EP2171962A2 - Delivery of subscriber identity information - Google Patents

Delivery of subscriber identity information

Info

Publication number
EP2171962A2
EP2171962A2 EP08775507A EP08775507A EP2171962A2 EP 2171962 A2 EP2171962 A2 EP 2171962A2 EP 08775507 A EP08775507 A EP 08775507A EP 08775507 A EP08775507 A EP 08775507A EP 2171962 A2 EP2171962 A2 EP 2171962A2
Authority
EP
European Patent Office
Prior art keywords
user terminal
subscriber identity
message
individual subscriber
payload
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP08775507A
Other languages
German (de)
French (fr)
Inventor
Juha Lehtonen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Airbus Defence and Space Oy
Original Assignee
Airbus Defence and Space Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Airbus Defence and Space Oy filed Critical Airbus Defence and Space Oy
Publication of EP2171962A2 publication Critical patent/EP2171962A2/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/06Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W52/00Power management, e.g. TPC [Transmission Power Control], power saving or power classes
    • H04W52/02Power saving arrangements
    • H04W52/0209Power saving arrangements in terminal devices
    • H04W52/0225Power saving arrangements in terminal devices using monitoring of external events, e.g. the presence of a signal
    • H04W52/0248Power saving arrangements in terminal devices using monitoring of external events, e.g. the presence of a signal dependent on the time of the day, e.g. according to expected transmission activity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/76Group identity

