1. Field of the Technology
The present invention relates to network accessing techniques and, more particularly, to a method for preventing a Wireless Local Area Network (WLAN) from frequent network-selection interaction.
2. Background of the Invention
At users' demand for an increasingly high rate of wireless access, there emerges WLAN, which is able to provide high-rate wireless data access in a relatively small area. Various techniques have been used in the WLAN, among which a technical standard with more applications is IEEE 802.11b. This standard utilizes the frequency band of 2.4 GHz with a data transmission rate up to 11 Mbps. Other technical standards utilizing the same frequency band include IEEE 802.11g and the Bluetooth, wherein the data transmission rate of IEEE 802.11g is up to 54 Mbps. There are other new standards such as IEEE 802.11a and ETSI BRAN Hiperlan2 which use the frequency band of 5 GHz with the transmission rate up to 54 Mbps as well.
Although there are various standards for wireless access, most WLANs are used for transferring IP data packets. The specific WLAN access standard adopted by a wireless IP network is usually transparent to the upper-level IP. Such a network is typically configured with Access Points (AP) for implementing wireless access of WLAN User Equipment (WLAN UE), and with network controlling and connecting devices for implementing IP transmission.
Along with the rise and development of WLAN, focus of research is shifting to the inter-working of WLAN Access Network (WLAN AN) with various mobile communications networks, such as GSM, CDMA, WCDMA, TD-SCDMA, and CDMA2000. In accordance with 3GPP standards, WLAN UE may be connected with the Internet and Intranet via a WLAN AN, and also be connected with a home network or visited network of 3GPP system through a WLAN AN. To be specific, when getting accessed locally, a WLAN UE will be connected with the 3GPP home network via a WLAN AN, as shown in FIG. 2. When roaming, it will be connected with a 3GPP visited network via the WLAN AN. Some entities of the 3GPP visited network are connected with the corresponding entities of the 3GPP home network, for instance, the 3GPP Authentication Authorization Accounting (AAA) proxy in the visited network is connected with the 3GPP AAA server in the home network, and the WLAN Access Gateway (WAG) in the visited network is connected with the Packet Data Gateway (PDG) in the home network, as shown in FIG. 1. FIG. 1 and FIG. 2 are the schematic diagrams illustrating the networking architectures for a WLAN inter-working with a 3GPP system under the roaming and non-roaming circumstances, respectively.
As shown in FIG. 1 and FIG. 2, a 3GPP system primarily comprises Home Subscriber Server (HSS)/Home Location Register (HLR), 3GPP AAA server, 3GPP AAA proxy, WAG, PDG, Charging Gateway (CGw)/Charging information Collecting Function (CCF), and Online Charging System (OCS). WLAN UE, WLAN AN, and all the entities in the 3GPP system together constitute a 3GPP-WLAN inter-working network, which can be regarded as a WLAN service system. The WLAN AN and the 3GPP system are generally called the network side or the WLAN as a whole. In this service system, the 3GPP AAA server is in charge of authentication, authorization, and accounting of WLAN UE, collecting the charging information sent from the WLAN AN and transferring the information to the charging system; the PDG is in charge of user data transmission from the WLAN AN to the 3GPP network or other packet data networks; and the charging system mainly receives and records the charging information of WLAN UE transferred from the network while the OCS instructs the network to transmit online charging information periodically in accordance with the expenses of the online charged users, makes statistics and performs control.
Under the non-roaming circumstances, when a WLAN UE desires to access directly to the Internet/Intranet, the WLAN UE can access to Internet/Intranet via a WLAN AN after it accomplishes authentication with the AAA server (AS). If the WLAN UE wants to access the service of 3GPP packet switched (PS) domain as well, it may further request the service of Scenario 3 from the 3GPP home network. That is, the WLAN UE initiates a service authorization request for Scenario 3 to the AS of the 3GPP home network, which will carry out service authentication and authorization for that request; if the authentication and authorization succeeds, the AS will send an access accept message to the WLAN UE and assign a corresponding PDG for the WLAN UE. When a tunnel is established between the WLAN UE and the assigned PDG, the WLAN UE will be able to access the service of 3GPP PS domain. Meanwhile, the offline charging system and the OCS record the charging information according to the WLAN UE's occupation of the network. Under the roaming circumstances, when a WLAN UE desires to access directly to the Internet/Intranet, it will apply to the 3GPP home network through a 3GPP visited network for accessing the Internet/Intranet. If the WLAN UE also desires to request the service of Scenario 3 and access the service of the 3GPP PS domain, the WLAN UE needs to initiate a service authorization process at the 3GPP home network via the 3GPP visited network. The authorization is likewise carried out between the WLAN UE and the AS of 3GPP home network. After the authorization succeeds, the AS assigns a corresponding home PDG for the WLAN UE, then the WLAN UE will be able to access the service of 3GPP PS domain of the home network after it establishes a tunnel with the assigned PDG via the WAG of the 3GPP visited network.
As shown in FIG. 3, in a 3GPP-WLAN inter-working network, if a WLAN is connected at the same time with a plurality of 3GPP visited networks, that is, with a plurality of operating networks of mobile communications, wherein the 3GPP visited networks refer to Visited Public Land Mobile Networks (VPLMN), then it will be necessary for a WLAN UE to select a desired VPLMN to access after the WLAN UE accesses the WLAN. For instance, in China, a WLAN AN may be connected simultaneously with two operating VPLMNs, China Mobile and China Unicom. When a user of China Unicom is trying to get accessed via the WLAN, this user needs to instruct the WLAN AN to access to an operating VPLMN of China Unicom. For another instance, if a French user roams to a WLAN in China and the home network of the French user has roaming protocols with both China Mobile and China Unicom, the French user needs to select a VPLMN to access after accessing to the WLAN which is connected with both China Mobile and China Unicom.
A scheme for network selection is proposed in another patent application, which is illustrated by Steps 401˜408 in FIG. 4. When a WLAN UE accesses to the 3GPP-WLAN inter-working network through the WLAN, an access authentication is performed between the WLAN UE and the network after the WLAN UE establishes a wireless connection with the WLAN Access Network. It should be clear that, the access authentication includes the whole procedure of authentication and authorization. Moreover, the network will request the UE for User Identifier. Then, the UE delivers a response message which carries the network selection information to the WLAN Access Network, and the WLAN Access Network identifies the operating network of mobile communications that the UE is going to access according to the carried network selection information. If the network selection information can be identified, the UE will be connected to the selected network for access authentication and follow-up operations. If the UE carries no network selection information or the carried network selection information can not be identified, i.e. the indicated network is not connected with the WLAN directly, the network will issue the information of operating networks of mobile communications to the UE so as to inform the UE of the operating networks of mobile communications connected with the WLAN and make a selection by the UE. The network selection information refers to the information of the operating network of mobile communications the UE is going to access, which can be put in a separately-configured field, or in the user identifier field defined with the format of Network Access Identifier (NAI).
In the case when the information of the operating networks of mobile communications needs to be issued, if a malicious user delivers network selection information again and again which can not be identified by the WLAN Access Network, the network will have to issue the information of the operating networks of mobile communications to the UE repeatedly. Since there is much information of the operating networks of mobile communications for a UE to select, continuous and repeated transmission of such information will result in unnecessary network load and lead the network to be busi-engaged, even shut down the normal services. Moreover, it is easy for a malicious user to attack the network by means of this loophole, and since no authentication of the UE has been made at this time, it is hard to track and find out the malicious user. So far, no one has proposed a specific solution to this loophole.