Method of user access authorization in wireless local area network

Abstract

The present invention discloses a method of user access authorization in wireless local area networks. The method comprises: when a Wireless Local Area Network (WLAN) user terminal is accessing a WLAN operational network the WLAN operational network while authenticating this WLAN user terminal judging whether to allow this WLAN user terminal to access according to authorization conditions having an impact on the access of this WLAN user terminal if yes the WLAN operational network will determine the access rules of this WLAN user terminal according to the said authorization conditions; otherwise the WLAN operational network will notify the WLAN user terminal about the failure. By adopting the method of the present invention different users can be controlled to access the network according to different authorization conditions and be restricted by different access rules after getting accessed. As a result the access control capability of a wireless local area network is enhanced and the working efficiency of the network is improved.

SEP Database Augmented SEP Database

Explicitly Disclosed

Patent Type

Technology	Declaration Information			Specification Information				Explicitly Disclosed	Patent Type
Technology	Declaration Date	Declaration Reference	Declaring Company	Specification Number				Explicitly Disclosed	Patent Type
4G,3G	28/04/2005	ISLD-200505-003	HUAWEI	S1 TS Number: TS 123 234 Version No: Illustrative part: ---- Release: + -				No	Family Member

Specification Information

Spec Number

Version Number

Section Number

Specification Information

Spec Number

Version Number

Section Number

Technologies

2G 3G 4G 5G

Family Information

All Granted Patents In Patent Family :	----
All Pending Patents In Patent Family :	----

SEP Database Augmented SEP Database

Explicitly Disclosed

Patent Type

Publication No	Technology	Declaration Information			Specification Information	Explicitly Disclosed	Patent Type
Publication No	Technology	Declaration Date	Declaration Reference	Declaring Company	Specification Number	Explicitly Disclosed	Patent Type
CN1266891C	4G,3G	28/04/2005	ISLD-200505-003	HUAWEI	S1 TS Number: TS 123 234 Version No: ---- Section No: ---- Release : ---- + -	Yes	Basis Patent
CN1553656A	4G,3G	28/04/2005	ISLD-200505-003	HUAWEI	S1 TS Number: TS 123 234 Version No: ---- Section No: ---- Release : ---- + -	Yes	Basis Patent
WO2004109980A1	4G,3G	28/04/2005	ISLD-200505-003	HUAWEI	S1 TS Number: TS 123 234 Version No: ---- Section No: ---- Release : ---- + -	Yes	Family Member
CA2523416A1	4G,3G	28/04/2005	ISLD-200505-003	HUAWEI	S1 TS Number: TS 123 234 Version No: ---- Section No: ---- Release : ---- + -	No	Family Member
EP1633083A1	4G,3G	28/04/2005	ISLD-200505-003	HUAWEI	S1 TS Number: TS 123 234 Version No: ---- Section No: ---- Release : ---- + -	No	Family Member
EP1633083A4	4G,3G	28/04/2005	ISLD-200505-003	HUAWEI	S1 TS Number: TS 123 234 Version No: ---- Section No: ---- Release : ---- + -	No	Family Member
JP2006526917A	4G,3G	28/04/2005	ISLD-200505-003	HUAWEI	S1 TS Number: TS 123 234 Version No: ---- Section No: ---- Release : ---- + -	No	Family Member
RU2005134506A	4G,3G	28/04/2005	ISLD-200505-003	HUAWEI	S1 TS Number: TS 123 234 Version No: ---- Section No: ---- Release : ---- + -	No	Family Member
RU2316903C2	4G,3G	28/04/2005	ISLD-200505-003	HUAWEI	S1 TS Number: TS 123 234 Version No: ---- Section No: ---- Release : ---- + -	No	Family Member
US2006109826A1	4G,3G	28/04/2005	ISLD-200505-003	HUAWEI	S1 TS Number: TS 123 234 Version No: ---- Section No: ---- Release : ---- + -	No	Family Member
US2009158442A1	4G,3G	28/04/2005	ISLD-200505-003	HUAWEI	S1 TS Number: TS 123 234 Version No: ---- Section No: ---- Release : ---- + -	No	Family Member
US8077688B2	4G,3G	28/04/2005	ISLD-200505-003	HUAWEI	S1 TS Number: TS 123 234 Version No: ---- Section No: ---- Release : ---- + -	No	Family Member