Definitions

  • the present invention relates to telecommunications, and more particularly to a method for delivery of subscriber identity information, and a cor- responding network element, user terminal, and computer program product in a telecommunication system.
  • a subscriber In order to access the services of the telecommunication system, a subscriber needs user terminal and a subscription. Only when the combination of the user terminal and the subscription of the user is validated by the system, services like two-way communication are possible for the user.
  • the subscription data is configured into a detachable sub- scribed identity module.
  • the combination of the user terminal and subscriber identity is delivered to the switching and management infrastructure (SwMI) via defined signalling procedure.
  • SwMI switching and management infrastructure
  • the subscriber identity information may also be stored in the user terminal itself.
  • the procedure for commissioning a user terminal is two-folded.
  • the user terminal is generally provided with a terminal equipment identity and a secret key by the manufacturer, and the combination of the key and terminal equipment identity is delivered in a secure way to the SwMI.
  • the operator of the network receives the terminal equipment identity, assigns to it at least one individual subscriber identity and forwards the combination of the secret key and the subscriber identity in a secure way to the SwMI.
  • the SwMI combines these two pieces of information into full subscriber data and activates the subscription such that services can be accessed with this particular combination of user terminal and subscriber identity.
  • An object of the present invention is thus to provide a method and an apparatus for implementing the method so as to alleviate the above prob- lem.
  • the objects of the invention are achieved by a method, user terminal, network element, communication system and computer program product that are characterized by what is stated in the independent claims.
  • the preferred embodiments of the invention are disclosed in the dependent claims.
  • the invention is based on the idea of enabling dynamic delivery of a subscriber identity from a switching and management infrastructure to a user terminal included in a payload of a message. It is appreciated that a user terminal configured with a group subscriber identity can monitor and receive some downlink messages even if the user terminal is not registered and therefore does not have full access to the services of the system.
  • the payload is arranged with a mechanism with which particular user terminal can independently determine that the message received via the group address is addressed individually to it. When this particular user terminal detects such message, it adopts the subscriber identity into its own use and registers into the system. Typically the registration requires successful authentication, which provides an automatic additional security measure to the procedure.
  • the use of the received subscriber identity can be terminated correspondingly by a payload command in a short message delivered to the individual subscriber address of the user terminal.
  • a basic advantage of the method and arrangement of the invention is that it allows quick and efficient deployment of subscriber identities without requiring essential changes to the existing radio interface. Other advantages are discussed in more detail in connection with description of advantageous embodiments of the invention.
  • Figure 1 shows main elements of an embodied radio system
  • Figures 2A and 2B show reference hardware configurations of em- bodied user terminal and switching and management infrastructure element
  • Figure 3 illustrates an embodied method for a user terminal
  • Figure 4 illustrates another embodied method for a user terminal
  • FIG. 5 illustrates an advantageous embodiment for terminating the use of individual subscriber identity
  • Figure 6 illustrates an embodied method for a switching and management infrastructure (SwMI) element
  • FIG. 7 illustrates another embodied method for a switching and management infrastructure (SwMI) element
  • Figure 8 illustrates a further embodiment that serves to optimize the use of main channel resource
  • Figure 9 illustrates a further embodiment for optimizing the power consumption of the user terminal.
  • the radio system 100 comprises a switching and management infrastructure (SwMI) 102 and a mobile station (MS) 104.
  • SwMI 102 is equipment for a voice plus data (V+D) network, which enables the subscriber terminals to communicate with each other.
  • V+D voice plus data
  • SwMI comprises one digital exchange (DXT) 106, and one base station (TBS) 108, but naturally the number of elements and their mutual interconnections may vary according to the implementation.
  • the mobile station (MS) 104 is arranged to access SwMI via the air interface 1 10.
  • the other type of subscriber termi- nals, the dispatching workstation 1 12, may communicate with SwMI 102 through a dispatching interface 1 14, which can provide the connection using, for example, E1 , ISDN BA, or IP protocols.
  • the radio system can comprise a multiplicity of dispatching workstations 1 12 and corresponding interfaces 1 14 of different type.
  • SwMI 102 comprises an interface 1 16 for interconnection with other networks, such as PSTN, GSM, WCDMA, conventional analog networks, LAN, WAN, and similar.
  • the protocols related to different interfaces are implementation specific arrangements familiar from the prior art.
  • the block diagrams in Figures 2A and 2B show reference hardware configurations of an embodied user terminal and network element according to the invention.
  • the user terminal is embodied here with a mobile station capable of implementing TETRA air interface specifications.
  • the mobile station 200 of Figure 2A comprises a processing unit 202 for performing systematic execution of operations upon stored and/or received data.
  • the processing unit 202 is a central element that essentially comprises an arithmetic logic unit, a number of special registers and control circuits.
  • the functions implemented by the processing unit 202 in transmission typically comprise: encoding, reordering, interleaving, scrambling, channel multiplexing, and burst building.
  • the mobile station comprises also a memory unit 203, data medium where computer-readable data or programs, or user data can be stored.
  • the mobile station comprises also a transceiver unit 204 that includes at least a transmitter 205 and a receiver 206.
  • the transmitter 205 receives a bitstream from the processing unit 202, and converts it to a radio signal for transmission by the antenna 207.
  • the radio signals received by the antenna 207 are led to the receiver 206, which converts the radio signal into a bitstream that is forwarded for further processing to the processing unit 202.
  • the mobile station may comprise an interface unit 201 with at least one input unit 208 for inputting data for internal processing in the mobile sta- tion, and output unit 209 for outputting data from the internal processes of the mobile station.
  • Said interface unit may comprise interfaces to hardware and software integrated, attached or attachable to the mobile station. Examples of such comprise automatic vehicle control systems, and positioning systems, as well as user interface elements, like a keypad, a screen, a touch screen, a microphone, a loudspeaker, and equals.
  • the processing unit 202, memory unit 203, interface unit 201 and transceiver unit 204 are electrically interconnected to provide means for performing systematic execution of operations on the received and/or stored data according to the predefined, essentially programmed processes of the mobile station.
  • the operations comprise func- tions of the user terminal in delivery of individual subscriber identities. These operations are described in more detail with Figures 3 to 5.
  • Figure 2A shows logical components of the user terminal, and the referred means may comprise functions of one of the presented units or may be implemented as a combination of the functions of the presented units.
  • the network element of Figure 2B is embodied with a switching and management infrastructure (SwMI) element that comprises a processing unit 251 , an element that includes at least an arithmetic logic function, a number of special registers and control circuits. Connected to the processing unit is a memory unit 252, a data medium where computer-readable data or programs or user data can be stored.
  • SwMI switching and management infrastructure
  • the SwMI element further comprises an interface block 253 with input unit 254 for inputting data for internal processing in the element, and output unit 255 for outputting data from the internal processes of the element.
  • input unit comprise a plug-in unit acting as a gateway for information delivered to its external connection points.
  • output unit include plug-in unit feeding information to the lines connected to its external connection points.
  • the processing unit 251 , memory unit 252, and interface block 253 are electrically interconnected to provide means for performing systematic execution of operations on the received and/or stored data according to the predefined, essentially programmed processes of an element of the switching and management infrastructure. These operations are described in more detail with Figures 6 to 7.
  • Figure 2B shows logical components of the network element, and the referred means may comprise functions of one of the presented units or may be implemented as a combination of the functions of the pre- sented units.
  • the operations described in the following may be implemented using the disclosed elements in various ways.
  • the operations of the user terminal and the switching and management infrastructure element may be implemented in hardware (one or more devices), firmware (one or more devices), software (one or more modules), or combinations thereof.
  • the processing units may be implemented within one or more application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays (FPGAs), processors, control- lers, micro-controllers, microprocessors, other electronic units designed to perform the functions described herein, or a combination thereof.
  • ASICs application specific integrated circuits
  • DSPs digital signal processors
  • DSPDs digital signal processing devices
  • PLDs programmable logic devices
  • FPGAs field programmable gate arrays
  • processors control- lers, micro-controllers, microprocessors, other electronic units designed to perform the functions described herein, or a combination thereof.
  • firmware or software implementation can be through modules (e.g., procedures, functions, and so on) that perform the functions described herein.
  • the software codes may be stored in memory unit and executed by the processing unit.
  • the memory unit may be implemented within the processor or external to the processor, in which case it can be communicatively coupled to the processor via various means as is known in the art. Additionally, components of systems described herein may be rearranged and/or complemented by additional components in order to facilitate achieving the various aspects, goals, advantages, etc., described with regard thereto, and are not limited to the precise configurations set forth in Figure 2, as will be appreciated by one skilled in the art.
  • the flow chart of Figure 3 illustrates the method according to the invention, the steps corresponding to an embodiment for a user terminal.
  • the embodiment is illustrated with a TETRA user terminal without, however, limit- ing the scope by the terms and mechanisms of in this exemplary communication technology.
  • the method begins in a situation where the user terminal is ready to use and be commissioned for operation in TETRA network.
  • the user terminal is configured with a stored element which the user terminal can use to verify that a message it has received through a particular subscriber number is addressed to it and that it has the right to consume the contents of the message.
  • the received element is implemented by use of an equipment identity.
  • TETRA equipment identity In TETRA systems, TETRA equipment identity (TEI) is typically an electronic serial number that is permanently connected to a piece of TETRA equipment and which uniquely identifies the piece of equipment, either one mobile terminal or one network terminal. TEI is typically utilized in dis- able/enable procedures that allow disabling and enabling of the user terminal.
  • the stored element of step 30 is denoted as a terminal equipment identity TEI 8 to imply that this is an identifier that identifies the particular terminal equipment and is stored in the user terminal.
  • the user terminal is configured with a group subscriber identity GSSM that enables the terminal to receive defined messages via the TETRA network.
  • TETRA Subscriber Identity In TETRA systems, subscriber identities exist in two sizes, TETRA Subscriber Identity (TSI) that is 48 bits long, and Short Subscriber Identity (SSI) that is 24 bits long.
  • the SSI is typically a truncation of the TSI.
  • TSI is unique across the complete TETRA domain, SSI needs to be unique only in one TETRA sub-domain.
  • a TETRA terminal contains at least one family of TSIs. Each family contains one Individual TETRA Subscriber Identity (ITSI) and may also have one Alias TETRA Subscriber Identity (ATSI) and several Group TETRA Subscriber Identities (GTSI).
  • ITSI Individual TETRA Subscriber Identity
  • ATAI Alias TETRA Subscriber Identity
  • GTSI Group TETRA Subscriber Identities
  • the user terminal is configured with GTSI that truncates into GSSI.
  • GTSI that truncates into GSSI.
  • GSSI GSSI
  • the messages accessible via the use of group subscriber identity comprise, for example, short messages and broadcast messages.
  • SDS short data service
  • the short data service of TETRA is a quick service that enables users to exchange short user defined messages or a short pre-defined messages.
  • the message can be sent or received in parallel with an ongoing speech call.
  • the SDS-message is carried or embedded in a single up link transmission, for example one transfer unit. Usu- ally the SDS delivery applies random access procedure.
  • the SDS service comprises point-to-point and point-to-multipoint capabilities and may use Short Number Addressing (SNA), full TETRA Subscriber Identity (ITSI/GTSI) and Short Subscriber Identity (SSI) addressing or even external subscriber number.
  • SNA Short Number Addressing
  • ITSI/GTSI full TETRA Subscriber Identity
  • SSI Short Subscriber Identity
  • the addressing used as a destination address in connection with the SDS on the downlink is a SSI, thus here GSSI.
  • GSSI Global System for Mobile communications
  • the user terminal needs to have an individual subscriber identity successfully registered with the SwMI.
  • the user terminal in order to receive a SDS message, the user terminal does not need to be reg- istered to the TETRA system, it only needs to be able to receive transmissions of the relevant control channels used for SDS transmissions. Accordingly, in the example of Figure 3, the user terminal configured with GSSM enters a monitoring mode where it monitors (step 32) the main control channel (MCCH) transmissions and is able to detect and receive a short message addressed to the GSSM .
  • the short message comprises a received element that the user terminal can use to verify that a message it has received through GSSM is addressed to it and that it has the right to consume the contents of the message.
  • the short message comprises an individual subscriber identity ISSI2.
  • this received element is TEI 1 -, a terminal equipment identifier that the SwMI has included in the payload of the GSSM addressed short message. Accordingly, when the short message is received (step 33) the user terminal reads (step 34) it, and extracts from the short message the received element TEI 1 -. In this basic embodiment the mechanism to verify the right to consume the content of the message is implemented by comparing (step 35) the stored element TEI 8 with the received element TEI 1 -. If the elements do not match (step 36), the user terminal ignores the short message and returns back to step 32 monitor further short messages via GSSM .
  • the user terminal extracts from the short message the individual subscriber identity ISSI2, and configures (step 37) ISSI2 for use as its own individual subscriber identity.
