Method and system for authenticating a network node in a UAM-based WLAN network

摘要

A method and system for authenticating a mobile network node in a Wireless Local Area Network (WLAN), wherein the mobile network node requests access to the WLAN at an access point. Within a closed first network region, before authentication all network protocol layers up to the Layer 3 protocol layer are set up. An authenticator based on Extensible Authentication Protocol (EAP) is generated on the Web server as a captive portal and the Layer 3 protocol layer between the authenticator and the mobile network node including an EAP peer is extended bidirectionally by a defined bit sequence. In case of an access request, the Web server transmits an authentication stimulus to the mobile node by encoding an EAP message request and transmitting it in the Layer 3 protocol layer by the defined bit sequence. The mobile node decodes the EAP message request and transmits, in the Layer 3 protocol layer, by the defined bit sequence, an encoded EAP response message to the authenticator, the EAP response message includes authentication data of the mobile network node. The Web server decodes the EAP response message from the bit sequence, transmits it to an AAA server including an EAP server by an authentication inquiry. On the basis of an authentication response by the AAA Server, access is enabled to a second network region for use by the mobile network node by a Network Access Server.

主权项

1. A method of authenticating a mobile network node in a Wireless Local Area Network (WLAN), wherein, via a network interface, the mobile network node requests access to the WLAN at an access point, the method comprising:
generating an authenticator based on Extensible Authentication Protocol (EAP) on a Web server or on a network access server, a Layer 3 (L3) protocol layer between the authenticator and the mobile network node comprising an EAP peer being extended bidirectionally by a defined bit sequence containing encoded EAP messages; in case of an access request by the mobile network node, the Web server transmitting an authentication stimulus to the mobile network node by encoding an EAP message request for the L3 protocol layer and transmitting the encoded EAP message request in the L3 protocol layer by the defined bit sequence, wherein messages containing authentication data of the mobile network node are transmitted in the L3 protocol layer based on a Wireless Internet Service Provider roaming (WISPr) XML protocol scheme between the authenticator and the mobile network node, and the WISPr XML protocol scheme is extended by a reserved data block containing the coded EAP messages in a direction from the authenticator to the mobile network node including the EAP peer; the mobile network node decoding the EAP message request from the defined bit sequence and transmitting an encoded EAP response message in the L3 protocol layer by the defined bit sequence to the authenticator, the EAP response message comprising authentication data of the mobile network node; and the Web server decoding the EAP response message from the bit sequence, transmitting the authentication data of the mobile network node to an Authentication, Authorization, and Accounting (AAA) Server comprising an EAP server by an authentication request or multiple authentication challenges/requests, wherein within a closed first network region including the mobile network node, the access point, the Web server, and the authenticator, before authentication by the mobile network node, all network protocol layers up to the L3 protocol layer are set up, and messages containing authentication data of the mobile network node are transmitted in the L3 protocol layer using a Universal Access (UAM) method between the Web server as a captive portal and the mobile network node, and access is enabled to a second network region for use by the mobile network node by the network access server based on an authentication response by the AAA Server.