1. Field of the Technology
The present invention relates to network security techniques, and particularly to a Wireless Local Area Network (WLAN) access gateway and the method for ensuring the network security by utilizing the WLAN Access Gateway (WAG).
2. Background of the Invention
As users' requirements on the wireless access rate are becoming higher and higher, WLAN which is able to provide a higher wireless access rate of data in a relatively small area has emerged as the times require. WLAN involves various kinds of techniques, the most extensively used technical standard of which is IEEE 802.11b, which uses the frequency band of 2.4 GHz and the data transmission rate of which is up to 11 Mbps. Other technical standards using the same frequency band include IEEE 802.11g and Bluetooth, where the data transmission rate of IEEE 802.11g is up to 54 Mbps. Other new standards of WLAN, such as IEEE 802.11a and ETSI BRAN Hiperlan2, use the frequency band of 5 GHz, and the transmission rate of which can be up to 54 Mbps as well.
Although WLAN involves various kinds of wireless access techniques, most WLAN techniques utilize IP data packets for data transmission. The specific WLAN access technique adopted by a wireless IP network is usually transparent to the upper IP level. Such a wireless IP network is usually configured with Access Points (AP) for implementing wireless access of user equipment (UE), and with controlling and connecting devices for implementing IP data transmission.
Along with the appearance and development of WLAN, the inter-working of WLAN with various wireless mobile communication networks, such as GSM, CDMA, WCDMA, TD-SCDMA, and CDMA2000 has becoming the focus of researches. In accordance with the 3 GPP (3rd Generation Partner Project) standards, a WLAN UE is not only able to connect with Internet and Intranet via the access network of WLAN, but also able to connect with the home network and the visited network of a 3 GPP system via the WLAN access network. To be specific, when accessing locally, the WLAN UE is able to connect to the 3 GPP home network via the WLAN access network, as shown in FIG. 2; when in the roaming case, the WLAN UE is able to connect to the visited network of the 3 GPP system via the WLAN access network. And as some entities of the 3 GPP visited network are connected with some corresponding entities of the 3 GPP home network, for instance, the 3 GPP Authentication, Authorization and Accounting (AAA) Proxy in the 3 GPP visited network is connected with the 3 GPP AAA Server in the 3 GPP home network, the WAG in the 3 GPP visited network is connected with the Packet Data Gateway (PDG) in the 3 GPP home network, and etc., as shown in FIG. 1. Where, FIG. 1 and FIG. 2 respectively illustrate the architecture of the inter-working network of WLAN system and 3 GPP system under roaming and non-roaming circumstances.
As shown in FIG. 1 and FIG. 2, a 3 GPP system primarily includes Home Subscriber Server (HSS)/Home Location Register (HLR), 3 GPP AAA Server, 3 GPP AAA Proxy, WAG, PDG, Charging Gateway (CGw)/Charging information Collecting Function (CCF) and Online Charging System (OCS). WLAN UE, WLAN access network, and all the entities of the 3 GPP system together construct a 3 GPP-WLAN inter-working network, which can be used as a WLAN service system. In this service system, 3 GPP AAA Server is in charge of the authentication, authorization, and accounting of a WLAN UE, collecting the charging information sent from the WLAN access network and transferring said charging information to the charging system; the PDG is in charge of the transmission of the user's data from the WLAN access network to the 3 GPP network or other packet switching networks; and the charging system is in charge of receiving and recording the user's charging information transferred from the network, and the OCS takes charge of instructing the network to periodically transmit online charging information in accordance with the expenses of the online charged users, meanwhile making statistics and controlling the network.
At present, there is no definite restrictive rule on the WLAN UE after accessing the WLAN. As a result, whether or not the currently accessed WLAN UE has subscribed to the service based on the Packet Switched (PS) domain in the Public Land Mobile Network (PLMN), it is able to send messages via WAG to the core network of the PLMN casually. This is detrimental to an operating network, for there are lots of data that may be redundant or illegal, which will not only increase unnecessary load of the network, but also be harmful to the security management of the entire network and a proper charging. On the other hand, the network may also send to WLAN UE redundant or illegal information which the user does not need, which will bring unnecessary interference and trouble to the user as well and may even affect the security of the legal WLAN UE. So far, however, no specific solution has been put forward so as to prevent the interference and threat of illegal information to the network and the legal WLAN UE.