WO2011040670A1 - User-oriented network system having automatic user authentication function and method thereof - Google Patents

User-oriented network system having automatic user authentication function and method thereof Download PDF

Info

Publication number
WO2011040670A1
WO2011040670A1 PCT/KR2009/006760 KR2009006760W WO2011040670A1 WO 2011040670 A1 WO2011040670 A1 WO 2011040670A1 KR 2009006760 W KR2009006760 W KR 2009006760W WO 2011040670 A1 WO2011040670 A1 WO 2011040670A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
user authentication
oriented network
authentication information
mobile terminal
Prior art date
Application number
PCT/KR2009/006760
Other languages
French (fr)
Inventor
Jong-Tae Park
Original Assignee
Kyungpook National University Industry-Academic Cooperation Foundation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kyungpook National University Industry-Academic Cooperation Foundation filed Critical Kyungpook National University Industry-Academic Cooperation Foundation
Publication of WO2011040670A1 publication Critical patent/WO2011040670A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/062Pre-authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the present invention relates to a user-oriented network system having an automatic user authentication function and a method thereof, and more particularly to a user-oriented network system having an automatic user authentication function and a method thereof, which can enable seamless wireless LAN services to be used in ISPs (Internet Service Providers) constituting a user-oriented network by enabling user authentication to be performed, even without any re-access after termination of separate manipulation and access of a mobile terminal for the user authentication, during handover between APs (Access Points) managed by different ISPs through a user-oriented network authentication management server in which user authentication information about the APs of the ISPs having two or more neighboring service areas is stored or to which an access authority to the authentication information is given.
  • ISPs Internet Service Providers
  • Mobility management is one of main functions enabling a communication function of a mobile terminal to be performed in a mobile communication network such as GSM (Global System for Mobile communications), CDMA (Code Division Multiple Access) system, and the like.
  • the purpose of the mobility management is to transfer voice call, SMS (Short Message Service), or other mobile communication services to the terminal through continuous management of the position of a subscribed terminal in the mobile communication network.
  • Mobile IP Internet Protocol
  • the mobile terminal in order to pass the user authentication that is applied to the respective AP, it is required for the mobile terminal to perform the re-access after intercepting the access during the handover between different ISPs.
  • wireless LAN users desire to receive seamless wireless LAN services at any place their authentication is possible as they moves between home, school, and paid wireless LAN hot spots.
  • an object of the present invention is to provide a user-oriented network system having automatic user authentication and mobility management functions and a method thereof, which can provide seamless data transmission/reception services by supporting automatic user authentication and handover when a mobile terminal moves into an area of an access router or an access point having a different management ISP.
  • a user-oriented network system having an automatic user authentication function which includes a mobile terminal, in the case of intending to access a new AP (Access Point), transmitting a user authentication information request signal which contains user identification information to a user-oriented network authentication management server, and performing user authentication through the AP by using user authentication information provided in response to the request signal; and the user-oriented network authentication management server providing the user authentication information created based on the designation unit network information matched with the user identification information, to the mobile terminal.
  • AP Access Point
  • the mobile terminal may transmit the user authentication information request signal by using at least one of communication systems of CDMA (Code Division Multiple Access), W-CDMA (Wide Code Division Multiple Access), and GSM (Global System for Mobile communications).
  • CDMA Code Division Multiple Access
  • W-CDMA Wide Code Division Multiple Access
  • GSM Global System for Mobile communications
  • the mobile terminal may transmit the user authentication information request signal by using a wireless LAN communication system. If there exists an AP being accessed, the mobile terminal may transmit the user authentication information request signal in the event where the strength of a wireless signal received from the AP being accessed is below a handover preparation reference value. Also, if there exists an AP being accessed, the mobile terminal may perform the user authentication in the event where the strength of a wireless signal received from the AP being accessed is below a handover execution reference value that is lower than the handover preparation reference value.
  • the mobile terminal may transmit the user authentication information request signal, which further contains a list of neighboring APs from which signal reception has been detected, to the user-oriented network authentication management server, and the user-oriented network authentication management server inquires about the user authentication information of the respective neighboring APs, based on the designation unit network information, and transmits the user authentication information created by the inquiry, to the mobile terminal.
  • the mobile terminal performs the user authentication by using an AP selected among the access candidate APs, from which the user authentication information has been received, and the received user authentication information.
  • the user-oriented network authentication management server may provide user authentication information of all APs of all designation unit networks in accordance with the user's user-oriented network configuration.
  • the mobile terminal in the case of intending to access a new AP, may perform the user authentication through an AP selected among the neighboring APs from which wireless signal reception has been detected, wherein the identification information of the candidate AP is included in the user authentication information.
  • an automatic user authentication method for a user-oriented network system which includes transmitting a user authentication information request signal which contains user identification information to a user-oriented network authentication management server in the case of intending to access a new AP (Access Point); and performing user authentication through the AP by using user authentication information provided in response to the request.
  • the user authentication information is created based on the designation unit network information matched with the user identification information.
  • the user authentication information request signal may be transmitted by using at least one of communication systems of CDMA (Code Division Multiple Access), W-CDMA (Wide Code Division Multiple Access), and GSM (Global System for Mobile communications) if there exists no AP being accessed.
  • CDMA Code Division Multiple Access
  • W-CDMA Wide Code Division Multiple Access
  • GSM Global System for Mobile communications
  • the user authentication information request signal may be transmitted by using a wireless LAN communication system if there exists an AP being accessed.
  • the user authentication information request signal may be transmitted in the event where the strength of a wireless signal received from the AP being accessed is below a handover preparation reference value.
  • the step of performing the user authentication through the AP by using the user authentication information provided in response to the request may include performing the user authentication in the event where the strength of a wireless signal received from the AP being accessed is below a handover execution reference value that is lower than the handover preparation reference value if there exists an AP being accessed.
  • the step of transmitting the user authentication information request signal may include transmitting the user authentication information request signal that further contains a list of neighboring APs, from which signal reception has been detected, to the user-oriented network authentication management server; and performing the user authentication, comprises performing the user authentication by using an AP selected among the neighboring APs, of which the user authentication information has been received; wherein the user authentication information provided in response to the request is provided by inquiring about the user authentication information of the respective neighboring APs, based on the designation unit network information.
  • the user authentication information provided in response to the request may include user authentication information of all APs of all designation unit networks in accordance with the user's user-oriented network configuration.
  • the step of performing the user authentication through the AP by using the user authentication information provided in response to the request may include performing the user authentication through an AP selected among the neighboring APs from which wireless signal reception has been detected, wherein the identification information of the candidate AP is included in the user authentication information, in the case of intending to access a new AP.
  • an automatic access and mobility management method for a user-oriented network system which includes configuring a user-oriented network that is a set of designation unit networks, by storing designation unit networks information including user authentication information for the APs (Access Points) managed by the designation unit networks, in a user-oriented network management server; in the case of accessing the AP, performing user authentication without user’s input by using the user authentication information for the AP, which is provided from the user-oriented network management server; and if the AP to be accessed belongs to a designation unit network that is different from that to which the previous AP belongs, performing an AP handover between different designation unit networks through a communication gateway that connects the different designation unit networks.
  • seamless data transmission/reception services can be provided through supporting of automatic authentication and handover.
  • FIG. 1 is a conceptual view of a user-oriented network according to the present invention
  • FIG. 2 is a view explaining a user-oriented network system according to an embodiment of the present invention.
  • FIG. 3 is an exemplary view illustrating the construction of designation unit network information that can be stored in a user-oriented network authentication management server according to an embodiment of the present invention
  • FIG. 4 is a first flowchart illustrating a user authentication method for a user-oriented network system according to an embodiment of the present invention
  • FIG. 5 is a second flowchart illustrating a user authentication method for a user-oriented network system according to an embodiment of the present invention
  • FIG. 6 is a conceptual view explaining an automatic access and mobility management method for a user-oriented network system according to an embodiment of the present invention.
  • FIG. 7 is a signal flowchart illustrating an automatic access and mobility management method for a user-oriented network system according to an embodiment of the present invention.
  • These computer program instructions may also be stored in a computer usable or computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer usable or computer-readable memory produce an article of manufacture including instruction means that implement the function specified in the flowchart block or blocks.
  • the computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions that execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart block or blocks.
  • each block of the flowchart illustrations may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the blocks may occur out of the order. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
  • FIG. 1 is a conceptual view of a user-oriented network according to the present invention.
  • a user-oriented network may be defined as a user-grounded logical network which includes WLANs (Wireless Local Area Networks) that can be accessed through joining of a WLAN service of an ISP (Internet Service Provider) or construction of a private WLAN.
  • WLANs Wireless Local Area Networks
  • ISP Internet Service Provider
  • a network constituting the user-oriented network will be called a designation unit network.
  • the designation unit network may include an ISP joined by a user.
  • An ISP is a business subject that provides an Internet access service, and in the present invention, it may be limited to a business subject that provides a WLAN access service.
  • the ISP may include a general ISP that provides a paid service and a public ISP that provides a public service to students and teaching staffs at school and so on. Also, the ISP may provide a WLAN access service in a specified area, and a shaded area where no access service is provided may exist in some areas where other ISPs provide WLAN access services.
  • the designation unit network may include a private WLAN which is directly constructed by a user or of which an access is permitted to a user.
  • the private WLAN may be constructed by installing an access point, and it is preferable that the private WLAN includes a device providing a NAT (Network Address Translation) function, which operates as a mobility management server, and a DHCP (Dynamic Host Configuration Protocol) function.
  • the private WLAN may include an access router or a wireless router that provides the NAT function as the access point.
