism, a SEVI cannot access cellular network from two different locations, such as different cells and/or MSCs access cellular networks.
SIM-based authentication for WLAN networks
Current authentication mechanisms used in WLAN networks can be categorized into three classes. a) Using SSID, media access control (MAC) address, and/or other specific identities compliant to the IEEE802.il standards to identify a WLAN user. b) Using username/password to authenticate a WLAN user. c) Using SIM-based information to authenticate a WLAN user.
Because of the large quantity of users who have SIM cards and the convenience to generate only one bill for one user, the SIM-based authentication has inherent advantages over the first two classes.
Many SIM-based WLAN authentication methods are proposed, such as EAP-SIM (Extensible Authentication Protocol-SIM), EAP ((Extensible Authentication Protocol) /AKA (Authentication and Key Agreement), SIM-based authentication over IEEE802.1x and so on.
SIM-based WLAN authentication requires a SIM reader attached to the terminal device so that the authentication software can use the SIM credential. In the latter chapters, the term "MS" represents mobile terminal in cellular networks and terminal device in WLAN networks for the purpose of unification. Fig. 1 shows composite parts involved in the SIM-based WLAN authentication procedure. The system comprises a mobile terminal 20, a wireless local area network 21 and AAA server 22. The mobile terminal 20 has a SIM reader 201 and SIM 202. The wireless local area network 21 has access points 211, 211', and an access controller 212. The AAA server 22 includes an authentication server 221, subscriber information unit 222, and secure WLAN connection unit 223.
Using the EAP-SIM algorithm as an example and assuming that the AAA server 22 has a secure connection 223 to HLR (Home Location Register) of cellular network:
1) The EAP-SIM client, resident in the mobile terminal, starts the authentication process by sending the authentication request to the AAA server 22 through wireless communication link provided by the WLAN network 21.
2) The AAA server 22 issues a challenge through the wireless communication link provided by the WLAN, which is then forwarded to the SIM reader 201 by the EAP-SIM client. 3) The EAP-SIM client communicates with the SIM 202 through the SIM reader, and the SIM computes the response according to corresponding cellular authentication algorithms.
4) The EAP-SIM client forwards this response to the AAA server to check the response and provide access appropriately.
There are three disadvantages in all these SIM-based authentication methods:
1) The crucial SIM credential is transferred over the insecure WLAN radio interface, which results in potential loopholes.
2) The WLAN operator can get the SEVI credential, which serves as identity information of users and cellular operators and wish to be reserved only by users and cellular operators. Potential risks are left if the information is known by a third party (e.g. some untrustworthy WLAN operators).
3) Peer-to-Peer wide area network connection and service level agreement are needed for all WLAN operating equipment and cellular operating equipment, otherwise some WLAN networks cannot provide services for some cellular networks' subscribers. In the case of numerous WLAN and cellular networks in a region, it is hard to establish a full-mesh network among them. If a WLAN owner only sets up service level agreement (SLA) with operator A, it cannot provide service for operator B's subscribers, which limits its revenue. Therefore, there is a need for a novel authentication method and device using wireless communication system, in order to overcome the above-described disadvantages in the prior art.
OBJECT AND SUMMARY OF THE INVENTION It is an object of the present invention to provide an authentication method and device for use in wireless communication system so as to overcome the above-described disadvantages in the prior art.
The present invention provides a method of authentication performed in a first wireless communication network, including the steps of: (a) receiving an authentication request from a mobile terminal, said authentication request being used to request authentication for said mobile terminal and a second wireless communication network so that said mobile terminal can communicate with said second wireless communication network; (b) authenticating said mobile terminal and said second wireless communication network in accordance with said authentication request; and
(c) notifying said mobile terminal and said second wireless communication network of results from the authentication. The present invention further provides a device of authentication performed in a first wireless communication network, comprising: receiving means for receiving an authentication request from a mobile terminal, said authentication request being used to request authentication for said mobile terminal and a second wireless communication network so that said mobile terminal can communicate with said second wireless communication network; processing means for authenticating said mobile terminal and said second wireless communication network in accordance with said authentication request; and transmitting means for notifying said mobile terminal and said second wireless communication network of results from the authentication. The present invention further provides a method of authentication in a mobile terminal, including the steps of:
