WO2004077750A1 - Fast re-authentication with dynamic credentials - Google Patents
Fast re-authentication with dynamic credentials Download PDFInfo
- Publication number
- WO2004077750A1 WO2004077750A1 PCT/US2004/004998 US2004004998W WO2004077750A1 WO 2004077750 A1 WO2004077750 A1 WO 2004077750A1 US 2004004998 W US2004004998 W US 2004004998W WO 2004077750 A1 WO2004077750 A1 WO 2004077750A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- authentication
- server
- client
- network access
- proxy
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/162—Implementing security features at a particular protocol layer at the data link layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/18—Multiprotocol handlers, e.g. single devices capable of handling multiple protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/062—Pre-authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2854—Wide area networks, e.g. public data networks
- H04L12/2856—Access arrangements, e.g. Internet access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/0005—Control or signalling for completing the hand-off
- H04W36/0011—Control or signalling for completing the hand-off for data sessions of end-to-end connection
- H04W36/0033—Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
- H04W36/0038—Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/18—Service support devices; Network management devices
- H04W88/182—Network node acting on behalf of an other network entity, e.g. proxy
Definitions
- the present invention generally relates to authenticating wireless clients on a wireless network, and more particularly to a method for authenticating 802. IX clients when roaming between access points.
- 802.11 network-level authentication protocols require a substantial amount of real time to re-establish a wireless station's connectivity to the network after that station roams from one access point (AP) to another access point.
- AP access point
- 802.11 network-level authentication protocols require a substantial amount of real time to re-establish a wireless station's connectivity to the network after that station roams from one access point (AP) to another access point.
- AP access point
- AP access point
- QoS Quality of Service
- VoIP Voice-over-IP
- AAA Authentication, Accounting, and Authorization
- the invention contemplates a method and system using a proxy authentication server between the authentication server and the network access point.
- a network access server typically an access point, receives a request to associate from a client. The network access server then forwards the request to the authentication server via the proxy authentication server. Upon successful authentication, the authentication server returns keying information that is stored by the proxy server stores the keying information as dynamic credentials.
- the proxy authentication server handles re-authentication of the client.
- the proxy server may re-authenticate the client using either the same type of authentication as the original authentication request or may use a different protocol.
- the original authentication request may use an Extensible Authentication
- EAP-TLS Protocol - Transport Layer Security
- LEAP Lightweight Extensible Authentication Protocol
- the network access servers are access points (AP) and the authentication server is an Authentication, Accounting, and Authorization (AAA) utilizing an 802. IX network.
- the RADIUS server is a popular AAA server while known in the art.
- One aspect of the invention is that by having re-authentication requests handled by a proxy server, traffic to the authentication server is reduced.
- the proxy authentication server will decrease response time because it can be located physically closer to the network access servers it supports, whereas the authentication server typically serves the entire network and may be physically located a great distance away from the network access servers.
- Another aspect of the present invention is that re- authentication is driven by the back end system. This provides a solution for systems that do not perform pre-authentication.
- Yet another aspect of the present invention is that it works well with existing systems. The present invention does not require any changes to clients, and only minimal configuration changes to the network access servers and the authentication server so that re-authentication traffic is routed to the proxy server.
- FIG 1 is a block diagram of a typical 802.11 network with two access points;
- FIG 2 is a block diagram illustrating the packet exchange flow that typically occurs during an initial authentication;
- FIG 3 is a block diagram illustrating the packet exchange flow that occurs for a re- authentication as contemplated by the present invention
- FIG 4a is a block diagram showing the steps of a method for initial authentication as contemplated by a preferred embodiment of the present invention.
- FIG 4b is a block diagram showing the steps of a method for re-authentication as contemplated by the present invention.
- FIG 5 is a block diagram showing the steps taken by the proxy server as contemplated by a preferred embodiment of the present invention..
- authentication of a wireless client is performed by Authentication, Accounting, and Authorization (AAA) server, typically a Remote Authentication Dial-In User Server (RADR7S server).