  • a user using a mobile terminal 100 can access a private WLAN 120, an ISP WLAN 122, and a public WLAN 124.
  • the user may construct a user-oriented network 126, in which the private WLAN 120, the ISP WLAN 122, and the public WLAN 124 are defined, as the designation unit network.
  • the user may construct a user-oriented network that includes only the WLAN 120 and the ISP WLAN 122 as the designation unit network. That is, the user-oriented network may be understood as a network constructed by adding a WLAN network desired by the user.
  • the user-oriented network according to the present invention aims at support of seamless mobility of a mobile terminal, it is preferable that one or more WLANs constituting the user-oriented network have service providing areas which at least partially overlap each other.
  • the user’s mobile terminal 100 constructing the user-oriented network 126 successively passes through cells of AP1 (Access Point 1) 102, AP2 104, AP3 106, AP4 108, and AP5 110.
  • AP1 Access Point 1
  • AP2 Access Point 2
  • AP3 106
  • AP4 108
  • AP5 AP5
  • the mobile terminal in the case of first accessing AP1 102, can automatically access AP1 102 by receiving information required for user authentication from a user-oriented network authentication management server. Thereafter, even in the case of performing handover to AP2 104, AP3 106, AP4 108, and AP5 110 in order, the mobile terminal receives information required for the user authentication of the AP to be accessed after the handover from the user-oriented network authentication management server, and thus it is not required to separately input the user authentication information.
  • FIG. 2 it is assumed that a user of a mobile terminal 200 has established a user-oriented network 256 in which a private WLAN 250, an ISP A 252, and an ISP B 254 are defined as designation unit networks.
  • the user-oriented network system having an automatic user authentication function includes a mobile terminal 200, a user-oriented network authentication management server 208, and AAA servers 210 and 212 operated by the ISPs.
  • the mobile terminal 200 which is a terminal provided with a communication module, may be, for example, a notebook computer or a smart phone.
  • the communication module may support at least one of a WLAN, WiBRO, CDMA, W-CDMA, and GSM (Global System for Mobile communications).
  • designation unit network information by users may be stored. That is, in the user-oriented network authentication management server 208, information on which unit networks are included in the user-oriented network constructed by a user may be stored.
  • the designation unit network information may include identification information of APs operated by respective ISPs and user authentication information required to pass the user authentication that is performed through the APs.
  • the designation unit network information may include identification information of all APs operated by ISP A and information on being user-authenticated by the APs, identification information of all APs operated by ISP B and information on being user-authenticated by the APs, and identification information of all APs operated by ISP C and information on being user-authenticated by the APs.
  • the AP identification information may be, for example, a MAC address of an AP, SSID (Service Set ID), or BSSID (Basic Service Set ID).
  • the user authentication information includes all data required to pass the user authentication after the mobile terminal 200 accesses the AP. If the user authentication technology is IEEE 802.1X/EAP or WPA-Enterprise, the user authentication information may be a user ID and a password. Also, if the user authentication technology is WEP or WPA-Personal, the user authentication information may be security mode information and an access key.
  • the user authentication information may be the same with respect to all APs belonging to one ISP, or may differ by APs. If the user authentication information is the same with respect to all APs, the user authentication information may be information one-to-one matched to the designation unit network information, while if the user authentication information differs by APs, the user authentication information may be information one-to-one matched to the AP identification information. That is, if the user authentication information differs by APs, information that is stored in the user-oriented network authentication management server 208 may be identification information of APs included in the designation unit networks defined by the respective users and user authentication information of the respective APs.
  • FIG. 3 is an exemplary view illustrating the construction of designation unit network information that can be stored in the user-oriented network authentication management server 208 according to an embodiment of the present invention.
  • the designation unit network information may include data that indicates which ISP is defined as a designation unit network 302 by each user 300, an ID 304 to access the corresponding ISP, what is a password 306, what is a MAC address 308 of a mobile terminal applied to access the corresponding ISP, what is a security mode 310 applied to the corresponding ISP, what is an access key 312 to access an AP belonging to the corresponding ISP, and what is identification information 314 of APs belonging to the corresponding ISP.
  • the security mode 310 field may be, for example, a value that means one of open mode, WEP, WPA1, and WPA2.
  • the ISP user ID 304 field and the ISP user PW 306 filed are used as data for the user authentication in the case of using the user authentication technology in the form in which an AAA server exists, and the security mode 310 field and the access key 312 field are used as data for the user authentication in the case of using the user authentication technology in the form in which no AAA server exists.
  • the user name 300 is a field capable of identifying the subject constructing the user-oriented network.
  • the user “LEE” has constructed a user-oriented network including three designation unit networks, ISP A, ISP B, and ISP C, and it can be known that the user can pass the user authentication by inputting an ID “leews” to APs belonging to ISP A and ISP B and inputting a password “lws80.” Also, according to records of the respective ISPs, it can be known that identification information of all APs operated by the corresponding ISP is stored in a field called “AP ID information.” Also, the user “Kim” has constructed a user-oriented network including ISP B and a home WLAN as the designation unit networks, and two APs, SSID15 and SSID16, are connected to the home WLAN. It can be known that a WEP type security mode has been applied to the AP and the user “Kim” has passed the user authentication by using an access key “kdjap.”
  • the user authentication data may be constructed in the form in which it is one-to-one matched to the identification information of the respective APs.
  • the user-oriented network authentication management server 208 requests the user authentication information from the AAA servers 210 and 212 of the ISPs registered by the respective users as the designation unit networks S250, receives the user authentication information of the user in response to the request S252, and stores the designation unit network information by users.
  • the request for the user authentication information S250 is to request an access to the corresponding data, and its response S252 may correspond to a path through which the user authentication information itself is not provided, but the user authentication information can be perused.
  • the mobile terminal 200 In the event where the mobile terminal 200 intends to access an AP, it detects neighboring APs and creates a list of neighboring APs including identification information of the detected APs. The detection may correspond to the broadcasting of an AP probe message and obtaining of the identification information of the APs that respond to the message. It is assumed that the list of neighboring APs in FIG. 2 includes AP1 202, AP2 204, and AP3 206.
  • the mobile terminal 200 transmits the user authentication information request signal that contains the list of neighboring APs and user names 300 to the user-oriented network authentication management server 208.
  • the transmission of the user authentication information request signal S254 and the response thereto S256 may follow at least one of systems of CDMA, W-CDMA, GSM, and WiBRO. However, if there exists an AP currently accessed by the mobile terminal and the mobile terminal requests the user authentication information of neighboring APs with the necessity of handover, the transmission of the user authentication information request signal S254 and the response thereto S256 may be made through the currently accessed AP.
  • the user-oriented network authentication management server 208 inquires about the user authentication information of the respective neighboring APs included in the access candidate AP list based on the designation unit network information, and provides the user authentication information to the mobile terminal 200 S256. It is preferable that the user-oriented network authentication management server 208 provides the user authentication information of the neighboring APs, to which user’s access corresponding to the user name 300 is permitted, to the mobile terminal 200 S256.
  • the user-oriented network authentication management server may provide an error message if there exists no access candidate AP to which the user’s access corresponding to the user name 300 is permitted.
  • the user of the mobile terminal 200 since it is assumed that the user of the mobile terminal 200 has established the user-oriented network 256 including the private WLAN 250, ISP A 252, and ISP B 254 as the designation unit networks, all the user authentication information of AP1 202, AP2 204, and AP3 206 in the access candidate AP list will be provided to the mobile terminal 200 S256.
  • the mobile terminal 200 automatically accesses AP2 204 selected among the neighboring APs by using the user authentication information provided from the user-oriented network authentication management server 208. If there exist two or more neighboring APs of which the user authentication information has been provided, the mobile terminal 20 selects and automatically accesses the AP having the biggest strength of radio waves or the AP having the smallest load currently produced.
  • the automatic access is called an access in the form in which the mobile terminal can pass the user authentication even if the user does not directly input information for the user authentication through the mobile terminal.
  • the mobile terminal 200 judges that the strength of a signal received from AP2 204 is lowered below a handover preparation reference value while it moves into a service region of ISP B 254 in a state where it accesses AP2 204, it detects neighboring APs, re-creates the access candidate AP list composed of identification information of the detected APs, and transmits a user authentication information request signal containing the access candidate AP list and user names 400 to the user-oriented network authentication management server 208 through the currently accessed AP2 204 S262.
  • the user-oriented network authentication management server 208 provides to the mobile terminal 200 the user authentication information of the APs, of which the access is permitted to the user corresponding to the user name 300, among the neighboring APs S264. If it is assumed that the access candidate AP list includes only AP3 206, the mobile terminal 200 can receive information required for the user authentication when accessing AP3 206 since the user of the mobile terminal 200 has constructed the user-oriented network including ISP B 254 operating AP3 206 as the designation unit network.
  • the mobile terminal 200 stores the user authentication information provided from the user-oriented network authentication management server 208. Then, if it is judged that the signal strength from AP2 204 is lowered below a handover execution reference value, the mobile terminal automatically accesses AP2 204 selected among the neighboring APs by using the stored user authentication information S266.
  • the user-oriented network system having an automatic user authentication function may not perform the operations S254 and S262 to provide the user authentication information to the mobile terminal 200 whenever the mobile terminal 200 accesses a new AP, but may perform the operations only once at its initial stage.
  • the user authentication information when the user authentication information is first provided to the mobile terminal 200, the user authentication information of all the APs in all the designation unit networks, which are included by the user of the mobile terminal 200 as the constituent elements of the user-oriented network, can be provided.
  • the mobile terminal 200 since the mobile terminal 200 stores the user authentication information of all the APs in which the mobile terminal itself can pass the user authentication, it can automatically access the AP to be newly accessed without any data transmission/reception with the user-oriented network authentication management server 208.
  • the mobile terminal of the user who has constructed the user-oriented network transmits a signal for requesting the user authentication information to the user-oriented network authentication management server S400. It is preferable that the user authentication information request signal contains user identification information.
  • the user authentication information request signal may further include a MAC (Media Access Control) address of the mobile terminal.
  • the user authentication information request signal may be transmitted through one of systems of 2G (Generation) mobile communications, 3G mobile communications, and Wibro.
  • 2G Generation
  • 3G mobile communications 3G mobile communications
  • Wibro Wibro
  • the user-oriented network authentication management server inquires about the stored designation unit network information, and transmits to the mobile terminal the user authentication information of all the APs that can be accessed by the user corresponding to the user identification information contained in the user authentication information request signal S402.
  • the user authentication information may include identification information of an AP and information required for the corresponding AP to perform the user authentication.
  • the information required for the user authentication may be an ID and a password registered when the user joins a specified ISP, or an access key that should be inputted in the case of accessing a specified AP and a security mode set in the AP.
  • the mobile terminal having received the user authentication information, stores the received user authentication information, and detects neighboring APs S404.
  • the detection S404 may correspond to the broadcasting of an AP probe message and obtaining of the identification information of the APs that respond to the message.
  • the mobile terminal judges whether there exist APs which have received the user authentication information S402 among the detected APs S406.
  • the mobile terminal may select an AP having the biggest signal strength S408.
  • the mobile terminal accesses the AP selected as the AP to be accessed, and performs the user authentication with the AP by using the received user authentication information.
  • the mobile terminal inquires about the user authentication information of the AP selected as the AP to be accessed S410.
  • the user authentication information may be received from the user-oriented network authentication management server S402.
  • the mobile terminal accesses the AP to be accessed without any separate user authentication procedure S420.
  • the mobile terminal performs the user authentication in accordance with the set security mode S414.
  • An encryption key input operation may be added to the user authentication procedure S414. If the user authentication and encryption key application have succeeded S416, and if no security has been applied and the mobile terminal accesses the AP without the user authentication procedure S420, a mobility management operation may be performed to support handover to another AP S422.
  • the mobility management operation may be performed by using a communication gateway connected to respective ISP mobility management servers so that the handover between ISPs becomes possible.
  • the user authentication information of all the APs included in the user-oriented network are received and stored in the mobile terminal at a time, and thus in the case of performing the user authentication by accessing a new AP, the user authentication can be automatically performed without inputting user information and without the assistance of the user-oriented network authentication management server.
  • a mobile terminal that intends to access an AP detects neighboring APs S500.
  • the detection S500 may correspond to the broadcasting of an AP probe message and obtaining of the identification information of the APs that respond to the message.
  • the detected AP is called an access candidate AP.
  • the mobile terminal transmits a signal for requesting the user authentication information to the user-oriented network authentication management server S502. It is preferable that the user authentication information request signal contains user identification information and a list of neighboring APs.
  • the user authentication information request signal may further include a MAC address of the mobile terminal.
  • the list of neighboring APs may means a list of AP identification information, and the AP identification information may include SSID (Service Set ID).
  • the user authentication information request signal may be transmitted through one of systems of 2G (Generation) mobile communications, 3G mobile communications, and Wibro.
  • 2G Generation
  • 3G mobile communications 3G mobile communications
  • Wibro Wibro
  • the user authentication information request signal may be transmitted by using a wireless LAN system through the currently accessed AP.
  • the user authentication information request signal can be transmitted if the strength of a wireless signal received from the AP is below a handover preparation reference value. That is, if the strength of the wireless signal received from the currently accessed AP is below the handover preparation reference value, the handover may be prepared in advance to reduce the handover latency.
  • the user-oriented network authentication management server inquires about the stored designation unit network information, and transmits to the mobile terminal the user authentication information of the neighboring APs that can be accessed by the user corresponding to the user identification information contained in the user authentication information request signal S504.
  • the user authentication information may include identification information of an AP and information required for the corresponding AP to perform the user authentication.
  • the information required for the user authentication may be an ID and a password registered when the user joins a specified ISP, or an access key that should be inputted in the case of accessing a specified AP.
  • the user-oriented network authentication management server may provide an error code that means there exists no AP from which the user can receive the user authentication among the neighboring APs to the mobile terminal.
  • the mobile terminal having received the user authentication information, stores the received user authentication information, and judges whether there exists an AP, from which the user authentication information is received S402, among the neighboring APs S506.
  • the mobile terminal selects the AP having the biggest signal strength S508. If there exists one access candidate AP from which the user authentication information has been received S504, the mobile terminal selects the corresponding AP as the AP to be accessed. If the error code is received and it is judged that there exists no neighboring AP through which the user authentication can be performed as the result of judgment S506, the mobile terminal may output an error message that indicates there exists no AP through which the user authentication can be performed S512.
  • the mobile terminal accesses the AP selected as the AP to be accessed, and performs the user authentication with the AP by using the received user authentication information. It is preferable that the operation of accessing the selected AP and performing the user authentication with the accessed AP is performed when the strength of the signal received from the previous connected AP is blow a handover execution reference value.
  • the handover preparation reference value is set as a value that is higher than the handover execution reference value, and an RSSI (Received Signal Strength Indication) value may be uses as the unit of the reference value.
  • RSSI Received Signal Strength Indication
  • the mobile terminal inquires about the user authentication information of the AP selected as the AP to be accessed S508.
  • the user authentication information may be received from the user-oriented network authentication management server S504.
  • the mobile terminal accesses the AP to be accessed without any separate user authentication procedure S516.
  • the mobile terminal performs the user authentication in accordance with the set security mode 518.
  • An encryption key input operation may be added to the user authentication procedure S518. If the user authentication and encryption key application have succeeded S520, and if no security has been applied and the mobile terminal accesses the AP without the user authentication procedure S516, a mobility management operation may be performed to support handover to another AP S522.
  • the mobility management operation may be performed by using a communication gateway connected to respective ISP mobility management servers so that the handover between ISPs becomes possible.
  • FIG. 6 is a conceptual view explaining an automatic access and mobility management method for a user-oriented network system according to an embodiment of the present invention.
  • the user stores mobility management information of a home network AP1 in a user-oriented network management server 650.
  • the user-oriented network management server 650 requests and brings user mobility management information of a wireless LAN service provided by a network service provider from a mobility management server 652 of the network service provider joined by the user.
  • the mobility management information may include neighboring APs information or bandwidth information of hot spot APs, which are provided by the service provider, and information, such as user identification numbers and passwords, for accessing the wireless LAN service.
  • the mobile terminal If the strength of the radio waves from AP2 of the network service provider A becomes lower than a specified threshold vale during movement of the mobile terminal, the mobile terminal starts handover by securing the neighboring APs information of AP2.
  • the handover includes both layer-2 handover and layer-3 handover.
  • a layer-2 handover i.e. a handover between APs
  • a wireless LAN mobility management system provided in a network infrastructure, such as a wireless LAN switch and so on, if two APs are connected to the same service provider network.
  • the AP handover between different network service providers can be supported by mounting a wireless LAN mobility management system in a communication gateway 654 connecting between the different networks.
  • the mobile terminal directly supports the layer-2 handover, it can play a leading part in performing the handover.
  • the communication gateway 654 is generally constructed in the form of a distributed system to support diverse wireless LANs spread over a wide range.
  • the handover in a layer-3 IP (or Internet) layer is performed as follows.
  • the mobile terminal transmits a handover information request message between different wireless LANs to the user-oriented network management server 650.
  • the mobile terminal also transmits neighboring APs information of AP2, which is carried on the handover information request message, to the server.
  • the user-oriented network management server 650 chooses APs in the neighboring APs of AP2 which the mobile terminal is competent to access, and transmits a handover information response message which contains the information of the chosen APs.
  • the mobile terminal having received the response message, selects and accesses an optimum AP among the APs, through which handover can be performed, in consideration of the strength of radio waves, load of other APs, and the like.
  • the mobile terminal establishes an IP Security tunnel between the mobile terminal and the communication gateway 654 to perform the handover in a safe manner, and then deletes the IP security tunnel between the mobile terminal and the existing AP2.
  • IP-in-IP tunneling method which has been determined by the Internet standard, IETF RFC (Request For Comments) 1853, may be used.
  • the mobile terminal transfers the fact that the mobile terminal has accessed AP3 of the network service provider B to the mobility management server of the network service provider B through a mobility management information transfer message.
  • the mobility management server of the network service provider B changes the information by inquiring about the user mobility management information, and finally transfers the mobility management information response message to the mobile terminal and UoN mobility management server through AP3.
  • the mobility management server may be mounted on an Internet router or a separate server. By doing this, the user mobile terminal can seamlessly and safely perform the handover when it moves into a different wireless LAN.
  • FIG. 7 is a signal flowchart illustrating an automatic access and mobility management method for a user-oriented network system according to an embodiment of the present invention.
  • FIG. 6 it is assumed that the mobile terminal moves into an ISP area in a private wireless LAN.
  • the mobile terminal receives the user authentication information from the user-oriented network authentication management server and stores the received user authentication information S600.
  • the mobile terminal automatically accesses an AP by using the received user authentication information S602.
  • the user authentication information includes all data required to pass the user authentication after the mobile terminal accesses the AP.
  • the mobile terminal having accessed the AP, requests construction of a security tunnel, creates a communication gateway and an IP security tunnel, and transmits/receives data through the IP security tunnel S604, S606, and S608.
  • An IP handover can be also performed through the IP security tunnel.
  • the mobile terminal gathers neighboring AP information S612, and transmits the neighboring AP information to the user-oriented network authentication management server S614.
  • the user-oriented network authentication management server having received the neighboring AP information, transmits a list of APs that the mobile terminal is competent to access among the neighboring APs to the mobile terminal S616.
  • the mobile terminal transmits the user authentication information to the AP having the biggest strength of radio waves in the received list of APs to automatically access the AP S618, and establishes a communication gateway and a new security tunnel as described above S620, S622, and S624.
  • the mobile terminal releases the security tunnel, being previously set through the private wireless LAN, through the communication gateway S626, transmits the access change state to the user-oriented network authentication management server and the ISP mobility management server S628 and S630, and then completes the handover operation.
  • users of user-oriented network can use seamless WLAN communication service and automatic user authentication service by suppporting handover between designation unit networks, such as ISPs, by registering designation unit networks which constituting the user-oriented network, to the user-oriented network mobility management server.
  • designation unit networks such as ISPs

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A user-oriented network system having an automatic user authentication function and a method thereof are provided. The user-oriented network system having an automatic user authentication function includes a mobile terminal, in the case of intending to access a new AP (Access Point), transmitting a user authentication information request signal which contains user identification information to a user-oriented network authentication management server, and performing user authentication through the AP by using user authentication information provided in response to the request; and the user-oriented network authentication management server inquiring about user's designation unit network information according to the user identification information contained in the user authentication information request signal received from the mobile terminal, and providing the user authentication information to the mobile terminal.

Description

USER-ORIENTED NETWORK SYSTEM HAVING AUTOMATIC USER AUTHENTICATION FUNCTION AND METHOD THEREOF
The present invention relates to a user-oriented network system having an automatic user authentication function and a method thereof, and more particularly to a user-oriented network system having an automatic user authentication function and a method thereof, which can enable seamless wireless LAN services to be used in ISPs (Internet Service Providers) constituting a user-oriented network by enabling user authentication to be performed, even without any re-access after termination of separate manipulation and access of a mobile terminal for the user authentication, during handover between APs (Access Points) managed by different ISPs through a user-oriented network authentication management server in which user authentication information about the APs of the ISPs having two or more neighboring service areas is stored or to which an access authority to the authentication information is given.
Mobility management is one of main functions enabling a communication function of a mobile terminal to be performed in a mobile communication network such as GSM (Global System for Mobile communications), CDMA (Code Division Multiple Access) system, and the like. The purpose of the mobility management is to transfer voice call, SMS (Short Message Service), or other mobile communication services to the terminal through continuous management of the position of a subscribed terminal in the mobile communication network. Mobile IP (Internet Protocol) technology is provided through grafting of the mobility management technology on IP communication technology.
Even in the mobile IP technology, when a mobile terminal moves into an area of an access router or an access point having a different management ISP, it is impossible to secure the mobility through handover, and it is required for the mobile terminal to re-access a new ISP after completely intercepting the access. This problem has become a primary factor that obstructs the activation of the mobile IP service.
In addition, in order to pass the user authentication that is applied to the respective AP, it is required for the mobile terminal to perform the re-access after intercepting the access during the handover between different ISPs.
Recently, as more wireless LAN APs have been installed, AP communication areas may increasingly overlap one another. Accordingly, environments, in which handover can be supported regardless of the ISPs operating the APs, have been provided. In addition, wireless LAN users desire to receive seamless wireless LAN services at any place their authentication is possible as they moves between home, school, and paid wireless LAN hot spots.
In order to provide seamless wireless LAN services regardless of the movement of an ISP to a changed position, automatic handover and user authentication technology should be provided. In particular, in view of the characteristics of wireless LAN security technology to which various kinds of authentication and encryption technologies for maintaining the security of physical communication means called wireless communications have been applied, it is required to provide the automatic user authentication technology between ISPs that adopt different kinds of authentication and encryption technologies.
That is, in order to provide seamless wireless LAN services even in the case where the mobile terminal moves into a position where the ISP is changed, it is required to provide an automatic user authentication technology designed to be able to access an ISP after such movement of the mobile terminal without the necessity of manipulating the mobile terminal for the input of user’s ID or password.
Accordingly, the present invention has been made to solve the above-mentioned problems occurring in the prior art, and an object of the present invention is to provide a user-oriented network system having automatic user authentication and mobility management functions and a method thereof, which can provide seamless data transmission/reception services by supporting automatic user authentication and handover when a mobile terminal moves into an area of an access router or an access point having a different management ISP.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention.
In order to accomplish the objects, there is provided a user-oriented network system having an automatic user authentication function, according to an embodiment of the present invention, which includes a mobile terminal, in the case of intending to access a new AP (Access Point), transmitting a user authentication information request signal which contains user identification information to a user-oriented network authentication management server, and performing user authentication through the AP by using user authentication information provided in response to the request signal; and the user-oriented network authentication management server providing the user authentication information created based on the designation unit network information matched with the user identification information, to the mobile terminal.
If there exists no AP being accessed, the mobile terminal may transmit the user authentication information request signal by using at least one of communication systems of CDMA (Code Division Multiple Access), W-CDMA (Wide Code Division Multiple Access), and GSM (Global System for Mobile communications).
By contrast, if there exists an AP being accessed, the mobile terminal may transmit the user authentication information request signal by using a wireless LAN communication system. If there exists an AP being accessed, the mobile terminal may transmit the user authentication information request signal in the event where the strength of a wireless signal received from the AP being accessed is below a handover preparation reference value. Also, if there exists an AP being accessed, the mobile terminal may perform the user authentication in the event where the strength of a wireless signal received from the AP being accessed is below a handover execution reference value that is lower than the handover preparation reference value.
The mobile terminal may transmit the user authentication information request signal, which further contains a list of neighboring APs from which signal reception has been detected, to the user-oriented network authentication management server, and the user-oriented network authentication management server inquires about the user authentication information of the respective neighboring APs, based on the designation unit network information, and transmits the user authentication information created by the inquiry, to the mobile terminal. In this case, the mobile terminal performs the user authentication by using an AP selected among the access candidate APs, from which the user authentication information has been received, and the received user authentication information.
The user-oriented network authentication management server may provide user authentication information of all APs of all designation unit networks in accordance with the user's user-oriented network configuration.
The mobile terminal, in the case of intending to access a new AP, may perform the user authentication through an AP selected among the neighboring APs from which wireless signal reception has been detected, wherein the identification information of the candidate AP is included in the user authentication information.
In another aspect of the present invention, there is provided an automatic user authentication method for a user-oriented network system, which includes transmitting a user authentication information request signal which contains user identification information to a user-oriented network authentication management server in the case of intending to access a new AP (Access Point); and performing user authentication through the AP by using user authentication information provided in response to the request. In this case, the user authentication information is created based on the designation unit network information matched with the user identification information.
The user authentication information request signal may be transmitted by using at least one of communication systems of CDMA (Code Division Multiple Access), W-CDMA (Wide Code Division Multiple Access), and GSM (Global System for Mobile communications) if there exists no AP being accessed.
The user authentication information request signal may be transmitted by using a wireless LAN communication system if there exists an AP being accessed.
By contrast, if there exists an AP being accessed, the user authentication information request signal may be transmitted in the event where the strength of a wireless signal received from the AP being accessed is below a handover preparation reference value. In this case, the step of performing the user authentication through the AP by using the user authentication information provided in response to the request may include performing the user authentication in the event where the strength of a wireless signal received from the AP being accessed is below a handover execution reference value that is lower than the handover preparation reference value if there exists an AP being accessed.
The step of transmitting the user authentication information request signal may include transmitting the user authentication information request signal that further contains a list of neighboring APs, from which signal reception has been detected, to the user-oriented network authentication management server; and performing the user authentication, comprises performing the user authentication by using an AP selected among the neighboring APs, of which the user authentication information has been received; wherein the user authentication information provided in response to the request is provided by inquiring about the user authentication information of the respective neighboring APs, based on the designation unit network information.
The user authentication information provided in response to the request may include user authentication information of all APs of all designation unit networks in accordance with the user's user-oriented network configuration.
The step of performing the user authentication through the AP by using the user authentication information provided in response to the request may include performing the user authentication through an AP selected among the neighboring APs from which wireless signal reception has been detected, wherein the identification information of the candidate AP is included in the user authentication information, in the case of intending to access a new AP.
In still another aspect of the present invention, there is provided an automatic access and mobility management method for a user-oriented network system, which includes configuring a user-oriented network that is a set of designation unit networks, by storing designation unit networks information including user authentication information for the APs (Access Points) managed by the designation unit networks, in a user-oriented network management server; in the case of accessing the AP, performing user authentication without user’s input by using the user authentication information for the AP, which is provided from the user-oriented network management server; and if the AP to be accessed belongs to a designation unit network that is different from that to which the previous AP belongs, performing an AP handover between different designation unit networks through a communication gateway that connects the different designation unit networks.
According to the present invention as constructed above, even if a mobile terminal moves into an area of an access router or an access point having a different management ISP, seamless data transmission/reception services can be provided through supporting of automatic authentication and handover.
The above and other objects, features and advantages of the present invention will be more apparent from the following detailed description taken in conjunction with the accompanying drawings, in which:
FIG. 1 is a conceptual view of a user-oriented network according to the present invention;
FIG. 2 is a view explaining a user-oriented network system according to an embodiment of the present invention;
FIG. 3 is an exemplary view illustrating the construction of designation unit network information that can be stored in a user-oriented network authentication management server according to an embodiment of the present invention;
FIG. 4 is a first flowchart illustrating a user authentication method for a user-oriented network system according to an embodiment of the present invention;
FIG. 5 is a second flowchart illustrating a user authentication method for a user-oriented network system according to an embodiment of the present invention;
FIG. 6 is a conceptual view explaining an automatic access and mobility management method for a user-oriented network system according to an embodiment of the present invention; and
FIG. 7 is a signal flowchart illustrating an automatic access and mobility management method for a user-oriented network system according to an embodiment of the present invention.
Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. The aspects and features of the present invention and methods for achieving the aspects and features will be apparent by referring to the embodiments to be described in detail with reference to the accompanying drawings. However, the present invention is not limited to the embodiments disclosed hereinafter, but can be implemented in diverse forms. The matters defined in the description, such as the detailed construction and elements, are nothing but specific details provided to assist those of ordinary skill in the art in a comprehensive understanding of the invention, and the present invention is only defined within the scope of the appended claims. In the entire description of the present invention, the same drawing reference numerals are used for the same elements across various figures.
The present invention will be described herein with reference to the accompanying drawings illustrating block diagrams and flowcharts for explaining a user-oriented network system having an automatic user authentication function and a method thereof according to embodiments of the present invention. It will be understood that each block of the flowchart illustrations, and combinations of blocks in the flowchart illustrations, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart block or blocks.
These computer program instructions may also be stored in a computer usable or computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer usable or computer-readable memory produce an article of manufacture including instruction means that implement the function specified in the flowchart block or blocks.
The computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions that execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart block or blocks.
Also, each block of the flowchart illustrations may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the blocks may occur out of the order. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
First, the concept of a user-oriented network defined in the present invention will be described with reference to FIG. 1. FIG. 1 is a conceptual view of a user-oriented network according to the present invention.
A user-oriented network may be defined as a user-grounded logical network which includes WLANs (Wireless Local Area Networks) that can be accessed through joining of a WLAN service of an ISP (Internet Service Provider) or construction of a private WLAN. Hereinafter, a network constituting the user-oriented network will be called a designation unit network.
The designation unit network may include an ISP joined by a user. An ISP is a business subject that provides an Internet access service, and in the present invention, it may be limited to a business subject that provides a WLAN access service. The ISP may include a general ISP that provides a paid service and a public ISP that provides a public service to students and teaching staffs at school and so on. Also, the ISP may provide a WLAN access service in a specified area, and a shaded area where no access service is provided may exist in some areas where other ISPs provide WLAN access services.
The designation unit network may include a private WLAN which is directly constructed by a user or of which an access is permitted to a user. The private WLAN may be constructed by installing an access point, and it is preferable that the private WLAN includes a device providing a NAT (Network Address Translation) function, which operates as a mobility management server, and a DHCP (Dynamic Host Configuration Protocol) function. For example, the private WLAN may include an access router or a wireless router that provides the NAT function as the access point.
In FIG. 1, it is assumed that a user using a mobile terminal 100 can access a private WLAN 120, an ISP WLAN 122, and a public WLAN 124. The user may construct a user-oriented network 126, in which the private WLAN 120, the ISP WLAN 122, and the public WLAN 124 are defined, as the designation unit network. By contrast, the user may construct a user-oriented network that includes only the WLAN 120 and the ISP WLAN 122 as the designation unit network. That is, the user-oriented network may be understood as a network constructed by adding a WLAN network desired by the user.
However, since the user-oriented network according to the present invention aims at support of seamless mobility of a mobile terminal, it is preferable that one or more WLANs constituting the user-oriented network have service providing areas which at least partially overlap each other.
As illustrated in FIG. 1, it is assumed that the user’s mobile terminal 100 constructing the user-oriented network 126 successively passes through cells of AP1 (Access Point 1) 102, AP2 104, AP3 106, AP4 108, and AP5 110. According to the user-oriented network mobility management method according to the present invention, seamless data transmission becomes possible by supporting handover irrespective of the change of the subject that operates the APs in the event that the mobile terminal moves from the cell of AP1 102 to the cell of AP2 104 and moves from the cell of AP3 106 to the cell of AP4 108 as well.
Also, according to an automatic user authentication method for a user-oriented network system, in the case of first accessing AP1 102, the mobile terminal can automatically access AP1 102 by receiving information required for user authentication from a user-oriented network authentication management server. Thereafter, even in the case of performing handover to AP2 104, AP3 106, AP4 108, and AP5 110 in order, the mobile terminal receives information required for the user authentication of the AP to be accessed after the handover from the user-oriented network authentication management server, and thus it is not required to separately input the user authentication information.
Hereinafter, a user-oriented network system having an automatic user authentication function according to an embodiment of the present invention will be described with reference to FIGS. 2 and 3.
First, the configuration and operation of the user-oriented network system having an automatic user authentication function according to an embodiment of the present invention will be described with reference to FIG. 2. In FIG. 2, it is assumed that a user of a mobile terminal 200 has established a user-oriented network 256 in which a private WLAN 250, an ISP A 252, and an ISP B 254 are defined as designation unit networks.
As illustrated in FIG. 2, the user-oriented network system having an automatic user authentication function according to an embodiment of the present invention includes a mobile terminal 200, a user-oriented network authentication management server 208, and AAA servers 210 and 212 operated by the ISPs.
Now, explanation will be made, laying emphasis on a handover operation in the case where the mobile terminal 200 positioned within the cell of AP2 204 of ISP A 252 automatically accesses AP2 204, and moves into the cell of AP3 206 operated by ISP B 254.
The mobile terminal 200, which is a terminal provided with a communication module, may be, for example, a notebook computer or a smart phone. The communication module may support at least one of a WLAN, WiBRO, CDMA, W-CDMA, and GSM (Global System for Mobile communications).
In the user-oriented network authentication management server 208, designation unit network information by users may be stored. That is, in the user-oriented network authentication management server 208, information on which unit networks are included in the user-oriented network constructed by a user may be stored.
The designation unit network information may include identification information of APs operated by respective ISPs and user authentication information required to pass the user authentication that is performed through the APs.
For example, if a subscriber X has constructed a user-oriented network including ISP A, ISP B, and ISP C as designation unit networks, the designation unit network information may include identification information of all APs operated by ISP A and information on being user-authenticated by the APs, identification information of all APs operated by ISP B and information on being user-authenticated by the APs, and identification information of all APs operated by ISP C and information on being user-authenticated by the APs.
The AP identification information may be, for example, a MAC address of an AP, SSID (Service Set ID), or BSSID (Basic Service Set ID).
The user authentication information includes all data required to pass the user authentication after the mobile terminal 200 accesses the AP. If the user authentication technology is IEEE 802.1X/EAP or WPA-Enterprise, the user authentication information may be a user ID and a password. Also, if the user authentication technology is WEP or WPA-Personal, the user authentication information may be security mode information and an access key.
The user authentication information may be the same with respect to all APs belonging to one ISP, or may differ by APs. If the user authentication information is the same with respect to all APs, the user authentication information may be information one-to-one matched to the designation unit network information, while if the user authentication information differs by APs, the user authentication information may be information one-to-one matched to the AP identification information. That is, if the user authentication information differs by APs, information that is stored in the user-oriented network authentication management server 208 may be identification information of APs included in the designation unit networks defined by the respective users and user authentication information of the respective APs.
FIG. 3 is an exemplary view illustrating the construction of designation unit network information that can be stored in the user-oriented network authentication management server 208 according to an embodiment of the present invention.
As illustrated in FIG. 3, the designation unit network information may include data that indicates which ISP is defined as a designation unit network 302 by each user 300, an ID 304 to access the corresponding ISP, what is a password 306, what is a MAC address 308 of a mobile terminal applied to access the corresponding ISP, what is a security mode 310 applied to the corresponding ISP, what is an access key 312 to access an AP belonging to the corresponding ISP, and what is identification information 314 of APs belonging to the corresponding ISP.
The security mode 310 field may be, for example, a value that means one of open mode, WEP, WPA1, and WPA2. The ISP user ID 304 field and the ISP user PW 306 filed are used as data for the user authentication in the case of using the user authentication technology in the form in which an AAA server exists, and the security mode 310 field and the access key 312 field are used as data for the user authentication in the case of using the user authentication technology in the form in which no AAA server exists.
Also, it would be understood that the user name 300 is a field capable of identifying the subject constructing the user-oriented network.
According to data as illustrated in FIG. 3, the user “LEE” has constructed a user-oriented network including three designation unit networks, ISP A, ISP B, and ISP C, and it can be known that the user can pass the user authentication by inputting an ID “leews” to APs belonging to ISP A and ISP B and inputting a password “lws80.” Also, according to records of the respective ISPs, it can be known that identification information of all APs operated by the corresponding ISP is stored in a field called “AP ID information.” Also, the user “Kim” has constructed a user-oriented network including ISP B and a home WLAN as the designation unit networks, and two APs, SSID15 and SSID16, are connected to the home WLAN. It can be known that a WEP type security mode has been applied to the AP and the user “Kim” has passed the user authentication by using an access key “kdjap.”
In FIG. 3, it is assumed that all APs belonging to the respective ISPs can be accessed by using a single user authentication data. However, even APs belonging to the same ISP may have different user authentication data, and in this case, the user authentication data may be constructed in the form in which it is one-to-one matched to the identification information of the respective APs.
Hereinafter, referring again to FIG. 2, the configuration and operation of the user-oriented network system having an automatic user authentication function will be described.
The user-oriented network authentication management server 208 requests the user authentication information from the AAA servers 210 and 212 of the ISPs registered by the respective users as the designation unit networks S250, receives the user authentication information of the user in response to the request S252, and stores the designation unit network information by users.
The request for the user authentication information S250 is to request an access to the corresponding data, and its response S252 may correspond to a path through which the user authentication information itself is not provided, but the user authentication information can be perused.
In the event where the mobile terminal 200 intends to access an AP, it detects neighboring APs and creates a list of neighboring APs including identification information of the detected APs. The detection may correspond to the broadcasting of an AP probe message and obtaining of the identification information of the APs that respond to the message. It is assumed that the list of neighboring APs in FIG. 2 includes AP1 202, AP2 204, and AP3 206.
The mobile terminal 200 transmits the user authentication information request signal that contains the list of neighboring APs and user names 300 to the user-oriented network authentication management server 208.
If there exists no AP currently accessed by the mobile terminal, the transmission of the user authentication information request signal S254 and the response thereto S256 may follow at least one of systems of CDMA, W-CDMA, GSM, and WiBRO. However, if there exists an AP currently accessed by the mobile terminal and the mobile terminal requests the user authentication information of neighboring APs with the necessity of handover, the transmission of the user authentication information request signal S254 and the response thereto S256 may be made through the currently accessed AP.
The user-oriented network authentication management server 208 inquires about the user authentication information of the respective neighboring APs included in the access candidate AP list based on the designation unit network information, and provides the user authentication information to the mobile terminal 200 S256. It is preferable that the user-oriented network authentication management server 208 provides the user authentication information of the neighboring APs, to which user’s access corresponding to the user name 300 is permitted, to the mobile terminal 200 S256.
The user-oriented network authentication management server may provide an error message if there exists no access candidate AP to which the user’s access corresponding to the user name 300 is permitted.
As described above, since it is assumed that the user of the mobile terminal 200 has established the user-oriented network 256 including the private WLAN 250, ISP A 252, and ISP B 254 as the designation unit networks, all the user authentication information of AP1 202, AP2 204, and AP3 206 in the access candidate AP list will be provided to the mobile terminal 200 S256.
The mobile terminal 200 automatically accesses AP2 204 selected among the neighboring APs by using the user authentication information provided from the user-oriented network authentication management server 208. If there exist two or more neighboring APs of which the user authentication information has been provided, the mobile terminal 20 selects and automatically accesses the AP having the biggest strength of radio waves or the AP having the smallest load currently produced.
Hereinafter, it is defined that the automatic access is called an access in the form in which the mobile terminal can pass the user authentication even if the user does not directly input information for the user authentication through the mobile terminal.
If the mobile terminal 200 judges that the strength of a signal received from AP2 204 is lowered below a handover preparation reference value while it moves into a service region of ISP B 254 in a state where it accesses AP2 204, it detects neighboring APs, re-creates the access candidate AP list composed of identification information of the detected APs, and transmits a user authentication information request signal containing the access candidate AP list and user names 400 to the user-oriented network authentication management server 208 through the currently accessed AP2 204 S262.
The user-oriented network authentication management server 208 provides to the mobile terminal 200 the user authentication information of the APs, of which the access is permitted to the user corresponding to the user name 300, among the neighboring APs S264. If it is assumed that the access candidate AP list includes only AP3 206, the mobile terminal 200 can receive information required for the user authentication when accessing AP3 206 since the user of the mobile terminal 200 has constructed the user-oriented network including ISP B 254 operating AP3 206 as the designation unit network.
The mobile terminal 200 stores the user authentication information provided from the user-oriented network authentication management server 208. Then, if it is judged that the signal strength from AP2 204 is lowered below a handover execution reference value, the mobile terminal automatically accesses AP2 204 selected among the neighboring APs by using the stored user authentication information S266.
The user-oriented network system having an automatic user authentication function according to another embodiment of the present invention as illustrated in FIG. 2 may not perform the operations S254 and S262 to provide the user authentication information to the mobile terminal 200 whenever the mobile terminal 200 accesses a new AP, but may perform the operations only once at its initial stage. In other words, when the user authentication information is first provided to the mobile terminal 200, the user authentication information of all the APs in all the designation unit networks, which are included by the user of the mobile terminal 200 as the constituent elements of the user-oriented network, can be provided. In this case, since the mobile terminal 200 stores the user authentication information of all the APs in which the mobile terminal itself can pass the user authentication, it can automatically access the AP to be newly accessed without any data transmission/reception with the user-oriented network authentication management server 208.
Hereinafter, an automatic user authentication method for a user-oriented network system according to another embodiment of the present invention will be described.
First, referring to FIG. 4, the user authentication method for a user-oriented network system according to a first detailed embodiment of the present invention will be described.
The mobile terminal of the user who has constructed the user-oriented network transmits a signal for requesting the user authentication information to the user-oriented network authentication management server S400. It is preferable that the user authentication information request signal contains user identification information. The user authentication information request signal may further include a MAC (Media Access Control) address of the mobile terminal.
Also, the user authentication information request signal may be transmitted through one of systems of 2G (Generation) mobile communications, 3G mobile communications, and Wibro.
The user-oriented network authentication management server inquires about the stored designation unit network information, and transmits to the mobile terminal the user authentication information of all the APs that can be accessed by the user corresponding to the user identification information contained in the user authentication information request signal S402. The user authentication information may include identification information of an AP and information required for the corresponding AP to perform the user authentication. The information required for the user authentication may be an ID and a password registered when the user joins a specified ISP, or an access key that should be inputted in the case of accessing a specified AP and a security mode set in the AP.
The mobile terminal, having received the user authentication information, stores the received user authentication information, and detects neighboring APs S404. The detection S404 may correspond to the broadcasting of an AP probe message and obtaining of the identification information of the APs that respond to the message.
The mobile terminal judges whether there exist APs which have received the user authentication information S402 among the detected APs S406.
If two or more APs, which have received the user authentication information S402 among the detected APs S406, exist as the result of judgment, the mobile terminal may select an AP having the biggest signal strength S408.
The mobile terminal accesses the AP selected as the AP to be accessed, and performs the user authentication with the AP by using the received user authentication information.
The user authentication operation as described above will be described in more detail. First, the mobile terminal inquires about the user authentication information of the AP selected as the AP to be accessed S410. The user authentication information may be received from the user-oriented network authentication management server S402.
If no security has been applied to the AP to be accessed, i.e. if a value that means no security has been applied is set in a security mode related field of the user authentication information of the AP to be accessed S418, the mobile terminal accesses the AP to be accessed without any separate user authentication procedure S420.
By contrast, if security has been applied to the AP to be accessed, i.e. if a value that means security has been applied is set in the security mode related field of the user authentication information of the AP to be accessed, the mobile terminal performs the user authentication in accordance with the set security mode S414. An encryption key input operation may be added to the user authentication procedure S414. If the user authentication and encryption key application have succeeded S416, and if no security has been applied and the mobile terminal accesses the AP without the user authentication procedure S420, a mobility management operation may be performed to support handover to another AP S422. The mobility management operation may be performed by using a communication gateway connected to respective ISP mobility management servers so that the handover between ISPs becomes possible.
In the first detailed embodiment of the present invention, the user authentication information of all the APs included in the user-oriented network are received and stored in the mobile terminal at a time, and thus in the case of performing the user authentication by accessing a new AP, the user authentication can be automatically performed without inputting user information and without the assistance of the user-oriented network authentication management server.
Next, referring to FIG. 5, a user authentication method for a user-oriented network system according to a second detailed embodiment of the present invention will be described.
A mobile terminal that intends to access an AP detects neighboring APs S500. The detection S500 may correspond to the broadcasting of an AP probe message and obtaining of the identification information of the APs that respond to the message. Hereinafter, it is assumed that the detected AP is called an access candidate AP.
The mobile terminal transmits a signal for requesting the user authentication information to the user-oriented network authentication management server S502. It is preferable that the user authentication information request signal contains user identification information and a list of neighboring APs. The user authentication information request signal may further include a MAC address of the mobile terminal. The list of neighboring APs may means a list of AP identification information, and the AP identification information may include SSID (Service Set ID).
Also, the user authentication information request signal may be transmitted through one of systems of 2G (Generation) mobile communications, 3G mobile communications, and Wibro.
Also, the user authentication information request signal may be transmitted by using a wireless LAN system through the currently accessed AP. In a state where the mobile terminal currently accesses at least one AP, the user authentication information request signal can be transmitted if the strength of a wireless signal received from the AP is below a handover preparation reference value. That is, if the strength of the wireless signal received from the currently accessed AP is below the handover preparation reference value, the handover may be prepared in advance to reduce the handover latency.
The user-oriented network authentication management server inquires about the stored designation unit network information, and transmits to the mobile terminal the user authentication information of the neighboring APs that can be accessed by the user corresponding to the user identification information contained in the user authentication information request signal S504. The user authentication information may include identification information of an AP and information required for the corresponding AP to perform the user authentication. The information required for the user authentication may be an ID and a password registered when the user joins a specified ISP, or an access key that should be inputted in the case of accessing a specified AP.
If there exists no AP from which the user can receive the user authentication among the neighboring APs, i.e. if the AP operated by the ISP that is included in the user-oriented network as the designation unit network does not exist, the user-oriented network authentication management server may provide an error code that means there exists no AP from which the user can receive the user authentication among the neighboring APs to the mobile terminal.
The mobile terminal, having received the user authentication information, stores the received user authentication information, and judges whether there exists an AP, from which the user authentication information is received S402, among the neighboring APs S506.
If there exist two or more neighboring APs from which the user authentication information has been received as the result of judgment S506, the mobile terminal selects the AP having the biggest signal strength S508. If there exists one access candidate AP from which the user authentication information has been received S504, the mobile terminal selects the corresponding AP as the AP to be accessed. If the error code is received and it is judged that there exists no neighboring AP through which the user authentication can be performed as the result of judgment S506, the mobile terminal may output an error message that indicates there exists no AP through which the user authentication can be performed S512.
The mobile terminal accesses the AP selected as the AP to be accessed, and performs the user authentication with the AP by using the received user authentication information. It is preferable that the operation of accessing the selected AP and performing the user authentication with the accessed AP is performed when the strength of the signal received from the previous connected AP is blow a handover execution reference value.
It is preferable that the handover preparation reference value is set as a value that is higher than the handover execution reference value, and an RSSI (Received Signal Strength Indication) value may be uses as the unit of the reference value.
The user authentication operation with the AP will now be described in more detail.
First, the mobile terminal inquires about the user authentication information of the AP selected as the AP to be accessed S508. The user authentication information may be received from the user-oriented network authentication management server S504.
If no security has been applied to the AP to be accessed S510, i.e. if a value that means no security has been applied is set in a security mode related field of the user authentication information of the AP to be accessed S514, the mobile terminal accesses the AP to be accessed without any separate user authentication procedure S516.
By contrast, if security has been applied to the AP to be accessed S510, i.e. if a value that means security has been applied is set in the security mode related field of the user authentication information of the AP to be accessed, the mobile terminal performs the user authentication in accordance with the set security mode 518. An encryption key input operation may be added to the user authentication procedure S518. If the user authentication and encryption key application have succeeded S520, and if no security has been applied and the mobile terminal accesses the AP without the user authentication procedure S516, a mobility management operation may be performed to support handover to another AP S522. The mobility management operation may be performed by using a communication gateway connected to respective ISP mobility management servers so that the handover between ISPs becomes possible.
Hereinafter, the concept of an automatic access and mobility management technology for a user-oriented network according to the present invention will be described. FIG. 6 is a conceptual view explaining an automatic access and mobility management method for a user-oriented network system according to an embodiment of the present invention.
Initially, the user stores mobility management information of a home network AP1 in a user-oriented network management server 650. The user-oriented network management server 650 requests and brings user mobility management information of a wireless LAN service provided by a network service provider from a mobility management server 652 of the network service provider joined by the user. The mobility management information may include neighboring APs information or bandwidth information of hot spot APs, which are provided by the service provider, and information, such as user identification numbers and passwords, for accessing the wireless LAN service.
If the strength of the radio waves from AP2 of the network service provider A becomes lower than a specified threshold vale during movement of the mobile terminal, the mobile terminal starts handover by securing the neighboring APs information of AP2. Here, the handover includes both layer-2 handover and layer-3 handover.
Generally, a layer-2 handover, i.e. a handover between APs, is performed by a wireless LAN mobility management system provided in a network infrastructure, such as a wireless LAN switch and so on, if two APs are connected to the same service provider network. Also, the AP handover between different network service providers can be supported by mounting a wireless LAN mobility management system in a communication gateway 654 connecting between the different networks. In the case where the mobile terminal directly supports the layer-2 handover, it can play a leading part in performing the handover. In the present invention, it is assumed that the handover between layer-2 APs is performed in the above-described method. The communication gateway 654 is generally constructed in the form of a distributed system to support diverse wireless LANs spread over a wide range.
The handover in a layer-3 IP (or Internet) layer is performed as follows. As described above, if the strength of radio waves from AP2 is lower than the handover threshold value due to the movement of the user mobile terminal, the mobile terminal transmits a handover information request message between different wireless LANs to the user-oriented network management server 650. In this case, the mobile terminal also transmits neighboring APs information of AP2, which is carried on the handover information request message, to the server. The user-oriented network management server 650 chooses APs in the neighboring APs of AP2 which the mobile terminal is competent to access, and transmits a handover information response message which contains the information of the chosen APs.
The mobile terminal, having received the response message, selects and accesses an optimum AP among the APs, through which handover can be performed, in consideration of the strength of radio waves, load of other APs, and the like.
Next, the mobile terminal establishes an IP Security tunnel between the mobile terminal and the communication gateway 654 to perform the handover in a safe manner, and then deletes the IP security tunnel between the mobile terminal and the existing AP2.
Consequently, since the mobile terminal can perform the handover without changing the previously used IP address (i.e. the private or public IP address), the interception of the wireless Internet service connection can be removed. In this case, if the overhead in the IP security tunnel is large in a wireless region, an IP-in-IP tunneling method, which has been determined by the Internet standard, IETF RFC (Request For Comments) 1853, may be used.
Last, the mobile terminal transfers the fact that the mobile terminal has accessed AP3 of the network service provider B to the mobility management server of the network service provider B through a mobility management information transfer message. The mobility management server of the network service provider B changes the information by inquiring about the user mobility management information, and finally transfers the mobility management information response message to the mobile terminal and UoN mobility management server through AP3. The mobility management server may be mounted on an Internet router or a separate server. By doing this, the user mobile terminal can seamlessly and safely perform the handover when it moves into a different wireless LAN.
Hereinafter, an automatic access and mobility management method for a user-oriented network system according an embodiment of the present invention will be described with reference to FIG. 7. FIG. 7 is a signal flowchart illustrating an automatic access and mobility management method for a user-oriented network system according to an embodiment of the present invention. In FIG. 6, it is assumed that the mobile terminal moves into an ISP area in a private wireless LAN.
First, the mobile terminal receives the user authentication information from the user-oriented network authentication management server and stores the received user authentication information S600. The mobile terminal automatically accesses an AP by using the received user authentication information S602. The user authentication information includes all data required to pass the user authentication after the mobile terminal accesses the AP. The mobile terminal, having accessed the AP, requests construction of a security tunnel, creates a communication gateway and an IP security tunnel, and transmits/receives data through the IP security tunnel S604, S606, and S608. An IP handover can be also performed through the IP security tunnel.
If the mobile terminal becomes more distant from the private wireless LAN due to the movement of the user S610, the mobile terminal gathers neighboring AP information S612, and transmits the neighboring AP information to the user-oriented network authentication management server S614. The user-oriented network authentication management server, having received the neighboring AP information, transmits a list of APs that the mobile terminal is competent to access among the neighboring APs to the mobile terminal S616. The mobile terminal transmits the user authentication information to the AP having the biggest strength of radio waves in the received list of APs to automatically access the AP S618, and establishes a communication gateway and a new security tunnel as described above S620, S622, and S624. Then, the mobile terminal releases the security tunnel, being previously set through the private wireless LAN, through the communication gateway S626, transmits the access change state to the user-oriented network authentication management server and the ISP mobility management server S628 and S630, and then completes the handover operation.
Although preferred embodiments of the present invention have been described for illustrative purposes, those skilled in the art will appreciate that various modifications, additions and substitutions are possible, without departing from the scope and spirit of the invention as disclosed in the accompanying claims.
According to this invention, users of user-oriented network can use seamless WLAN communication service and automatic user authentication service by suppporting handover between designation unit networks, such as ISPs, by registering designation unit networks which constituting the user-oriented network, to the user-oriented network mobility management server.

