| 摘要 |
<p>A method for Authentication Authorization and Accounting (AAA) in an interworking between first and second networks that do not belong in the same administrative domain, using certificate based transactions. In the method according to the invention, the second network sends a public key (310) to the first network, and a certificate (315) to a mobile device. The certificate includes information regarding the subscription level of the mobile device and is signed with a private key of the second network. Upon detection of the first network the mobile device transmits the certificate and the first network authenticates (325, 330) the certificate (315) using the public and private keys of the second network, and authorizes access to the network in response. The first network then sends a session key (340) encrypted with a public key of the mobile device. The mobile device decrypts (345) the session key with a private key and access (350) the first network using the session key. In this manner, interworking is implemented without requiring the deployment of a special interworking function to bridge between the two different types of networks.</p> |
