Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing – Network resources access controlling
Reexamination Certificate
2000-06-07
2004-10-12
Wiley, David (Department: 2143)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
Network resources access controlling
C709S217000, C709S218000, C370S338000
Reexamination Certificate
active
06804720
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to mobile Internet access and in particular, though not necessarily, to mobile Internet access with a mobile wireless host.
BACKGROUND TO THE INVENTION
With the increasing use of the Internet, interest has grown in the possibility of accessing the Internet using mobile hosts which are able to roam between access networks. These access networks may be networks to which the mobile hosts are connected via fixed lines or may be wireless networks to which the mobile hosts are connected using a radio interface. Examples of fixed line networks are Ethernet networks whilst examples of wireless networks are mobile telephone networks as well as wireless Local Area Networks (LANs).
A difficulty which must be overcome in order to fully implement mobile Internet access with roaming, is the need to authenticate and/or authorise a roaming host (or rather the subscriber using the mobile host) which uses a foreign network as its access network. It is generally envisaged that such a roaming host should belong to a subscriber of some other network, i.e. the subscriber's ‘home’ network, and that the foreign access network must contact this home network in order to authorise the roaming host.
One disadvantage of this proposal is that it does not enable a mobile host to access the Internet anonymously. That is to say that in order to access the Internet a roaming host must disclose its identity either to the access network or to some other home network. Another disadvantage is that a trust relationship must exist between the home network and the access network in order that the networks can confidently exchange billing information. Whilst it may be straightforward to establish a trust relationship between two telecoms operators for example, it may be more difficult where the access network is a wireless Local Area Network operated, for example, in an Internet café.
SUMMARY OF THE INVENTION
According to a first aspect of the invention there is provided a method of authorising an Internet Protocol (IP) enabled mobile host to access the Internet via an access network, the method comprising:
negotiating an IP address between the mobile host and the access network and/or other hosts attached to the access network;
sending electronic cash or other authentication message from the mobile host to a control point within the access network; and
confirming at the control point the authenticity of said electronic cash or authentication message and, providing that confirmation is made, sending an authorisation message from the control point to an IP node,
wherein the IP node blocks the transmission of IP packets between the mobile host and the Internet prior to receipt of said authorisation message and permits the passage of IP packets only after an authorisation message has been received.
Anonymous access is possible where a mobile host has access to electronic cash which can be transferred from the mobile host to the access network. Providing that sufficient electronic cash is transferred to the access network, the access network may authorise the mobile host to access the Internet without the need to refer to some other home network of the mobile host.
It will be appreciated that the present invention is applicable in particular to IPv6.
Preferably, upon receipt of the electronic cash at the control point, the control point contacts a bank, or other electronic cash provider or node of the access network, in order to authenticate and ensure the sufficiency of the received electronic cash. Providing that the bank (or cash provider or other node) returns a confirmation or authentication message to the control point, the control point is able to send the authorisation message to the IP node in order to allow the passage of IP data packets between the mobile host and the Internet.
Preferably, electronic cash payments are incorporated into IP packets sent from the mobile host to the control point. More preferably, the payments are incorporated into the option field of IP packets. Other payment related messages may also be incorporated into IP packets. These include; a price enquiry message sent from the mobile host to the control point, a price list message sent from the control point to the mobile host, and a request for further payment also sent from the control point to the mobile host.
As an alternative to the use of electronic cash, the mobile host may transmit a password or certificate to the control point. The authenticity of the password or certificate may then be checked with a foreign network operator or the like.
Preferably, said IP node provides routing functionality for IP data packets. This node may also provide for protocol conversion between the carrier protocol used by the access network, and that used by the Internet. However, where the carrier protocol of the access network is compatible with that of the Internet, no such conversion may be required. The control point and the IP node may be co-located. Electronic cash or said other authentication message may be sent to the control point via the router. The payments may be piggybacked onto IP datagrams. Payments or authorisation messages may be extracted by the router and forwarded to the control point.
Preferably, said step of negotiating an IP address is carried out in response to the sending of an IP access request from the mobile host to said IP node within the access network. Alternatively, the negotiation may be initiated by receipt of a network advertisement message broadcast by the access network.
The step of negotiating an IP address between the mobile host and the access network may comprise sending an IP address or part thereof from the IP node, or another network node, to the mobile host. In certain embodiments of the present invention, subsequent to receipt of the access request at the IP node, the IP node or other network node returns to the mobile host an IP address prefix. The remainder of the IP address may be provided or generated by the mobile host itself. This remaining part of the IP address may be an International Mobile Subscriber Identity (IMSI) code in the case where the access network is a mobile telephone network and the mobile host is a mobile telephone host or the like. Where the access network is a fixed line access network, the remaining part of the IP address may be the address of the mobile host within that network, e.g. an Ethernet address in the case of an Ethernet network.
Said other network node may be a DHCP server. The control point may be incorporated into the DHCP server, so that the e-cash payments are received by the DHCP server. The DHCP server sends open and close messages to said IP node to unblock or block the flow of IP packets to and from said IP node.
The term “negotiating” used above encompasses a step of sending a Neighbour Solicitation message from the mobile host to other hosts connected to the network. In the event that there is an IP address collision, a host may respond by sending a Neighbour Advertisement message to the mobile host.
The access network may be a wireless Local Area Network (LAN) or Wide Area Network (WAN). In this case, where the IP node returns a part of an IP address, the remainder of the address may correspond to the address of the host in the access network, e.g. an Ethernet address. Alternatively, the access network may be a mobile telecommunications network such as a GSM network or a UMTS network.
Preferably, the method of the present invention comprises temporarily allocating to the mobile host a home agent located in the access network. More preferably, this allocation exists for the duration of the Internet connection. The home agent is responsible for routing datagrams to the mobile host in the event that the mobile host roams within the access network and may also remain responsible when the mobile host roams out of the access network into a new access network.
Preferably, the method comprises informing an Internet server of the IP address allocated to the mobile host, or of an IP address of an allocated hom
Jokela Petri Aulis
Vilander Harri Tapani
Vuopionperä Raimo
Nguyen Phuoc H
Telefonaktiebolaget LM Ericsson (publ)
Wiley David
LandOfFree
Mobile internet access does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Mobile internet access, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Mobile internet access will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3316651