Publication No	Technology	Declaration Information			Specification Information				Explicitly Disclosed	Patent Type	Status	National Phase Entries
Publication No	Technology	Declaration Date	Declaration Reference	Declaring Company	Specification Information				Explicitly Disclosed	Patent Type	Status	National Phase Entries
-----	-----	-----	-----	-----	S1 TS Number: ----- Version No: ----- Section No:----- Release:----- + -				-----	-----	-----	-----

Technologies

Non 3GPP technology

Product

Not Available

Use Cases

Not Available

Services

Not Available

Claim

1. A method of user access authorization in a wireless local area network, comprising:
when a Wireless Local Area Network (WLAN) user terminal is accessing a WLAN operational network,
an authentication procedure including authenticating the WLAN user terminal;
an authorization procedure to access the WLAN operational network before a service authorization including:
verifying whether to allow the WLAN user terminal to access the WLAN operational network according to authorization conditions, and
determining access rules of the WLAN user terminal according to the authorization conditions if the WLAN user terminal is allowed to access the WLAN operational network, wherein the access rules including a limitation rule on the access of the WLAN user terminal to the WLAN operational network, wherein the service authorization determines whether the WLAN terminal user has access to a service;

implementing restriction on the access to the WLAN operational network of the WLAN user terminal according to the access rules;
sending the determined access rules to one or more than one related entity implementing the access rules so as to implement the restriction on the access of the WLAN user terminal;
after the WLAN user terminal sends an access request to the WLAN operational network, the WLAN operational network first performing the legality authentication of the currently accessing WLAN user terminal, if the WLAN user terminal passes the legality authentication, judging whether the WLAN user terminal is allowed to access according to the authorization conditions; and
otherwise, sending the information of the access failure to the WLAN user terminal.', 'when a Wireless Local Area Network (WLAN) user terminal is accessing a WLAN operational network,', 'an authentication procedure including authenticating the WLAN user terminal;', 'an authorization procedure to access the WLAN operational network before a service authorization including:
verifying whether to allow the WLAN user terminal to access the WLAN operational network according to authorization conditions, and
determining access rules of the WLAN user terminal according to the authorization conditions if the WLAN user terminal is allowed to access the WLAN operational network, wherein the access rules including a limitation rule on the access of the WLAN user terminal to the WLAN operational network, wherein the service authorization determines whether the WLAN terminal user has access to a service;', 'verifying whether to allow the WLAN user terminal to access the WLAN operational network according to authorization conditions, and', 'determining access rules of the WLAN user terminal according to the authorization conditions if the WLAN user terminal is allowed to access the WLAN operational network, wherein the access rules including a limitation rule on the access of the WLAN user terminal to the WLAN operational network, wherein the service authorization determines whether the WLAN terminal user has access to a service;', 'implementing restriction on the access to the WLAN operational network of the WLAN user terminal according to the access rules;', 'sending the determined access rules to one or more than one related entity implementing the access rules so as to implement the restriction on the access of the WLAN user terminal;', 'after the WLAN user terminal sends an access request to the WLAN operational network, the WLAN operational network first performing the legality authentication of the currently accessing WLAN user terminal, if the WLAN user terminal passes the legality authentication, judging whether the WLAN user terminal is allowed to access according to the authorization conditions; and', 'otherwise, sending the information of the access failure to the WLAN user terminal.

2. A method according to claim 1, further comprising:
after the WLAN user terminal sends an access request to the WLAN operational network, the WLAN operational network first performing the legality authentication of the currently accessing WLAN user terminal, if the WLAN user terminal passes the authentication, judging whether the WLAN user terminal is allowed to access according to the authorization conditions; otherwise, sending the information of access failure to the WLAN user terminal.', 'after the WLAN user terminal sends an access request to the WLAN operational network, the WLAN operational network first performing the legality authentication of the currently accessing WLAN user terminal, if the WLAN user terminal passes the authentication, judging whether the WLAN user terminal is allowed to access according to the authorization conditions; otherwise, sending the information of access failure to the WLAN user terminal.

3. A method according to claim 1, wherein the said authorization conditions comprises:
conditions of user account user subscription information, operational rules, or any combination of the former.', 'conditions of user account user subscription information, operational rules, or any combination of the former.

4. A method according to claim 3, wherein the said user subscription information comprises a designation list of user accessible network services.

