Mobile wireless devices are capable of accessing world wide web data from a wide area wireless network, e.g., a 3G or 4G/LTE network, as well as wireless local area networks (WLANs), e.g., WiFi™ networks. Mobile wireless device users may roam from the wide area wireless network to a wireless local area network, and in the opposite direction as well.
Challenges are presented when a mobile wireless device roams from the wireless wide area network to a public wireless local area network, e.g., a so-called “hot spot”. Many public wireless local area networks require some sort of authentication of the mobile wireless device and the user before permitting Internet access from the public wireless local area network. Current authentication procedures for this type of scenario have weak security and suffer from other shortcomings.
Most public WLAN deployments use web-based authentication for authorizing the mobile device user for network access when roaming from a wireless wide area network (e.g., cellular network) to a public WLAN. Web-based authentication involves a mobile device user being directed to a web page where the user enters credentials in order to be authorized for network access. Web-based authentication is considered a legacy mode, for its weak security properties, and there are efforts to replace it with IEEE 802.1x/Extensible Authentication Protocol (EAP)-based mechanisms. However, a very large percentage of the public WLAN deployments still use web-based authentication and network operators are reluctant to move away from it any time soon because of the lack of support for 802.1x/EAP support on the hundreds of millions of mobile handsets still in service, and due to the lack of client software in laptop computers running various operating systems versions. As a result, service providers are continuing to use web-based authentication support for authorizing network access.
At the same time, mobile wireless wide area network operators are now focusing on offloading users to WLAN access in order to reduce usage of the frequency band resources of the wireless wide area network. The wireless wide area network operators are building public WLANs (also known as “hotspots”) and are attempting to integrate the public WLAN to the packet core infrastructure, called the Evolved Packet Core (EPC), in the wireless wide area network. In these integrated deployments, web-authentication is a mandatory. It is therefore necessary to support web-based authentication for Evolved Packet Core (EPC)—WLAN interworking.