DE102004008764A1 - Wireless local area network radio user device authentication method involves establishing communication of user device with network access point and radio link manager, and attaching user device to core network system - Google Patents

Abstract

A radio access controller (RAC), radio link manager (RLM) and wireless local area network access point (WLAN-AP) are connected to a home location register (HLR) of core network. Communication between the user device, and WLAN-AP and RLM, is established. The user device is authenticated to HLR and attached to core network system by connecting data-link tunnel from MLC to RLM. Independent claims are also included for the following: (1) method for interconnecting wireless local area network-radio access network to global system for mobile communication core network; and (2) system for interconnecting wireless local area network-radio access network to global system for mobile communication core network.

Description

BACKGROUND THE INVENTION

The The present invention relates to collaboration (interworking) wireless local area networks (WLANs) with cellular networks (mobile networks) to provide connectivity for cellular packet data services Networks, in particular GSM-based cellular networks. The invention also refers to techniques for overlaying safety and security Confidentiality about Network elements that do not provide this.

It there is a need for a solution the high-speed wireless data networking for customers providing GSM services. It is desirable to do so without modification the core network elements of each GSM service and in particular those which have already gained support through GSM packet radio services. By keeping intact the core network, it is assumed that the costs of adding the Wireless high-speed data networking to a GSM network can be reduced.

Added (add-on) High-speed wireless services need to be as efficient and cost-effective as possible be provided to compete with integrated services to be able to. A first step towards achieving this goal would be the Use of standards-based network elements, such as For example, but not necessarily, Wi-Fi devices below Using the IEEE 802.11b networking protocols. These networking protocols are relatively rudimentary and provide specifications only for the first two layers of a typical seven-layer stack according to Open Systems Interconnection (OSI): the physical layer and the media access and Media Access and Control (MAC) layer.

1 shows the conventional OSI model in its application to an IEEE 802.11 and Internet Engineering Task Force (IETF) stack for a wireless LAN. In the past, application gateways had to be provisioned to connect this stack to the GSM stack at the top or application layer. Providing this interface methodology for interoperation with WLAN systems presents difficulties for GSM / GPRS services because GSM / GPRS services are based on completely different standards and provide many features that are not found in the IETF and IEEE 802.11b stacks. For example, the functionality required to support GSM services is not yet provided in the IETF systems. IETF protocols do not provide a secure authentication system for interoperating with the GSM authentication system, billing functions have other formats, the allocation of customer IP addresses is handled in a different layer of the network application stacks, roaming features are incompatible, and the IETF is specified no micromobility handover protocol, as described in detail in GSM. Indeed, for interoperating IETF and GSM systems, the typical GSM service would only set up two separate systems and then consolidate the billing. This solution is undesirable because it is difficult for the GSM operator to manage two separate customer databases, to provide two separate services and clients for each additional service to be set up, and to manage two completely different network systems with different network management systems.

It There is therefore a need for a group of interworking network elements, which either translate services or additional Services over the WLAN radio access network provide. About that There is also a need to provide an architecture for interworking elements in a way, the minor or does not require modifications to the GSM system.

It gave different efforts for consideration and improving the setup of high-speed data services using the wifi. One such provided by some dealers Method uses interworking elements between the WLAN and typical core networks of Internet Service Providers (ISP). In this Procedures are Wi-Fi access points (Access Points (APs), which is the functionality of the physical layer and the MAC layer) with modified Internet Protocol (IP) routers. These routers support typical routing layer IETF standards such as, for example, but not conclusive, The Routing Internet Protocol (RIP), and they typically use authentication and accounting systems based on IETF standards, the logs include, but are not limited to, remotely Access Dial In User Service (RADIUS).

These Recognizing difficulties, several dealers (Cisco Systems from Santa Clara, California, Service Factory from Stockholm, Sweden and Lucent Technologies) tries to provide interworking elements around each of the errors described above and many additional ones To get a grip on problems. For example, have several dealer Added features to their access points to enhance the functionality of the higher-level network layer, such as authentication and security. This Procedure is not ideal, as it has not covered this area so far IETF standard there. As such, the use of customized access points, that a GSM / GPRS service spans only those APs that support these own protocols can. About that In addition, some dealers, the extra Features and functionalities into their wireless client hardware have limited the type of network interface cards that can be used by customers for connection to the network, and this leads to thus to additional incompatibilities which is particularly undesirable is, if the customers do not have the opportunity, a customized Interface to use.

These Some dealers (Nokia from Finland, Cisco Systems, IP Unplugged from Sweden, PC Tel from Santa Clara, California) on the provision of trailing (back-end) solutions for the Billing and provisioning systems focused, through Add of so-called charging gateways. Translate these gateways the billing records issued by the standard IETF systems in the own systems used by the GSM / GPRS services. As for accounting systems There are no standards, it is difficult to create transparency for new and future To ensure modifications to the existing services.