5. A method according to claim 1, wherein determining the said access rules are implemented by the Authentication Authorization and Accounting (AAA) server of the WLAN operational network.

6. A method according to claim 1, wherein the access rules include access scope limitation, access paths limitation, and/or time limitation.

7. A method according to claim 1, wherein the said access rule is determined as null.

8. A method according to claim 1, wherein the said related entity implementing access rules comprises AAA, WLAN Access gateway (WAG), Access Controller (AC), Access Point (AP), or a WLAN user terminal.

9. A method according to claim 8, further comprising:
after the access rules are determined, the network sending to the WLAN user terminal at the same time the information about the success of access authentication and authorization of the current WLAN user terminal as well as the access rules that the WLAN user terminal needs to be informed of.', 'after the access rules are determined, the network sending to the WLAN user terminal at the same time the information about the success of access authentication and authorization of the current WLAN user terminal as well as the access rules that the WLAN user terminal needs to be informed of

10. A method according to claim 1, wherein the said WLAN operational network is a 3rd Generation Partnership Project Wireless Local Area Network (3GPP-WLAN) interworking network or a 3rd Generation Partnership Project 2Wireless Local Area Network (3GPP2-WLAN) interworking network

11. A method for controlling an access of a subscriber in a wireless local area network, comprising:
receiving a request for accessing a wireless local area network(WLAN) operational network from a user terminal;
an access authentication procedure in response to the access request, the access authentication procedure comprising authenticating the subscriber of the user terminal; and
an access authorization procedure to the WLAN operational network upon the success of the access authentication and before a service authorization, the access authorization procedure comprising:
checking whether the subscriber is allowed to access based on an access authorization condition of the user terminal;
determining access rules being applied to the subscriber based on the access authorization condition so as to control the access of the user terminal, wherein the access rules include restrictions regarding the access of the subscriber to the WLAN operational network, wherein the service authorization determines whether the WLAN terminal user has access to a service;

implementing restriction on the access of the user terminal according to the access rules;
sending the determined access rules to one or more than one related entity implementing the access rules so as to implement the restriction on the access of the WLAN user terminal;
after the WLAN user terminal sends an access request to the WLAN operational network, the WLAN operational network first performing the legality authentication of the currently accessing WLAN user terminal, if the WLAN user terminal passes the legality authentication, judging whether the WLAN user terminal is allowed to access according to the authorization conditions; and
otherwise, sending the information of the access failure to the WLAN user terminal.', 'receiving a request for accessing a wireless local area network(WLAN) operational network from a user terminal;', 'an access authentication procedure in response to the access request, the access authentication procedure comprising authenticating the subscriber of the user terminal; and', 'an access authorization procedure to the WLAN operational network upon the success of the access authentication and before a service authorization, the access authorization procedure comprising:
checking whether the subscriber is allowed to access based on an access authorization condition of the user terminal;
determining access rules being applied to the subscriber based on the access authorization condition so as to control the access of the user terminal, wherein the access rules include restrictions regarding the access of the subscriber to the WLAN operational network, wherein the service authorization determines whether the WLAN terminal user has access to a service;', 'checking whether the subscriber is allowed to access based on an access authorization condition of the user terminal;', 'determining access rules being applied to the subscriber based on the access authorization condition so as to control the access of the user terminal, wherein the access rules include restrictions regarding the access of the subscriber to the WLAN operational network, wherein the service authorization determines whether the WLAN terminal user has access to a service;', 'implementing restriction on the access of the user terminal according to the access rules;', 'sending the determined access rules to one or more than one related entity implementing the access rules so as to implement the restriction on the access of the WLAN user terminal;', 'after the WLAN user terminal sends an access request to the WLAN operational network, the WLAN operational network first performing the legality authentication of the currently accessing WLAN user terminal, if the WLAN user terminal passes the legality authentication, judging whether the WLAN user terminal is allowed to access according to the authorization conditions; and', 'otherwise, sending the information of the access failure to the WLAN user terminal.', "12. A method of claim 11, wherein the access authorization condition comprises the subscriber's subscription information, the subscriber's account information, or operation and manage rules.", "13. A method of claim 11 further comprising:
deploying the decided access rules in one or more network entity so as to implement the restriction on the access of the subscriber, wherein the network entity comprising a AAA server in the network, a WLAN access gateway (WAG), a access controller (AC), access point (AP) or the subscriber's terminal.", "deploying the decided access rules in one or more network entity so as to implement the restriction on the access of the subscriber, wherein the network entity comprising a AAA server in the network, a WLAN access gateway (WAG), a access controller (AC), access point (AP) or the subscriber's terminal.", '14. A method of claim 11, wherein the access rules include one or more of access scope limitation, access time limitation, and access path.15. A method of claim 11 further comprising implementing the decided rules by using a scheme selected from a group consisting of IP allocation scheme, virtual local area network (VLAN) allocation, and filtering.16. A method of claim 11 further comprising a service authorization process after the access authorization procedure.17. A system in a wireless local area network (WLAN) operational network comprising:
an access authentication and authorization device capable of communicating with a user terminal and configured to implement a method comprising:
when a subscriber of the user terminal is accessing the WLAN operational network,
an access authentication procedure for authenticating the subscriber; and
an access authorization procedure before a service authorization comprising:
verifying whether the subscriber is allowed to access the WLAN operational network according to an access authorization condition of the subscriber,
deciding an access policy being applied to the user terminal according to the access authorization condition if the subscriber is allowed to access the WLAN operational network; and

