A ZERO-CONFIGURATION SECURE MOBILITY NETWORKING TECHNIQUE WITH WEB-BASE AUTHENTICATION METHOD FOR LARGE WLAN NETWORKS

摘要

A zero-configuration secure mobility networking technique for WLANs is provided, utilizing split link-layer and a Web-based authentication. The lin k- layer authentication process facilitates network-to-user authentication and generation of session-specific encryption keys for air traffic using digital certificates to prevent man-in- the-middle attacks without requiring users to have pre-configured accounts. Although any WLAN host can pass the link-layer authentication and obtain link connectivity, the WLAN only allows the host to obtain IP networking configuration parameters a nd to communicate with a Web-based authentication server prior to initiating the W eb- based authentication process that is responsible for user-to-network authenticatio n. The Web- based authentication server employs a Web page for initial authentication an d a Java applet for consequent authentications. In-the Web page, registered users can manually, or configure their Web browsers to automatically, submit their authentication credentials; new users can open accounts, make one-time payments, or refer the Web-based authentication server to other authentication servers where hey have account s. Once a user is authenticated to the WLAN, the user's mobile host obtains full IP connectivity and receives secure mobility supportfrom the WLAN. The mobile host always owns a fixed IP address as it moves from one access point to another in the WLAN. A ll wireless traffic between the mobile host and the WLAN is encrypted. Whenever the mobi le host moves to a new access point, a Java applet (or an equivalent client-side program delivered over Web) enables automatic authentication of the mobile host to t he WLAN. In addition, the ZCMN method supports dynamic load balancing between home agents. Thus, a mobile host can change home agents during active sessions.