  • the user terminal may operate as a mobile station that includes both the equipment that provides functions necessary for the operation of the access protocols and subscription to allow the access by the SwMI.
  • the mobile station reg- istrates to the TETRA system in a conventional way using ISSI2, and is thereby able to access the services of the TETRA network according to the rights defined for ISSI2.
  • the registration includes authentication that provides one additional element for verifying that the individual subscriber identity is used only by a duly authorized user terminal.
  • An additional aspect of the above embodiment is an arrangement where the user terminal is configured with a number of group addresses and the user terminal is configured to monitor reception of short messages (steps 32, 33) with all of the stored GSSIs.
  • the described procedure enables quick delivery of individual subscriber identity to TETRA user terminal without essentially changing any of the existing TETRA air interface definitions.
  • the necessary functionality for adopting an individual subscriber identity into the system can be implemented over-the- air and without a previously assigned individual subscriber identity, which saves time and is possible even when the range of available individual sub- scriber identities is limited.
  • the required information is delivered in the payload of a short message so that the mechanism can be implemented transparently over the SwMI elements other than the user terminal and the subscriber management entities of SwMI.
  • subscriber management entities comprise the entities that implement the operational management of TETRA, like dispatching workstations and dispatching server systems.
  • FIG. 4 illustrates another embodiment of the solution of Figure 3.
  • the security of the individual subscriber identity delivery is improved by use of encryption.
  • the user terminal is config- ured with an encryption mechanism that enables exchange of encrypted messages between a subscriber management entity of the SwMI and the user terminal.
  • the encryption mechanism comprises an encryption algorithm and an encryption key configured to the user terminal.
  • the applied encryption may be symmetric or asymmetric. In symmetric encryption parties demonstrate knowledge of secret information that is shared with the parties but not available or derivable without significant effort to a third party.
  • asymmetric encryption pairs of public-private keys are used to encrypt and decrypt data.
  • symmetric encryption is utilized.
  • the secret key K can be, for example, the TETRA air interface authentication key of the user terminal.
  • the delivery of TETRA air interface authentication key is, however, very strictly controlled and therefore in some applications use of another key, for example, a second key dedicated for the purpose may be used to allow more simple operations for subscriber management.
  • Steps 41 for configuration of GSSM , 42 for monitoring the short messages to GSSM and 43 for detecting a received short message correspond to steps 31 to 33 of Figure 3.
  • the payload of the short message is encrypted such that it can only be decrypted with the combination of the encryption algorithm and the encryption key stored in the user terminal.
  • the encryption could be static such that the encryption key itself is used in all encryptions between the SwMI element and the user terminal.
  • the procedure is enhanced even further by enabling the user terminal to be sure that the information demonstrating the knowledge is not generated by recording and replaying a message from earlier communications. This is achieved by delivering over the air interface only a random number RN1 that is new for every communication instance.
  • the SwMI entity that sends the message generates a random num- ber RN1 , and feeds it into the encryption algorithm with the secret key of the user terminal.
  • the algorithm results in a session key KS that it uses in encrypting the part of the short message that is considered necessary to be encrypted.
  • the user terminal in step 43 detects a received short message, it extracts (step 44) the random number that may be included in clear code within the short message, derives using the random number, the encryption algorithm and the encryption key a session key KS (step 45) and uses this to decrypt (step 46) the encrypted part of the payload of the short message.
  • the mechanism to verify the right to consume the content of the message is based on success or failure of the decryptions step.
  • the user terminal checks (step 47) whether the decryption was successful or failed. In case of failure the procedure moves to step 42 for monitoring the incoming short messages for GSSM . In case the message decrypts successfully with the session key KS that is generated from the random number with the individual secret key of the user terminal, the user terminal can be sure that the message was targeted to it and consume it according to a predefined procedure.
  • the procedure comprises configuring the user terminal to use the individual subscriber identity ISSI2 (step 48), and registrate (step 49) to the system as a mobile station capable of two-way communication.
  • the registration includes authentication that provides one additional element for verifying that the individual subscriber identity is used only by a duly authorized user terminal.
  • the embodiment of Figure 4 enables the advantages of the embodiment described in Figure 3 and in addition increases the security of the procedure.
  • the procedure for over-the-air delivery of individual subscription could comprise both recognition of the recipient with TEI and verification of the right by decrypting a defined part of the message using the individual secret key stored in the user terminal.
  • Figure 5 illustrates an advantageous embodiment for terminating the use of individual subscriber identity.
  • Figure 5 begins as a continuation to procedures of Figure 3 or Figure 4 or a defined combination of them in the situation where the user terminal has been configured with ISSI2 and operates as a mobile station in the TETRA network.
  • the user terminal conventionally monitors (step 51 ) the MCCH for short messages ad- dressed to ISSI2.
  • the user terminal according to the invention notices a received short message (step 52)
  • it reads the payload of the message (step 53) and checks it (step 54) for a termination request for terminating the use of ISSI2. If such message is not detected (step 55) the procedure returns back to step 51 to monitor the incoming short messages.
  • the user terminal deactivates ISSI2 (step 56) and enters to monitoring state to monitor incoming short messages addressed to the group address GSSM dedicated to over-the-air delivery of individual subscriptions.
  • the flow chart of Figure 6 illustrates the method according to the in- vention, the steps corresponding to an embodiment for a switching and management infrastructure (SwMI) element.
  • the SwMI element is exemplified with a TETRA SwMI element that comprises an application for managing the individual subscriptions, at least the individual subscriptions that may be delivered over the air.
  • the SwMI element is configured with at least one group address GSSM that may be used for delivery of individual subscriber identities.
  • the SwMI element is standby for individual subscriber identity re- quests.
  • the request may come, for example, through a user interface from the operator of the SwMI element, or through a network interface from an authorized remote operating point.
  • the SwMI element If such request is detected (step 62) the SwMI element generates a message addressed to GSSM and carrying the individual subscriber identity ISSI2 in its payload. As in the embodiment of Figure 3, into the payload is also comprised the terminal equipment identity TEI 1 - that enables the user terminal to verify that the message is addressed to it individually and that it is requested to apply the individual subscriber identity included in the message. After sending (step 63) the message, the SwMI element begins to monitor (step 64) through the system whether a mobile station has registered into the system using the ISSI2 it sent in the short message. The monitoring may be implemented, for example, as a repeated query from the home subscriber database, or as a notification from the home subscriber database, sent when the location registration request has been received.
  • the SwMI element Whenever the SwMI element gets a notification on the location registration, or a location registration attempt (step 65), it activates the ISSI2 and thereby enables the two-way communication using ISSI2.
  • the registration includes authentication that provides one additional element for verifying that the individual subscriber identity is used only by a duly authorized user terminal.
  • the flow chart of Figure 7 illustrates another embodiment of the solution of Figure 6. In the method of Figure 7 the security of the individual subscriber identity delivery is again improved by use of encryption. Steps 700 for configuration of GSSM , 710 for monitoring the individual subscriber identity requests and 720 for detecting a request correspond to steps 60 to 62 of Fig- ure 6.
  • the payload of the short message is encrypted such that it can only be decrypted with the combination of the encryption algorithm and the encryption key stored in the user terminal.
  • the encryption is based on a random number RN1 that is new for every communication instance and can be delivered to the user terminal in TETRA in clear code.
  • the SwMI element has access to the secret key of the user terminal, or has access to another SwMI, for example a trusted party, to which it can send the payload with the random seed for encryption.
  • the SwMI element generates a random number RN1 , and, either itself or subcontracted to another element, feeds RN1 into the encryption algorithm with the secret key of the destination user terminal.
  • the algorithm results in a session key KS (step 725).
  • This session key is used to encrypt (step 730) the part of the short message that is considered necessary to be delivered under secrecy.
  • SwMI entity addresses the short message to GSSM , and sends it (step 735) as a conventional group addressed short message over the radio interface.
  • the SwMI element may also initiate (step 740) a timer TIM that measures the time between sending of the short message to GSSM and a possible response by the user terminal. Accordingly, as in the embodiment of Figure 6, the SwMI element begins to monitor (step 745) through the system whether a mobile station has registered into the system, for example by making a location registration using the ISSI2. If the timer expires (step 750) before the user terminal registers using ISSI2, the delivery is considered unsuccessful and the SwMI element moves back step 710 to monitor for further requests.
  • SwMI element activates (step 760) the ISSI2, which allows the user terminal to be used as a mobile station capable of two-way communication with rights assigned to ISSI2.
  • the procedure of Figure 6 may be complemented with a timer.
  • the over-the-air delivery of individual subscription may comprise both recognition of the recipient with TEI and verification of the right by decrypting a defined part of the message using the individual secret key stored in the user terminal.
  • TEI may also be used to complement the procedure in other ways, for example to provide a checksum for the encryption. Implemen- tation of termination of the use of individual subscriber identity in the payload of a short message addressed to ISSI2 in a SwMI element is clear to a person skilled in the art from the description of the corresponding functionality when embodied in a user terminal.
  • the subscriber identity used for re- ceiving the short message is a group identity. This is an advantageous arrangement in respect of use of main control channel capacity because a pay- load with variable contents can in this way be delivered to several potential recipients with a shared radio resource.
  • a predefined individual subscriber identity may also be used for delivering the configurable individual subscriber identity without deviating from the scope of protection.
  • a group of user terminals can be configured with a first individual subscriber identity and all such user terminals monitor for short messages addressed to that particular individual subscriber identity. When they have received the short message and adopted the second individual subscriber identity, they deactivate the first individual subscriber identity.
  • Figure 8 illustrates a further embodiment that serves to optimize the use of main control channel resource for delivery of the individual subscriber identity.
  • the total coverage area of the system may be divided into more than one subareas (SA), each of which associated with a different GSSIx through which the new individual subscriber identities may be delivered.
  • SA subareas
  • the total coverage area 80 is divided into three subareas SA1 81 , SA2 82, and SA3 83 where the group addresses for delivering individual subscriber identities are GSSM , GSS2, and GSS3, respectively.
  • the user terminals that are designed to use the individual subscriber identity delivery method disclosed herein are configured with at least two, but preferably with all of the above mentioned group addresses GSSM , GSS2, and GSS3.
  • An operator managing the pool of allocatable individual subscriber identities typically has some knowledge about the probabilities to locate a particular user terminal in a particular subarea. For example, the operator may recognize the user terminal to belong to a metropolitan fleet and may therefore well presume that the most potential subarea for reaching the user terminal is SA2 that covers the respective city centre. According to the invention, the operator first attempts to deliver the dynamic individual subscriber identity in a short message addressed to respective GSSI2 and delivered only in the subarea SA2. As disclosed in the embodiment of Figure 7, the operator may wait for the location registration by the targeted user terminal, for example until the timer expires and then move on to attempt delivery of the dynamic individual subscriber identity in a short message addressed to another group identity and in another subarea.
  • the second choice is the one with the sec- ond largest probability of reaching the targeted user terminal.
  • the procedure may be continued by moving to less probable subareas until the user terminal responds by registering to the system or until all subareas have been attempted.
  • This sectorized delivery optimizes the use of main control channel resource.
  • Main control channel is a critical but very easily congested resource whose use typically has to be optimized in any possible situation.
  • Figure 9 illustrates a further embodiment of the invention where the power consumption of the user terminal in monitoring mode is optimized without compromising the expedient operation of the invented method of delivering the dynamic individual subscriber identity.
  • Figure 9 illustrates consecutive downlink frames F1 , F2, F3, ...of the embodied radio interface, and the corresponding level of power consumption in the receiver of the user terminal.
  • the illustrated power levels are 0 and P, where 0 denotes a sleep mode where the receiver is substantially switched off, and P denotes the power level of the receiver in a reception mode where the receiver in operational and able to re- ceive transmissions from the SwMI.
  • Each of the frames comprises timeslot (denoted with X) to which a control channel through which the delivery of the dynamic individual subscriber identity is implemented is mapped.
  • each TETRA air interface frame comprises a main control channel, which the user terminal listens to.
  • Figure 9 illustrates an arrangement where delivery of short messages carrying dynamic individual subscriber identity is assigned to timeslots predefined frames F1 , F4,...
  • timeslots assigned for control channel and especially for delivery of short messages carrying dynamic individual subscriber identity are denoted with circled X and timeslots assigned to control channel but not to delivery of short messages carrying dynamic individual subscriber identity with plain X.
  • the user terminal that is in monitoring mode and operates only in downlink direction is configured to operate the receiver on power level P.