implementing restriction on the access to the WLAN operational network of the user terminal according to the access policy,
wherein the access policy includes limitation on the access of the subscriber to the WLAN operational network,
wherein the access authorization procedure occurs after the success of the access authentication procedure, and
wherein the service authorization determines whether the WLAN terminal user has access to a service;
sending the determined access rules to one or more than one related entity implementing the access rules so as to implement the restriction on the access of the WLAN user terminal;
after the WLAN user terminal sends an access request to the WLAN operational network, the WLAN operational network first performing the legality authentication of the currently accessing WLAN user terminal, if the WLAN user terminal passes the legality authentication, judging whether the WLAN user terminal is allowed to access according to the authorization conditions; and
otherwise, sending the information of the access failure to the WLAN user terminal.', 'an access authentication and authorization device capable of communicating with a user terminal and configured to implement a method comprising:', 'when a subscriber of the user terminal is accessing the WLAN operational network,', 'an access authentication procedure for authenticating the subscriber; and', 'an access authorization procedure before a service authorization comprising:
verifying whether the subscriber is allowed to access the WLAN operational network according to an access authorization condition of the subscriber,
deciding an access policy being applied to the user terminal according to the access authorization condition if the subscriber is allowed to access the WLAN operational network; and', 'verifying whether the subscriber is allowed to access the WLAN operational network according to an access authorization condition of the subscriber,', 'deciding an access policy being applied to the user terminal according to the access authorization condition if the subscriber is allowed to access the WLAN operational network; and', 'implementing restriction on the access to the WLAN operational network of the user terminal according to the access policy,', 'wherein the access policy includes limitation on the access of the subscriber to the WLAN operational network,', 'wherein the access authorization procedure occurs after the success of the access authentication procedure, and', 'wherein the service authorization determines whether the WLAN terminal user has access to a service;', 'sending the determined access rules to one or more than one related entity implementing the access rules so as to implement the restriction on the access of the WLAN user terminal;', 'after the WLAN user terminal sends an access request to the WLAN operational network, the WLAN operational network first performing the legality authentication of the currently accessing WLAN user terminal, if the WLAN user terminal passes the legality authentication, judging whether the WLAN user terminal is allowed to access according to the authorization conditions; and', 'otherwise, sending the information of the access failure to the WLAN user terminal.18. A system of claim 17, wherein the access authentication and authorization device is further configured to notify at least one of an access authentication result and an access authorization result to the subscriber.19. A system of claim 17, wherein the access authentication and authorization device is further configured to send the access policy to at least one of an AAA server, a WLAG access gateway (WAG), a service authorization unit, the user terminal and a WLAN access network which is capable of implementing the access policy to implement the limitation on the access according to the access policy.

20. A system of claim 17, wherein the access authentication and authorization device is an authentication, authorization, and accounting (AAA) server in the WLAN operational network.

21. A system of claim 20, wherein the AAA server is coupled with a WLAN access network (WLAN AN) through which the WLAN directly communicates with at least one of a local intranet network and an internet associated with hot spots so as to provide at least one of a local intranet service and an internet service for the user terminal in the hot spots.

