CN1221149C - System and method for identifying public network - Google Patents
System and method for identifying public network Download PDFInfo
- Publication number
- CN1221149C CN1221149C CN02124334.4A CN02124334A CN1221149C CN 1221149 C CN1221149 C CN 1221149C CN 02124334 A CN02124334 A CN 02124334A CN 1221149 C CN1221149 C CN 1221149C
- Authority
- CN
- China
- Prior art keywords
- travelling carriage
- authentication proxy
- authentication
- proxy
- internet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention relates to a system for identifying a public network, which is characterized in that the system at least comprises a mobile station, an identifying server and an identifying agent device provided with a user identification module which corresponds to the mobile station, wherein the identification is performed by the mobile station and the identifying agent device, and the identifying agent device uses the user identification module to carry out the identification with the identifying server. The user identification module of the system for identifying a public network of the present invention is not arranged on the mobile station and is arranged in the identifying agent device to make the design of a user's mobile station not changed and save the manufacturing cost of the mobile station. Because the identification is performed by the mobile station and the identifying agent device, and the identifying agent device uses the user identification module of the mobile station to carry out the identification with the identifying server, the purpose that the identification is performed by the mobile station and the identifying server can be obtained.
Description
(1) technical field
The relevant a kind of public network (Public Network) of the present invention refers to a kind of WLAN (Wireless Local Area Network, Verification System and method when WLAN) providing public service (Public Services) especially.
(2) background technology
From the Global Mobile Phone system (Global System for Mobile communication, GSM) enable since, wireless telecommunications have important breakthrough aspect fail safe.This breaks through, and (Subscriber Identity Module SIM) is installed on the mobile phone, assists the mobile network to authenticate (Authentication) and encryption (Encryption) with subscriber identification module from GSM.Fig. 1 is the GSM Verification System Organization Chart of prior art.Mobile phone 100 possesses SIM card 88, authenticates with the GSM network.In the GSM network, (BaseStation BS) is responsible for exchange from the radio signal of mobile phone 100 and from mobile switching centre (Mobile Switch Center, MSC) 70 wire signal to base station 36.The Location Registration device is visited with ginseng by mobile switching centre 70, and (Visitor Location Register, VLR) 75 task is the program that mobile phone 100 is authenticated.(mobile switching centre 70 visits Location Registration device 75 with ginseng and is designed in usually).When mobile phone 100 required service, ginseng was visited Location Registration device 75 and is required 70 pairs of mobile phones 100 of mobile switching centre to authenticate.Mobile switching centre 70 is responsible for mobile phone 100 is sent authentication requesting (AuthenticationRequest), and receive authentication response (Authentication Response), the authentication response of mobile phone 100 authentication success whether relatively from mobile phone 100.If authentication success, mobile switching centre 70 notifies mobile phone 100 services and accepts; If failure, then mobile phone 100 service-denials are notified by mobile switching centre 70.In other assembly of GSM network, (the Authentication Center of authentication center, AuC) the authentication key Ki of 95 responsible keeping mobile phones 100, produce parameters for authentication (as: RAND, SRES etc.), (Home Location Register HLR) 90 sends ginseng visit Location Registration device 75 to via one's original domicile Location Registration device.(Billing Center BC) 80 accepts the bill (Charging DataRecord) 86 that mobile switching centre 70 is produced, so that enter an item of expenditure in the accounts in booking center.
