IP-based access networks, such as wireless local area networks using IEEE 802.11, are being deployed rapidly worldwide in homes, enterprises, and public “hotpots” (e.g., airports, hotels, café shops, train stations, gas stations, parks, and along streets and highways). Higher-speed and longer-range wireless IP access networks, such as IEEE 802.16, are emerging.
Today, users have two basic ways to gain permission to use an IP access network. The first approach requires a user to have a service subscription with an access network or service provider. Before a user is allowed to use an access network, he/she needs to use the protocols, software and access control interfaces and procedures mandated by the network or service provider to communicate his/her identity, credentials, and service requests to a policy decision point (e.g., an authentication and authorization server) in the network, which uses the user's service subscription information to authenticate the user and authorize his/her use of a particular access network. To use networks of multiple providers, a user needs to maintain a service subscription with each network provider. A service provider can establish roaming agreements with other service or network providers so that its subscribers can use other providers' networks without multiple service subscriptions. This, however, is often hard to do in public hotspot markets, where there are many network and service providers each serving a small footprint.
The second existing approach is for the network to request a user to pay for network usage when the user attempts to use the network. It does not require a user to have a service subscription. Instead, a user's attempts to use the network (e.g., user's outgoing packets) are intercepted (trapped) by the network. The network redirects the trapped traffic to an AAA (Authentication, Authorization, and Accounting) server, which may be operated by a service provider separate from the access network providers. The AAA server prompts the user to agree to pay for network usage and to provide his/her credit card information before allowing the user to use the network. Different access networks may use different protocols, software, user interfaces, and authentication procedures to control network access (e.g., Web-based approaches, IEEE 802.1x, and proprietary solutions). A user terminal has to be equipped with these different protocols and software, and the user has to deal with these different interfaces and authentication procedures, to be able to use different networks.
The typical prior art IP network access system is depicted in FIG. 1. An Access Server 101 in the visiting access network 100 being visited by a user 102 receives traffic from the user and determines whether a user's traffic should be allowed to enter the portion of the network beyond the Access Server 101. Access Servers are also commonly referred to as Network Access Servers (NAS), Access Gateways, or Access Routers.
The Access Server 101 is a critical component in supporting network access control functions such as Authentication, Authorization, and Accounting (AAA). Authentication is a process whereby a network verifies the identity of a user 102 and sometimes a user also verifies the identity of the network. Authorization is a process whereby a network determines whether a user should be allowed to use a network or a network service. Accounting is a process whereby a network collects information on the resources used by a user.
In the prior art, when a user 102 wants to use a visiting network 100, it will first need to first acquire a local IP address from the access network 100 from the access server 101. The user terminal can acquire a local IP address in any way supported by the access network 100. A common approach is to use a standard IP auto-configuration protocol such as the Dynamic Host Configuration Protocol (DHCP) defined by the IETF. It will then have to perform user authentication with that network 100.
To perform user authentication, the user will need to use the protocols required by the network to communicate his/her authentication information (e.g., user identity, credentials and his request to use the network) to the network. Such authentication information is typically sent by the user 102 to an Access Server 101 in the network. Today, different networks may use different protocols and procedures for user authentication. For example, a World-Wide Web (WWW) browser can be used as the interface for a user to enter his/her authentication information, which can then be communicated to the network using the Hypertext Transfer Protocol (HTTP) or the Secure HTTP (S-HTTP) defined by the Internet Engineering Task Force (IETF). Alternatively, a user may use a link-layer protocol below the IP layer, such as the Point-to-Point Protocol (PPP), which has authentication packets to carry the authentication information to the network. The IETF PANA Working Group is working on a standard IP-layer protocol for carrying user authentication information between the user and a control entity (e.g., an Access Server) in the network.
Upon receiving a user's authentication information, an Access Server 101 will act as an AAA client to forward the user's authentication information to local AAA servers 103. The local AAA 103 servers will authenticate the user and return all the configuration information needed for the Access Server 101 to control network access. If the local AAA servers 103 do not have sufficient information to authenticate the user, they could forward the authentication requests to AAA servers 104 in the user's home network 105. An AAA server that forwards requests to remote servers is commonly referred to as an AAA Proxy.
Signaling between AAA client and AAA server can use any AAA protocol defined by the IETF. Today, RADIUS (Remote Authentication Dial In User Service) is the most widely deployed AAA protocol for this purpose. DIAMETER is a newer protocol defined by the IETF to overcome some of the limitations of RADIUS. Both RADIUS and DIAMETER are client/server protocols. When RADIUS is used for example, the Access Server will act as the RADIUS client and the AAA servers will act as RADIUS servers.
These existing methods belong to the “caller pay” model, in which a user who initiates the network connectivity pays for the use of the network. Accordingly, access by a user to a network will require an authorization process which may vary from network to network, and is time consuming and complicated to complete. There is a need in the art for a simply model for network access in an IP environment. In the telephony realm, Toll-free telephony has been globally successful over circuit-switched Public Switched Telephone Networks (PSTN) for providing a called party pay model that obviates the need for the calling party to have their call services authenticated or authorized. However, the concept of Toll-Free IP (“TIP”) networks has not been well developed in the art. It is therefore an object of the present invention to provide for a system, method and architecture for a TIP network that obviates the need for the party initiating the communication session to follow a suite of procedures necessary to have their service request and network access authorized.