Abstract

A method for a telecommunication system. A user terminal is configured to receive messages addressed to a group subscriber identity. The user terminal receives an individual subscriber identity included in a payload of a message addressed to the group subscriber identity. The payload is provided with verification means for verifying the right of the user terminal to use the individual subscriber identity. If the verification succeeds, the user terminal adopts to use the individual subscriber identity. The solution allows quick and efficient deployment of subscriber identities without requiring essential changes to the existing radio interface.

Description

DELIVERY OF SUBSCRIBER IDENTITY INFORMATION
FIELD OF THE INVENTION
The present invention relates to telecommunications, and more particularly to a method for delivery of subscriber identity information, and a cor- responding network element, user terminal, and computer program product in a telecommunication system.
BACKGROUND OF THE INVENTION
In order to access the services of the telecommunication system, a subscriber needs user terminal and a subscription. Only when the combination of the user terminal and the subscription of the user is validated by the system, services like two-way communication are possible for the user.
Depending on the applied technology, adoption of the subscription in the user terminal may be implemented in various ways. In most of the public mobile networks, the subscription data is configured into a detachable sub- scribed identity module. The combination of the user terminal and subscriber identity is delivered to the switching and management infrastructure (SwMI) via defined signalling procedure. In some other technologies, like Terrestrial Trunked Radio (TETRA), the subscriber identity information may also be stored in the user terminal itself. Typically the procedure for commissioning a user terminal is two-folded. The user terminal is generally provided with a terminal equipment identity and a secret key by the manufacturer, and the combination of the key and terminal equipment identity is delivered in a secure way to the SwMI. The operator of the network receives the terminal equipment identity, assigns to it at least one individual subscriber identity and forwards the combination of the secret key and the subscriber identity in a secure way to the SwMI. The SwMI combines these two pieces of information into full subscriber data and activates the subscription such that services can be accessed with this particular combination of user terminal and subscriber identity.
There are, however, some problems related to this arrangement. For some particular fleet configurations the range of available numbers is not adequate for the all possible users. For example, in case a large amount of vehicles are tracked with automatic vehicle location systems, the range of numbers easily becomes deficient for the purpose. There would be a need to reuse the numbers, but this is not possible because the procedures for adop- tion and release of individual subscriber identities is far too slow and laborious to implement.
SUMMARY OF THE INVENTION
An object of the present invention is thus to provide a method and an apparatus for implementing the method so as to alleviate the above prob- lem. The objects of the invention are achieved by a method, user terminal, network element, communication system and computer program product that are characterized by what is stated in the independent claims. The preferred embodiments of the invention are disclosed in the dependent claims.
The invention is based on the idea of enabling dynamic delivery of a subscriber identity from a switching and management infrastructure to a user terminal included in a payload of a message. It is appreciated that a user terminal configured with a group subscriber identity can monitor and receive some downlink messages even if the user terminal is not registered and therefore does not have full access to the services of the system. The payload is arranged with a mechanism with which particular user terminal can independently determine that the message received via the group address is addressed individually to it. When this particular user terminal detects such message, it adopts the subscriber identity into its own use and registers into the system. Typically the registration requires successful authentication, which provides an automatic additional security measure to the procedure. The use of the received subscriber identity can be terminated correspondingly by a payload command in a short message delivered to the individual subscriber address of the user terminal.
A basic advantage of the method and arrangement of the invention is that it allows quick and efficient deployment of subscriber identities without requiring essential changes to the existing radio interface. Other advantages are discussed in more detail in connection with description of advantageous embodiments of the invention.
BRIEF DESCRIPTION OF THE DRAWINGS In the following the invention will be described in greater detail by means of preferred embodiments with reference to the attached drawings, in which
Figure 1 shows main elements of an embodied radio system; Figures 2A and 2B show reference hardware configurations of em- bodied user terminal and switching and management infrastructure element; Figure 3 illustrates an embodied method for a user terminal;
Figure 4 illustrates another embodied method for a user terminal;
Figure 5 illustrates an advantageous embodiment for terminating the use of individual subscriber identity; Figure 6 illustrates an embodied method for a switching and management infrastructure (SwMI) element;
Figure 7 illustrates another embodied method for a switching and management infrastructure (SwMI) element;
Figure 8 illustrates a further embodiment that serves to optimize the use of main channel resource; and
Figure 9 illustrates a further embodiment for optimizing the power consumption of the user terminal.
DETAILED DESCRIPTION OF THE INVENTION
The following embodiments are exemplary implementations of the present invention. Although the specification may refer to "an", "one", or "some" embodiment(s), reference is not necessarily made to the same embodiment(s), and/or a feature does not apply to a single embodiment only. Single features of different embodiments of this specification may be combined to provide further embodiments. In the following, the invention is described using the terms and elements of the TETRA air interface as specified in the European Telecommunication Standards ETSI EN 300 392-2; European Standard (Telecommunications series); Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 2: Air Interface (Al), and ETSI EN 300 392-7; European Standard (Telecom- munications series); Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 7: Security, however, without limiting the invention to this one radio system technology. The present invention can be applied to any communication system, where subjects of communication service operations are identified by individual subscriber identity. Figure 1 shows a simplified illustration of the main elements of an embodied radio system 10. The radio system 100 comprises a switching and management infrastructure (SwMI) 102 and a mobile station (MS) 104. SwMI 102 is equipment for a voice plus data (V+D) network, which enables the subscriber terminals to communicate with each other. In Figure 1 SwMI comprises one digital exchange (DXT) 106, and one base station (TBS) 108, but naturally the number of elements and their mutual interconnections may vary according to the implementation.
Of the subscriber terminals, the mobile station (MS) 104 is arranged to access SwMI via the air interface 1 10. The other type of subscriber termi- nals, the dispatching workstation 1 12, may communicate with SwMI 102 through a dispatching interface 1 14, which can provide the connection using, for example, E1 , ISDN BA, or IP protocols. In practice the radio system can comprise a multiplicity of dispatching workstations 1 12 and corresponding interfaces 1 14 of different type. Additionally, SwMI 102 comprises an interface 1 16 for interconnection with other networks, such as PSTN, GSM, WCDMA, conventional analog networks, LAN, WAN, and similar. The protocols related to different interfaces are implementation specific arrangements familiar from the prior art.
The block diagrams in Figures 2A and 2B show reference hardware configurations of an embodied user terminal and network element according to the invention. The user terminal is embodied here with a mobile station capable of implementing TETRA air interface specifications. The mobile station 200 of Figure 2A comprises a processing unit 202 for performing systematic execution of operations upon stored and/or received data. The processing unit 202 is a central element that essentially comprises an arithmetic logic unit, a number of special registers and control circuits. For example, the functions implemented by the processing unit 202 in transmission typically comprise: encoding, reordering, interleaving, scrambling, channel multiplexing, and burst building. The mobile station comprises also a memory unit 203, data medium where computer-readable data or programs, or user data can be stored. The mobile station comprises also a transceiver unit 204 that includes at least a transmitter 205 and a receiver 206. The transmitter 205 receives a bitstream from the processing unit 202, and converts it to a radio signal for transmission by the antenna 207. Correspondingly, the radio signals received by the antenna 207 are led to the receiver 206, which converts the radio signal into a bitstream that is forwarded for further processing to the processing unit 202.
The mobile station may comprise an interface unit 201 with at least one input unit 208 for inputting data for internal processing in the mobile sta- tion, and output unit 209 for outputting data from the internal processes of the mobile station. Said interface unit may comprise interfaces to hardware and software integrated, attached or attachable to the mobile station. Examples of such comprise automatic vehicle control systems, and positioning systems, as well as user interface elements, like a keypad, a screen, a touch screen, a microphone, a loudspeaker, and equals. The processing unit 202, memory unit 203, interface unit 201 and transceiver unit 204 are electrically interconnected to provide means for performing systematic execution of operations on the received and/or stored data according to the predefined, essentially programmed processes of the mobile station. In solutions according to the invention, the operations comprise func- tions of the user terminal in delivery of individual subscriber identities. These operations are described in more detail with Figures 3 to 5. Figure 2A shows logical components of the user terminal, and the referred means may comprise functions of one of the presented units or may be implemented as a combination of the functions of the presented units. The network element of Figure 2B is embodied with a switching and management infrastructure (SwMI) element that comprises a processing unit 251 , an element that includes at least an arithmetic logic function, a number of special registers and control circuits. Connected to the processing unit is a memory unit 252, a data medium where computer-readable data or programs or user data can be stored. The SwMI element further comprises an interface block 253 with input unit 254 for inputting data for internal processing in the element, and output unit 255 for outputting data from the internal processes of the element. Examples of said input unit comprise a plug-in unit acting as a gateway for information delivered to its external connection points. Examples of said output unit include plug-in unit feeding information to the lines connected to its external connection points.