In recent years, (Wireless Local Area Network, the WLAN) growth in market impel WLAN to can be used for providing public service (Public Services) owing to WLAN.When masses use wireless local area network card, by serving public wireless lan network that dealer (Service Provider) laid when obtaining Internet service, fail safe is most important problem.Therefore, SIM card is installed by international big factory in the wireless local area network card product, in order to promote The security of wireless LAN.Fig. 2 is the public wireless lan network Verification System Organization Chart of prior art.This framework comprises four big class components: client, access network end, the Internet end, with GSM core network end.Client component comprise travelling carriage (Mobile Station, MS) 10 with wireless local area network card 200, wherein wireless local area network card 200 possesses SIM card 88.The access network end comprise WLAN base station (Access Point, AP) 30, router (Router) 40 and authentication gateway (AuthenticationGateway, AG) 250.The Internet end comprises the Internet 50 and server (Server) 60.The assembly of GSM core network end comprises mobile switching centre 70, ginseng is visited Location Registration device 75, authentication center 95, one's original domicile Location Registration device 90 and booking center 80 (identical with Fig. 1).In Fig. 2 framework, if travelling carriage 10 by authentication, then can have the right to use (Access Right) of base station 30 and router four 0, connect the Internet 50, obtain the Internet service of server 60.In verification process, when travelling carriage 10 needs Internet service, send service request (Service Request) to authentication gateway 250.Authentication gateway 250 transfers to ginseng with this service request and visits Location Registration device 75, and ginseng is visited Location Registration device 75 and required 70 pairs of travelling carriages 10 of mobile switching centre to send authentication requesting.This authentication requesting is transferred to travelling carriage 10 via authentication gateway 250, and travelling carriage 10 is carried out authentication response according to the SIM card 88 of wireless local area network card 200.More whether this authentication response is transferred to mobile switching centre 70 via authentication gateway 250, authentication success.If authentication success, mobile switching centre 70 notifies authentication gateway 250 services and accepts (Services Accept), and authentication gateway 250 open travelling carriages 10 use base station 30 and router four 0 to connect the Internet 50; If failure, then authentication gateway 250 service-denials (ServicesReject) are notified by mobile switching centre 70.Behind travelling carriage 10 authentication successs, router four 0 produces service recorder, and authentication gateway 250 produces bill 86 according to these service recorders and gives booking center 80.So the task of authentication gateway mainly is to handle the service request of travelling carriage, pass on the authentication signaling of travelling carriage and mobile switching centre, the control travelling carriage connects the right to use of the Internet, and produces bill to booking center.
Because the wireless local area network card 200 of Fig. 2 embeds SIM card 88, increases the complexity of wireless local area network card design.So, have manufacturer to seek not change the design of existing wireless local area network card, but make travelling carriage possess the function of SIM card.Travelling carriage 10 as shown in Figure 3 is equipped with wireless local area network card 20, passes through the data of computer interface 300 (as: PCMCIA, USB, RS232 etc.) reading SIM card 88 in addition, to authenticate to network.(network terminal assembly and Fig. 2 of Fig. 3 are identical).
Learn obviously that by Fig. 1, Fig. 2 and Fig. 3 SIM card 88 all is embedded in the client device.The notebook travelling carriage 10 of the mobile phone 100 of these client devices such as Fig. 1, the wireless local area network card 200 of Fig. 2 and Fig. 3.In these previous Verification Systems, client device use SIM card and certificate server (Authentication Server, as: mobile switching centre) authenticate.Yet SIM card is embedded in client device must design the SIM card slot in client device, and this will increase client device design complexities and cost.
(3) summary of the invention
The objective of the invention is to propose a kind of System and method for of public's wireless network authentication, can avoid the design of client end alteration equipment, reduce the cost of client device, and can carry out public's wireless network authentication.
The system of identifying public network of the present invention is characterized in, this system comprises at least: a travelling carriage; One certificate server; One authentication proxy's device possesses and the corresponding subscriber identification module of this travelling carriage; Wherein this travelling carriage is authenticated by this authentication proxy's device, and this authentication proxy's device uses this subscriber identification module to be authenticated by this certificate server.
This travelling carriage must not installed subscriber identification module (SIM card), and the SIM card of this travelling carriage is installed on this authentication proxy's device, this makes this travelling carriage be authenticated by this authentication proxy's device, and this authentication proxy's device uses the SIM card of this travelling carriage to be authenticated by this certificate server.In addition, authentication proxy's device also is responsible for handling the service request of travelling carriage, and the control travelling carriage connects the right to use of the Internet and produces bill to work such as booking centers.
For further specifying purpose of the present invention, design feature and effect, the present invention is described in detail below with reference to accompanying drawing.
(4) description of drawings
Fig. 1 is the GSM Verification System Organization Chart of prior art.