Other dealer (Transat from Houston, Texas and Interwave from Menlo Park, California) have these difficulties recognizing solvable (stand-alone) GSM / GPRS systems built using the communicate with the customer WLAN facilities, whereby all existing in the GSM / GPRS core network Core network functions and capabilities be replaced. This system is also undesirable since the GSM / GPRS service anyway with the operation of two miscellaneous Networks with different administration and configuration commands and additional Hardware and software continued even though it is the GSM operator with a more familiar Replacement network equips.

It There is therefore a need for an interworking system between the WLAN radio access network and the GSM / GPRS core network enabling the GSM service makes users transparent about this to connect new radio access network while the GSM customers all of services expected to be provided to customers. Furthermore would it be desirable, if these interworking systems could be extended to other radio access networks such as 3G 802.11a, or HIghPErformance Radio Local Area Networks (HIPERLAN) in the future with low or no additional To support modifications. Such a system would avoid any modification requirements of the WLAN elements and connect the two nets to the lowest possible network layers, and also additional Characteristics at the lowest possible Provide network layers to get the most out of them already established GSM standards. These features should be separate Networking elements are provided. This way you can be added to other radio access networks with little additional effort and functionality.

SUMMARY THE INVENTION

According to the present invention, there is provided a method and system for integrating a WLAN radio access network into a GSM / GPRS core network, adding gateways whose function is to transparently service between two dissimilar types of networks, such as WLAN and GSM to transport. Another aspect of the invention is secure authentication. The system according to the invention comprises two network elements, a radio link manager (RLM) and a radio access controller (RAC), and a software application, a multi-link client (MLC) Control of the functionality of the integration. The MLC resides in a user device such as, but not limited to, a laptop, PDA, or a cellular telephone (mobile phone). The WLAN Radio Access Network (RAN) comprises a client radio typically installed either in a client computing device or installed via a PCMCIA card and an access point (AP) that translates the wireless signals from the client radio into a wired networking protocol. According to the method of the invention, the radio link manager is between the AP and the core network (CN) to connect this RAN to the GSM / GPRS core network and provides an end point for a secure connection from the MLC software on the client computing device. The RLM forwards authentication messages from the MLC to the RAC. The RAC provides protocol stacks and interworking functions to enable the MLC to speak with a Home Location Register (HLR), which is a standard network element handling authentication in the GSM core network. After the customer is authenticated, the RLM and the MLC establish a "tunnel" using Ethernet (PPP Over Ethernet (PPPOE)) using Point-to-Point Protocol (PPP), and all data packets received on this channel are forwarded by the RLM to the Gateway GPRS Support Note (GGSN), a standard network element in the GSM / GPRS network that provides connection to the Internet or other packet data networks. To perform this routing, the RLM establishes a tunnel from the RLM to the GGSN using the GPRS Tunneling Protocol (GTP). Alternatively, a data link tunnel could run from the RLM to an Internet gateway having tunneling and address assignment capabilities as part of a global packet data network. Examples include the Generic Routing Encapsulation (GRE) protocol, IP in IP tunneling, the Layer 2 Transport Protocol (L2TP) transport protocol, Mobile IP, and Metricom's Ricochet Tunneling Protocol, which applies to disparate mesh networks. There may be other examples that are equivalent but not yet foreseeable at the time.

The two networks can seamlessly interoperate, creating a continuous reception of all currently available under GSM Networking services are enabled by a customer, regardless of the radio access network used at a given time.

The The invention will be more readily understood with reference to the following details Description in conjunction with the attached drawing figures.

SUMMARY THE DRAWINGS

1 Figure 4 shows the network stack for the IEEE WLAN specifications and the internet protocol network stack specified by the IETF and compares it to the OSI networking model (prior art).

2 shows an ipRAN for WLAN architecture according to the invention.

3 shows a GSM network in its improvement to support GPRS and WLAN according to the present invention.

4 shows a user equipment required in a specific embodiment of the present invention.

5 shows messages passing between the different elements of the ipRAN for WLAN and the GSM / GPRS core network for the authentication of a customer.

6 shows a preferred embodiment of the packet formats in the RR protocol between a radio link manager and a radio access controller.

DESCRIPTION SPECIFIC EMBODIMENTS THE INVENTION

The present invention is a method and apparatus for connecting a Wireless Local Area Network Radio Access Network (WLAN RAN) to a cellular GSM telephone system enhanced by GPRS capabilities. To provide the GPRS capabilities, the GSM network must have both a Serving GPRS Support Node (SGSN) 304 as well as a gateway GPRS support node (Gateway GPRS Support Node (GGSN)) 326 according to 3 to be added.

