WO2004082237A1 - Forced encryption for wireless local area networks - Google Patents

Forced encryption for wireless local area networks Download PDF

Info

Publication number
WO2004082237A1
WO2004082237A1 PCT/IB2004/000687 IB2004000687W WO2004082237A1 WO 2004082237 A1 WO2004082237 A1 WO 2004082237A1 IB 2004000687 W IB2004000687 W IB 2004000687W WO 2004082237 A1 WO2004082237 A1 WO 2004082237A1
Authority
WO
WIPO (PCT)
Prior art keywords
local area
wireless local
access
area network
user terminal
Prior art date
Application number
PCT/IB2004/000687
Other languages
French (fr)
Inventor
Sami PIENIMÄKI
Jari Korpiharju
Niklas LYBÄCK
Original Assignee
Nokia Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Corporation filed Critical Nokia Corporation
Priority to EP04719543A priority Critical patent/EP1602216B1/en
Priority to DE602004010625T priority patent/DE602004010625T2/en
Publication of WO2004082237A1 publication Critical patent/WO2004082237A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2854Wide area networks, e.g. public data networks
    • H04L12/2856Access arrangements, e.g. Internet access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the present invention relates to a method of enforcing encryption on a public wireless local area networ as well as to a related system and network element.
  • WLAN wireless local area networks
  • VPN virtual private network
  • wireless local area networks In unlicensed public wireless local area networks (WLAN) , special attention has to be paid to security issues such as to protect the end users privacy. So far, presently implemented wireless LAN installations comprise security features to offer an encryption for the open air interface. Though, these are not considered to be feasible for public installations due to a lack of being scaleable. Further, no feasible key distribution mechanisms for the encryption are known yet. Moreover, several vulnerabilities have been found so that ready-made tools may be found from the Internet to hack these systems.
  • WLAN public wireless local area networks
  • the present invention is a method of enforcing encryption on a public wireless local area network, the public wireless local area network comprising: at least one access point for the wireless connection of corresponding user terminals; an authentication, authorization and accounting system; and at least one access control point for controlling access to the network, for initiating an authentication, authorization and accounting procedure for an accessing terminal, and for providing an Internet access gateway functionality; the method comprising: authenticating a user terminal to the authentication, authorization and accounting system upon arrival in a service area of the public wireless local area network; requesting access to the Internet by the user terminal; - and enforcing applications corresponding to the Internet access request of the user terminal to switch their traffic to an encrypting security service port.
  • the present invention is a system for enforcing encryption on a public wireless local area network, comprising at least one user terminal, and a public wireless local area network, which comprises: at least one access point for the wireless connection of a user terminal; an authentication, authorization and accounting sub-system; and at least one access control point for controlling access to the network, for initiating an authentication, authorization and accounting procedure for a user terminal at the authentication, authorization and accounting sub-system upon its arrival in a service area of the public wireless local area network, for providing an Internet access gateway functionality, and for enforcing applications corresponding to an Internet access request of the user terminal to switch their traffic to an encrypting security service port.
  • the present invention is also an access control point network element for enforcing encryption on a public wireless local area network, comprising: means for controlling access to the network; means for initiating an authentication, authorization and accounting procedure for a user terminal at an authentication, authorization and accounting sub-system of the public wireless local area network upon arrival of the user terminal in a service area of the public wireless local area network; means for providing an Internet access gateway functionality; and means for enforcing applications corresponding to an Internet access request of the user terminal to switch their traffic to an encrypting security service port.