Fig. 2 is the public wireless lan network Verification System Organization Chart of prior art.
Fig. 3 is the public wireless lan network Verification System Organization Chart of prior art.
Fig. 4 is public's wireless network authentication system Organization Chart of the present invention.
Fig. 5 is that general travelling carriage of the present invention is in Verification System signaling process figure (Signaling Flow Chart).
Fig. 6 is that roaming mobile stations of the present invention is in Verification System signaling process figure.
(5) embodiment
Fig. 4 is public's wireless network authentication system Organization Chart of the present invention.This framework comprises five big class components: client, access network end, external access network end, the Internet end, with GSM core network end.Client component comprise travelling carriage (Mobile Station, MS) 10 with wireless local area network card 20.The access network end comprises base station 30, the router four 0 and authentication proxy's device (AuthenticationAgent, AA) 800 of WLAN.Wherein, authentication proxy's device 800 connects SIM card slot 888 by computer interface 886, and SIM card slot 888 comprises SIM card 88 etc.Computer interface 886 can be RS232, USB, pci bus or PCMCIA etc., makes the authentication information that authentication proxy's device 800 can reading SIM card 88.The external access network end comprises base station 35, the router four 5 and right to use controller (Access Right Controller, ARC) 600 of WLAN.The Internet end comprises the Internet 50 and server 60.The assembly of GSM core network end comprise mobile switching centre 70, ginseng visit Location Registration device 75, authentication center 95, one's original domicile Location Registration device 90, with booking center 80 (assembly and Fig. 1 of GSM core network end are identical).
In Fig. 4 framework, when travelling carriage 10 needs Internet service, travelling carriage 10 must with 800 authentications of authentication proxy device, authentication proxy's device 800 uses the SIM card 88 and mobile switching centre's 70 authentications of travelling carriages 10.The communications protocol of travelling carriage 10 and 800 authentications of authentication proxy's device, not necessarily need standard (Standard), embed user's service (Remote Authentication User Service as remote authentication, RADIUS) or Kerberos, also can provide the dealer to define (Proprietary) voluntarily by service.If travelling carriage 10 authentification failures, then service-denial.If travelling carriage 10 by authentication, then can have the right to use of base station 30 and router four 0, connect the Internet 50, obtain the Internet service of server 60.When travelling carriage 10 is obtained Internet service, router four 0 produces service recorder, and authentication proxy's device 800 produces bills 86 according to these service recorders and gives booking center 80.
Fig. 5 is Verification System signaling process figure of the present invention.In Fig. 5, comprise three certified components: travelling carriage 10, authentication proxy's device 800, a certificate server 700.Wherein, authentication proxy's device 800 has the SIM card 88 of travelling carriage 10, acts on behalf of travelling carriage 10 and assists certificate server 700 authentications.Certificate server 700 can be the mobile switching centre 70 in the GSM network, is responsible for SIM card 88 is carried out authentication.When travelling carriage 10 needs Internet service, send service request (signaling 510) to authentication proxy's device 800, and authenticate (signaling 520) with authentication proxy device 800.If travelling carriage 10 authentification failures, then service-denial; If authentication success, 800 pairs of certificate servers 700 of authentication proxy's device send service request (signaling 530).Certificate server 700 sends authentication requesting (signaling 540) and gives authentication proxy's device 800, and authentication proxy's device 800 is carried out authentication response (signaling 550) according to the SIM card 88 of travelling carriage 10.After certificate server 700 is received authentication response 550, authentication success more whether.(signaling 560) accepted in 800 services if authentication success, certificate server 700 are notified authentication proxy's device, and authentication proxy's device 800 is notified travelling carriage 10 services again and accepted (signaling 570), and authentication proxy's device 800 and open travelling carriage 10 connect the Internet; If failure, then certificate server 700 is notified authentication proxy's device 800 service-denials (signaling 580), and authentication proxy's device 800 is notified travelling carriage 10 service-denials (signaling 590) again.
So, authentication proxy's utensil of Verification System of the present invention has the SIM card of travelling carriage, task comprises the service request of handling travelling carriage, authenticate with travelling carriage, authenticate with certificate server (as: mobile switching centre), the control travelling carriage connects the right to use of the Internet, and produces bill to booking center etc.
