1. Field of Invention
This invention relates to communications systems. Specifically, the present invention relates to systems and methods for handling and supporting authentication protocols in a wireless communications network.
2. Description of the Related Art
Wireless communications are increasingly employed in a variety of demanding applications including Internet and local area network applications. Such applications demand wireless communications systems that efficiently accommodate various network protocols while affording users maximum security and privacy.
Laptops and other mobile computing devices often employ wireless phones and associated wireless communications networks to access the Internet and other data networks and application servers. Browser functionality required to access the Internet is often built into the mobile computing device, wireless phone, or other wireless computing device.
The wireless phone (Mobile Terminal (MT2)) and any accompanying electronic devices (Terminal Equipment (TE2)) are collectively called the mobile station. The interface between the wireless phone transceiver (Mobile Station Modem (MSM)) and an accompanying TE2 device is called the Rm interface. In mobile stations not employing separate TE2 devices, the communications interface between the MSM and any browser functionality built into the wireless phone is also called the Rm interface. The wireless communications interface between the wireless phone and associated wireless network infrastructure is called the Um interface.
A wireless communications system, such as a Code Division Multiple Access system (CDMA), typically includes a plurality of mobile stations (e.g. wireless phones, palmtop or laptop computers connected to wireless modems, and so on) in communication with one or more base stations or base station transceiver subsystems (BTS), also called cell sites.
A base station and/or BTS facilitates call routing among mobile stations and between mobile stations and a Mobile Switching Center (MSC). The MSC facilitates call routing between base stations or BTS""s and other communications devices that are connected to the Public Switched Telephone Network (PSTN), also called the landline network. The MSC may also facilitate call routing between base stations and/or BTS""s and the Internet via an Interworking Function (IWF). The IWF is often co-located with the MSC. The communications interface between the IWF and the MSC is called the L interface. The L interface is often designed in accordance with the IS-707 telecommunications industry standard. The IWF typically includes a router that routes calls between the IWF and the Internet via Quick Net Connect (QNC) methods.
Additional details of a wireless CDMA communications system are discussed in U.S. Pat. No. 5,103,459, entitled xe2x80x9cSYSTEM AND METHOD FOR GENERATING SIGNAL WAVEFORMS IN A CDMA CELLULAR TELEPHONE SYSTEMxe2x80x9d, assigned to the assignee of the present invention and incorporated herein by reference. BTS architecture is discussed more fully in U.S. Pat. No. 5,654,979, entitled xe2x80x9cCELL SITE DEMODULATION ARCHITECTURE FOR A SPREAD SPECTRUM MULTIPLE ACCESS COMMUNICATIONS SYSTEMxe2x80x9d, assigned to the assignee of the present invention and incorporated herein by reference.
CDMA communications systems are often built in accordance with the IS-95 telecommunications industry standard. In IS-95 systems, data is transmitted between a BTS and a mobile station in digitally encoded frames. For data services calls, the Radio Link Protocol (RLP) is used to transmit data packets inside of the IS-95 frames. RLP is, in turn, used to transmit PPP packets. PPP is the data link layer protocol that is used for IS-95 data services. PPP packets are encoded in High Level Data Link Control (HDLC) frames for transmission over the Rm Um and L interfaces. Use of PPP packets with HDLC frames is discussed more fully in Request For Comment (RFC) 1662, entitled PPP IN HDLC LIKE FRAMING, published in July 1994.
The telecommunications industry standard IS-707 details the behavior of data transmission between TE2 devices and an IWF. The IS-707 standard introduces a Network Model that specifies protocol requirements for the Rm, Um, and L interfaces. In accordance with the Network Model, one Point-to-Point Protocol (PPPR) link is established on the Rm interface between the MT2 device and associated TE2 device, while a separate PPP link (PPPU) link is established on the Um and L interfaces between the MT2 device and the IWF.
PPP provides a standard method for transporting multi-protocol datagrams over point-to-point links. PPP specifies methods for encapsulating multi-protocol datagrams and includes a Link Control Protocol (LCP) for establishing, configuring, and testing the data-link connection. PPP also includes various Network Control Protocols (NCP""s) for establishing and configuring various network-layer protocols. PPP is more fully discussed in Request For Comment (RFC) 1661, entitled THE POINT-TO-POINT PROTOCOL, published in July 1994.