  • the access control point retrieves information from RADIUS messages which user terminals do not use a 802. Hi encryption, and directs the traffic encryption enforcement only to the such identified user terminals.
  • the encrypting security service is the secure sockets layer (SSL) or the transport layer security (TLS) .
  • SSL secure sockets layer
  • TLS transport layer security
  • the present invention also allows end users without a virtual private network to use most of their applications securely.
  • the present invention is transparent for users of a virtual private network.
  • the present invention is easy to implement and to deploy, and it does not require any changes at the terminals of any end user, since there already exists a wide support for the secure sockets layer and for the transport layer security, while most of the used applications such as browsing and email are addressed by the present invention.
  • Fig. 1 shows a wireless local area network architecture underlying the present invention.
  • a public wireless local area network underlying the present invention comprises the following physical and logical elements: wireless local area network (WLAN) terminals UT used by end users and access points AP, access control points ACP and authentication, authorization and accounting (AAA) systems AAA operated by a network operator.
  • the terminals UT are used to access the wireless local area network via a radio interface.
  • the counterpart in the network regarding this interface is the access point AP.
  • An access control point ACP controls the access to the network and initiates the authentication, authorization and accounting (AAA) for the terminal UT in question.
  • the authentication, authorization and accounting system AAA is a back end system for providing corresponding functions. All or some of the above network elements may reside in a same physical network element.
  • an end user arrives to a public wireless local area network service area (a public access zone PAZ) , she/he authenticates herself/himself towards the authentication, authorization and accounting system AAA. After the authentication, the end user has access to the Internet IP, but her/his traffic over the air-interface is not necessarily encrypted.
  • a public wireless local area network service area a public access zone PAZ
  • AAA public access zone
  • the access control point ACP forces applications X to switch the traffic to an encrypted port such as according to the secure sockets layer SSL (as developed by Netscape) or according to the transport layer security TLS (see RFC2246 of the Internet Engineering Task Force) , before it allows any traffic to go through. This is possible even if the initial request for the application in question is sent un-encrypted.
  • SSL secure sockets layer
  • TLS transport layer security
  • Examples of applications that can be forced to use the secure sockets layer SSL or the transport layer security TLS encryption include application layer protocols running on top of the TCP/IP (transport control protocol, Internet protocol) and UDP/IP (user datagram protocol) , respectively, such as the hypertext transfer protocol HTTP for browsing the Internet, the Internet message access protocol 4 IMAP4 as well as the post office protocol 3 POP3 for incoming mail, and the simple mail transfer protocol SMTP for outgoing mail.
  • TCP/IP transport control protocol, Internet protocol
  • UDP/IP user datagram protocol
  • the above described enforcement to switch the traffic to an encrypted port can also be configured to- only take place for users without an 802. Hi encryption in the WLAN interface.
  • the access control point ACP retrieves this knowledge from RADIUS (Remote Authentication Dial-In User Service) messages.
  • the public wireless local area network comprising: at least one access point for the wireless connection of corresponding user terminals; an authentication, authorization and accounting system; and at least one access control point for controlling access to the network, for initiating an authentication, authorization and accounting procedure for an accessing terminal, and for providing an Internet access gateway functionality; the method comprising: authenticating a user terminal to the authentication, authorization and accounting system upon arrival in a service area of the public wireless local area network; requesting access to the Internet by the user terminal; and enforcing applications corresponding to the Internet access request of the user terminal to switch their traffic to an encrypting security service port.

