A wireless LAN is a flexible data communications system implemented as an extension to, or as an alternative for, a wired LAN. Using radio frequency (RF) technology, wireless LANs transmit and receive data over the air, minimizing the need for wired connections. By this means, wireless LANs combine data connectivity with user mobility. Wireless LANs have gained strong popularity in a number of vertical markets, including the health-care, retail, manufacturing, warehousing, and academia. These industries have profited from the productivity gains of using hand-held terminals and notebook computers to transmit real-time information to centralized hosts for processing. Today wireless LANs are becoming more widely recognized as a general-purpose connectivity alternative for a broad range of business customers.
Wireless LANs offer much higher access data rates than do cellular mobile networks, but provide limited coverage —typically up to 50 meters from the radio transmitter. While public networks, e.g. GSM/GPRS and WCDMA offer widespread—typically nationwide—coverage. In order to provide integrated service to the subscriber of both WLAN and public networks, the WLAN must inter-work with other WLANs or cellular mobile networks.
A few standardization groups have started the study on the WLAN and 3G network inter-working issues. In 3GPP [Non-patent document 1], a feasibility study report has been released. This document defined the scope for the inter-working, and also the usage scenarios. The inter-working scenarios are described in detail, and are divided into six stages, from the simplest “common billing and customer care” to the most sophisticated “access to 3GPP CS services.” A few requirements for the inter-working scenarios were given. Also, in a function and requirement definition document [Non-patent document 3], the detailed requirements for the functions, e.g. authentication, access control, and charging, are discussed. Some methods for the authentication are investigated. They are mainly based on the UMTS AKA, and GSM SIM solutions. No solution about the other aspects, e.g. access control, and charging, is given. These documents are not finalized yet, and there are working groups actively working on them.
A draft is available for using the AKA schemes over the EAP method [Non-patent document 4]. It enables the use of third generation mobile network authentication infrastructure in the context of wireless LAN and IEEE802.1x technologies through the EAP over wireless. The problem with it is that it requires UMTS subscriber identity module or similar software modules. This might not be available for all the mobile devices. Also, the EAP-AKA scheme would require the user's IMSI in clear-text be sent to the EAP server when the user gets first connection to it. This might leak the user's identification information to entity (a mobile user coming from other network, etc.) that is ear-dropping the mobile terminals. The scheme uses a challenge message-response mechanisms and symmetric cryptography for the authentication.
The IEEE is also working on the authentication issues for the WLAN. The IEEE802.1x [Non-patent document 5], which introduced the EAPOL, gives a solution for using EAP [Non-patent document 6] on top of the Ethernet environments. The problem with it is that it only works for the Ethernet or the FDDI/Token Ring MACs. To make it work on other technologies, some adaptations must be made. This only provides a basic way for using the EAP methods for authentication, and the actual solution still relies on the individual EAP methods deployed. Also, this work does not address any other aspects in the inter-working, e.g. access control, QoS, etc.
IETF has an AAA working group [Non-patent document 7] that focuses on the developments of requirements for authentication, authorization, and accounting for network access. They base the work on the Diameter submissions. There are other working groups also working on issues related to inter-working, e.g. SEAMOBY group [Non-patent document 8], and SIPPING group [Non-patent document 9]. But most of them are assuming IP based environments, and are not specific to the WLAN problems, and there is not a concrete solution for all the problems.
In order for the WLAN to provide service to the mobile terminal, some decisions must be made based on the subscription information of the mobile terminal. When the mobile terminal requesting for services is registered under another administrative domain than the WLAN's, this information must be obtained from the mobile terminal's home domain. But in most of the cases, the information is confidential, and is not allowed to be disclosed to the WLAN due to the lack of trust relationships. Therefore, the home domain must have a way of provide crucial information for the WLAN to operate without compromising the confidentialities. Besides this, some networks would also require to provide protection of the mobile terminal's location information. Namely, the identification information of the mobile terminal should also be concealed in the message exchanges between the WLAN and mobile terminal.
The service provision in the WLAN requires certain underlying technology specific parameters. It is not feasible or sometimes impossible for the mobile terminal's home network to identify this information. Therefore, an entity in the WLAN must be able to translate the control information from the home network to local control messages.
Since the mobile terminal's subscription information is stored in its home domain, and WLAN do not have direct access to it, reports must be sent to the home domain from time to time to gain real-time monitoring and control of the service provided to the mobile terminal. These reports would generate a heavy traffic when large number of mobile terminals present. This would decrease the accuracy of the real-time control. Therefore, it is desired to have the WLAN to do some processing locally.
It is noted that, in this specifications, [Non-patent document 1] refers to 3GPP, http://www.3gpp.org, [Non-patent document 2] refers to “Feasibility study on 3GPP system to Wireless Local Area Network (WLAN) inter-working (Release 6)” 3GPP TR 22.934V1.1.0 (2002-05), http://www.3gpp.org/specs/specs.html, [Non-patent document 3] refers to “3GPP system to Wireless Local Area Network (WLAN) inter-working; Functional and architectural definition (Release 6)” 3GPP TR 23.934 V0.3.0 (2002-06), http://www.3gpp.org/specs/specs.html, [Non-patent document 4] refers to “EAP AKA Authentication”, http://www.ietf.org/internet-drafts/draft-arkko-pppext-eap-aka-03.txt, [Non-patent document 5] refers to “Standard for Local and metropolitan area networks: Port-Based Network Access Control” IEEE Std 802.1X-2001, http://www.ieee.org, [Non-patent document 6] refers to Extensible Authentication Protocol, http://www.ietf.org/html.charters/eap-charter.html, [Non-patent document 7] refers to Authentication, Authorization, and Accounting group, http://www.ietf.org/html.charters/aaa-charter.html, [Non-patent document 8] refers to SEAMOBY (Context Transfer, Handoff Candidate Discovery, and Dormant Mode Host Altering) group, http://www.ietf.org/html.charters/seamoby-charter.html, [Non-patent document 9] refers to SIPPING (Session Initiation Proposal Investigation) group, http://www.ietf.org/html.charters/sipping-charter.html, [Non-patent document 10] refers to DIAMETER, http://www.ietf.org/internet-drafts/draft-ietf-aaa-diameter-08.txt, [Non-patent document 11] refers to “Applied Cryptography” Second Edition, Bruce Schneiner, Wiley, 1996, [Non-patent document 12] refers to The DiffServ working group, http://www.ietf.org/html.charters/diffserv-charter.html, and [Non-patent document 13] refers to IP Mobility Support, RFC 3220, http://www.ietf.org/rfc/rfc 3220.txt, respectively.