(a) exchanging with a second wireless communication network information used for authentication;
(b) transmitting to a first wireless communication network an authentication request for requesting said first wireless communication network to perform authentication for said mobile terminal and said second wireless communication network, wherein said authentication request contains said information used for authentication; and
(c) receiving authentication results from said first wireless communication network. The present invention further provides a device of authentication performed in a mobile terminal, comprising: communicating means for exchanging with a second wireless communication network information used for authentication; transmitting means for transmitting to a first wireless communication network an authentication request for requesting said first wireless communication network to perform authentication for said mobile terminal and said second wireless communication network, wherein said authentication request contains said information used for authentication; and receiving means for receiving authentication results from said first wireless communication network.
The present invention further provides a method of authentication performed in a second wireless communication network, including the steps of:
(a) exchanging with a mobile terminal information used for authentication; (b) cooperating with a first wireless communication network in authenticating said second wireless communication network; and
(c) receiving notification of authentication results from said first wireless communication network.
The present invention further provides a device of authentication operating in a second wireless communication network, comprising: communicating means for exchanging with a mobile terminal information used for authentication; processing means for cooperating with a first wireless communication network in authenticating said second wireless communication network; and receiving means for receiving notification of authentication results from said first wireless communication network.
Using authentication according to the present invention, there are such advantages as: cellular subscribers' SIM credential will never be transferred over the insecure WLAN radio link; WLAN owner will never get all information of cellular subscribers' SIM credential; attack from mendacious WLANs can be detected and prevented; and attack from mendacious MSs can be detected and prevented.
Some credentials used between WLAN and MS can also be transmitted in this asymmetric authentication process, such as encryption algorithm used in WLAN air interface and so on. Other objects and effects of the present invention will become more apparent and easy to understand from the following description taken in conjunction with the accompanying drawings, contents in the claims as well as a fuller understanding of the present invention
BRIEF DESCRIPTION OF THE DRAWINGS
Hereinafter, the preferred embodiments of the present invention will be described with reference to the accompanying drawings in which: Fig. 1 is a block diagram of authentication procedure in WLAN;
Fig. 2 shows a system used for SIM-based asymmetric authentication according to an embodiment of the present invention;
Fig. 3 shows SIM-based asymmetric authentication according to an embodiment of the present invention; and
Fig. 4 shows WLAN-initiated SIM-based asymmetric authentication according to an embodiment of the present invention.
In all the accompanying drawings, like numerals represent identical or corresponding features or functions.
DETAILED DESCRIPTION OF THE INVENTION
In the following embodiments, the present invention is described illustratively in conjunction with the accompanying drawings.
Authentication according to the present invention employs an asymmetric authentication approach, which prevents the transfer of cellular subscribers' identity information (e.g. SIM credential) on the insecure WLAN radio link.
In the present invention, a SIM-based asymmetric authentication approach is proposed. In wireless overlay network, cellular networks have stronger and more mature security property than WLAN networks. On the other hand, cellular networks have a very successful business operating mode characterized in larger coverage, stronger roaming function, mature AAA (Authentication, Authority, Accounting) systems, and large numbers of subscribers. For the above reasons, cellular network always play dominating roles during the cooperation with other networks. WLAN owners, (usually called as WISPs (Wireless Internet Service Provider)), hope to utilize cellular operators' large-number subscribers and share revenue with cellular operators. In order to meet these requirements, the approach proposed in the present invention utilizes cellular networks' secure channel, existing authentication and accounting system, to provide secure authentication for WLAN networks. Moreover, a billing method that is flexible and easy to validate is proposed. In the present invention, SIM credential refers to some credential information stored in SIM card and used to identify subscriber's identity during network communication. If someone's SIM credential is leaked to other person, it is possible to masquerade this subscriber without being detected by the network.