Claims (17)

  1. A user-oriented network system having an automatic user authentication function, comprising:
    a mobile terminal, in the case of intending to access a new AP (Access Point), transmitting a user authentication information request signal which contains user identification information to a user-oriented network authentication management server, and performing user authentication through the AP by using user authentication information provided in response to the request signal; and
    the user-oriented network authentication management server providing the user authentication information created based on the designation unit network information matched with the user identification information, to the mobile terminal.
  2. The user-oriented network system of claim 1, wherein the mobile terminal transmits the user authentication information request signal by using at least one of communication systems of CDMA (Code Division Multiple Access), W-CDMA (Wide Code Division Multiple Access), and GSM (Global System for Mobile communications), if the mobile terminal is not accessing any AP.
  3. The user-oriented network system of claim 1, wherein the mobile terminal transmits the user authentication information request signal by using a wireless LAN communication system, if the mobile terminal is accessing an AP.
  4. The user-oriented network system of claim 3, wherein the mobile terminal transmits the user authentication information request signal in the event where the strength of a wireless signal received from the AP being accessed is below a handover preparation reference value, if the mobile terminal is accessing an AP.
  5. The user-oriented network system of claim 4, wherein the mobile terminal performs the user authentication in the event where the strength of a wireless signal received from the AP being accessed is below a handover execution reference value that is lower than the handover preparation reference value, if the mobile terminal is accessing an AP.
  6. The user-oriented network system of claim 1, wherein the mobile terminal transmits the user authentication information request signal, which further contains a list of neighboring APs from which signal reception has been detected, to the user-oriented network authentication management server; and
    the user-oriented network authentication management server inquires about the user authentication information of the respective neighboring APs, based on the designation unit network information, and transmits the user authentication information created by the inquiry, to the mobile terminal;
    wherein the mobile terminal performs the user authentication by using an AP selected among the neighboring APs, of which the user authentication information has been received.
  7. The user-oriented network system of claim 1, wherein the user-oriented network authentication management server provides user authentication information of all APs of all designation unit networks in accordance with the user's user-oriented network configuration.
  8. The user-oriented network system of claim 7, wherein the mobile terminal, in the case of intending to access a new AP, performs the user authentication through an AP selected among the neighboring APs from which wireless signal reception has been detected, wherein the identification information of the neighboring AP is included in the user authentication information.
  9. An automatic user authentication method for a user-oriented network system, comprising:
    transmitting a user authentication information request signal which contains user identification information to a user-oriented network authentication management server in the case of intending to access a new AP (Access Point); and
    performing user authentication through the AP by using user authentication information provided in response to the request;
    wherein the user authentication information is created based on the designation unit network information matched with the user identification information.
  10. The automatic user authentication method of claim 9, wherein the user authentication information request signal is transmitted by using at least one of communication systems of CDMA (Code Division Multiple Access), W-CDMA (Wide Code Division Multiple Access), and GSM (Global System for Mobile communications) if there exists no AP being accessed.
  11. The automatic user authentication method of claim 9, wherein the user authentication information request signal is transmitted by using a wireless LAN communication system if there exists an AP being accessed.
  12. The automatic user authentication method of claim 11, wherein if there exists an AP being accessed, the user authentication information request signal is transmitted in the event where the strength of a wireless signal received from the AP being accessed is below a handover preparation reference value.
  13. The automatic user authentication method of claim 12, wherein performing the user authentication, comprises performing the user authentication in the event where the strength of a wireless signal received from the AP being accessed is below a handover execution reference value that is lower than the handover preparation reference value if there exists an AP being accessed.
  14. The automatic user authentication method of claim 9, wherein transmitting the user authentication information request signal, comprises transmitting the user authentication information request signal that further contains a list of neighboring APs, from which signal reception has been detected, to the user-oriented network authentication management server; and
    performing the user authentication, comprises performing the user authentication by using an AP selected among the neighboring APs, of which the user authentication information has been received;
    wherein the user authentication information provided in response to the request is provided by inquiring about the user authentication information of the respective neighboring APs, based on the designation unit network information.
  15. The automatic user authentication method of claim 9, wherein the user authentication information includes user authentication information of all APs of all designation unit networks in accordance with the user's user-oriented network configuration.
  16. The automatic user authentication method of claim 15, wherein performing the user authentication, comprises performing the user authentication through an AP selected among the neighboring APs from which wireless signal reception has been detected, wherein the identification information of the candidate AP is included in the user authentication information, in the case of intending to access a new AP.
  17. An automatic access and mobility management method for a user-oriented network system, comprising:
    configuring a user-oriented network that is a set of designation unit networks, by storing designation unit networks information including user authentication information for the APs (Access Points) managed by the designation unit networks, in a user-oriented network management server;
    in the case of accessing the AP, performing user authentication without user’s input by using the user authentication information for the AP, which is provided from the user-oriented network management server; and
    if the AP to be accessed belongs to a designation unit network that is different from that to which the previous AP belongs, performing an AP handover between different designation unit networks through a communication gateway that connects the different designation unit networks.
PCT/KR2009/006760 2009-10-01 2009-11-17 User-oriented network system having automatic user authentication function and method thereof WO2011040670A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2009-0094111 2009-10-01
KR1020090094111A KR101060689B1 (en) 2009-10-01 2009-10-01 User-oriented network system and method with automatic user authentication

Publications (1)

Publication Number Publication Date
WO2011040670A1 true WO2011040670A1 (en) 2011-04-07

Family

ID=43826457

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2009/006760 WO2011040670A1 (en) 2009-10-01 2009-11-17 User-oriented network system having automatic user authentication function and method thereof

Country Status (2)

Country Link
KR (1) KR101060689B1 (en)
WO (1) WO2011040670A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102348209A (en) * 2011-09-23 2012-02-08 福建星网锐捷网络有限公司 Method and device for wireless network access and authentication
CN113852953A (en) * 2020-06-10 2021-12-28 华为技术有限公司 Method and device for establishing network connection and electronic equipment

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101323265B1 (en) * 2012-03-05 2013-10-30 주식회사 러브이즈터치 Method for networking using ieee 802.11
KR102327287B1 (en) 2020-07-16 2021-11-17 주식회사 지어소프트 System for providing safety service based on location collection

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040025051A (en) * 2002-09-18 2004-03-24 에스케이 텔레콤주식회사 Roaming Method Between Access Point in WLAN
JP2006041594A (en) * 2004-07-22 2006-02-09 Nakayo Telecommun Inc Mobile communication system and authentication method of mobile terminal
US20080070577A1 (en) * 2006-08-24 2008-03-20 Qualcomm Incorporated Systems and methods for key management for wireless communications systems
KR20080053069A (en) * 2006-12-08 2008-06-12 한국전자통신연구원 Integrated authentication system and method for supporting handover in the wireless access networ

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040025051A (en) * 2002-09-18 2004-03-24 에스케이 텔레콤주식회사 Roaming Method Between Access Point in WLAN
JP2006041594A (en) * 2004-07-22 2006-02-09 Nakayo Telecommun Inc Mobile communication system and authentication method of mobile terminal
US20080070577A1 (en) * 2006-08-24 2008-03-20 Qualcomm Incorporated Systems and methods for key management for wireless communications systems
KR20080053069A (en) * 2006-12-08 2008-06-12 한국전자통신연구원 Integrated authentication system and method for supporting handover in the wireless access networ

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102348209A (en) * 2011-09-23 2012-02-08 福建星网锐捷网络有限公司 Method and device for wireless network access and authentication
CN102348209B (en) * 2011-09-23 2014-12-24 福建星网锐捷网络有限公司 Method and device for wireless network access and authentication
CN113852953A (en) * 2020-06-10 2021-12-28 华为技术有限公司 Method and device for establishing network connection and electronic equipment

Also Published As

Publication number Publication date
KR20110036442A (en) 2011-04-07
KR101060689B1 (en) 2011-08-31

Similar Documents

Publication Publication Date Title
JP5538536B2 (en) Roaming method for mobile terminal in WLAN, associated access controller, and access point device
CN101682657B (en) System and method for providing local ip breakout services employing access point names
JP4639020B2 (en) Transfer of security relevance during mobile terminal handover
US8750160B2 (en) Method for neighbor set selection for handover in a home access environment
TWI386080B (en) Wireless lan terminal and handover method thereof
WO2012053807A1 (en) Method and apparatus for sharing internet connection based on automatic configuration of network interface
US8244253B2 (en) Method and apparatus for supporting fast mobility IP with link identifier prefix in wireless communication system
RU2495541C2 (en) Method for handover between networks, communication system and corresponding devices
WO2015037857A1 (en) Method of obtaining rru information by bbu, and bbu
EP1578059A1 (en) WLAN handover
US20090003263A1 (en) Network for a cellular communication system and a method of operation therefor
JP4650959B2 (en) Mobile station neighboring network search method and network management server therefor
WO2012148115A2 (en) Apparatus and method for controlling a backbone network for a sensor network
KR20070039487A (en) A method and system for registering an unlicensed mobile access subscriber with a network controller
CA2613673A1 (en) Method, system and apparatus for assigning and managing ip addresses for wireless clients in wireless local area networks (wlans)
WO2010127597A1 (en) Handoff method, device and system
KR20050023194A (en) Handover method for preventing packet loss in portable internet
KR20080075306A (en) Method of lossless mobile ip packet delivery and system thereof
WO2011040670A1 (en) User-oriented network system having automatic user authentication function and method thereof
WO2011037298A1 (en) User-defined network system and mobility management method thereof
KR100400719B1 (en) Mobile Internet in Mobile communication Network and Communication Method Thereof
WO2009119833A1 (en) Mobile communication system, method of handover between different types of access network, mobile terminal, and server
WO2013157860A1 (en) Device and method for performing handover in wireless communication system supporting multi-radio access technology
WO2017209463A1 (en) Method and apparatus for dynamically changing connection in wireless lan
CN101288273A (en) Framework of media-independent pre-authentication improvements

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09850102

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09850102

Country of ref document: EP

Kind code of ref document: A1