To understand the improvements presented by the present invention, it will be helpful to first identify the elements known in the art. The default network elements in GSM / GPRS are on the left side of the 3 shown. Before a GPRS upgrade, the cellular system or cellular system supports voice calls made by a base station controller (BSC) 303 to a Mobile Switching Center (MSC) 327 and from there into the public switched telephone network (PSTN). 329 , For GPRS supporting data, the data connections are from the BSC 303 to the SGSN 304 then to a GGSN 326 and from there to a packet data network (PDN) 306 , The signal path for GPRS is physically the same as for voice calls. GPRS uses other protocols on all connections. Conventional operation is supported by a user device 301 a GPRS radio connection 313 and sends packets to a base station (Basestation Transmitter Server (BTS)) 302 , The BTS 302 routes the packets via a direct connection 14 to one of the BSCs 303 continue using the frame transfer or another protocol. The BTS 302 and the BSC 303 also handle voice calls and all the additional complexity required for such traffic. However, data packets are always via the direct connection 315 to a SGSN 304 directed. The SGSN 304 then routes the data packets over the network connection 317 to the GGSN 326 typically using GTP over Internet protocols. The SGSN 304 Also performs control and recording of the quality of service (QOS) of the data pact connection and the number of packets and duration of the connection as defined in the GPRS protocols. The SGSN 304 sends this information via a direct connection 316 to a billing gateway function (Charging Gateway Function) 305 to allow billing of users according to the quality of service (QOS). The SGSN 304 also transmits the authentication protocol from a Subscriber Identity Module (SIM) 417 ( 4 ) within the User Equipment (UE) 301 to a home location register (HLR) 311 over a network 324 System 7 Signaling (SS7) type using the Mobile Application Part (MAP) protocol. The GGSN 326 transmits the data packets over the network 319 to a public data network (PDN) 306 typically the Internet, typically using the internet protocol.

According to the invention and now with reference to the right side of 3 becomes the UE supporting the WLAN 309 if necessary sent to the PDN 306 Posted. The data packet is transmitted via a WLAN radio link 322 from the UE 309 to a wireless access point (AP) 308 Posted. The AP 308 Forwards the package to a Radio Link Manager (RLM) 307 over the bridged network 321 typically Ethernet, but possibly over DSL, fiber or other suitable physical medium. The RLM 307 directs the data packet over the network 320 typically using GTP over the Internet Protocol (GTP / IP), to the GGSN 326 further. The GGSN 326 then routes the data packets over the network connection 319 to the packet data network 306 further, typically using the internet protocol. In the invention described herein, the network elements for providing the interworking functions for the WLAN separate the data packets and control packets of the protocol from the UE 308 at the RLM 307 in the various network elements only in the required manner. The authentication packets become the radio access controller (RAC) 310 over the network connection 325 typically transmitted using the RLM to RAC protocol (RLM to RAC protocol (RR)) over the internet protocol. The RAC 310 routes the authentication packets to the HLR 311 over the SS7 network 323 continue using MAP. The authentication protocol works based on the WLAN supporting UE 309 using their SIM card through the multi-client software. In GPRS or in WLAN the GGSN sends 326 Billing data via the direct connection 318 to the billing gateway feature 305 , The billing gateway feature records the total connection time and amount of through the UE 309 or 301 to the PDN 306 sent data packets.

In the case of WLAN, there is no QOS on the radio link 322 , in contrast to the case of GPRS, where the BTS 302 QOS over the radio connection 313 can provide. In GPRS this information is recorded and via the direct connection 316 from the SGSN 304 to the billing gateway feature 305 Posted. In the WLAN case, this information is not needed and can therefore be ignored.

To the core network elements of the GSM, the GGSN 326 and the billing gateway feature 305 The WLAN connection now emulates a GPRS connection. The RLM 307 emulates the SGSN 304 for the connection to the GGSN 326 , The RAC 310 emulates the SGSN 304 for the connection to the HLR 311 while the connection from the SGSN 304 to the billing gateway feature for WLAN is not needed because there are no QOS capabilities in the wireless LAN connection. In this way, the provision of the WLAN service for a particular user into the HLR 311 are entered in the same way as the GPRS service of the user is entered. Billing can also be done at the billing gateway feature 305 be carried out in exactly the same way. Thus, the WLAN RAN can be used by the RLM 307 and the RAC 310 provided interworking functions are connected to a GSM / GPRS core network without modifications of the core network or any procedures used to handle and provide services on the core network.

Referring to 2 A specific embodiment of the hardware elements implementing the invention is shown. Other embodiments may be apparent to those skilled in the art Networking are obvious and are not excluded by the present description. The intrworking elements between the WLAN and the GSM / GPRS core network include an MLC (Muli Link Client), which is one in the client hardware 201 software is an RLM (Radio Link Manager) 206 , which is the control and control point for authentication and data flow, and the RAC (Radio Access Controller) 207 , which represents the interworking element for authentication and deployment.

