1. Field of the invention
The present invention broadly relates to a wireless network system and a communication method using the same and, more particularly, to a wireless network system and a communication method that allows an external network device that temporarily accesses the wireless network, to easily log in and out of the wireless network.
2. Description of the Prior Art
Recently, with the development of communication and network technologies, coaxial/optical cable networks are being changed to wireless networks that use various frequency bands.
Unlike the cable network system, the wireless network system does not provide a physically fixed data transmission path. Therefore, the wireless network system is more vulnerable to security attacks than the cable network system. To safely perform wireless communication, most wireless communication protocols support encryption of the data packets that are transmitted through the network. For example, the Wi-Fi protected access pre-shared key (WPA-PSK) system used in a wireless local area network (LAN) or the wired equivalent privacy (WEP) system is used to more safely perform the wireless communication.
The WEP system was designed to provide minimum protection to wirelessly-transmitted frames. Therefore, the WEP system has security problems in that it disturbs a widespread construction of IEEE 802.11 technology. Such problems are a design defect of the WEP system.
IEEE 802.1x is based on an extensible authentication protocol (EAP), which is formally specified in RFC 2284.
FIG. 1 illustrates the procedure of creating an encryption key according to the related art. An access point 20 of FIG. 1 serves to relay messages between a station 10 and an authentication server 30.
As shown in FIG. 1, the access point 20 transmits request/identification messages to the station 10 to identify a user, in operation S11. Then, the station 10 transmits response/identification messages including user identification (e.g., MyID) to the authentication server 30, in operation S12.
Then, the station 10 and the authentication server 30, respectively, create a first random number and a second random number to prevent the messages from being reused by another party, in operations S13 and S14, and exchange the random numbers in operations S15 and S16. At this time, the random number means a numeral or character string having randomness.
Further, the authentication server 30 transmits a certificate of authentication issued from a certificate authority to the station 10 along with the second random number in operation S16.
The station 10 authenticates the certificate of authentication transmitted from the authentication server 30 using a public key of the certificate authority (i.e., the authentication server 30) in operation S17, and creates a third random number of a predetermined size (e.g., 48 bytes) in operation S18.
The station 10 creates an encryption key using the first to third random numbers in operation S19, and encrypts the encryption key using the public key of the authentication server 30 included in the authentication certificate of the authentication server 30 in operation S20. Then, the station 10 transmits the encrypted key and its authentication certificate to the authentication server 30 in operation S21.
The authentication server 30 authenticates the authentication certificate of the station 10 by decrypting the public key of the certificate authority, and then decrypts the received encryption key using its secret key in order to use the decrypted key as an encryption key, in operation S22.
Then, the station 10 and the authentication server 30 share the encryption key, and create a final encryption key using the shared encryption key, the first random number and the second random number, and perform mutual wireless communication using the final encryption key.
The aforementioned procedure of creating the encryption key enables safe wireless communication between wireless network devices having an authentication certificate issued from a separate certificate authority.
To allow a new wireless network device to temporarily access a corresponding wireless network, this new wireless network device should be provided with an authentication certificate issued by the certificate authority. The authentication certificate should have a temporary term of validity. The wireless network device having such an authentication certificate can access the wireless network only for the allowed term specified in the issued certificate of authentication.
However, the procedure of issuing the certificate of authentication from the certificate authority is performed separately from the procedure of accessing the wireless network. In other words, the wireless network device accesses the certificate authority using a system connected to the certificate authority through a cable in order to obtain the authentication certificate issued by a predetermined issuing procedure. Then, the wireless network device transmits the issued certificate of authentication to the wireless network device using a predetermined mobile storage medium such as a diskette or a smart card.
Then, the wireless network device logs onto the corresponding wireless network. To prevent the wireless network device from logging in to the wireless network without permission, the wireless network device should be provided with the authentication certificate issued by the certificate authority. Also, if the wireless network device frequently logs onto the wireless network, the procedure of issuing and discarding the authentication certificate must be repeated. This makes it more difficult for the wireless network manager to manage the network.
Korean Patent Unexamined Publication No. 2002-0051127 discloses a method of wirelessly transmitting authentication data and encryption/decryption data processed by a smart card to a cellular phone by performing local communication between the cellular phone and the smart card through a high speed wireless modem chip if authentication and encryption/decryption functions are requested by an authentication server or a user. This related art method is to ensure reliable communication by transmitting and receiving data at a high speed through the high speed wireless modem chip. However, this method is not suitable for authenticating a network device that temporarily logs onto a wireless network, or for preventing a network device from logging onto the wireless network without permission.