In Fig. 4 framework, travelling carriage 10 may roam into external access network.If travelling carriage 10 needs Internet service, must obtain earlier base station 35 with the right to use of router four 5.Externally in the access network, base station 35 is monitored by right to use controller 600 with the right to use of router four 5.So travelling carriage 10 must send service request to right to use controller 600, accept up to the service that obtains right to use controller 600.
Fig. 6 is that roaming mobile stations of the present invention is in Verification System signaling process figure.In Fig. 6, comprise four certified components: travelling carriage 10, right to use controller 600, authentication proxy's device 800, with a certificate server 700.When travelling carriage 10 roamed into external access network and needs Internet service, travelling carriage 10 sent service request (signaling 610) to right to use controller 600.Right to use controller 600 sends service request (signaling 615) to authentication proxy's device 800 of travelling carriage 10 again.Authentication proxy's device 800 begins travelling carriage 10 is authenticated 620.If travelling carriage 10 authentification failures, then service-denial; If authentication success, authentication proxy's device 800 authenticates (with the signaling 530 ~ 580 of Fig. 5) with certificate server 700.(signaling 660) accepted in 600 services if authentication success, authentication proxy's device 800 are notified right to use controller, notifies travelling carriage 10 services by right to use controller 600 again and accepts (signaling 665), and right to use controller 600 and open travelling carriage 10 connect the Internet; If failure, then authentication proxy's device 800 is notified right to use controller 600 service-denials (signaling 680), notifies travelling carriage 10 service-denials (signaling 685) by right to use controller 600 again.
Public's Verification System of the present invention is not installed in SIM card on the travelling carriage, and is installed in authentication proxy's device, makes user's travelling carriage need not change design, and saves the travelling carriage manufacturing cost.Authenticate by authentication proxy's device and authentication proxy's device uses the SIM card of this travelling carriage to be authenticated by certificate server by travelling carriage, also reach the purpose that travelling carriage is authenticated by certificate server.
Though the system applies of present embodiment in the public wireless lan network, can also be applied to public's cable network.
Certainly, those of ordinary skill in the art will be appreciated that, above embodiment is used for illustrating the present invention, and be not to be used as limitation of the invention, as long as in connotation scope of the present invention, all will drop in the scope of claims of the present invention variation, the modification of the above embodiment.
Claims (12)
1. the system of an identifying public network is characterized in that, this system comprises at least:
One travelling carriage;
One certificate server;
One authentication proxy's device possesses and the corresponding subscriber identification module of this travelling carriage;
Wherein this travelling carriage is authenticated by this authentication proxy's device, and this authentication proxy's device uses this subscriber identification module to be authenticated by this certificate server.
2. the system as claimed in claim 1 is characterized in that, this system further comprises:
One access network;
Wherein, this travelling carriage is controlled this access network through this authentication proxy's device authentication success by this authentication proxy's device, connects the Internet to permit this travelling carriage.
3. the system as claimed in claim 1 is characterized in that, this system further comprises:
One booking center;
One router;
Wherein, this authentication proxy's device is controlled this router and is produced bill to this booking center.
4. the system as claimed in claim 1 is characterized in that, this system further comprises:
One external access network comprises a right to use controller;
This travelling carriage roams to this external access network, and this travelling carriage is notified this right to use controller to permit this travelling carriage by this authentication proxy's device and connected the Internet through this authentication proxy's device authentication success.
5. the method for an identifying public network is characterized in that, this method comprises:
One travelling carriage authenticates with one first agreement with the authentication proxy's device that has with the corresponding subscriber identification module of this travelling carriage; And
This authentication proxy's device uses this subscriber identification module and a certificate server to authenticate with one second agreement.
6. method as claimed in claim 5 is characterized in that, this method further comprises:
This travelling carriage, is permitted this travelling carriage and is connected the Internet by this authentication proxy's device control access network through this authentication proxy's device authentication success.