Abstract

A method of enforcing encryption on a public wireless local area network, the public wireless local area network comprising: at least one access point for the wireless connection of corresponding user terminals; an authentication, authorization and accounting system; and at least one access control point for controlling access to the network, for initiating an authentication, authorization and accounting procedure for an accessing terminal, and for providing an Internet access gateway functionality; the method comprising: authenticating a user terminal to the authentication, authorization and accounting system upon arrival in a service area of the public wireless local area network; requesting access to the Internet by the user terminal; and enforcing applications corresponding to the Internet access request of the user terminal to switch their traffic to an encrypting security service port.

Description

Forced encryption for Wireless Local Area Networks
BACKGROUND OF THE INVENTION Field of the invention
The present invention relates to a method of enforcing encryption on a public wireless local area networ as well as to a related system and network element.
Related Art
Currently, in practice all traffic in public access zones of wireless local area networks (WLAN) is not encrypted, with the exception of users of virtual private network (VPN) applications.
However, in unlicensed public wireless local area networks (WLAN) , special attention has to be paid to security issues such as to protect the end users privacy. So far, presently implemented wireless LAN installations comprise security features to offer an encryption for the open air interface. Though, these are not considered to be feasible for public installations due to a lack of being scaleable. Further, no feasible key distribution mechanisms for the encryption are known yet. Moreover, several vulnerabilities have been found so that ready-made tools may be found from the Internet to hack these systems.
Thus, standards are recently under development such as in "IEEE 802.11 task group i" which are about to develop solutions for these problems. Though, the implementation of these solutions will require new software and most likely also new hardware to be installed at the network, and, most importantly, new software and new hardware to be installed at the end users side.
SUMMARY OF THE INVENTION
Therefore, it is an object of the present invention to overcome the above shortcomings of the prior art.
The present invention is a method of enforcing encryption on a public wireless local area network, the public wireless local area network comprising: at least one access point for the wireless connection of corresponding user terminals; an authentication, authorization and accounting system; and at least one access control point for controlling access to the network, for initiating an authentication, authorization and accounting procedure for an accessing terminal, and for providing an Internet access gateway functionality; the method comprising: authenticating a user terminal to the authentication, authorization and accounting system upon arrival in a service area of the public wireless local area network; requesting access to the Internet by the user terminal; - and enforcing applications corresponding to the Internet access request of the user terminal to switch their traffic to an encrypting security service port.
In addition, the present invention is a system for enforcing encryption on a public wireless local area network, comprising at least one user terminal, and a public wireless local area network, which comprises: at least one access point for the wireless connection of a user terminal; an authentication, authorization and accounting sub-system; and at least one access control point for controlling access to the network, for initiating an authentication, authorization and accounting procedure for a user terminal at the authentication, authorization and accounting sub-system upon its arrival in a service area of the public wireless local area network, for providing an Internet access gateway functionality, and for enforcing applications corresponding to an Internet access request of the user terminal to switch their traffic to an encrypting security service port.
Furthermore, the present invention is also an access control point network element for enforcing encryption on a public wireless local area network, comprising: means for controlling access to the network; means for initiating an authentication, authorization and accounting procedure for a user terminal at an authentication, authorization and accounting sub-system of the public wireless local area network upon arrival of the user terminal in a service area of the public wireless local area network; means for providing an Internet access gateway functionality; and means for enforcing applications corresponding to an Internet access request of the user terminal to switch their traffic to an encrypting security service port.
In a preferred embodiment of the present invention, the access control point retrieves information from RADIUS messages which user terminals do not use a 802. Hi encryption, and directs the traffic encryption enforcement only to the such identified user terminals.
