1. Field of the Invention
The present invention relates generally to a wireless distribution system and, in particular, to an authentication method for a multi-hop wireless distribution system.
2. Background of the Related Art
A system in networking to control what resources network devices can access is called an authentication, authorization and accounting (AAA) system. In the context of AAA systems, network devices that attempt to gain access to network resources are generally referred to as “supplicants.” Typically, system users cause supplicants to request access to particular resources. However, supplicants may also self-initiate access attempts for particular resources. These supplicants typically consist of laptops, desktop PCs, IP phones, virtual private network (VPN) clients, handheld devices, and any other device that may request access to a network resource.
AAA systems include AAA clients and AAA servers. In AAA systems, supplicants typically attempt to gain access to network resources through AAA clients. AAA clients normally reside on network elements such as network access servers (NAS), routers, switches, firewalls, virtual private network (VPN) concentrators, and wireless access points (WAPs). However, AAA clients can reside on any device that facilitates access to network resources. The supplicants attempts are sent to the AAA client, which in turn generates and issues access requests to an AAA server. Typically, AAA servers handle access requests sent by AAA clients to access network resources by maintaining a database of user profiles, querying the database against access requests to verify authenticity, determining resources authorized for use, and accounting for the use of network resources. Communication between the AAA client and AAA server is facilitated via an AAA message protocol such as a Remote Authentication Dial-In User Service (RADIUS) and a Terminal Access Controller Access Control Systems protocol (TACACS+).
FIG. 1 is a diagram illustrating a conventional AAA system, in which the base stations (BSs) 121 and 122 perform authentication procedures by exchanging messages with mobile stations (MSs) 131, 132, 133, and 134 and an AAA server 110 upon receiving access requests from the MSs 131, 132, 133, and 134. In this conventional AAA system, the authorization function is centralized to the AAA server 110 such that the BSs 121 and 122 do not involve the creation of keys for the MS 131, 132, 133, and 134.
However, the conventional AAA protocol is not appropriate for multi-hop wireless distribution system since the additional relay base stations (RBSs) are required as the number of the MSs increases. Also, the conventional AAA system has some drawbacks in that the MS should be registered to the central manager in initial registration, and the installment of the additional BS is complex since the MS should be registered to the central manager. Even in the system having no AAA server, the main BS suffers processing burden since the main BS should make the role of the central manager.