The processing unit 251 , memory unit 252, and interface block 253 are electrically interconnected to provide means for performing systematic execution of operations on the received and/or stored data according to the predefined, essentially programmed processes of an element of the switching and management infrastructure. These operations are described in more detail with Figures 6 to 7. Figure 2B shows logical components of the network element, and the referred means may comprise functions of one of the presented units or may be implemented as a combination of the functions of the pre- sented units. The operations described in the following may be implemented using the disclosed elements in various ways. For example, the operations of the user terminal and the switching and management infrastructure element may be implemented in hardware (one or more devices), firmware (one or more devices), software (one or more modules), or combinations thereof. For a hardware implementation, the processing units may be implemented within one or more application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays (FPGAs), processors, control- lers, micro-controllers, microprocessors, other electronic units designed to perform the functions described herein, or a combination thereof. For a firmware or software, implementation can be through modules (e.g., procedures, functions, and so on) that perform the functions described herein. The software codes may be stored in memory unit and executed by the processing unit. The memory unit may be implemented within the processor or external to the processor, in which case it can be communicatively coupled to the processor via various means as is known in the art. Additionally, components of systems described herein may be rearranged and/or complemented by additional components in order to facilitate achieving the various aspects, goals, advantages, etc., described with regard thereto, and are not limited to the precise configurations set forth in Figure 2, as will be appreciated by one skilled in the art.
The flow chart of Figure 3 illustrates the method according to the invention, the steps corresponding to an embodiment for a user terminal. The embodiment is illustrated with a TETRA user terminal without, however, limit- ing the scope by the terms and mechanisms of in this exemplary communication technology. The method begins in a situation where the user terminal is ready to use and be commissioned for operation in TETRA network. In step 30 the user terminal is configured with a stored element which the user terminal can use to verify that a message it has received through a particular subscriber number is addressed to it and that it has the right to consume the contents of the message. In the first, basic embodiment the received element is implemented by use of an equipment identity.
In TETRA systems, TETRA equipment identity (TEI) is typically an electronic serial number that is permanently connected to a piece of TETRA equipment and which uniquely identifies the piece of equipment, either one mobile terminal or one network terminal. TEI is typically utilized in dis- able/enable procedures that allow disabling and enabling of the user terminal. The stored element of step 30 is denoted as a terminal equipment identity TEI8 to imply that this is an identifier that identifies the particular terminal equipment and is stored in the user terminal. In step 31 , the user terminal is configured with a group subscriber identity GSSM that enables the terminal to receive defined messages via the TETRA network. In TETRA systems, subscriber identities exist in two sizes, TETRA Subscriber Identity (TSI) that is 48 bits long, and Short Subscriber Identity (SSI) that is 24 bits long. The SSI is typically a truncation of the TSI. TSI is unique across the complete TETRA domain, SSI needs to be unique only in one TETRA sub-domain. Typically, a TETRA terminal contains at least one family of TSIs. Each family contains one Individual TETRA Subscriber Identity (ITSI) and may also have one Alias TETRA Subscriber Identity (ATSI) and several Group TETRA Subscriber Identities (GTSI). In the current em- bodiment, the user terminal is configured with GTSI that truncates into GSSI. In the following, reference is made to GSSI, but for a person skilled in the art it is clear that either the GTSI or GSSI may be applied in the solution without deviating from the scope of protection.
The messages accessible via the use of group subscriber identity comprise, for example, short messages and broadcast messages. In the following, an embodiment utilizing the short data service of TETRA is disclosed in more detail. It should be noted that other messaging mechanisms capable of delivering downlink messages via group subscriber identities may be used without deviating from the scope of protection. The short data service of TETRA (SDS) is a quick service that enables users to exchange short user defined messages or a short pre-defined messages. The message can be sent or received in parallel with an ongoing speech call. In order to obtain a fast service, the SDS-message is carried or embedded in a single up link transmission, for example one transfer unit. Usu- ally the SDS delivery applies random access procedure. The SDS service comprises point-to-point and point-to-multipoint capabilities and may use Short Number Addressing (SNA), full TETRA Subscriber Identity (ITSI/GTSI) and Short Subscriber Identity (SSI) addressing or even external subscriber number. In the embodied solution, the addressing used as a destination address in connection with the SDS on the downlink is a SSI, thus here GSSI. In order to be able to registrate to the TETRA system and perform both uplink and downlink communication, the user terminal needs to have an individual subscriber identity successfully registered with the SwMI. However, in order to receive a SDS message, the user terminal does not need to be reg- istered to the TETRA system, it only needs to be able to receive transmissions of the relevant control channels used for SDS transmissions. Accordingly, in the example of Figure 3, the user terminal configured with GSSM enters a monitoring mode where it monitors (step 32) the main control channel (MCCH) transmissions and is able to detect and receive a short message addressed to the GSSM . The short message comprises a received element that the user terminal can use to verify that a message it has received through GSSM is addressed to it and that it has the right to consume the contents of the message. In addition the short message comprises an individual subscriber identity ISSI2. In the embodied example, this received element is TEI1-, a terminal equipment identifier that the SwMI has included in the payload of the GSSM addressed short message. Accordingly, when the short message is received (step 33) the user terminal reads (step 34) it, and extracts from the short message the received element TEI1-. In this basic embodiment the mechanism to verify the right to consume the content of the message is implemented by comparing (step 35) the stored element TEI8 with the received element TEI1-. If the elements do not match (step 36), the user terminal ignores the short message and returns back to step 32 monitor further short messages via GSSM . If the elements do match (step 36), the user terminal extracts from the short message the individual subscriber identity ISSI2, and configures (step 37) ISSI2 for use as its own individual subscriber identity. By doing this, the user terminal may operate as a mobile station that includes both the equipment that provides functions necessary for the operation of the access protocols and subscription to allow the access by the SwMI. In step 38 the mobile station reg- istrates to the TETRA system in a conventional way using ISSI2, and is thereby able to access the services of the TETRA network according to the rights defined for ISSI2. Typically the registration includes authentication that provides one additional element for verifying that the individual subscriber identity is used only by a duly authorized user terminal. An additional aspect of the above embodiment is an arrangement where the user terminal is configured with a number of group addresses and the user terminal is configured to monitor reception of short messages (steps 32, 33) with all of the stored GSSIs.
The described procedure enables quick delivery of individual subscriber identity to TETRA user terminal without essentially changing any of the existing TETRA air interface definitions. Instead of taking the user terminal manually to a commissioning centre, the necessary functionality for adopting an individual subscriber identity into the system can be implemented over-the- air and without a previously assigned individual subscriber identity, which saves time and is possible even when the range of available individual sub- scriber identities is limited. The required information is delivered in the payload of a short message so that the mechanism can be implemented transparently over the SwMI elements other than the user terminal and the subscriber management entities of SwMI. In the minimum such subscriber management entities comprise the entities that implement the operational management of TETRA, like dispatching workstations and dispatching server systems.
It should be noted that even if the embodiment describes delivery of the short message in TETRA main control channel, the invention is not limited to the use of main control channel. For a person skilled in the art it is clear that any physical or logical channel which is capable to deliver short messages with variable payload and which may be received by user terminal via a group address is applicable without deviating from the scope of protection.
Figure 4 illustrates another embodiment of the solution of Figure 3. In the method of Figure 4 the security of the individual subscriber identity delivery is improved by use of encryption. In step 40 the user terminal is config- ured with an encryption mechanism that enables exchange of encrypted messages between a subscriber management entity of the SwMI and the user terminal. In the embodied example of Figure 4 the encryption mechanism comprises an encryption algorithm and an encryption key configured to the user terminal. For a person skilled in the art it is clear that a corresponding encryp- tion algorithm needs to be applied in the respective subscriber management entity in the SwMI. Within the scope of protection, the applied encryption may be symmetric or asymmetric. In symmetric encryption parties demonstrate knowledge of secret information that is shared with the parties but not available or derivable without significant effort to a third party. In asymmetric encryption pairs of public-private keys are used to encrypt and decrypt data. In the embodiment of Figure 4, symmetric encryption is utilized. This means that the user terminal is configured with an encryption algorithm and a secret key K. The secret key K can be, for example, the TETRA air interface authentication key of the user terminal. The delivery of TETRA air interface authentication key is, however, very strictly controlled and therefore in some applications use of another key, for example, a second key dedicated for the purpose may be used to allow more simple operations for subscriber management.
Steps 41 for configuration of GSSM , 42 for monitoring the short messages to GSSM and 43 for detecting a received short message correspond to steps 31 to 33 of Figure 3. In this embodiment the payload of the short message is encrypted such that it can only be decrypted with the combination of the encryption algorithm and the encryption key stored in the user terminal. Basically the encryption could be static such that the encryption key itself is used in all encryptions between the SwMI element and the user terminal. In the embodiment of Figure 4 the procedure is enhanced even further by enabling the user terminal to be sure that the information demonstrating the knowledge is not generated by recording and replaying a message from earlier communications. This is achieved by delivering over the air interface only a random number RN1 that is new for every communication instance.
The SwMI entity that sends the message generates a random num- ber RN1 , and feeds it into the encryption algorithm with the secret key of the user terminal. The algorithm results in a session key KS that it uses in encrypting the part of the short message that is considered necessary to be encrypted. When the user terminal in step 43 detects a received short message, it extracts (step 44) the random number that may be included in clear code within the short message, derives using the random number, the encryption algorithm and the encryption key a session key KS (step 45) and uses this to decrypt (step 46) the encrypted part of the payload of the short message. In this embodiment the mechanism to verify the right to consume the content of the message is based on success or failure of the decryptions step. The user terminal checks (step 47) whether the decryption was successful or failed. In case of failure the procedure moves to step 42 for monitoring the incoming short messages for GSSM . In case the message decrypts successfully with the session key KS that is generated from the random number with the individual secret key of the user terminal, the user terminal can be sure that the message was targeted to it and consume it according to a predefined procedure. In this embodiment the procedure comprises configuring the user terminal to use the individual subscriber identity ISSI2 (step 48), and registrate (step 49) to the system as a mobile station capable of two-way communication. The registration includes authentication that provides one additional element for verifying that the individual subscriber identity is used only by a duly authorized user terminal.