The User Equipment (UE) is a computing device with a WLAN radio such as, but not limited to, a Personal Data Assistant (PDA). 202 , a cellular phone or cellphone 203 or a laptop 204 , One through in the computing devices 202 . 203 or 204 embedded wireless radio used wireless connection 218 can be based on the IEEE 802.11b specification, or on any other wireless connection using the access point (AP) 204 can be translated to a bridged network. Examples of other wireless connection protocols and radios that may be used are the IEEE 802.11a or 802.11g specifications, the HIPERLAN specifications, or some other wireless connection to be determined. In the preferred embodiment, the only requirement is that the AP 204 supports the bypass protocol specification IEEE 802.1d. This protocol can be done using the physical layer of Ethernet on the network 214 over a bridge or a hub 205 , the packets over the network 215 to the RLM 206 forwarded, operated. The network 215 can also use ethernet, but the bridge or the hub 205 through a DSL (Digital Subscriber Line) modem 219 and a remote Digital Subscriber Line Access Manager (DSLAM) 221 , over a twisted copper wire pair 220 connected, be replaced as long as the package is on the net 215 in the same way as on the net 214 appears and as long as the bridge protocol specification IEEE 802.1d between both physical network connections 214 and 215 is fulfilled, so that both with respect to the RLMs 206 appear as a bridged network. Other methods for connecting the APs 204 with the RLMs 206 should be apparent to those skilled in the art of networking. It is also obvious to a person skilled in the networking field that the number of APs 204 in the networks 215 is not fixed, any number can be used for redundancy and capacity.

The UE 201 . 202 or 203 is in 4 shown in detail. The UE 201 has a device housing 414 with a CPU (Central Processing Unit) 402 that have a connection or a bus 410 with a non-volatile memory 403 communicates where different programs in the form of software commands multiple devices 405 . 406 . 404 and 417 control and perform their functions by interpreting them by the CPU in the UE. The multiple client software is also in the nonvolatile memory 403 stored the UE. When the UE is turned on, the CPU can 402 the programs via a connection or a bus 409 into a store 401 with random access or copy the programs directly from the nonvolatile memory 403 start. The user equipment typically, but not necessarily, has an output device 404 on, such as a screen or a speaker connected via a connection 412 with the CPU 402 communicated. This output device 404 can be controlled by in the non-volatile memory 403 or random memory 401 stored programs. The device typically, but not necessarily, has an input device 405 on, such as a keyboard, a mouse, or a microphone connected to the CPU 402 over a connection 413 communicated. This input device 405 can be controlled by those in the non-volatile memory 403 or the random memory 401 stored programs. The UE device must be a WLAN radio 406 or something equivalent with the CPU 402 over a connection or a bus 411 and with an antenna 407 over a connection 408 is connected, but typically not necessarily outside of the device housing 414 , In the preferred embodiment, the device has a SIM reader 416 on that with the cpu 402 over a connection 415 connected to a SIM card 417 accept and information from the SIM card 417 can send and receive.

In a specific embodiment, this SIM card information is transmitted over a connection or a bus 415 to the CPU 402 Posted. The SIM reader 416 can in the device case 414 be embedded or may be outside of the device body 414 are located.

A suitable method is used to call and start the software program called the MLC (Multi-Link Client) in the user equipment 201 . 202 or 203 , such as, but not necessarily, by the user of the equipment accessing a pictogram (icon) on a screen (output device 404 ) using a mouse (input device 405 ) or, in an alternative embodiment, a program preinstalled on the user equipment may receive a signal from the WLAN radio 406 recognize that via the connection 411 to the CPU 402 is sent, which alerts the MLC software about the fact that the wireless LAN radio 406 to an AP 204 link up can.

In an alternative embodiment, a button (input device 405 ) or another method could be used as would be apparent to one skilled in the computer design and programming arts. As soon as it is informed that the data connection is to be started, the MLC will now attempt to contact the HLR 217 , which is part of the GSM core network, to authenticate. In the preferred embodiment of the invention, the networks should 214 and 215 over a bridge or a hub 205 bridged Ethernet networks because the multi-client software is Point-to-Point Protocol over Ethernet (PPPOE) to set up a tunnel from the UE 201 . 202 or 203 to an RLM 206 used. If another medium in the nets 214 and 215 could be used, another protocol for encapsulating the over the radio link 218 sent data packets containing the same required functionality: The capability of an RLM 206 providing a tunnel server that can terminate a tunnel starting in the MLC and the ability to send the packets across the tunnel through an AP 204 , An example of another protocol method that would be suitable for tunneling packets from the UE 201 . 202 or 203 to the RLM 206 is the Layer 2 Transport Protocol (L2TP). Yet other examples are the Generic Routing Encapsulation (GRE) Protocol, IP IP Tunneling, Mobile IP, and Metricom's Ricochet Tunnel Protocol, which refers to disparate mesh networks. There may be other examples that are equivalent but not foreseeable at the present time.

In this embodiment, the MLC serves in the UE 201 . 202 . 203 as an L2TP access client and the network 214 and 215 is a routable network that uses the internet protocol. In this embodiment, a group of routers replaces the bridge or hub 205 and is used to transport packets between the AP 204 and the RLM 206 , The RLM serves as an L2TP network server. The MLC is configured with the IP address of the RLM 206 , In an alternative embodiment, the MLC uses a standard Domain Name Service (DNS) request to find the RLM 206 , This request provides the required functionality; she finds the RLM 206 and allows tunneling of packets from the UE 201 . 202 or 203 to the RLM 206 , Others for tunneling packets from the UE 201 . 202 . 203 to the RLM 206 Methods used will be apparent to those skilled in the art of networking. The architecture does not limit the user to just one or two RLMs 206 per network, but allows any number of RLM 206 as required for redundancy and capacity.

