1. Field
The present disclosure relates in general to communication systems and methods for controlling access thereto. More particularly, the present invention relates to systems and methods for controlling remote access to wireless communication networks (or other environments) to ensure that remote users and their identifiable circumstances are appropriate for network access.
2. Background
Wireless communication networks allow users to perform a variety of operations with a degree of mobility not afforded by traditional wired communication networks. In addition to allowing mobile users to conduct telephone calls and other communications with cellular telephones and various personal communication devices, wireless networks are also being used to exchange information in high-order human recognizable form, and in forms recognizable by computers and computerized devices.
As improved wireless communication infrastructures continue to proliferate, along with newer high-speed wireless communication protocols such as the “Wi-Fi” IEEE Standard 802.11 (which allows high-speed data transfer in public wireless networks), data transmission using wireless communication networks will continue to expand significantly.
Controlling access to wireless communication networks is a concern of network managers, as well as customers who wish to allow control access to restricted or confidential information. The general approach to authenticating users who seek access to secure information is to have them demonstrate knowledge of a secret that only authorized users are expected to know. The typical method of demonstrating knowledge of the secret is to have an aspiring user enter a string of alphanumeric characters (a security code) in the form of passwords, digital combinations, personal identification numbers (PINs), cryptographic keys, and the like.
When the latter approach is used, large central databases must sometimes be maintained to keep track of the access control information for all authorized users who may attempt to access the system. Users may object to the loss of privacy in surrendering personal information, and may also be wary that their access code or other access information can be illegally obtained by “hackers,” or even improperly revealed by the network operator to third parties. Network managers may also be wary of this approach for similar reasons, along with possible legal exposure if adequate security precautions are later deemed to have been absent when personal information is improperly obtained by third parties. Further, maintaining central user access databases can be expensive and time-consuming for both the network administrator and large organization subscribers needing to provide access to a large number of users, since the identify of the users and even their access information can frequently change.
One alternative approach is to require users to use integrated circuit cards (“smart cards”) to access restricted information. Now well known in the electronic arts, smart cards are devices similar to credit cards in appearance and size, but which have embedded integrated circuits. The integrated circuits can vary in complexity from a few non-volatile memory locations to a complete computer system. The smart card can be connected to the communication network via a smart card interface, the functions of which are known in the art. The smart card can store the proper authorization code in memory, requiring the user to do nothing more than properly insert it into the smart card interface. More sophisticated systems can require the user to input an authorization code that must match the stored code before access to restricted systems or information will be granted. The smart card can also serve as the intermediary between the network access device and the mobile receiver, passing along only the information that the user of the smart card is authorized to use, and rejecting other information.
The prior art includes a number of patents and other references using smart cards to control access to communication networks. These include the following, each of which is incorporated by reference herein:
M. Blaze, “High-Bandwidth Encryption with Low-Bandwidth Smartcards.” Jan. 18, 1996. Cambridge Workshop on Fast Software Encryption, February 1996;
Nokia, PCMCIA WiFi (802.11b) Card with SIM Card Reader: C110/C111;
U.S. Pat. No. 6,247,060: Passing a Communication Control Block from Host to a Local Device such that a Message is Processed on the Device;
U.S. Pat. No. 6,240,513: Network Security Device;
U.S. Pat. No. 6,226,680: Intelligent Network Interface System Method for Protocol Processing;
U.S. Pat. No. 6,154,544: Rolling Code Security System;
WO131880A1: Safe Terminal Provided with a Smart Card Reader Designed to Communicate with a Server via an Internet-Type Network;
WO124475A2: Method and Architecture for Remote Monitoring of a User Station via an Internet-Type Network and Application Thereof to a Smart Card Demonstrator;
WO0195074A2: A Method and System for Securely Displaying and Confirming Request to Perform Operation on a Host;
WO0199449A1: Filtering Data Units In A Terminal Identity Card With Additional Smart Card Reader;
Robust Header Compression (rohc) Work Group (http://www.ietf.org/html.charters/rohc-charter.html) of the Internet Engineering Task Force (IETF); and
“Low-Loss TCP/IP Header Compression for Wireless Networks.” Mikael Degermark, Mathias Engan, Bjorn Nordgren, and Stephan Pink. In ACM MobiCom, November 1996.
A growing number of entities now provide tamper-resistant smart cards to specific and identified groups of people. Examples include the American Express Blue Card, the Smart Visa Card and corporate employee identification cards. After proper activation, these cards authenticate the cardholder for digital network servers and provide authorization credentials for the use of these resources to these servers. The entities providing these cards may charge a fee for these authentication and authorization services, as is the case with the American Express Blue Card. Alternatively, the smart card may be provided as an integral part of a broader contractual relationship, such as that between an employer and an employee or between a service and a subscriber.
There are many benefits to using smart cards to control access to wireless communication networks. However, one serious drawback is that the current and foreseeable generation of smart cards do not have sufficient throughput to handle high-speed data transfers. That is, the prior art approach of directly interposing a smart card between the network access device (a transmitter) and the mobile receiver requires that the information not be transmitted at a rate higher than the maximum rate capable of being handled by the smart card.
What is therefore desirable, but previously non-existent, is a wireless communication network that can provide high-speed data transfer, even while relying upon a relatively slower smart card, without reduction of high-speed performance.