According to the present invention, major procedures of SIM-based asymmetric authentication in wireless local area network (WLAN) and cellular network are shown as follows: first, mobile station (MS) communicates with the WLAN to exchange WLAN information and part of the MS's information between the MS and the WLAN, the part of the MS's information being limited to prevent computing out the MS's credential information; next, the MS transmits authentication notification to an authentication server of the cellular network so as to notify the MS of the request for authentication in the WLAN, the authentication notification containing the MS's information and WLAN information; afterwards, the authentication server of the cellular network communicates with the MS and the WLAN and verifies the MS and the WLAN; then, having verified the MS and the WLAN, the authentication server notifies the WLAN of accepting the authentication request of the MS; and lastly, after the notification by the authentication server, the WLAN confirms the authentication request of the MS.
The authentication approach of the present invention is carried out by the following network. Fig. 2 shows a system used for SEVI-based asymmetric authentication according to an embodiment of the present invention. As shown in Fig. 2, there are defined four network units.
1) Mobile terminal 30, which is able to access cellular network 31 and WLAN network 33, and comprises an authentication- aid module 301 for accomplishing the asymmetric authentication for the WLAN network. The authentication- aid module 301 comprises: communicating means for exchanging information used for authentication with the WLAN network, transmitting means for transmitting to the cellular network 31 an authentication request for requesting the cellular network 31 to authenticate the mobile terminal 30 and the WLAN network 33, and receiving means for receiving authentication results from the cellular network 31.
2) Cellular network 31 can be existing cellular mobile network, such as GSM network, besides the following enhanced authentication server 311. The authentication server 311 comprises: receiving means for receiving an authentication request from mobile terminal 30, processing means for authenticating the mobile terminal 30 and WLAN network 33 in accordance with said authentication request, and transmitting means for notifying the mobile terminal 30 and the WLAN network 33 of authentication results.
3) WLAN network 33 refers to networks, which are compliant to the IEEE802.il standards, except for the following authenticator 331. The authenticator 331 comprises: communicating means for exchange information used for authentication with mobile terminal 30, processing means for cooperating with cellular network 31 in authenticating the WLAN network 33, and receiving means for receiving notification of authentication results from the cellular network. 4) Transmission network (Cloud) 32 which provides inter-connection between authentication server 311 and authenticator 331, can be dedicated channel or public Internet using RADIUS, DIAMETER or other protocols.
The authentication server 311 of the cellular network 31 can authenticate MS's identity utilizing SIM credential of MS 30 and appropriate algorithms. Besides the conventional authentication functions, the authentication server 311 can also communicate with the authenticator 331 of the WLAN network 33 to verify identity of the MS 30.
Besides being able to authenticate the MS 30 according to IEEE802.il standards, the authenticator 331 of the WLAN network 33 can communicate with the authentication server 311 of the home cellular network 31 of the MS 30 to exchange identity application and information of the MS 30.
Since the IEEE802.il standards do not involve SIM -based authentication function and concrete authentication systems depend on specific implementation, the aforementioned authenticator 331 does not collide with the IEEE802.il standards.
In symmetrical authentication, authentication information is transferred between MS 30 and cellular network 31 when the MS 30 wants to be authenticated in the cellular network 31, or between the MS 30 and WLAN network 33 when the MS 30 wants to be authenticated in the WLAN network 33. Compared with symmetrical authentication, in
SIM-based asymmetric authentication, authentication information is transferred among MS