Preferably, the encrypting security service is the secure sockets layer (SSL) or the transport layer security (TLS) . Accordingly, it is an advantage of the present invention that it is suitable for virtually all wireless local area network terminals without requiring any software installations at the terminal side. In addition, no changes on a used operating system or a browser type are necessary. Further, the present invention is transparent for most of the network elements thus requiring only minor changes in the network.
Hence, a major security enhancement for public wireless local area network access zones is provided by the present invention. That is, contrary to the prior art, the present invention also allows end users without a virtual private network to use most of their applications securely. On the other hand, the present invention is transparent for users of a virtual private network.
In general, the present invention is easy to implement and to deploy, and it does not require any changes at the terminals of any end user, since there already exists a wide support for the secure sockets layer and for the transport layer security, while most of the used applications such as browsing and email are addressed by the present invention.
BRIEF DESCRIPTION OF THE DRAWINGS
Further details, features and advantages of the present invention will become more readily apparent from the following detailed description of the preferred embodiments which is to be taken in conjunction with the appended drawing, in which: Fig. 1 shows a wireless local area network architecture underlying the present invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
As shown in Fig. 1, a public wireless local area network underlying the present invention comprises the following physical and logical elements: wireless local area network (WLAN) terminals UT used by end users and access points AP, access control points ACP and authentication, authorization and accounting (AAA) systems AAA operated by a network operator. The terminals UT are used to access the wireless local area network via a radio interface. The counterpart in the network regarding this interface is the access point AP. An access control point ACP controls the access to the network and initiates the authentication, authorization and accounting (AAA) for the terminal UT in question. The authentication, authorization and accounting system AAA is a back end system for providing corresponding functions. All or some of the above network elements may reside in a same physical network element.
According to the preferred embodiment of the present invention, if an end user arrives to a public wireless local area network service area (a public access zone PAZ) , she/he authenticates herself/himself towards the authentication, authorization and accounting system AAA. After the authentication, the end user has access to the Internet IP, but her/his traffic over the air-interface is not necessarily encrypted.
Here, when the end user tries to access the Internet IP, the access control point ACP forces applications X to switch the traffic to an encrypted port such as according to the secure sockets layer SSL (as developed by Netscape) or according to the transport layer security TLS (see RFC2246 of the Internet Engineering Task Force) , before it allows any traffic to go through. This is possible even if the initial request for the application in question is sent un-encrypted. Examples of applications that can be forced to use the secure sockets layer SSL or the transport layer security TLS encryption include application layer protocols running on top of the TCP/IP (transport control protocol, Internet protocol) and UDP/IP (user datagram protocol) , respectively, such as the hypertext transfer protocol HTTP for browsing the Internet, the Internet message access protocol 4 IMAP4 as well as the post office protocol 3 POP3 for incoming mail, and the simple mail transfer protocol SMTP for outgoing mail.
The above described enforcement to switch the traffic to an encrypted port can also be configured to- only take place for users without an 802. Hi encryption in the WLAN interface. In this case, the access control point ACP retrieves this knowledge from RADIUS (Remote Authentication Dial-In User Service) messages.
Thus, what is described above is a method as well as related system and network element of enforcing encryption on a public wireless local area network, the public wireless local area network comprising: at least one access point for the wireless connection of corresponding user terminals; an authentication, authorization and accounting system; and at least one access control point for controlling access to the network, for initiating an authentication, authorization and accounting procedure for an accessing terminal, and for providing an Internet access gateway functionality; the method comprising: authenticating a user terminal to the authentication, authorization and accounting system upon arrival in a service area of the public wireless local area network; requesting access to the Internet by the user terminal; and enforcing applications corresponding to the Internet access request of the user terminal to switch their traffic to an encrypting security service port.
While it is described above what is presently considered to be the preferred embodiments of the present invention, it is apparent to those who are skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the present invention as defined in the appended claims.