- AAA Authentication, Accounting, and Authorization
- RADIUS Remote Authentication Dial-In User Server
- the initial authentication is performed by the RADIUS server, and when re-authentication is required, the re-authentication is also handled in the same manner by the RADIUS server.
- Keying materials for example a Multicast Key and a session key, are established during the initial authentication.
- the keying material may be used by a proxy authentication server, which is preferably located physically nearer to the roaming device in order to reduce authentication time.
- the present invention contemplates using a RADIUS proxy that is inserted between the RADIUS server and a Network Access Server (NAS).
- the Access Point AP
- the RADIUS proxy looks like the RADRJS server.
- the RADIUS proxy appears to be the NAS.
- the RADIUS proxy stores the keying material established between the RADIUS server and the wireless client.
- the RADRJS proxy will then treat the established keying material as the dynamic credentials for the client.
- the RADIUS proxy does not have the credentials for the client, only the keying material that is used by the RADIUS proxy for dynamic credentials. By moving the RADIUS proxy physically nearer to the NAS where the client is roaming, additional time savings may be realized.
- the RADRJS proxy uses the dynamic credentials.
- the type of re-authentication may change from the original authentication protocol.
- the original authentication may be accomplished via an Extensible Authentication Protocol - Transport Layer Security (EAP-).
- EAP- Extensible Authentication Protocol - Transport Layer Security
- the re-authentication may be handled using a Lightweight Extensible Authentication Protocol (LEAP).
- LEAP Lightweight Extensible Authentication Protocol
- the RADRJS proxy may perform the same authentication as the original authentication.
- VoIP Voice over Internet Protocol
- QoS Quality of Service
- the client, or station (STA) 18 will associate with an AP 12 while at a first position 19a.
- STA 18 When the STA 18 first associates with an AP in the network, it must first authenticate itself. If the STA 18 starts at the first position 19a as shown in Figure 1 , then AP 12 will authenticate the STA via a communication with the AAA (usually a RADRJS) server 16.
- AAA usually a RADRJS
- the STA 18 moves from the first position 19a to a second position 19b, it then has to associate with AP 14.
- the present invention utilizes a proxy server 16a designed to reduce the volume of communication between the APs 12 and 14 and the AAA server 16.
- Initial, client (or station), extensible authentication protocol (EAP) authentication with the site's AAA server 16 proceeds as is done currently.
- the client 18 has two way communication as shown by 20a with the access point 12.
- the access point 12 forwards the request to the RADIUS proxy server 16a as shown by 20b.
- the RADRJS proxy server 16a forwards the request to the RADRJS server 16.
- the RADIUS server 16 sends the authentication data, or keying material, (not shown) to the RADIUS proxy server 16a as shown by 24c
- the RADRJS proxy server 16a forwards the keying material to the access point as shown by 24b
- the access point 12 forwarding the keying material to the client 18 as shown by 24a.
- the RADRJS proxy 16a stores the authentication data for future re- authentication.
- FIG 3 there is shown the packet exchanges that occur for re- authentication as contemplated by the preferred embodiment of the present invention.
- the client 18 attempts to associate to access point 14 and starts the process as shown by 30a.
- the access point 14 then contacts the RADIUS proxy server 16a as shown by 30b.
- the RADRJS proxy server 16a does not pass any packets to the RADRJS server 16.
- Authentication then begins, two way communication then takes place between the client 18 and access point 14 as shown by 32a, and between the access point and RADRJS proxy server 16a as shown by 32b.
- the data is sent from the RADRJS server 16a to start 14 as shown by 34b, and then from the access point 14 to the client 18 as shown by 34a.
- AP 12 After the client moves from AP 12 to AP 14, if the client 18 were to roam back into AP 12's domain, then AP 12 only needs to re-authenticate the client 18, having the same packet exchange as shown in FIG 3.
- the authentication method used by the RADRJS proxy server 16a in the re-authentication method may be different than the re- authentication method used by the RADRJS server 16.