30, cellular network 31 and WLAN core network without passing through the insecure WLAN radio portion, when the MS 30 wants to be authenticated in the WLAN network
33.
Hereinafter, the authentication process of the present invention, namely steps S40-S81, will be described in detail taken in conjunction with Fig. 3. Having been authenticated by the cellular network 31, the MS 30 communicates with its corresponding node through the cellular network 31.
Step S40: After detecting an available WLAN network 33, the MS 30 communicates with or monitors the WLAN to get necessary identification information, such as the WLAN's ID and address. This WLAN identification information should be enough to exclusively identify a WLAN network in a certain range. At the same time, the WLAN gets some of the MS's identification information, such as its MAC address, a random number, portion of its SIM code and MSISDN code, or other information. An important identifier, the MS's temporary ID, can be set by the MS, or by the WLAN, or negotiated by them. The temporary ID must be unique in a certain range in a period to exclusively identify the MS in this WLAN. Another limitation is that the temporary ID must be not enough for eavesdropper to compute the MS's crucial identification information, such as SIM credential and other credentials. The exchange procedure can be encrypted (predefined or negotiated) or in plain text. Step S50: The MS transmits an authentication request (including necessary information) to the authentication server 311 so as to notify that it wants to be authenticated within the specific WLAN network 33 using the temporary ID. The information is generated by authentication- aid module 301 located in the MS and includes identification information of the MS and the WLAN, such as temporary ID, SIM credential, and information of the specific WLAN. From the aspect of the cellular network 31, all the identification information provided by the MS 30 should exclusively identify the MS 30 and the WLAN 33 in a certain range.
Step S60: The authentication server 311 authenticates the MS. Receiving the MS's SIM credential, the authentication server can verify the MS and its profile (such as identification information, service type, subscription records and the like). If the MS is not legal, the application is out of the registered profile, or the WLAN is in the black list, then the authentication will fail. The verification method can be checking HLR/VLR database or using challenge-response method.
Step S61: According to the WLAN information provided by the MS, the authentication server 311 can authenticate the WLAN network. The authentication server
311 can verify the WLAN network 33 by checking whether the WLAN network 33 is in its approval list or black list or using a challenge-response method to communicate with the authenticator 331 of the WLAN network. If the verification fails, the authentication fails and the corresponding notification message is sent to the MS 30. Step S70: After the successful verification of the MS 30 and the WLAN 33, the authentication server 311 sends messages to the authenticator 331 that is located in the WLAN network, to notify the validity of the MS and the WLAN.
Step S71: The authentication server 311 sends messages to the MS 30 to inform the validity of the WLAN network 33.
Step S80: After receiving the notification, the authenticator 331 accepts the MS's validity and sends back a response message to the authentication server 311.
Step S81: The authenticator 331 confirms the MS's authentication application. In the method described above, the cellular network starts authenticating the mobile terminal and the WLAN upon receipt of the authentication request initiated by the mobile terminal, or the authentication request based on the WLAN.
In WLAN-initiated SEVI-based asymmetric authentication, the authentication application is initiated from the authenticator 331 of the WLAN network 33. Identical to authentication of Fig. 3, the decision authority is still in the control of the authentication server 311 of the cellular network 31. The difference is that information transferred over the WLAN radio network 33 and obtained by WLAN owners is different.
To get a better understanding of this approach, steps S40'~S81' are explained in detail in Fig. 4. The MS 30 communicates with its corresponding node through the cellular network 31 after being authenticated by the cellular network 31.
Step S40' is substantially identical to step S40 in Fig. 3. The information to be exchanged between the MS and the WLAN should be limited to prevent eavesdroppers from computing out the MS's credential information. The difference is that the information must be adequate for the WLAN authenticator 331 to compute out the MS's home network. Therefore, the WLAN can locate the MS's home authentication server 311. The mobile country code (MCC) and mobile network code (MNC) of IMSI, country code (CC) (optional) and national destination code (NDC) of MSIDSN should be transmitted to the authenticator 331 if the MS supports NAI [RFC2486], or the APN (Access Point Name) should be transmitted to the authenticator 331 if the MS supports it. This information is enough for the WLAN to compute the MS's home network, but not enough to compute the