Claims

Claims
1. A method of enforcing encryption on a public wireless local area network, the public wireless local area network comprising: at least one access point for the wireless connection of corresponding user terminals; an authentication, authorization and accounting system; and at least one access control point for controlling access to the network, for initiating an authentication, authorization and accounting procedure for an accessing terminal, and for providing an Internet access gateway functionality; the method comprising: authenticating a user terminal to the authentication, authorization and accounting system upon arrival in a service area of the public wireless local area network; requesting access to the Internet by the user terminal; and enforcing applications corresponding to the Internet access request of the user terminal to switch their traffic to an encrypting security service port.
2. The method according to claim 1, wherein the encrypting security service is the secure sockets layer or the transport layer security.
3. The method according to claim 1, wherein the enforcement is performed by a responsible access control point.
4. The method according to claim 1, wherein the enforcement is performed by a responsible wireless local area network gateway.
5. The method according to claim 1, further comprising: retrieving information by the access control point from RADIUS messages which user terminals do not use a 802. Hi encryption; and directing the traffic encryption enforcement only to the such identified user terminals.
6. The method according to claim 1, wherein the enforced applications are selected from a group comprising the hypertext transfer protocol for browsing the Internet, the Internet message access protocol 4, the post office protocol 3, and the simple mail transfer protocol.
7. A system for enforcing encryption on a public wireless local area network, comprising at least one user terminal, and a public wireless local area network, which comprises: at least one access point for the wireless connection of a user terminal; an authentication, authorization and accounting sub-system; and at least one access control point for controlling access to the network, for initiating an authentication, authorization and accounting procedure for a user terminal at the authentication, authorization and accounting sub-system upon its arrival in a service area of the public wireless local area network, for providing an Internet access gateway functionality, and for enforcing applications corresponding to an Internet access request of the user terminal to switch their traffic to an encrypting security service port.
8. The system according to claim 7, wherein the encrypting security service is the secure sockets layer or the transport layer security.
9. The system according to claim 7, wherein the access control point retrieves information from RADIUS messages which user terminals do not use a 802. Hi encryption and directs the traffic encryption enforcement only to the such identified user terminals.
10. An access control point network element for enforcing encryption on a public wireless local area network, comprising: means for controlling access to the networks- means for initiating an authentication, authorization and accounting procedure for a user terminal at an authentication, authorization and accounting sub-system of the public wireless local area network upon arrival of the user terminal in a service area of the public wireless local area network; means for providing an Internet access gateway functionality; and means for enforcing applications corresponding to an Internet access request of the user terminal to switch their traffic to an encrypting security service port.
11. The network element according to claim 10, wherein the encrypting security service is the secure sockets layer or the transport layer security.
12. The network element according to claim 10, further comprising means for retrieving information from RADIUS messages which user terminals do not use a 802. Hi encryption; and means for directing the traffic encryption enforcement only to the such identified user terminals.
PCT/IB2004/000687 2003-03-13 2004-03-11 Forced encryption for wireless local area networks WO2004082237A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP04719543A EP1602216B1 (en) 2003-03-13 2004-03-11 Forced encryption for wireless local area networks
DE602004010625T DE602004010625T2 (en) 2003-03-13 2004-03-11 FORCED ENCRYPTION FOR WIRELESS LOCAL NETWORKS

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US45395303P 2003-03-13 2003-03-13
US60/453,953 2003-03-13

Publications (1)

Publication Number Publication Date
WO2004082237A1 true WO2004082237A1 (en) 2004-09-23

Family

ID=32990842

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2004/000687 WO2004082237A1 (en) 2003-03-13 2004-03-11 Forced encryption for wireless local area networks

Country Status (5)

Country Link
US (1) US20040181663A1 (en)
EP (1) EP1602216B1 (en)
AT (1) ATE381192T1 (en)
DE (1) DE602004010625T2 (en)
WO (1) WO2004082237A1 (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006521763A (en) * 2003-03-27 2006-09-21 トムソン ライセンシング Secure roaming between wireless access points
US7848517B2 (en) 2005-03-16 2010-12-07 At&T Intellectual Property Ii, L.P. Secure open-air communication system utilizing multi-channel decoyed transmission
US7568220B2 (en) 2005-04-19 2009-07-28 Cisco Technology, Inc. Connecting VPN users in a public network
US7609162B2 (en) * 2005-10-10 2009-10-27 Electronics And Telecommunications Research Institute Mobile RFID service providing apparatus and method thereof
CN101083607B (en) * 2006-05-30 2010-12-08 倪海生 Internet accessing server for inside and outside network isolation and its processing method
CN101102189B (en) 2006-07-05 2011-06-22 华为技术有限公司 A gateway system and method for implementing multi-media access
CN102594835A (en) * 2012-03-12 2012-07-18 北京建飞科联科技有限公司 Real name authentication method and authentication platform of wireless networks in a wide range of public places
CN105472328A (en) * 2015-11-06 2016-04-06 邵斌 Internet-bar real name system monitoring system based on Internet bar open account video
DE102016111142A1 (en) * 2016-06-17 2017-12-21 Kathrein-Werke Kg Mobile transmission system for providing a plurality of mobile radio cells in a building or campus
TWI708563B (en) * 2019-08-20 2020-11-01 劉政雄 Method for extracting cocoa beans into cocoa powder

