A ZERO-CONFIGURATION SECURE MOBILITY NETWORKING TECHNIQUE WITH WEB-BASE AUTHENTICATION METHOD FOR LARGE WLAN NETWORKS

摘要

A zero-configuration secure mobility networking technique for WLANs is provided, utilizing split link-layer and a Web-based authentication. The link- layer authentication process facilitates network-to-user authentication and generation of session-specific encryption keys for air traffic using digital certificates to prevent man-in- the-middle attacks without requiring users to have pre-configured accounts. Although any WLAN host can pass the link-layer authentication and obtain link connectivity, the WLAN only allows the host to obtain IP networking configuration parameters and to communicate with a Web-based authentication server prior to initiating the Web- based authentication process that is responsible for user-to-network authentication. The Web- based authentication server employs a Web page for initial authentication and a Java applet for consequent authentications. In-the Web page, registered users can manually, or configure their Web browsers to automatically, submit their authentication credentials; new users can open accounts, make one-time payments, or refer the Web-based authentication server to other authentication servers where hey have accounts. Once a user is authenticated to the WLAN, the user's mobile host obtains full IP connectivity and receives secure mobility support from the WLAN. The mobile host always owns a fixed IP address as it moves from one access point to another in the WLAN. All wireless traffic between the mobile host and the WLAN is encrypted. Whenever the mobile host moves to a new access point, a Java applet (or an equivalent client-side program delivered over Web) enables automatic authentication of the mobile host to the WLAN. In addition, the ZCMN method supports dynamic load balancing between home agents. Thus, a mobile host can change home agents during active sessions.