The embodiment of Figure 4 enables the advantages of the embodiment described in Figure 3 and in addition increases the security of the procedure. For a person skilled in the art it is clear that elements of embodiments of Figure 3 and Figure 4 can be used separately or in combination. For example, the procedure for over-the-air delivery of individual subscription could comprise both recognition of the recipient with TEI and verification of the right by decrypting a defined part of the message using the individual secret key stored in the user terminal.
Figure 5 illustrates an advantageous embodiment for terminating the use of individual subscriber identity. Figure 5 begins as a continuation to procedures of Figure 3 or Figure 4 or a defined combination of them in the situation where the user terminal has been configured with ISSI2 and operates as a mobile station in the TETRA network. During its normal operation the user terminal conventionally monitors (step 51 ) the MCCH for short messages ad- dressed to ISSI2. When the user terminal according to the invention notices a received short message (step 52), it reads the payload of the message (step 53) and checks it (step 54) for a termination request for terminating the use of ISSI2. If such message is not detected (step 55) the procedure returns back to step 51 to monitor the incoming short messages. In case a message with the termination request is detected (step 55) the user terminal deactivates ISSI2 (step 56) and enters to monitoring state to monitor incoming short messages addressed to the group address GSSM dedicated to over-the-air delivery of individual subscriptions.
The flow chart of Figure 6 illustrates the method according to the in- vention, the steps corresponding to an embodiment for a switching and management infrastructure (SwMI) element. The SwMI element is exemplified with a TETRA SwMI element that comprises an application for managing the individual subscriptions, at least the individual subscriptions that may be delivered over the air. In step 60 the SwMI element is configured with at least one group address GSSM that may be used for delivery of individual subscriber identities. In step 61 the SwMI element is standby for individual subscriber identity re- quests. The request may come, for example, through a user interface from the operator of the SwMI element, or through a network interface from an authorized remote operating point. If such request is detected (step 62) the SwMI element generates a message addressed to GSSM and carrying the individual subscriber identity ISSI2 in its payload. As in the embodiment of Figure 3, into the payload is also comprised the terminal equipment identity TEI1- that enables the user terminal to verify that the message is addressed to it individually and that it is requested to apply the individual subscriber identity included in the message. After sending (step 63) the message, the SwMI element begins to monitor (step 64) through the system whether a mobile station has registered into the system using the ISSI2 it sent in the short message. The monitoring may be implemented, for example, as a repeated query from the home subscriber database, or as a notification from the home subscriber database, sent when the location registration request has been received. Whenever the SwMI element gets a notification on the location registration, or a location registration attempt (step 65), it activates the ISSI2 and thereby enables the two-way communication using ISSI2. The registration includes authentication that provides one additional element for verifying that the individual subscriber identity is used only by a duly authorized user terminal. The flow chart of Figure 7 illustrates another embodiment of the solution of Figure 6. In the method of Figure 7 the security of the individual subscriber identity delivery is again improved by use of encryption. Steps 700 for configuration of GSSM , 710 for monitoring the individual subscriber identity requests and 720 for detecting a request correspond to steps 60 to 62 of Fig- ure 6. As in the embodiment of Figure 4, in this embodiment the payload of the short message is encrypted such that it can only be decrypted with the combination of the encryption algorithm and the encryption key stored in the user terminal. Again, the encryption is based on a random number RN1 that is new for every communication instance and can be delivered to the user terminal in TETRA in clear code.
The SwMI element has access to the secret key of the user terminal, or has access to another SwMI, for example a trusted party, to which it can send the payload with the random seed for encryption. Thus, the SwMI element generates a random number RN1 , and, either itself or subcontracted to another element, feeds RN1 into the encryption algorithm with the secret key of the destination user terminal. The algorithm results in a session key KS (step 725). This session key is used to encrypt (step 730) the part of the short message that is considered necessary to be delivered under secrecy. SwMI entity addresses the short message to GSSM , and sends it (step 735) as a conventional group addressed short message over the radio interface. At sending the short message, the SwMI element may also initiate (step 740) a timer TIM that measures the time between sending of the short message to GSSM and a possible response by the user terminal. Accordingly, as in the embodiment of Figure 6, the SwMI element begins to monitor (step 745) through the system whether a mobile station has registered into the system, for example by making a location registration using the ISSI2. If the timer expires (step 750) before the user terminal registers using ISSI2, the delivery is considered unsuccessful and the SwMI element moves back step 710 to monitor for further requests. If a location registration request using ISSI2 is received (step 755) before the expiry of the timer, SwMI element activates (step 760) the ISSI2, which allows the user terminal to be used as a mobile station capable of two-way communication with rights assigned to ISSI2.
For a person skilled in the art it is clear that also elements of embodiments of Figure 6 and Figure 7 can be used separately or in combination. For example, the procedure of Figure 6 may be complemented with a timer. Also the over-the-air delivery of individual subscription may comprise both recognition of the recipient with TEI and verification of the right by decrypting a defined part of the message using the individual secret key stored in the user terminal. Additionally, TEI may also be used to complement the procedure in other ways, for example to provide a checksum for the encryption. Implemen- tation of termination of the use of individual subscriber identity in the payload of a short message addressed to ISSI2 in a SwMI element is clear to a person skilled in the art from the description of the corresponding functionality when embodied in a user terminal.
In the described embodiments the subscriber identity used for re- ceiving the short message is a group identity. This is an advantageous arrangement in respect of use of main control channel capacity because a pay- load with variable contents can in this way be delivered to several potential recipients with a shared radio resource. However, for a person skilled in the art it is clear that also a predefined individual subscriber identity may also be used for delivering the configurable individual subscriber identity without deviating from the scope of protection. For example, a group of user terminals can be configured with a first individual subscriber identity and all such user terminals monitor for short messages addressed to that particular individual subscriber identity. When they have received the short message and adopted the second individual subscriber identity, they deactivate the first individual subscriber identity.
Figure 8 illustrates a further embodiment that serves to optimize the use of main control channel resource for delivery of the individual subscriber identity. The total coverage area of the system may be divided into more than one subareas (SA), each of which associated with a different GSSIx through which the new individual subscriber identities may be delivered. In the example of Figure 8 the total coverage area 80 is divided into three subareas SA1 81 , SA2 82, and SA3 83 where the group addresses for delivering individual subscriber identities are GSSM , GSS2, and GSS3, respectively. In the embodied system, the user terminals that are designed to use the individual subscriber identity delivery method disclosed herein are configured with at least two, but preferably with all of the above mentioned group addresses GSSM , GSS2, and GSS3. An operator managing the pool of allocatable individual subscriber identities typically has some knowledge about the probabilities to locate a particular user terminal in a particular subarea. For example, the operator may recognize the user terminal to belong to a metropolitan fleet and may therefore well presume that the most potential subarea for reaching the user terminal is SA2 that covers the respective city centre. According to the invention, the operator first attempts to deliver the dynamic individual subscriber identity in a short message addressed to respective GSSI2 and delivered only in the subarea SA2. As disclosed in the embodiment of Figure 7, the operator may wait for the location registration by the targeted user terminal, for example until the timer expires and then move on to attempt delivery of the dynamic individual subscriber identity in a short message addressed to another group identity and in another subarea. Advantageously, the second choice is the one with the sec- ond largest probability of reaching the targeted user terminal. The procedure may be continued by moving to less probable subareas until the user terminal responds by registering to the system or until all subareas have been attempted. This sectorized delivery optimizes the use of main control channel resource. Main control channel is a critical but very easily congested resource whose use typically has to be optimized in any possible situation. Figure 9 illustrates a further embodiment of the invention where the power consumption of the user terminal in monitoring mode is optimized without compromising the expedient operation of the invented method of delivering the dynamic individual subscriber identity. Figure 9 illustrates consecutive downlink frames F1 , F2, F3, ...of the embodied radio interface, and the corresponding level of power consumption in the receiver of the user terminal. The illustrated power levels are 0 and P, where 0 denotes a sleep mode where the receiver is substantially switched off, and P denotes the power level of the receiver in a reception mode where the receiver in operational and able to re- ceive transmissions from the SwMI. Each of the frames comprises timeslot (denoted with X) to which a control channel through which the delivery of the dynamic individual subscriber identity is implemented is mapped. In the earlier example of TETRA systems, each TETRA air interface frame comprises a main control channel, which the user terminal listens to. Even though one of the objectives of the invented method is to achieve quick configuration of the dynamic individual subscriber identity, some delay to the delivery of the individual subscriber identity may be accepted in order to enable user terminals with longer standalone periods, i.e. periods of operation without a possibility to charge the batteries. It has been noted that the cycles of the TETRA frames are so rapid that some frames could be missed and still the time of delivery is significantly improved in comparison to the conventional methods. Figure 9 illustrates an arrangement where delivery of short messages carrying dynamic individual subscriber identity is assigned to timeslots predefined frames F1 , F4,... In Figure 9 timeslots assigned for control channel, and especially for delivery of short messages carrying dynamic individual subscriber identity are denoted with circled X and timeslots assigned to control channel but not to delivery of short messages carrying dynamic individual subscriber identity with plain X. Correspondingly, the user terminal that is in monitoring mode and operates only in downlink direction is configured to operate the receiver on power level P.
It will be obvious to a person skilled in the art that, as the technology advances, the inventive concept can be implemented in various ways. The invention and its embodiments are not limited to the examples described above but may vary within the scope of the claims.