- the RADRJS server 16 may use Extensible Authentication Protocol - Transport Layer Security (EAP-TLS) for authentication, and the RADIUS proxy server 16a may use a Lightweight Extensible Authentication Protocol (LEAP).
- the RADRJS server 16 may use Extensible Authentication Protocol - Transport Layer Security (EAP-TLS) for authentication, and the RADRJS proxy server 16a may use a client to AP authentication such as Wi-Fi protected access (WPA).
- WPA Wi-Fi protected access
- the RADRJS proxy server 16a may perform the same authentication as the original authentication. This option would be useful for systems that don't have a re-authentication scheme. Because the re-authentication method does not need to be the same as the initial authentication method, another aspect of the present invention is that the type of re-authentication may be selected to comply with data requirements where latency is an issue, such as a Quality of Service (QoS) implementations.
- QoS Quality of Service
- the AP 12 passes the request to the RADRJS proxy server 16a.
- the RAD JS proxy server 16a sends the request to the RADRJS server 16.
- the RADRJS server performs the authentication. Typically this entails bidirectional communication between the client 18 and AP 12, the AP 12 and the RADRJS proxy server 16a, the RADRJS proxy server 16a and the RADRJS server 16, as illustrated by 22a, 22b, and 22c respectively.
- the RADRJS server 16 sends keying data to the RADRJS proxy server 16a.
- the RADRJS proxy server 16a stores dynamic credentials based on the keying data.
- the dynamic credentials may comprise the keying data, or the RADRJS proxy server 16a may generate dynamic credentials for the client 18.
- the Keying data is sent to the AP 12. This step may also be performed simultaneously with step s414 to save time.
- the AP 18 sends the keying data to the client 18.
- the client 18 may be re-authenticated using the steps 450 shown in FIG 4b.
- the client 18 requests to associate.
- the AP 14 receives the request, and at step s456 the request is sent to the RADRJS proxy server 16a.
- Steps s452, s454 and s456 are usually identical to steps s402, s404 and s406 respectively.
- the RADRJS proxy server 16a performs the authentication.
- keying data is sent to the AP 14 which sends the keying data to the client at step s462. It should be noted that if the client were to subsequently roam back to AP 12, the same steps 450 taken to re-authenticate the client with AP 14 may be used.
- FIG 5 there is shown a flow chart illustrating the steps 500 normally taken by the RADRJS proxy server 16a when handling an authentication request.
- the process begins when the RADRJS proxy server 16a receives an association request from an AP 12, the AP 12 receiving the request from a client.
- the RADRJS proxy server 16a determines if it already has dynamic credentials for the client.
- step s504 the RADRJS proxy server 16a has dynamic credentials for the client 18, then the client 18 is re-authenticated, and re-authentication is performed at step s516.
- step s518 if the re-authentication was successful, then the keying material is sent to the AP 12. If at step s518 re-authentication was not successful, then the access is denied as shown in s520.
- step s504 the RADRJS proxy server 16a determines it does not have dynamic credentials for the client, then a regular authentication procedure must be done and processing proceeds to step s506 wherein the request is forwarded to the RADRJS server 16.
- the RADRJS proxy server passes authentication packets between the RADRJS server 16 and the AP 14.
- step s510 it is determined whether authentication was successful. If at step s510 authentication was successful, the RADRJS proxy server 16a stores the keying information as dynamic credentials. However, the RADRJS proxy server 16a may generate different dynamic credentials for the client 18, which normally would be based on the keying materials. Finally, at step s514 the keying material is sent to the AP 14.
- step s510 If at step s510 it is determined that authentication was not successful, then as shown at step s520 access is denied.
- the foregoing description of a preferred embodiment of the invention has been presented for purposes of illustration and description. It is not intended to be exhaustive or to limit the invention to the precise form disclosed. Obvious modifications or variations are possible in light of the above teachings. The embodiment was chosen and described to provide the best illustration of the principles of the invention and its practical application to thereby enable one of the ordinary skill in the art to utilize the invention in various embodiments and with various modifications as are suited to the particular use contemplated. All such modifications and variations are within the scope of the invention as determined by the appended claims when interpreted in accordance to the breadth to which they are fairly, legally and equitably entitled.
Abstract
Description
Claims
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2004214799A AU2004214799B2 (en) | 2003-02-26 | 2004-02-20 | Fast re-authentication with dynamic credentials |
CN200480007827XA CN1765082B (en) | 2003-02-26 | 2004-02-20 | Fast re-authentication with dynamic credentials |
AT04713312T ATE437498T1 (en) | 2003-02-26 | 2004-02-20 | FAST RE-AUTHENTIFICATION WITH DYNAMIC CREDITS |
CA2517474A CA2517474C (en) | 2003-02-26 | 2004-02-20 | Fast re-authentication with dynamic credentials |
EP04713312A EP1597866B1 (en) | 2003-02-26 | 2004-02-20 | Fast re-authentication with dynamic credentials |
DE602004022142T DE602004022142D1 (en) | 2003-02-26 | 2004-02-20 | Fast re-authentication with dynamic credentials |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/373,128 | 2003-02-26 | ||
US10/373,128 US7434044B2 (en) | 2003-02-26 | 2003-02-26 | Fast re-authentication with dynamic credentials |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2004077750A1 true WO2004077750A1 (en) | 2004-09-10 |
Family
ID=32868644
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2004/004998 WO2004077750A1 (en) | 2003-02-26 | 2004-02-20 | Fast re-authentication with dynamic credentials |
Country Status (8)
Country | Link |
---|---|
US (2) | US7434044B2 (en) |
EP (1) | EP1597866B1 (en) |
CN (1) | CN1765082B (en) |
AT (1) | ATE437498T1 (en) |
AU (1) | AU2004214799B2 (en) |
CA (1) | CA2517474C (en) |
DE (1) | DE602004022142D1 (en) |
WO (1) | WO2004077750A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2006001647A1 (en) * | 2004-06-24 | 2006-01-05 | Exers Technologies. Inc. | Network integrated management system |
US8356171B2 (en) | 2006-04-26 | 2013-01-15 | Cisco Technology, Inc. | System and method for implementing fast reauthentication |
Families Citing this family (49)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2872979A1 (en) * | 2004-07-09 | 2006-01-13 | France Telecom | ACCESS SYSTEM CONTROLLING INFORMATION CONTAINED IN A TERMINAL |
KR100846868B1 (en) * | 2005-01-17 | 2008-07-17 | 엘지전자 주식회사 | Method for managing tls session in supl based location information system |
US7900039B2 (en) * | 2005-01-17 | 2011-03-01 | Lg Electronics, Inc. | TLS session management method in SUPL-based positioning system |
US7477747B2 (en) * | 2005-02-04 | 2009-01-13 | Cisco Technology, Inc. | Method and system for inter-subnet pre-authentication |
KR100595714B1 (en) * | 2005-04-01 | 2006-07-03 | 엘지전자 주식회사 | Supl initial message and method for processing supl using the same in supl based location information system |
WO2006137624A1 (en) * | 2005-06-22 | 2006-12-28 | Electronics And Telecommunications Research Institute | Method for allocating authorization key identifier for wireless portable internet system |
GB2430580B (en) * | 2005-09-13 | 2008-04-09 | Roke Manor Research | A method of authenticating access points on a wireless network |
US20070067638A1 (en) * | 2005-09-22 | 2007-03-22 | Roland Haibl | Method of Session Consolidation |
US7716721B2 (en) * | 2005-10-18 | 2010-05-11 | Cisco Technology, Inc. | Method and apparatus for re-authentication of a computing device using cached state |
JP4670598B2 (en) * | 2005-11-04 | 2011-04-13 | 日本電気株式会社 | Network system, proxy server, session management method, and program |
US20070165582A1 (en) * | 2006-01-18 | 2007-07-19 | Puneet Batta | System and method for authenticating a wireless computing device |
DE602006013514D1 (en) * | 2006-02-14 | 2010-05-20 | Ericsson Telefon Ab L M | METHOD AND DEVICE FOR AUTHENTICATION |
US8555350B1 (en) * | 2006-06-23 | 2013-10-08 | Cisco Technology, Inc. | System and method for ensuring persistent communications between a client and an authentication server |
KR100739809B1 (en) | 2006-08-09 | 2007-07-13 | 삼성전자주식회사 | Method and apparatus for managing stations which are associated with wpa-psk wireless network |
CN1913439B (en) * | 2006-09-08 | 2011-05-04 | 中国移动通信集团公司 | Authentication method and method for transmitting successful authentication information |
US8214635B2 (en) | 2006-11-28 | 2012-07-03 | Cisco Technology, Inc. | Transparent proxy of encrypted sessions |
CN100463462C (en) * | 2006-12-18 | 2009-02-18 | 西安西电捷通无线网络通信有限公司 | Coordinate access control system of ternary structure |
CN100512312C (en) | 2006-12-18 | 2009-07-08 | 西安西电捷通无线网络通信有限公司 | Ternary structural coordinate access control method |
WO2008110946A1 (en) * | 2007-02-05 | 2008-09-18 | Nokia Corporation | Authentication procedure in an intelligent proxy for multi-access devices |
US8307414B2 (en) * | 2007-09-07 | 2012-11-06 | Deutsche Telekom Ag | Method and system for distributed, localized authentication in the framework of 802.11 |
US8122251B2 (en) * | 2007-09-19 | 2012-02-21 | Alcatel Lucent | Method and apparatus for preventing phishing attacks |
CN101296085B (en) * | 2008-06-23 | 2011-07-13 | 中兴通讯股份有限公司 | Authentication method and system based on bifurcation, and bifurcation authentication system |
US8341709B2 (en) | 2008-10-22 | 2012-12-25 | Research In Motion Limited | Pushing certificate chains to remote devices |
US8555069B2 (en) * | 2009-03-06 | 2013-10-08 | Microsoft Corporation | Fast-reconnection of negotiable authentication network clients |
US9338165B2 (en) * | 2009-03-12 | 2016-05-10 | Cisco Technology, Inc. | Common internet file system proxy authentication of multiple servers |
CN101588244A (en) * | 2009-05-08 | 2009-11-25 | 中兴通讯股份有限公司 | Method and system for authenticating network device |
CN102014361B (en) * | 2009-09-07 | 2014-02-19 | 华为技术有限公司 | Authentication authorization accounting (AAA) session updating method, device and system |
DE102010021256A1 (en) * | 2010-05-21 | 2011-11-24 | Siemens Aktiengesellschaft | Method for the dynamic authorization of a mobile communication device |
CN102075904B (en) * | 2010-12-24 | 2015-02-11 | 杭州华三通信技术有限公司 | Method and device for preventing re-authentication of roaming user |
US10169094B2 (en) * | 2011-04-27 | 2019-01-01 | Hewlett Packard Enterprise Development Lp | Dynamic transaction-persistent server load balancing |
US9131370B2 (en) | 2011-12-29 | 2015-09-08 | Mcafee, Inc. | Simplified mobile communication device |
US20130268687A1 (en) * | 2012-04-09 | 2013-10-10 | Mcafee, Inc. | Wireless token device |
US9262592B2 (en) | 2012-04-09 | 2016-02-16 | Mcafee, Inc. | Wireless storage device |
US8819445B2 (en) | 2012-04-09 | 2014-08-26 | Mcafee, Inc. | Wireless token authentication |
US9547761B2 (en) | 2012-04-09 | 2017-01-17 | Mcafee, Inc. | Wireless token device |
CN102833264B (en) * | 2012-09-07 | 2016-03-30 | 北京星网锐捷网络技术有限公司 | Prevent authenticated user from passing through to act on behalf of the method for fee evasion, device and Authentication Client |
US8984277B2 (en) | 2012-09-28 | 2015-03-17 | Cisco Technology, Inc. | Reduced authentication times in constrained computer networks |
CA2833108A1 (en) * | 2012-10-24 | 2014-04-24 | Andrey Dulkin | A system and method for secure proxy-based authentication |
US9344404B2 (en) * | 2013-01-31 | 2016-05-17 | Dell Products L.P. | System and method for synchronizing connection credentials |
US9219710B2 (en) | 2013-03-15 | 2015-12-22 | Microsoft Technology Licensing, Llc | Seamless authentication with proxy servers |
KR20140124157A (en) * | 2013-04-16 | 2014-10-24 | 삼성전자주식회사 | Apparatus and method for generating key hierarchy in radio network |
EP3058532A4 (en) | 2013-10-14 | 2017-04-12 | Equifax, Inc. | Providing identification information to mobile commerce applications |
US9565185B2 (en) | 2014-11-24 | 2017-02-07 | At&T Intellectual Property I, L.P. | Facilitation of seamless security data transfer for wireless network devices |
WO2018191638A1 (en) | 2017-04-13 | 2018-10-18 | Equifax, Inc. | Location-based detection of unauthorized use of interactive computing environment functions |
WO2019006144A1 (en) * | 2017-06-29 | 2019-01-03 | Equifax, Inc. | Third-party authorization support for interactive computing environment functions |
CN109413646B (en) * | 2017-08-16 | 2020-10-16 | 华为技术有限公司 | Secure access method, device and system |
WO2019118682A1 (en) | 2017-12-14 | 2019-06-20 | Equifax Inc. | Embedded third-party application programming interface to prevent transmission of sensitive data |
US10834591B2 (en) | 2018-08-30 | 2020-11-10 | At&T Intellectual Property I, L.P. | System and method for policy-based extensible authentication protocol authentication |
CN109067788B (en) | 2018-09-21 | 2020-06-09 | 新华三技术有限公司 | Access authentication method and device |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5862481A (en) * | 1996-04-08 | 1999-01-19 | Northern Telecom Limited | Inter-technology roaming proxy |
WO2001078351A2 (en) * | 2000-04-10 | 2001-10-18 | British Telecommunications Public Limited Company | Provision of secure access for telecommunications system |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6034618A (en) * | 1996-10-31 | 2000-03-07 | Matsushita Electric Industrial Co., Ltd. | Device authentication system which allows the authentication function to be changed |
US7882247B2 (en) * | 1999-06-11 | 2011-02-01 | Netmotion Wireless, Inc. | Method and apparatus for providing secure connectivity in mobile and other intermittent computing environments |
US6618370B1 (en) * | 1999-11-16 | 2003-09-09 | Bellsouth Intellectual Property Corporation | System and method for bandwidth on demand for internet service providers |
EP1150521A1 (en) * | 2000-04-25 | 2001-10-31 | Alcatel | Method for setting up a session between a host of a data network and a mobile terminal of a mobile network and device for performing such method |
US7383329B2 (en) * | 2001-02-13 | 2008-06-03 | Aventail, Llc | Distributed cache for state transfer operations |
US7281139B2 (en) * | 2002-07-11 | 2007-10-09 | Sun Microsystems, Inc. | Authenticating legacy service via web technology |
-
2003
- 2003-02-26 US US10/373,128 patent/US7434044B2/en not_active Expired - Fee Related
-
2004
- 2004-02-20 WO PCT/US2004/004998 patent/WO2004077750A1/en active Application Filing
- 2004-02-20 CN CN200480007827XA patent/CN1765082B/en not_active Expired - Fee Related
- 2004-02-20 AU AU2004214799A patent/AU2004214799B2/en not_active Ceased
- 2004-02-20 EP EP04713312A patent/EP1597866B1/en not_active Expired - Lifetime
- 2004-02-20 DE DE602004022142T patent/DE602004022142D1/en not_active Expired - Lifetime
- 2004-02-20 AT AT04713312T patent/ATE437498T1/en not_active IP Right Cessation
- 2004-02-20 CA CA2517474A patent/CA2517474C/en not_active Expired - Fee Related
-
2008
- 2008-08-12 US US12/189,821 patent/US7802091B2/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5862481A (en) * | 1996-04-08 | 1999-01-19 | Northern Telecom Limited | Inter-technology roaming proxy |
WO2001078351A2 (en) * | 2000-04-10 | 2001-10-18 | British Telecommunications Public Limited Company | Provision of secure access for telecommunications system |
Non-Patent Citations (1)
Title |
---|