MS's identity and credentials. The exchange procedure can be encrypted (predefined or negotiated) or in plain text.
Step S50' is substantially identical to step S50 in Fig. 3.
Step S51': After computing out the MS's home network and the authentication server 311, the authenticator 331 sends an authentication application to the authentication server 311 to verify the MS. Many methods can be used to deal with the problem when the authentication application of the authenticator 331 arrives at the authentication server 311 before the MS's message. For example, the authentication server 311 starts a timer when the authentication application arrives. If the timer expires before the MS's notification arrives, the authentication fails. Consequently, the MS's authentication fails.
Step 60' is substantially identical to step S60 in Fig. 3. Step 61' is substantially identical to step S61 in Fig. 3. Step 70' is substantially identical to step S70 in Fig. 3. The authentication server
311 notifies the authenticator 331 of accepting the MS's authentication request.
Step 71' is substantially identical to step S71 in Fig. 3. The authentication server 311 sends messages to the MS to notify the validity of the WLAN network, or refuses to authentication because of failure of the WLAN authentication. Step 80' is substantially identical to step S80 in Fig. 3.
Step 81' is substantially identical to step S81 in Fig. 3.
According to the SIM-based asymmetric authentication of the present invention, it is not necessary to wholly transmit the complete information of the MS's credential over the insecure WLAN air interface, so that the secure information of users can be protected maximally.
The asymmetric authentication of the present invention can be extended to exchange of encrypted keys. The keys pass through the authenticator 331, the authentication server 311 and the MS, but they are never transmitted over the WLAN air interface. Therefore, users' information security can be protected maximally. In addition to the above description, the asymmetric authentication of the present invention further has the function of preventing the attack from a mendacious WLAN. Sometimes, a mendacious WLAN or mendacious equipment pretends as another legal WLAN to get cellular subscriber's information. It accepts the MS's connection and authentication request, and asks the MS to send its credential information. If the MS sends out the information, its credential is leaked.
In the aforesaid SIM-based asymmetric authentication approaches, the verification of the WLAN network, i.e. steps S70 and S71 of SIM-based asymmetric authentication in Fig. 3 and steps S70' and S71' of WLAN- initiated SIM-based asymmetric authentication in Fig. 4, can detect any mendacious WLAN and inform the MS not to apply for authentication and submit it with respect to that network.
In addition, the asymmetric authentication of the present invention further has the function of preventing the attack from a mendacious MS.
Attack can also be launched by a validated MS. Consider such a scenario as: MSs A and B are both legal subscribers of a cellular network. MS B wants to attack MS A. MS B pretends as MS A and files authentication application with a WLAN. The WLAN sends an authentication application to the cellular network for MS A, and MS B sends the relative information to the cellular network pretending as MS A. Without verification with MS A, the cellular network will approve the authentication and the traffic for MS A will be forwarded to the WLAN. Then, the denial- of- service occurs on MS A, which is more likely to happen when MSs A and B are in the same cell. In the aforementioned SIM-based asymmetric authentication approaches, by checking the HLR/VLR database and/or communicating with MS, i.e. step S60 of SIM-based asymmetric authentication in Fig. 3 and step S60' of WLAN-initiated SIM-based asymmetric authentication in Fig. 4, the attack launched by a mendacious MS can be prevented. Using the SIM-based asymmetric authentication according to the present invention, there are such advantages as: cellular subscribers' SEVI credential will never be transferred over the insecure WLAN radio link; WLAN owner will never get all information of cellular subscribers' SIM credential; the attack from mendacious WLANs can be detected and prevented; and the attack from mendacious MSs can be detected and prevented. Some credentials used between WLAN and MS can also be transmitted in this asymmetric authentication process, such as encryption algorithm used in WLAN air interface and so on.
The idea of the present invention as disclosed above can be achieved using software, hardware, or a combination of software and hardware. Various alternations or modifications can be made without departing the concept and scope of the present invention. It is to be understood that the present invention is not limited to the preferred embodiments, and that the scope of the present invention is defined by the appended claims.