Claims

1. A method for a user terminal, comprising receiving in the user terminal a message accessible via using a group subscriber identity, deriving from the payload of the message an individual subscriber identity, and verification means for verifying the right of the user terminal to use the individual subscriber identity; verifying the right of the user terminal to use the individual subscriber identity with the verification means provided in the message; and in response to a successful verification, taking the individual subscriber identity into use in the user terminal.
2. A method according to claim 1, characterized by: storing in the user terminal a stored terminal equipment identifier; receiving in the payload of the message a received terminal equip- ment identifier; verifying the right to use the individual subscriber identity successful when the stored terminal equipment identifier and the received terminal equipment identifier match.
3. A method according to claim 1 or 2, characterized by: receiving the message such that at least the part of the payload comprising the individual subscriber identity is encrypted; attempting to decrypt the encrypted part of the payload; verifying the right to use the individual subscriber identity successful when the decryption of the encrypted part of the payload succeeds.
4. A method according to claim 3, characterized by: storing to the user terminal a stored encryption algorithm and a stored encryption key; attempting to decrypt the encrypted part of the payload with the stored encryption algorithm using the stored encryption key.
5. A method according to claim 4, characterized by computing with the stored encryption algorithm and the stored encryption key a session key; attempting to decrypt the encrypted part of the payload using the computed session key key.
6. A method according to claim 4 or 5, characterized by using as the stored encryption key an air interface encryption key of the user terminal.
7. A method according to claim 4 or 5, characterized by us- ing as the stored encryption key an encryption key that is different from the air interface encryption key of the user terminal.
8. A method according to claim 7, characterized by using as the stored encryption key a private key of the user terminal, the private key being applicable in asymmetric encryption algorithm between the user terminal and a switching and management infrastructure responsible of the individual subscriber identities.
9. A method according to claim 1 , characterized by receiving the message in a control channel delivered in defined timeslots of consecutive air interface frames; switching the user terminal to a sleep mode for periods between the defined timeslots.
10. A method according to claim 1 , characterized by receiving a request to deactivate the individual subscriber identity in a payload of a short message addressed to the individual subscriber identity; and deactivating the individual subscriber identity in the user terminal.
11. A method according to claim 1 , characterized by configuring the user terminal with a monitoring mode such that in the monitoring mode the user terminal is able to receive downlink messages through the group subscriber identity, but not able to communicate in the uplink direction with the switching and management infrastructure.
12. A method according to claim any of claims 1 to 11, character i z e d in that the message is a short message addressed to the group subscriber identity or a broadcast message accessible via using the group subscriber identity.
13. A method for a network element, comprising generating a message accessible to user terminals via using a group subscriber identity, the payload of the message comprising an individual subscriber identity, and the message being provided with verification means for verifying the right of one user terminal to use the individual subscriber identity.
14. A method according to claim 13, characterized by: receiving a message from a user terminal that has verified its right to use the individual subscriber identity; activating the individual subscriber identity in response to receiving the message.
15. A method according to claim 13, characterized by encrypting at least a part of the payload that includes the individual subscriber identity.
16. A method according to claim 15, characterized by: storing in the network element an encryption algorithm and an encryption key of the targeted user terminal; encrypting the part of the payload comprising the individual subscriber identity with the stored encryption algorithm using the stored encryption key of the targeted user terminal.
17. A method according to claim 16, characterized by computing with the stored encryption algorithm and the stored encryption key a session key; encrypting the part of the payload comprising the individual subscriber identity using the computed session key.
18. A method according to claim 16 or 17, characterized by using as the encryption key an air interface encryption key of the user terminal.
19. A method according to claim 16 or 17, characterized by using as the encryption key an encryption key that is different from the air interface encryption key of the user terminal.
20. A method according to claim 19, characterized by using as the encryption key a public key of the user terminal, the public key being applicable in asymmetric encryption algorithm between the user terminal and the network element.
21. A method according to claim 13, characterized by configuring the network equipment with more than one group subscriber identities, each group subscriber identity corresponding to a separate geographical area; sending the message carrying the individual subscriber identity addressed to a first group identity; waiting for a defined period for a response from a defined user terminal; sending the message carrying the individual subscriber identity addressed to second group identity, in response to not receiving a response from the defined user terminal within the defined period.
22. A method according to claim 21, characterized by determining for the group identities the likelihood of the user to locate in a geographic area corresponding to a group identity; and sending the messages to group identities in the order of the determined likelihoods.
23. A method according to claim 13, characterized by sending the message in a control channel delivered in defined time- slots of consecutive air interface frames.
24. A method according to claim 13, characterized by sending a request to deactivate the individual subscriber identity in a payload of a message addressed to the individual subscriber identity.
25. A method according to claim any of claims 12 to 24, c h a r a c - t e r i z e d in that the message is a short message addressed to the group subscriber identity or a broadcast message accessible via using the group subscriber identity.
26. A user terminal comprising interface means for receiving a message accessible via using a group subscriber identity; and processing means for deriving from the payload of the message an individual subscriber identity and verification means for verifying the right of the user terminal to use the individual subscriber identity; the processing means being further adapted to verify the right of the user terminal to use the individual subscriber identity with the verification means provided in the message; and in response to a successful verification, take the individual subscriber identity into use.
27. A user terminal according to claim 26, characterized by: memory means comprising a stored terminal equipment identifier; and the processing means being adapted to derive from the payload of the message a received terminal equipment identifier and successfully verify the right to use the individual subscriber identity when the stored terminal equipment identifier and the received terminal equipment identifier match.
28. A user terminal according to claim 26, characterized by the processing means being adapted to receive the message such that at least the part of the payload comprising the individual subscriber identity is encrypted; attempt to decrypt the encrypted part of the payload; successfully verify the right to use the individual subscriber identity when the decryption of the encrypted part of the payload succeeds.
29. A user terminal according to claim 28, characterized by: memory means for storing an encryption algorithm and an encryp- tion key; the processing means being adapted to attempt to decrypt the encrypted part of the payload with the stored encryption algorithm using the stored encryption key.
30. A user terminal according to claim 28 or 29, character- ized by the processing means being adapted to compute with the stored encryption algorithm and the stored encryption key a session key; attempt to decrypt the encrypted part of the payload using the computed session key.
31. A user terminal according to claim 28 or 29, characterized by the stored encryption key being an air interface encryption key of the user terminal.
32. A user terminal according to claim 28 or 29, characterized by the stored encryption key being an encryption key that is different from the air interface encryption key of the user terminal.
33. A user terminal according to claim 32, characterized by the stored encryption key being a private key of the user terminal, the private key being applicable in asymmetric encryption algorithm between the user terminal and a network element responsible of the individual subscriber identi- ties.
34. A user terminal according to claim 26, characterized by the interface means being configured to receive the message comprising the individual subscriber identity in a control channel delivered in defined timeslots of consecutive air interface frames; and the interface means being configured to a sleep mode for periods between the defined timeslots.
35. A user terminal according to claim 26, characterized by the interface means being adapted to receive a request to deactivate the individual subscriber identity in a payload of a message addressed to the individual subscriber identity; and the processing means being adapted to deactivate the individual subscriber identity in the user terminal in response to a received request.
36. A user terminal according to claim 26, characterized by the user terminal being configured with a monitoring mode such that in the monitoring mode the user terminal is able to receive downlink messages through the group subscriber identity, but not able to communicate in the uplink direction with the switching and management infrastructure.
37. A user terminal according to claim any of claims 26 to 36, characterized in the message is a short message addressed to the group subscriber identity or a broadcast message accessible via using the group subscriber identity.
38. A network element, comprising processing means for generating a message, the payload of the message including an individual subscriber identity and verification means for verifying the right of the user terminal to use the individual subscriber identity; and interface means for sending the generated message to a defined group subscriber identity.
39. A network element according to claim 38, characterized by the interface means being configured to receive a message from user terminal that has verified its right to use the individual subscriber identity; the processing means being configured to activate the individual subscriber identity in response to the received message.
40. A network element according to claim 38, characterized by the processing means being configured to encrypt at least part of the pay- load including the individual subscriber identity.
41. A network element according to claim 40, characterized by memory means storing an encryption algorithm and an encryption key of a targeted user terminal; the processing means being adapted to encrypt the part of the pay- load comprising the individual subscriber identity with the stored encryption algorithm using the stored encryption key of the targeted user terminal.
42. A network element according to claim 41, characterized by the processing means being adapted to compute with the stored encryption algorithm and the stored encryp- tion key a session key; encrypt the part of the payload comprising the individual subscriber identity using the computed session key.
43. A network element according to claim 41 or 42, characterized by the encryption key being an air interface encryption key of the user terminal.
44. A network element according to claim 41 or 42, characterized by the encryption key being an encryption key that is different from the air interface encryption key of the user terminal.
45. A network element according to claim 44, characterized by the encryption key being a public key of the user terminal, the public key being applicable in asymmetric encryption algorithm between the user terminal and the network element.
46. A network element according to claim 38, characterized by memory means comprising more than one group subscriber identities, each group subscriber identity corresponding to a separate geographical area; the processing means being configured to send a message carrying the individual subscriber identity ad- dressed to a first group identity; wait for a defined period for a response from a defined user terminal; send a message carrying the individual subscriber identity addressed to second group identity, in response to not receiving a response from the defined user terminal within the defined period.
47. A network element according to claim 46, characterized by the processing means being configured to determine for the group identities the likelihood of the user to locate in a geographic area corresponding to a group identity; and send the messages to group identities in the order of the determined likelihoods.
48. A network element according to claim 38, c h a r a c t e r i z e d by the interface means being adapted to send the message in a control channel delivered in defined timeslots of consecutive air interface frames.
49. A network element according to claim 38, c h a r a c t e r i z e d by the processing means being configured to send a request to deactivate the individual subscriber identity in a payload of a message addressed to the individual subscriber identity.
50. A network element according to claim any of claims 38 to 49, c h a r a c t e r i z e d in that the message is a short message addressed to the group subscriber identity or a broadcast message accessible via using the group subscriber identity.
51. A communication system comprising a user terminal according to any of claims 26 to 37 and a network element according to any of claims 38 to 50.
52. A method for a communication system, comprising generating in a network node a message accessible to user terminals by using a group subscriber identity, the payload of the message comprising an individual subscriber identity, and the message being provided with verification means for verifying the right of one user terminal to use the individual subscriber identity; receiving the message in the user terminal using the group subscriber identity, deriving in the user terminal from the payload of the message an individual subscriber identity, and verification means for verifying the right of the user terminal to use the individual subscriber identity; verifying the right to use the individual subscriber identity with the verification means provided in the message; and in response to a successful verification, taking the individual subscriber identity into use in the user terminal.
53. A computer program distribution medium readable by a computer and encoding a computer program of instructions for executing a computer process; the process comprising the steps of any of methods of claim 1 to 25, or of claim 52.
EP08775507A 2007-06-25 2008-06-23 Delivery of subscriber identity information Withdrawn EP2171962A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI20075484A FI121256B (en) 2007-06-25 2007-06-25 Transport of subscriber identity information
PCT/FI2008/050382 WO2009000968A2 (en) 2007-06-25 2008-06-23 Delivery of subscriber identity information