In a specific embodiment using the IEEE 802.11 protocols, the AP is used 204 as a bridge, to forward all data packets on the radio link 218 on the bridged network 214 and for forwarding all data packets from the bridged network 214 to the correct UE 201 . 202 or 203 , The wireless radio 406 in the user equipment 201 . 202 or 203 sends packets over the connection 408 to the antenna 407 over the radio connection 218 passing through the AP 204 be received. The wireless radio 406 uses the IEEE 802.11 protocol at one of the APs 204 to dock. Once the wireless radio 406 to an AP 204 docked, it sets the CPU 402 about the connection 413 about this and in the non-volatile memory 403 or the memory (RAM) 401 with random access stored device driver software. The device driver software uses standard signaling via the CPU 402 and the bus 409 or 410 to notify the MLC software of the docking event. The MLC then sends out a PPPOE Active Discovery Initiation (PADI) packet to the device driver that hosts the wireless LAN radio 406 instructs this to the AP 204 to send. The AP 204 the PADI packet becomes the network 214 hand off. Since this packet is addressed to the broadcast Ethernet address on a bridged network, the packet will be on the networks 215 . 214 and radio links 218 replicated.

All RLM 206 who can accept a connection will respond to the PADI packet with a unicast PPPOE Active Discover Offer (PADO) response packet sent to the UE 201 . 202 or 203 is addressed. THE PADO package is provided by the UE 201 . 202 or 203 received and forwarded to the MLC. The MLC has with the device driver of the wireless radio 406 a registry performed to receive copies of all of these packet types. The PADO packets contain the IEEE MAC address of the RLM 206 , In this way, the MLC can address the RLM 206 to capture. The MLC now uses this address over the bridged networks 214 and 215 and radio connection 218 a PPPOE tunnel between itself and its chosen RLM 206 to set up. The MLC uses the PPP encapsulated in the PPPOE protocol to negotiate a PPP connection with the RLM 206 using the source address of the PADO packet.

According to the invention, the MLC and the RLM use 206 an extensible authentication pro tokoll, such as PPP or 802.1X, to pass on the authentication of the SIM card 411 required information to the HLR 208 , and also to authenticate the RLM 206 opposite the MLC. Once authentication is complete, information is provided in the form of individual keys by the HLR 208 for the RLM 206 and through the SIM card 417 provided for the MLC to allow it to establish a secure connection between the two devices. Each package comes with only the RLM 206 and MLC known individual key encrypted. The MLC then serves as an access protection system (firewall) for the UE 201 . 202 or 203 and drops all packets except those correctly encrypted with the individual key. This prevents the UE 201 . 202 or 203 an AP 204 , another part of the user equipment 201 . 202 or 203 , the bridge 205 or any other core network elements of the GSM system, except via the RLM 206 that encapsulates the packets and the packets over the core network to the GGSN 212 forwarding only the packets to the PDN 210 , the Internet, forwards, eliminating all core network elements from any attack by UE 201 . 202 or 203 are protected. In addition, there is no method for any other UE 201 . 202 or 203 or any other device, such as the hub or bridge 205 for injecting packets received by the UE, since the MLC all packets that are not from the PPPOE tunnel of the RLM 206 come down, thereby preventing them from arbitrary attacks from arbitrary to the core network connection 212 or the bridged network 214 and 215 or the radio connection 218 secured devices, a secure public packet forwarding for the UE 201 . 202 or 203 and the customer is aware of any concern or misuse of the UE 201 . 202 or 203 is free.

Referring to the packet flowchart in FIG 5 Messages between the various network elements in the WLAN RAN and the GSM / GPRS core network for the authentication of the customer's SIM card in the UE 520 opposite the HLR 523 passed. These messages carry out an authorization that the customer can use the WLAN, and start the billing and contain the necessary setup messages for the construction of an end-to-end tunnel from the UE 520 to the RLM 521 and from the RLM 521 to the GGSN 524 where the traffic is received and sent. As described above, the UE finds 520 the RLM 521 using PPPOE discovery packets and encapsulates PPP packets in this protocol to pass them between the UE 520 and the RLM 521 to transport. 5 shows a packet communication between the separate network elements: the UE 520 , the RLM 521 , the RAC 522 , the HLR 523 and the GGSN 524 , Time is progressing from top to bottom. Each packet or message is marked by a separate number, with an arrow-line terminating from the network element forming the origin of the packet at the network element receiving the packet.

5 also shows the order of the packages. Previously sent packets are closer to the top of the chart. 5 also shows the names of the chosen protocols that exist between the UE 520 and the RLM 521 used for informational purposes only. In a specific embodiment, the devices use PPP to send the packets in the backward and forward directions and to negotiate the authentication and other network configuration required by the UE 520 a fully participating network element in the GGSN 524 coupled packet data network.