Claims

CLAIMS:
1. An authentication method performed in a first wireless communication network, comprising the steps of: (a) receiving an authentication request from a mobile terminal, said authentication request being used to request authentication for said mobile terminal and a second wireless communication network so that said mobile terminal can communicate with said second wireless communication network;
(b) authenticating said mobile terminal and said second wireless communication network in accordance with said authentication request; and
(c) notifying said mobile terminal and said second wireless communication network of results from the authentication.
2. The authentication method as claimed in claim 1, wherein before performing step (b), said first wireless communication network further receives from said second wireless communication network an authentication request for authenticating said mobile terminal and said second wireless communication network.
3. The authentication method as claimed in claim 1 or 2, wherein said authentication request includes information used for authentication, and said information used for authentication includes identification information of said mobile terminal and said second wireless communication network.
4. The authentication method as claimed in claim 3, wherein said identification information of said mobile terminal includes preset information that can be identified by said second wireless communication network.
5. The authentication method as claimed in claim 1, wherein said first wireless communication network has a wireless communication interface, which is more secure than said second wireless communication network and which is used to provide authentication for said mobile terminal.
6. The authentication method as claimed in claim 1, wherein said first wireless communication network is a mobile cellular network, and said second wireless communication network is a wireless local area network.
7. An authentication device operated in a first wireless communication network, comprising: receiving means for receiving an authentication request from a mobile terminal, said authentication request being used to request authentication for said mobile terminal and a second wireless communication network so that said mobile terminal can communicate with said second wireless communication network; processing means for authenticating said mobile terminal and said second wireless communication network in accordance with said authentication request; and transmitting means for notifying said mobile terminal and said second wireless communication network of results from the authentication.
8. The authentication device as claimed in claim 7, wherein said receiving means is further used for receiving from said second wireless communication network an authentication request for authenticating said mobile terminal and said second wireless communication network.
9. The authentication device as claimed in claim 7 or 8, wherein said authentication request includes information used for authentication, said information used for authentication includes identification information of said mobile terminal and said second wireless communication network, and said identification information of said mobile terminal includes preset information that can be identified by said second wireless communication network.
10. An authentication method performed in a mobile terminal, comprising the steps of:
(a) exchanging with a second wireless communication network information used for authentication;
(b) transmitting to a first wireless communication network an authentication request for requesting said first wireless communication network to perform authentication for said mobile terminal and said second wireless communication network, wherein said authentication request contains said information used for authentication; and
(c) receiving authentication results from said first wireless communication network.
11. The method as claimed in claim 10, wherein the method further includes cooperating with said first wireless communication network in authenticating said mobile terminal.
12. The method as claimed in claim 10, wherein the method further includes receiving authentication confirmation from said second wireless communication network.
13. The method as claimed in claim 10, wherein said information used for authentication includes identification information of said mobile terminal and said second wireless communication network.
14. The method as claimed in claim 13, wherein said identification information of said mobile terminal includes preset information that can be identified by said second wireless communication network.
15. The method as claimed in claim 14, wherein said preset information is set by either of said mobile terminal and said second wireless communication network, or through negotiation between them.
16. The method as claimed in claim 10, wherein said first wireless communication network is a mobile cellular network, and said second wireless communication network is a wireless local area network.
17. An authentication device operated in a mobile terminal, comprising: communicating means for exchanging with a second wireless communication network information used for authentication; transmitting means for transmitting to a first wireless communication network an authentication request for requesting said first wireless communication network to perform authentication for said mobile terminal and said second wireless communication network, wherein said authentication request contains said information used for authentication; and receiving means for receiving authentication results from said first wireless communication network.
18. The device as claimed in claim 17, wherein the device cooperates said first wireless communication network in authenticating said mobile terminal.
19. The device as claimed in claim 17, wherein the receiving means further receives authentication confirmation from said second wireless communication network.
20. An authentication method performed in a second wireless communication network, including the steps of:
(a) exchanging with a mobile terminal information used for authentication;
(b) cooperating with a first wireless communication network in authenticating said second wireless communication network; and
(c) receiving notification of authentication results from said first wireless communication network.
21. The method as claimed in claim 20, further including: transmitting to said first wireless communication network an authentication request for requesting said first wireless communication network to authenticate said mobile terminal and said second wireless communication network, wherein said authentication request includes said information used for authentication.
22. The method as claimed in claim 20, further including transmitting authentication confirmation to said mobile terminal.
23. The method as claimed in claim 20 or 21, wherein said information used for authentication includes identification information of said mobile terminal and said second wireless communication network.
24. The method as claimed in claim 23, wherein said identification information of said mobile terminal includes preset information that can be identified by said second wireless communication network.
25. The method as claimed in claim 24, wherein said preset information of said mobile terminal is set by either of said mobile terminal and said second wireless communication network, or through negotiation between them.
26. The method as claimed in claim 20, wherein said first wireless communication network is a mobile cellular network, and said second wireless communication network is a wireless local area network.
27. An authentication device operated in a second wireless communication network, comprising: communicating means for exchanging with a mobile terminal information used for authentication; processing means for cooperating with a first wireless communication network in authenticating said second wireless communication network; and receiving means for receiving notification of authentication results from said first wireless communication network.
28. The device as claimed in claim 27, wherein the device further transmits to said first wireless communication network an authentication request for requesting said first wireless communication network to authenticate said mobile terminal and said second wireless communication network, wherein said authentication request includes said information used for authentication.
PCT/IB2006/050213 2005-01-31 2006-01-20 Authentication method and device for use in wireless communication system WO2006079953A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200510005055.2 2005-01-31
CN200510005055 2005-01-31

Publications (1)

Publication Number Publication Date
WO2006079953A1 true WO2006079953A1 (en) 2006-08-03

Family

ID=36576006

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2006/050213 WO2006079953A1 (en) 2005-01-31 2006-01-20 Authentication method and device for use in wireless communication system

Country Status (1)

Country Link
WO (1) WO2006079953A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2958428A1 (en) * 2010-03-30 2011-10-07 Radiotelephone Sfr METHOD OF EXECUTING A FIRST SERVICE WHILE A SECOND SERVICE IS IN PROGRESS, USING A COMPUTER TERMINAL EQUIPPED WITH AN INTEGRATED CIRCUIT BOARD.
US8356179B2 (en) 2007-10-23 2013-01-15 China Iwncomm Co., Ltd. Entity bi-directional identificator method and system based on trustable third party
US8751792B2 (en) 2009-09-30 2014-06-10 China Iwncomm Co., Ltd. Method and system for entity public key acquiring, certificate validation and authentication by introducing an online credible third party
FR3002399A1 (en) * 2013-02-21 2014-08-22 France Telecom PAIRING TECHNIQUE IN A WIRELESS NETWORK
WO2016136647A1 (en) * 2015-02-25 2016-09-01 京セラ株式会社 Network device and user terminal
GB2594898A (en) * 2019-08-09 2021-11-10 Prevayl Innovations Ltd Garment, server and method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003091858A2 (en) * 2002-04-26 2003-11-06 Thomson Licensing S.A. Certificate based authentication authorization accounting scheme for loose coupling interworking
WO2003094438A1 (en) * 2002-05-01 2003-11-13 Telefonaktiebolaget Lm Ericsson (Publ) System, apparatus and method for sim-based authentication and encryption in wireless local area network access

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003091858A2 (en) * 2002-04-26 2003-11-06 Thomson Licensing S.A. Certificate based authentication authorization accounting scheme for loose coupling interworking
WO2003094438A1 (en) * 2002-05-01 2003-11-13 Telefonaktiebolaget Lm Ericsson (Publ) System, apparatus and method for sim-based authentication and encryption in wireless local area network access