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2812312B2 (en) * 1996-01-12 1998-10-22 三菱電機株式会社 Encryption system
US6081900A (en) * 1999-03-16 2000-06-27 Novell, Inc. Secure intranet access
FI111208B (en) * 2000-06-30 2003-06-13 Nokia Corp Arrangement of data encryption in a wireless telecommunication system
US20020174335A1 (en) * 2001-03-30 2002-11-21 Junbiao Zhang IP-based AAA scheme for wireless LAN virtual operators
US20030009691A1 (en) * 2001-07-06 2003-01-09 Lyons Martha L. Centralized clearinghouse for entitlement information
US20030046587A1 (en) * 2001-09-05 2003-03-06 Satyam Bheemarasetti Secure remote access using enterprise peer networks
FI114276B (en) * 2002-01-11 2004-09-15 Nokia Corp Arranging online visits
US20030095663A1 (en) * 2001-11-21 2003-05-22 Nelson David B. System and method to provide enhanced security in a wireless local area network system
US7246245B2 (en) * 2002-01-10 2007-07-17 Broadcom Corporation System on a chip for network storage devices
US7792527B2 (en) * 2002-11-08 2010-09-07 Ntt Docomo, Inc. Wireless network handoff key

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
ALCATEL: "Public Wireless LAN for Mobile Operators", WHITE PAPER, 14 March 2003 (2003-03-14), XP002283478, Retrieved from the Internet <URL:http://www.alcatel.com/doctypes/articlepaperlibrary/pdf/WP/T0303-Wireless_LAN-EN.pdf> [retrieved on 20040604] *
J.CARON, IP SECTOR TECHNOLOGIES: "Public Wireless LAN roaming issues", INTERNET DRAFT, 28 February 2002 (2002-02-28), XP002283477, Retrieved from the Internet <URL:http://www.ipsector.com/drafts/draft-caron-public-wlan-roaming-issues-00.txt> [retrieved on 20040604] *

Also Published As

Publication number Publication date
EP1602216B1 (en) 2007-12-12
DE602004010625T2 (en) 2008-12-11
US20040181663A1 (en) 2004-09-16
ATE381192T1 (en) 2007-12-15
EP1602216A1 (en) 2005-12-07
DE602004010625D1 (en) 2008-01-24

Similar Documents

Publication Publication Date Title
US11659385B2 (en) Method and system for peer-to-peer enforcement
EP1658700B1 (en) Personal remote firewall
CA2541151C (en) A persistent and reliable session securely traversing network components using an encapsulating protocol
US20040249922A1 (en) Home automation system security
US7325058B1 (en) Method and system for controlling subscriber access in a network capable of establishing connections with a plurality of domain sites
WO2002095543A2 (en) Apparatus and method for providing secure network communication
EP2706717A1 (en) Method and devices for registering a client to a server
US20090031395A1 (en) Security system for wireless networks
EP1602216B1 (en) Forced encryption for wireless local area networks
US20040243837A1 (en) Process and communication equipment for encrypting e-mail traffic between mail domains of the internet
US20090271852A1 (en) System and Method for Distributing Enduring Credentials in an Untrusted Network Environment
US20050086533A1 (en) Method and apparatus for providing secure communication
Cisco Converting Private Link to IPSec
Cisco Understanding the Cisco VPN Client
Cisco Converting Private Link to IPSec
Cisco Converting Private Link to IPSec
US8453205B1 (en) Secure network services via daemons
JP2004274448A (en) Public network access system
YAMAI et al. A user authentication system for secure wireless communication
Barriga et al. Communications security in an all-IP world
Rajamohan An overview of remote access VPNs: Architecture and efficient installation
Casole et al. Secure access to corporate resources in a multi-access perspective: needs, problems, and solutions
Komori et al. A secure wireless LAN system retaining privacy
Fisher Authentication and Authorization: The Big Picture with IEEE 802.1 X
WO2011072512A1 (en) Access control method supporting multiple controlled ports and system thereof

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DPEN Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed from 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2004719543

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2004719543

Country of ref document: EP

WWG Wipo information: grant in national office

Ref document number: 2004719543

Country of ref document: EP