HAVERINEN H ET AL: "CELLULAR ACCESS CONTROL AND CHARGING FOR MOBILE OPERATOR WIRELESS LOCAL AREA NETWORKS", IEEE WIRELESS COMMUNICATIONS, IEEE SERVICE CENTER, PISCATAWAY, NJ, US, vol. 9, no. 6, December 2002 (2002-12-01), pages 52 - 60, XP001143468, ISSN: 1070-9916 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2006001647A1 (en) * | 2004-06-24 | 2006-01-05 | Exers Technologies. Inc. | Network integrated management system |
US8356171B2 (en) | 2006-04-26 | 2013-01-15 | Cisco Technology, Inc. | System and method for implementing fast reauthentication |
Also Published As
Publication number | Publication date |
---|---|
ATE437498T1 (en) | 2009-08-15 |
US7434044B2 (en) | 2008-10-07 |
CA2517474A1 (en) | 2004-09-10 |
AU2004214799B2 (en) | 2009-02-19 |
US20040168054A1 (en) | 2004-08-26 |
DE602004022142D1 (en) | 2009-09-03 |
AU2004214799A1 (en) | 2004-09-10 |
CA2517474C (en) | 2010-03-23 |
EP1597866A1 (en) | 2005-11-23 |
CN1765082A (en) | 2006-04-26 |
US20080301790A1 (en) | 2008-12-04 |
CN1765082B (en) | 2012-02-01 |
EP1597866B1 (en) | 2009-07-22 |
US7802091B2 (en) | 2010-09-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2517474C (en) | Fast re-authentication with dynamic credentials | |
US7346772B2 (en) | Method for fast, secure 802.11 re-association without additional authentication, accounting and authorization infrastructure | |
EP1693995B1 (en) | A method for implementing access authentication of wlan user | |
JP4713338B2 (en) | Method and apparatus for enabling re-authentication in a cellular communication system | |
EP2103077B1 (en) | Method and apparatus for determining an authentication procedure | |
EP1672945A1 (en) | UMTS-WLAN interworking system and authentication method therefor | |
RU2491733C2 (en) | Method for user terminal authentication and authentication server and user terminal therefor | |
EP1770940A1 (en) | Method and apparatus for establishing a communication between a mobile device and a network | |
US9226153B2 (en) | Integrated IP tunnel and authentication protocol based on expanded proxy mobile IP | |
WO2007019771A1 (en) | An access control method of the user altering the visited network, the unit and the system thereof | |
WO2006024969A1 (en) | Wireless local area network authentication method | |
WO2007097101A1 (en) | Radio access system and radio access method | |
US20110010764A1 (en) | One-pass authentication mechanism and system for heterogeneous networks | |
WO2010000185A1 (en) | A method, apparatus, system and server for network authentication | |
KR20080086127A (en) | A method and apparatus of security and authentication for mobile telecommunication system | |
WO2011127774A1 (en) | Method and apparatus for controlling mode for user terminal to access internet | |
WO2014063530A1 (en) | Method and system for mobile user to access fixed network | |
WO2016065847A1 (en) | Wifi offload method, device and system | |
WO2013037264A1 (en) | Admission control method and system | |
Dagiuklas et al. | Hierarchical AAA architecture for user and multimedia service authentication in hybrid 3G/WLAN networking environments |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2004214799 Country of ref document: AU |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2517474 Country of ref document: CA |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2004713312 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2004214799 Country of ref document: AU Date of ref document: 20040220 Kind code of ref document: A |
|
WWP | Wipo information: published in national office |
Ref document number: 2004214799 Country of ref document: AU |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2004807827X Country of ref document: CN |
|
WWP | Wipo information: published in national office |
Ref document number: 2004713312 Country of ref document: EP |