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"Broadband Radio Access Networks (BRAN); HIPERLAN Type 2; Requirements and Architectures for Interworking between HIPERLAN/2 and 3rd Generation Cellular systems; ETSI TR 101 957", ETSI STANDARDS, EUROPEAN TELECOMMUNICATIONS STANDARDS INSTITUTE, SOPHIA-ANTIPO, FR, vol. BR, no. V111, August 2001 (2001-08-01), XP014005038, ISSN: 0000-0001 *
"Universal Mobile Telecommunications System (UMTS); 3G security; Wireless Local Area Network (WLAN) interworking security (3GPP TS 33.234 version 6.3.0 Release 6); ETSI TS 133 234", ETSI STANDARDS, EUROPEAN TELECOMMUNICATIONS STANDARDS INSTITUTE, SOPHIA-ANTIPO, FR, vol. 3-SA3, no. V630, December 2004 (2004-12-01), XP014028226, ISSN: 0000-0001 *
3GPP: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3GPP system to Wireless Local Area Network (WLAN) Interworking; System Description", 3RD GENERATION PARTNERSHIP PROJECT, December 2004 (2004-12-01), XP002385978, Retrieved from the Internet <URL:http://www.arib.or.jp/IMT-2000/V440Mar05/5_Appendix/Rel6/23/23234-630.pdf> *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8356179B2 (en) 2007-10-23 2013-01-15 China Iwncomm Co., Ltd. Entity bi-directional identificator method and system based on trustable third party
US8751792B2 (en) 2009-09-30 2014-06-10 China Iwncomm Co., Ltd. Method and system for entity public key acquiring, certificate validation and authentication by introducing an online credible third party
FR2958428A1 (en) * 2010-03-30 2011-10-07 Radiotelephone Sfr METHOD OF EXECUTING A FIRST SERVICE WHILE A SECOND SERVICE IS IN PROGRESS, USING A COMPUTER TERMINAL EQUIPPED WITH AN INTEGRATED CIRCUIT BOARD.
FR3002399A1 (en) * 2013-02-21 2014-08-22 France Telecom PAIRING TECHNIQUE IN A WIRELESS NETWORK
WO2014128390A1 (en) * 2013-02-21 2014-08-28 Orange Technique of pairing in a wireless network
US9955347B2 (en) 2013-02-21 2018-04-24 Orange Technique of pairing in a wireless network
WO2016136647A1 (en) * 2015-02-25 2016-09-01 京セラ株式会社 Network device and user terminal
GB2594898A (en) * 2019-08-09 2021-11-10 Prevayl Innovations Ltd Garment, server and method
GB2594898B (en) * 2019-08-09 2022-03-16 Prevayl Innovations Ltd Garment, server and method

Similar Documents

Publication Publication Date Title
US8533798B2 (en) Method and system for controlling access to networks
AU2005236981B2 (en) Improved subscriber authentication for unlicensed mobile access signaling
EP1273197B1 (en) Billing in a packet data network
AU2003243680B2 (en) Key generation in a communication system
US8462947B2 (en) Managing user access in a communications network
KR100762644B1 (en) WLAN-UMTS Interworking System and Authentication Method Therefor
KR101068424B1 (en) Inter-working function for a communication system
US9668139B2 (en) Secure negotiation of authentication capabilities
US8094821B2 (en) Key generation in a communication system
US20070178885A1 (en) Two-phase SIM authentication
US20100106966A1 (en) Method and System for Registering and Verifying the Identity of Wireless Networks and Devices
EP2952030A1 (en) Controlling access of a user equipment to services
CN102318386A (en) Service-based authentication to a network
WO2006079953A1 (en) Authentication method and device for use in wireless communication system
CN112423299B (en) Method and system for wireless access based on identity authentication
KR100723678B1 (en) Method and System for Preventing Handset Replication in 1x EV-DO Packet Network
RU2779029C1 (en) Access of a non-3gpp compliant apparatus to the core network
KR101068426B1 (en) Inter-working function for a communication system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06710711

Country of ref document: EP

Kind code of ref document: A1

WWW Wipo information: withdrawn in national office

Ref document number: 6710711

Country of ref document: EP