A method for controlling Internet access of a mobile device by using a communication system having a number of access points includes the steps of performing a certificate-based authentication between an authentication access point and a mobile device seeking access to the Internet; transmitting a certificate from the mobile device to the authentication access point; verifying the certificate by the authentication access point; determining whether the authenticating mobile device's certificate has been revoked prior to the expiration of its lifetime; and granting the authenticating mobile device access to the Internet, if the certificate has been verified successfully and not revoked prior to the expiration of its lifetime.