When a mobile station travels between wireless communications systems or between base station coverage areas, the mobile station is handed off from the first system to the target system. If the target system is associated with a different IWF, then the Um link is renegotiated. In this case, the link between the mobile station and the first wireless communications system is eventually dropped and a new Um link is established between the mobile station and the target wireless communications system. In a network model call, Um and Rm links are isolated so that handoffs and other Um link renegotiations are transparent to the Rm link.
To provide such isolation, PPP stack on the wireless phone, i.e., MT2 device, typically unframes and reframes PPP configuration packets received over the Um and Rm links. The PPP configuration packets specify configuration options for the Rm and Um interfaces. Unfortunately, existing MT2 devices typically unnecessarily unframe, process, and reframe all PPP packets, and hence, some PPP packets are unnecessarily unframed, processed, and reframed. This may reduce data throughput over the Rm and Um links, increase MT2 device power consumption, decrease device battery life, and require additional MT2 device processing resources.
Users of wireless communications devices, such as laptops connected to wireless modems, often subscribe to one or more networks services, such as Internet access, via an Internet Service Provider (ISP). Users and associated service providers often demand secure and private communications between users and the service providers. Accordingly, wireless communications networks demand efficient systems and methods to validate, i.e., authenticate users before granting access to a data network, such as the Internet. Unfortunately, existing wireless CDMA communications networks typically lack efficient systems and methods for reliably authenticating the user of a TE2 device or the TE2 device itself.
Hence, a need exists in the art for an efficient system and method for facilitating secure and private communications between a TE2 device and a communications network. There is a further need for a system and method for efficiently authenticating TE2 devices.
The need in the art is addressed by the system for efficiently accommodating an authentication protocol in a communications system of the present invention. In the illustrative embodiment, the inventive system adapted for use with Point-to-Point Protocol (PPP) and Challenge Handshake Authentication Protocol (CHAP) in a Code Division Multiple Access (CDMA) wireless communications system. The system includes a first mechanism for establishing a first communications interface (Rm interface) between a first device (TE2 device) and a second device (MT2 device) and for establishing a second communications interface (Um interface) between the second device and a third device (BS/MSC/IWF). A second mechanism selectively relays authentication signals received by the second device between the first device and the third device. A third mechanism employs the third device and the second mechanism to authenticate the first device via the first communications link and the second communications link.
In a specific embodiment, the third mechanism further includes a fourth mechanism for selectively processing configuration signals received by the second device over the second interface. The first interface and the second interface are point-to-point protocol (PPP) interfaces. The first interface is a Um interface, and the second interface is an Rm interface.
The second mechanism includes CHAP. The communications system includes a wireless CDMA communications system. The first device includes a TE2 device and the second device includes an MT2 device. The third device includes a base station, a Base Station Transceiver Subsystem (BTS), and/or a Mobile Switching Center (MSC) in communication with an Interworking Function (IWF). The Um interface includes a wireless interface between the MT2 device and the base station, BTS, or MSC of the wireless communications system.
In a more specific embodiment, the MT2 device includes a wireless phone. The TE2 device includes a computer, such as a laptop computer. The first mechanism includes standard Point-to-Point Protocol (PPP) stacks on the third device and the first device, and modified PPP stacks on the second device. The second mechanism includes a fifth mechanism for analyzing packets received by the second device to ascertain if the packets are CHAP packets and providing a first signal in response thereto. A sixth mechanism selectively relays packets in response to the first signal. The third mechanism includes CHAP installed on the third mechanism and the first mechanism.
The novel design of the present invention is facilitated by the second mechanism, which selectively relays authentication signals and other signals not requiring IS-707 network model processing via the second device through to the first device and/or third device. This represents an unobvious alteration that yields significant advantages. Namely, the second device does not require provisioning with authentication secrets and usernames, and facilitates authenticating the first device via the third device. By avoiding provisioning the second device with shared secrets and user names, improvements in network security and efficiency are achieved as discussed more fully below. Furthermore, by avoiding unnecessary processing of CHAP on the second device, communications system throughput is enhanced and processing resources are conserved.