Methods and systems for allowing access to a communications network are generally known. For example most computer networks require a user to provide at a terminal a user name and a password before access is provided to the computer network. In the computer network, an access control is present, often provided as a suitable computer program executed by a network server, which compares the user name and password with suitable authentication criteria and allows access from the terminal in case the provided user name and password meet the authentication criteria.
However, the user has to be informed which user name and password to use. For common wired computer networks, the user is typically informed in writing or orally which user name and password are assigned. This is less convenient in case the assigned password changes frequently, since this requires a lot of paper mail to be sent. Furthermore, it takes a relatively long time for the user name and password to be received by the user.
In the art, a system for controlling access to a wireless local area network (WLAN) is known, which is offered for sale under the name “Orbyte Authentication Manager” by the company ServiceFactory A.B. based in Stockholm, Sweden. This system includes an authentication server which can be accessed by a terminal to obtain a one-time password (OTP). The terminal can access the authentication server via a WLAN gateway node, over the Internet. In this respect, a WLAN gateway node is popularly known as ‘hotspot gateway’ or simply ‘hotspot’. Via the WLAN gateway node, the authentication server can obtain data from a Subscriber Identification Module (SIM) card to verify whether or not the user of the terminal is subscribed to WLAN services. In case the user is subscribed, the authentication server generates an OTP and transmits the assigned OTP to the terminal over the Internet via the WLAN gateway node, and hence over the WLAN. Thereafter, the terminal provides the OTP to a RADIUS server in order to obtain access to the WLAN. The RADIUS server compares the provided OTN with the assigned OTP to decide whether or not access is granted.
However, a disadvantage of the ‘Orbyte Authentication Manager’ is that the WLAN is used to obtain the OTP, before the terminal is actually granted access to the WLAN. Hence, the WLAN gateway, and other parts of the WLAN, are vulnerable to unauthorized access. Furthermore, to prevent unauthorized access, extensive security measures are required. This is particularly cumbersome in case the WLAN is operated by another entity than the entity which operates the network for which the SIM card is valid. Furthermore, the authentication server is accessible via the Internet which makes the authentication server susceptible to unauthorized access and therefore requires extensive security measures as well.
United States Patent Application US 2004/0233893 (Transat Technologies) discloses a system and method for transferring wireless network access passwords. In the system disclosed in said patent application, an access node for transferring and/or assigning network passwords includes a first interface for sending and receiving communications of a first type to and from a first node operating in a WLAN. The access node also includes a second interface for sending and receiving communications of a second type to and from a second node in a mobile network, such as a GSM/GPRS network. The access node can receive via the mobile network a short message service (SMS) message from a mobile device carrying the MSISDN of the mobile and can send an SMS message to the mobile device carrying an assigned OTP (one time password) for the WLAN access. The assigned OTP can than be inputted to the WLAN in order to obtain access to the WLAN.
However, a disadvantage of the system known from this prior art document is that extensive modifications have to be made to the authentication server in order to enable the authentication server to generate and receive SMS messages.
Furthermore, either modifications are required for the wireless client and the mobile to obtain the access automatically, for example to generate and transmit a short message incorporating the MSISDN of the mobile and to be able to extract the OTP from a received SMS, or the user has to input the provided OTP manually in the WLAN.
In this respect, it should be noted that SMS does not use the actual, circuit switched, GSM network, but SMS messages are transmitted via the signalling channel of the GSM network, i.e. the channel via which supervisory and control signals are transmitted from and to the mobile device. Hence, extensive modifications are required, not only to enable transmission of SMS messages, but also to process messages from the signalling channel in another manner than controlling the connection or outputting them visually at a display of a mobile telephone.
International Patent Application WO 03/088577 (Nokia) discloses a method for authenticating the user of a terminal in a wireless local area network (WLAN). In this known method, the user terminal first makes contact with the service access point (or “hotspot”) of the WLAN and only then it is checked with the user's mobile communications system whether the user has access rights. In other words, the messages exchanged between the user terminal and its home mobile communications system travel through the visited system. This requires the user terminal to already have some (limited) access before (full) access is granted. Accordingly, suitable arrangements must have been made to allow a visiting user terminal limiting access to the service point.
International Patent Application WO 01/17310 (Ericsson) discloses an authentication method in which GSM security principles are used to authenticate users who are requesting access to packet data networks. The method is initiated by a user trying to gain access to an access network. An authentication entity connected to this access network then sends an authorisation request to an authentication server. An authentication token sent to the user via the access network is sent back to the authentication server via a mobile network. Accordingly, the access network is involved in the authorisation procedure before actual (full) access is granted. This known access network therefore has to be able to distinguish between limited and full access rights.
International Patent Application WO 2006/101183 (Matsushita), published on 28 Sep. 2006, describes a system for automatic security authentication in a wireless network. A terminal has two communications units: a first unit for communicating with the access point and a second unit for communicating with a GSM or similar network. The access point is capable of issuing an identification code to be used by a terminal. In other words, the access point is involved in the exchange of information before actual access is granted, as in the other Prior Art documents mentioned above.