| 摘要 |
<p>The invention relates to a method and system for authenticating a mobile network node (10) in a network (31), wherein the mobile network node (10) requests access to the network (31) at an access point (20). Within a closed first network region (Walled Garden 32), before authentication all network protocol layers up to the Layer 3 protocol layer (L3) are set up. An authenticator (42) based on Extensible Authentication Protocol (EAP) is generated on the Web server (23) as captive portal and the Layer 3 protocol layer between the authenticator (42) and the mobile network node (10) comprising an EAP peer (41) is extended bidirectionally by means of a defined bit sequence. In case of an access request, the Web server (23) transmits an authentication stimulus to the mobile node (10) by encoding an EAP message request and transmitting it in the Layer 3 protocol layer by means of the defined bit sequence. The mobile node (10) decodes the EAP message request and transmits, in the Layer 3 protocol layer, by means of the defined bit sequence, an encoded EAP response message to the authenticator (42), the EAP response message comprises authentication data of the mobile network node (10). The Web server (23) decodes the EAP response message from the bit sequence, transmits it to an AAA server (22) including an EAP server (43) by means of an authentication inquiry. On the basis of an authentication response by the AAA Server (22), access is enabled to a second network region (30) for use by the mobile network node (10) by means of a Network Access Server (24).</p> |