Between the UE 520 and the RLM 521 Several subprotocols of the PPP can be used. These protocols include the Link Control Protcol (LCP), the Challenge Authentication Protocol (CHAP), and the IP Control Protocol (IPCP). Other protocols, such as 802.1X, can also be used. The packets or messages in each log are grouped for information purposes, with marks on the left side of the chart running in a downward direction.

In a specific embodiment, the MLC uses in the UE 520 PPP for negotiating the LCP configuration option type 0x20, where length 18 includes the International Mobile Subscriber Identifier (IMSI) and the LCP configuration option type 0x21 having a length of 18 bytes for the nonce, a pseudorandom number having a length of 16 Byte that changes as unpredictably as possible at any moment by sending the PPP LCP configuration option packet 501 to the RLM 521 ,

Another method of providing this information is to use merchant-specific LCP configuration methods and fields. The RLM 521 receives the LCP options and remembers the nonce (a random number used for the challenge) for later use. He then leads the IMSI to the RAC 522 in the dock request packet 502 of the RAC-to-RLM (RR) protocol as described in Table 2.

The RR protocol according to 6 and Table 1 shows a specific embodiment 8-bit version number followed by an 8-bit message number, followed by a 16-bit length in bytes of the next message payload, followed by 32-bit identification of the UE 520 as by the RLM 521 has been assigned and made up of 20 bits of individual identification of the RLM 521 and 12 bits by the RLM 521 assigned individual identification for the UE 520 exists, followed by the message payload itself.

Tabelle 1

Table 1

The message number in the RR protocol is listed in Table 1 for each of the messages between the RAC and the RLM. The payloads of the dock request packet 502 for the RR protocol between the RAC and RLM are described in Table 2.

Tabelle 2

Table 2

In a process according to the invention, the RAC initiates 522 the docking request to the HLR 523 and all communications use the MAP protocol over an SS7 network. The HLR 523 indicates the request with either a docking rejection 516a for example, if the customer has not paid his bill or the customer's mobile operator has not signed a roaming agreement with the network operator; or request the SIM card to contact itself by sending an authentication request packet 516 authenticating the Kc, a key generated by secret secret parameters known only to the HLR and the SIM card, using the A8-type GSM authentication protocol and one or more RANDs, a 64-bit random number, and the signed response (SRES ), which can be authenticated using the A5-type authentication protocol, thereby proving that the HLR knows the secret shared with the SIM card and is used to provide authentication of the SIM card to the operator's network. The RAC 521 routes the information in the authentication request packet 516 further using the authentication request packet 503 the RR protocol between the RAC and the RLM with the payload described in Table 3, typically via the Internet Protocol.

Tabelle 3

Table 3

As an alternative, the RAC heads 521 the information in the docking rejection packet 516a using the authentication rejection packet 503a of the RR protocol, as described in Tables 4 and 5, typically over the Internet Protocol to the RLM 521 ,

Tabelle 4

Table 4

Tabelle 5

Table 5

Table 5 shows reasons for the rejection of the dock request and a field value to be placed in the rejection packet of the request reject packet. If the RLM is the authentication request 503 receives, it passes the PPP LCP acceptance message 504 to the UE 520 which allows the PPP client to continue its state machine and respond to authentication requests. If the RLM 521 the authentication reject message 503a receives, it forwards the PPP LCP rejection message 504a to the UE 520 which then ends the PPP negotiation.

After sending the PPP LCP acceptance message 504 to the UE 520 , initiates the PPP state machine on the RLM 521 a CHAP session by sending a prompt packet 505 in the preferred embodiment using the LCP configuration option of type 3, authentication protocol value 0xc223 for CHAP. For the Algorithm field, we use the value 0x88 for SIM-based authentication to assign our algorithm described below. While the CHAP exchange exist in the package 505 from the RLM 521 to the UE 520 sent request field data from two 16-byte random numbers and the MAC RAND, which is a signed version of the two random numbers in combination with the Nonce, the two Kcs, the IMSI, and the two SRESs using the shah-1 algorithm, a hashing algorithm. Other hash algorithms such as se MD-5 can also be used. A Kc can through the MLC in the UE 520 from everyone in the message 503 to the RLM 521 and to the UE 520 in the CHAP prompt message 505 forwarded RAND by sending each RAND to the SIM card 417 and gain a Kc as the response generated by the GSM algorithm A8. Using these generated keys, Kc, the UE 520 verify that the information in the message 505 was correctly signed; if this is successful, this indicates the UE 520 after that the RLM 521 with the HLR 523 could speak and knew the Kc, which authentifies that the RLM 521 is a legitimate interworking box for the customer's operator. The MLC in the UE 520 responds with the CHAP response message 506 containing the MRC SRES, which is the signed version of the two SRESs, the two Kcs, the Nonce, and the one in the message 503 to the RLM 521 IMSI sent using the shah-1 algorithm. The UE 520 generates each SRES from yours in the message 505 sent RAND which has been forwarded from the value in the RAND field of the authentication request packet 503 at the same time, putting the Kcs from the SIM card 417 has generated. If the RLM 521 the MAC SRES receives, it verifies that the MAC SRES through the UE 520 was correctly signed, which verifies that the UE 520 the correct SIM card 417 owns, so the UE 520 the customer to the RLM 521 is authenticated or proven to be the UE 502 could not authenticate itself by recognizing that the MAC SRES was not properly signed. The RLM 521 then forwards this authentication fact with an authentication response packet 507 to the RAC 522 whose payload is shown in Table 6.