7. method as claimed in claim 5 is characterized in that, this method further comprises:
Control a router by this authentication proxy's device and produce bill to a booking center.
8. method as claimed in claim 5 is characterized in that, this method further comprises:
This travelling carriage roams to an external access network, and this travelling carriage is notified a right to use controller to permit this travelling carriage by this authentication proxy's device and connected the Internet through this authentication proxy's device authentication success.
9. authentication proxy's device of a public network, it is characterized in that, this authentication proxy's utensil has and the corresponding subscriber identification module of a travelling carriage, this authentication proxy's device and this travelling carriage use one first agreement to authenticate, and this authentication proxy's device uses one second agreement to authenticate according to this subscriber identification module and a certificate server.
10. authentication proxy as claimed in claim 9 device is characterized in that, this authentication proxy's device is controlled an access network and connected the Internet to permit this travelling carriage.
11. authentication proxy as claimed in claim 9 device is characterized in that, this authentication proxy's device is controlled a router and is produced bill to a booking center.
12. authentication proxy as claimed in claim 9 device is characterized in that, this authentication proxy's device is notified a right to use controller of an external access network, permits connecting when this travelling carriage roams to this external access network the Internet.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN02124334.4A CN1221149C (en) | 2002-06-12 | 2002-06-12 | System and method for identifying public network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN02124334.4A CN1221149C (en) | 2002-06-12 | 2002-06-12 | System and method for identifying public network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1464760A CN1464760A (en) | 2003-12-31 |
| CN1221149C true CN1221149C (en) | 2005-09-28 |
Family
ID=29743798
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN02124334.4A Expired - Fee Related CN1221149C (en) | 2002-06-12 | 2002-06-12 | System and method for identifying public network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1221149C (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100459804C (en) * | 2005-12-13 | 2009-02-04 | 华为技术有限公司 | Device, system and method of authenticating when terminal to access second system network |
| CN101442516B (en) * | 2007-11-20 | 2012-04-25 | 华为技术有限公司 | Method, system and apparatus for DHCP authentication |
-
2002
- 2002-06-12 CN CN02124334.4A patent/CN1221149C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN1464760A (en) | 2003-12-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2248322B1 (en) | Methods and apparatus for wireless device registration | |
| CN100390773C (en) | Authentication in a communication system | |
| TWI264917B (en) | Method and system for authenticating user of data transfer device | |
| CN1327663C (en) | Method of user access radio communication network and radio network cut in control device | |
| CN103581184B (en) | The method and system of mobile terminal accessing corporate intranet server | |
| EP2039110B1 (en) | Method and system for controlling access to networks | |
| AU2005236981B2 (en) | Improved subscriber authentication for unlicensed mobile access signaling | |
| US7665147B2 (en) | Authentication of HTTP applications | |
| US20040162998A1 (en) | Service authentication in a communication system | |
| US20020157090A1 (en) | Automated updating of access points in a distributed network | |
| TW564627B (en) | System and method for authentication in public networks | |
| CN103200159B (en) | A kind of Network Access Method and equipment | |
| CN103874065A (en) | Method and device for judging user position abnormity | |
| CN1611032A (en) | A method for using a service involving a certificate where requirements are set for the data content of the certificate | |
| CN108293055A (en) | Method, apparatus and system for authenticating to mobile network and for by the server of device authentication to mobile network | |
| EP1208714B1 (en) | Utilization of subscriber data in a telecommunication system | |
| GB2369273A (en) | Allowing a wireless access user to self register to gain access to internet services over the wireless system | |
| EP1690237A2 (en) | Terminal device ip address authentication | |
| CN1221149C (en) | System and method for identifying public network | |
| CN102547698B (en) | Authentication system, method and intermediate authentication platform | |
| EP1176760A1 (en) | Method of establishing access from a terminal to a server | |
| WO2009075467A1 (en) | User management method and system based on identification information in femtocell | |
| CN101031121A (en) | Mobile terminal and method for reading SIM card | |
| CN1567859A (en) | A method of access authentication for WLAN | |
| CN105429762A (en) | Mobile phone authentication method and mobile phone authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20050928 Termination date: 20160612 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |