Presently, providers of data communications services have established wireless Local Area Networks (LANs) (“hot spots”) at publicly accessible facilities, such as rest stops, cafes, and libraries, to allow mobile communication devices to access a private data network or a public data network, such as the Internet, for a fee. Upon entering such a publicly accessible facility, the mobile communication device establishes a communication link, typically over a wireless channel, with an access point (AP) to access to the wireless LAN, and the public or private network therebeyond. Presently, for web browser based authentication, initial validation of the mobile communication device occurs through the use of the secure hypertext transfer protocol (HTTPS) executed by the browser software in the device. However, authentication of the mobile communication device is only one of several factors that affect overall security. Another factor affecting security is traffic authentication.
After successful authentication of the mobile communication device, the question remains how can the wireless LAN make sure that the traffic it receives originates from the authenticated mobile communication device and not an unauthorized sender. In practice, the mobile communication device originates IP packets (which can be further broken down to Ethernet frames) without any device identification or signature. Thus, from the perspective of the wireless LAN, incoming IP packets from an authorized sender look exactly the same as those from an unauthorized sender. Hence, the wireless LAN has no way to distinguish between traffic from an authorized mobile communication device and from a hacker who has managed to circumvent the initial authentication process.
Thus, there is need for a technique that enables a mobile communications device to securely access a wireless LAN so as to overcome the aforementioned disadvantage of the prior art.