1. Field of the Invention
The present invention generally relates to networking and, more particularly, to broker-based interworking Authentication, Authorization and Accounting (AAA) using hierarchical certificates.
2. Background of the Invention
Typically, Authentication, Authorization and Accounting (MA) are required to access and utilize networks such as cellular networks and Wireless Local Area Networks (WLANs). In an environment in which a mobile terminal has multiple network access mechanisms, providing AAA interworking among these networks is of great importance. However, it is generally the case that the involved networks do not belong to the same administrative domain and do not share the same AAA schemes. Moreover, it is difficult for a cellular operator to establish a contract relationship with each and every wireless LAN operator and vice versa. Further, the mobile user that has signed up for interworking should not be aware of any third party involved in the interworking, i.e. they only need to maintain a single account, i.e., their own cellular account.
There are two main types of interworking between cellular networks and WLANs: tight coupling and loose coupling. In a loose coupling scenario, the WLAN and the cellular network have independent data paths but the AAA for WLAN users relies on cellular network MA functions. However, the cellular network AAA protocols (MAP/SS7) are incompatible with Internet Protocol (IP) based protocols used by WLAN users.
To address the problems of the networks not belonging to the same administrative domain and of not sharing the same AAA schemes, special interworking functions or gateways were proposed to bridge between cellular network and WLAN AAA schemes. Some of these special functions require that the cellular network Home Location Register (HLR) be adapted; however, this is not desirable for many reasons, particularly from the perspective of the cellular operators.
Conventional broker models directed to the problem of establishing contracts between each and every WLAN and cellular network operator all require that the broker deploy AAA engines that are involved in mobile user authentication in real-time; this easily creates a single point of failure. Some of these broker models also require that a mobile user create a separate account with the broker; this is quite inconvenient for the user.
Accordingly, it would be desirable and highly advantageous to have an interworking AAA scheme that overcomes the above-described problems of prior art interworking AAA schemes.