Tabelle 6

Table 6

The RAC 522 then answer the RLM 521 with a dock accept message 508 , which indicates that he has understood the authentication fact. Assuming the authentication was successful, the RLM sends 521 a PDP context activation message 509 to the GGSN 524 via the GTP control protocol to inform the GGSN that a GTP tunnel for the UE 520 should be established so that the UE 520 can connect to the packet data network. The RLM 521 then sends a CHAP success message 510 to the UE 520 to verify that the authentication was correct or a CHAP failure message 510a if the authentication was unsuccessful. The RLM 521 then sends a docking completion message 511 to the RAC 522 so that he can terminate his state machine and the parameters of the coupling of the UE to be used in the future for the handover 520 can save. If the GGSN 524 has completed the activation of the GTP tunnel, it sends a PDP context response message 512 to the RLM 521 which then returns the IP allocation information in the message 513 to the UE 520 including sending IP packets to the PDN 306 through the UE 520 required information. The RLM 521 forwards a communication on the successful establishment of the GTP tunnel at the RAC 522 continue to the RAC 522 the updating of its state machine and the storage of the parameters of the tunnel of the UE to be used in the future for reposting 520 to enable.

table 7 describes the payload of the dock accepting packet.

Tabelle 7

Table 7

Table 8 shows a payload description of the docking termination packet 511 ,

Tabelle 8

Table 8

The UE 520 has been successfully authenticated by the GSM / GPRS core network by this procedure and has a pair of tunnels set up for it, the first using PPPOE between the MLC and the UE 520 and the RLM 521 veräuft; the second using GTP between the RLM 521 and the GGSN 524 runs. The PPPOE tunnel uses a default encryption based on AES with the individual common keys based on Kc, the instant, and the IMSI, which is guaranteed by the UE 520 sent packets can not be faked by a third party of any network and that the packets are personal and not by third parties on the path from the UE 520 to the RLM 521 can be spied on. The RLM 521 withdraws from the UE 520 IP packets received on the PPPOE tunnel that have been successfully decoded and placed in the GTP tunnel to the GGSN 524 , The GGSN 524 takes these packets and sends them to the PDN 306 , To the UE 520 addressed data packets are sent by the GGSN 524 receive a public route to the UE for connection to the packet data network of the Internet 520 assigned IP address. The GGSN 524 Place these packets in the GTP tunnel and send them to the RLM 521 , The RLM 521 takes these packets, encrypts them and forwards them to the UE via the PPPOE tunnel 520 further. The MLC in the UE 520 extracts the received packets via the PPPOE tunnel and passes them, after their successful decryption on the stack, to other processes in the UE 520 whereby a packet data network connection, typically an internet connection, to the UE 520 provided. In this way, the preferred embodiment of the invention provides secure and authenticated access to packet data networks over an unmodified GSM / GPRS core network of an operator for a UE 520 provided only a wireless LAN radio 416 and a SIM card reader 416 and a SIM card 417 having.

The The invention has been described with reference to specific embodiments explained. Other embodiments are for the Fachmach apparent. The invention should therefore not be limited except as indicated in the appended claims.

Claims (13)

Method for authenticating a WLAN radio user device in a wireless local area network radio access network (WLAN RAN) using supporting a GSM protocol Core network, with: Connecting a radio access controller (RAC), a wireless connection manager (RLM), and a wireless LAN access point (WLAN AP) with a home location register (HLR) of the core network; Set up a communication of the WLAN radio user device with the WLAN AP and the RLM; Authenticating the user device with Skills a Multi-Connection Client (MLC) to the HLR; and then link up the user device to the core network system by: Connect a first data link tunnel from the MLC to the RLM. The method of claim 1, wherein the authentication step further contains subsequently connecting a second data link tunnel from the RLM to the GGSN packet gateway for a global packet data network. The method of claim 1, wherein the authentication step further contains subsequently connecting a second data link tunnel from the RLM to an Internet gateway with tunnel capabilities and address assignment capabilities as part of a global packet data network. The method of claim 3, wherein the internet gateway a layer 2 transport protocol is used. A method of connecting a wireless local area network radio access network (WLAN RAN) supporting a GPRS packet protocol GSM core network, with: Connect a radio access controller (RAC), a radio link manager (RLM) and a WLAN access point (WLAN AP) with a GPRS gateway control node (GGSN) and a home location register (HLR) of the core network; Set up a communication of a WLAN radio user device with the WLAN AP; Authenticating the user device with capabilities a multi-connection client (MLC) to the HLR; and then link up the user device to the core network system by: Connect a first data link tunnel from the MLC to the RLM. The method of claim 5, wherein the authentication step further includes subsequent ver bind a second data link tunnel from the RLM to the GGSN packet gateway for a global packet data network. The method of claim 5, wherein the authentication step further contains subsequently connecting a second data link tunnel from the RLM to an Internet gateway with tunnel capabilities and address assignment capabilities as part of a global packet data network. The method of claim 7, wherein the internet gateway a layer 2 transport protocol is used. Method for mutual authentication of a User equipment and a GSM core network via a wireless local network radio access network (WLAN RAN), wherein the GSM core network supports GPRS packet protocols, wherein the method comprises: Initiate a wireless dock request from the user device; Sending an identification number (IMSI) and a user-specific fresh random number (Nonce) over a wireless connection to a radio link manager; after that Form a conventional one Docking request using IMSI and nonce; after that carry the conventional one Coupling request to a home location register; Create a usual Authentication request to the home location register using a 1) common key the user equipment, 2) the IMSI and 3) the nonce, the conventional authentication requirement a conventional one contains digital signature as an element; after that Carrying the usual Authentication request to the wireless connection manager; after that Form a first secure digital signature of the conventional Authentication request to the wireless connection manager at Using the nonce and all elements of the traditional authentication requirement, after that carry the first secure digital signature with a modified conventional one Authentication request from which the conventional digital signature is removed was, to the user device; Construction of a candidate duplicate the conventional one digital signature from the modified authentication request at the user equipment using the shared key, the IMSI and the Nonce; Verifying candidate duplicate and the modified conventional Authentication request to the user device using 1) the first digital signature, 2) the candidate duplicate and 3) of the modified conventional Authentication request to the radio link manager to the user equipment to authenticate; after that Construct a second digital Signature from the verified duplicate of the conventional digital signature at the user equipment using the shared key, the IMSI, and the nonce and the verified modified conventional Authentication request; and then Reports the second secure digital signature to the wireless connection manager to the Authentication of the User Equipment to the Radio Link Manager to verify. The method of claim 1, wherein the authenticating step comprises: initiating a wireless attachment request from the user device; Sending an identification number (IMSI) and a fresh random number (Nonce) associated with the user from the user equipment via a wireless connection to a radio link manager; then forming a conventional docking request; thereafter conveying the conventional dock request to a home location register using the IMSI and the nonce; Generating a conventional authentication request at the home location register using a 1) shared key of the user equipment, 2) the IMSI and 3) the nonce, the conventional authentication request containing a conventional digital signature as an element; afterward, conveying the conventional authentication request to the wireless connection manager; thereafter forming a first secure digital signature of the conventional authentication request at the wireless connection manager using the nonce, and all elements of the conventional authentication request; thereafter, conveying the first secure digital signature and a modified conventional authentication request from which the conventional digital signature has been removed to the user device; Constructing a candidate duplicate of the conventional digital signature from the modified conventional authentication request at the user equipment using the common key, the IMSI and the nonce; Verifying the candidate duplicate and the modified conventional authentication request the user device using 1) the first secure digital signature, 2) the candidate duplicate, and 3) the modified conventional authentication request to authenticate the wireless connection manager to the user device; then constructing a second secure digital signature from the verified duplicate of the conventional digital signature at the user device using the shared key and the verified modified conventional authentication request; and thereafter reporting the second secure digital signature to the wireless connection manager to verify the authentication of the user equipment to the wireless connection manager. The method of claim 1, further comprising the step of using a common key, the shared by the user equipment and the HLR for setup of the first data link tunnel as a secure data link tunnel. A system for connecting a wireless local area network radio access network (WLAN RAN) supporting a GPRS packet protocol GSM core network with: one Radio access controller (RAC); a Radio Link Manager (RLM); one WLAN access point (WLAN AP); a GPRS gateway operating node (GGSN); a home location register (HLR) of the core network; at least a WLAN radio user device for communicating with the WLAN AP; means for authenticating the user equipment across from the HLR, where the user equipment capabilities of a multi-client (MLC); a device for coupling the user device to the core network system using a first data link tunnel from the MLC to the RLM and a second data link tunnel from the RLM to the GGSN packet gateway for a global packet data network. A system for connecting a wireless local area network radio access network (WLAN RAN) with a GSM core network with: a radio access controller (RAC); a Radio Link Manager (RLM); a Wi-Fi access point (WLAN AP); an Internet Gateway node; a home register (HLR) of the core network; at least one WLAN radio user device for communicating with the WLAN AP; a device for authentication the user device opposite the HLR, where the user equipment capabilities of a multi-client (MLC); a device for coupling the user device to the core network system using a first data link tunnel from the MLC to the RLM and a second data link tunnel from the RLM to the Internet gateway node for a global packet data network.