22. A system of claim 21, wherein the AAA sever is coupled with a WLAN Access Gateway (WAG) in the WLAN connecting with the WLAN AN and a 3GPP operational network, and the WLAN communicates with the 3GPP network so as to provide a 3GPP-specific service for the subscriber through the WLAN AN and in turn the WAG.

23. A system comprising:
a subscriber terminal communicable with a wireless local area network (WLAN) operational network and configured to
send a request to the WLAN operational network for accessing the WLAN operational network,
wherein the WLAN operational network is configured to perform an access authentication procedure and an access authorization procedure before a service authorization for a subscriber of the subscriber terminal upon receiving the request, and
wherein the access authorization procedure includes:
checking whether the subscriber is allowed to access the WLAN operational network according to an access authorization condition of the subscriber;
deciding access rules applied to the subscriber based on the access authorization condition, wherein the subscriber terminal is further configured to receive a response from the WLAN, and the response includes at least one of an access authentication result and an access authorization result;

implement restriction on the access of the subscriber terminal according to the access rules, wherein the service authorization determines whether the WLAN terminal user has access to a service;
implement restriction on the access of the user terminal according to the access rules;
send the determined access rules to one or more than one related entity implementing the access rules so as to implement the restriction on the access of the WLAN user terminal;
after the WLAN user terminal sends an access request to the WLAN operational network, the WLAN operational network first performing the legality authentication of the currently accessing WLAN user terminal, if the WLAN user terminal passes the legality authentication, judge whether the WLAN user terminal is allowed to access according to the authorization conditions; and
otherwise, send the information of the access failure to the WLAN user terminal.', 'a subscriber terminal communicable with a wireless local area network (WLAN) operational network and configured to', 'send a request to the WLAN operational network for accessing the WLAN operational network,', 'wherein the WLAN operational network is configured to perform an access authentication procedure and an access authorization procedure before a service authorization for a subscriber of the subscriber terminal upon receiving the request, and', 'wherein the access authorization procedure includes:
checking whether the subscriber is allowed to access the WLAN operational network according to an access authorization condition of the subscriber;
deciding access rules applied to the subscriber based on the access authorization condition, wherein the subscriber terminal is further configured to receive a response from the WLAN, and the response includes at least one of an access authentication result and an access authorization result;', 'checking whether the subscriber is allowed to access the WLAN operational network according to an access authorization condition of the subscriber;', 'deciding access rules applied to the subscriber based on the access authorization condition, wherein the subscriber terminal is further configured to receive a response from the WLAN, and the response includes at least one of an access authentication result and an access authorization result;', 'implement restriction on the access of the subscriber terminal according to the access rules, wherein the service authorization determines whether the WLAN terminal user has access to a service;', 'implement restriction on the access of the user terminal according to the access rules;', 'send the determined access rules to one or more than one related entity implementing the access rules so as to implement the restriction on the access of the WLAN user terminal;', 'after the WLAN user terminal sends an access request to the WLAN operational network, the WLAN operational network first performing the legality authentication of the currently accessing WLAN user terminal, if the WLAN user terminal passes the legality authentication, judge whether the WLAN user terminal is allowed to access according to the authorization conditions; and', 'otherwise, send the information of the access failure to the WLAN user terminal.

24. A system of claim 23, wherein the subscriber terminal is further configured to receive the access rules from the WLAN.']

Associated Portfolios

Licensor Claim Chart

Claim Chart	Technology	Creation Date	Download
Claim charts will soon be available!

Patent claim chart for sale

SUMMARY

Please Place the order to get the claim chart for the patent

ClaimChart-US7519036B2-STO

Patent number:US7519036B2

Claim Chart Type : SEP Claim Chart

Price: 200 €

Add To Cart

Note:

The information in blue was extracted from the third parties (Standard Setting Organisation, Espacenet)

The information in grey was provided by the patent holder

The information in purple was extracted from the FrandAvenue

Explicitly disclosed patent:openly and comprehensibly describes all details of the invention in the patent document.

Implicitly disclosed patent:does not explicitly state certain aspects of the invention, but still allows for these to be inferred from the information provided.

Basis patent:The core patent in a family, outlining the fundamental invention from which related patents or applications originate.

Family member:related patents or applications that share a common priority or original filing.