Loosely Trusted Yet Secure Roaming Architecture for Public Wireless Internet Service

The demand of providing one´s network bandwidth for another such as a business partner or a guest in a form like a so-called free wireless Internet access is rising. However, in some countries like Japan, the law concerning the responsibility of Internet service providers requires not only ISPs who operate roaming service but also anyone who provide access to the Internet to identify an illicit user when requested. Otherwise he himself may be treated as the illicit user. In this paper, we first categorize conventional roaming models and consider trust relationships in roaming. Conventional roaming models assume trust between a connectivity provider and an authenticator. Most measures are against abuse of a mobile user or a fake user as an attacker. Based on the consideration, we propose an autonomous distributed model account management architecture. With this architecture, when an illicit use occurs, every concerned party can find who do it even in the case that not only a mobile user but also a connectivity provider and/or an authenticator may do it. This is possible if a connectivity provider allows only traffics of some well known secure authentication protocols and user data which are authenticated with them to go through his network. This proposal makes it possible for a connectivity provider to provide access for a mobile user securely as easy as a free wireless access without trust with any authenticator