Publications (1)

Publication Number Publication Date
EP2171962A2 true EP2171962A2 (en) 2010-04-07

Family

ID=38212455

Family Applications (1)

Application Number Title Priority Date Filing Date
EP08775507A Withdrawn EP2171962A2 (en) 2007-06-25 2008-06-23 Delivery of subscriber identity information

Country Status (6)

Country Link
EP (1) EP2171962A2 (en)
KR (1) KR101532401B1 (en)
CN (1) CN101790877B (en)
FI (1) FI121256B (en)
RU (1) RU2010102222A (en)
WO (1) WO2009000968A2 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101048017B1 (en) 2009-08-17 2011-07-13 이화여자대학교 산학협력단 How to restrict service delivery based on your users
FR2959087B1 (en) * 2010-04-20 2012-09-21 Eads Defence & Security Sys METHOD FOR CONFIGURING IDENTIFICATION MODULES OF USERS OF A TELECOMMUNICATION NETWORK
US9179303B2 (en) * 2010-11-17 2015-11-03 Qualcomm Incorporated Methods and apparatus for transmitting and receiving secure and non-secure data

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FI114180B (en) * 2001-06-12 2004-08-31 Nokia Corp Improved method and device arrangement for encrypting data transmission at the interface of the radio network terminal equipment and such terminal equipment
FI20020160A (en) * 2002-01-29 2003-07-30 Nokia Corp Cell reselection in a cellular radio network
GB2393613B (en) * 2002-09-30 2005-06-01 Motorola Inc Mobile communications methods systems processor and terminals
US7721104B2 (en) * 2003-10-20 2010-05-18 Nokia Corporation System, method and computer program product for downloading pushed content
GB2416279B (en) * 2004-07-16 2009-02-11 Motorola Inc A cellular communication system, a communication unit and a method of call initiation therefor
GB2423887B (en) * 2005-03-01 2007-05-30 Motorola Inc Wireless communication systems and apparatus and methods and protocols for use therein

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2009000968A2 *

Also Published As

Publication number Publication date
FI121256B (en) 2010-08-31
KR101532401B1 (en) 2015-06-30
WO2009000968A3 (en) 2009-05-22
CN101790877A (en) 2010-07-28
CN101790877B (en) 2015-07-22
KR20100028651A (en) 2010-03-12
RU2010102222A (en) 2011-08-10
FI20075484A0 (en) 2007-06-25
WO2009000968A2 (en) 2008-12-31
FI20075484A (en) 2008-12-26

Similar Documents

Publication Publication Date Title
FI116603B (en) A method for handling a key for two-way communication
KR0181566B1 (en) Method and apparatus for efficient real-time authentication and encryption in a communication system
AU691802B2 (en) Authentication key entry in cellular radio system
KR101877733B1 (en) Method and system of securing group communication in a machine-to-machine communication environment
US8108002B2 (en) Communication apparatuses equipped with more than one subscriber identity card and capable of providing reliable communication quality
US8064957B2 (en) Communication apparatuses for handling apparatus terminated or originated communication requests with increased communication capability and methods thereof
CN108011715B (en) Key distribution method, related equipment and system
WO2011032605A1 (en) Method and device for processing data in a wireless network
WO2018125593A1 (en) Open access points for emergency calls
JPH08195741A (en) Identifier ciphering method in radio communication
US8230218B2 (en) Mobile station authentication in tetra networks
AU1970699A (en) Procedure and system for the processing of messages in a telecommunication system
KR20100087023A (en) End-to-end encrypted communication
RU2316143C2 (en) Cryptographic method and system for limiting mobility in radio networks
CN1168331C (en) System and method of communicating encrypted group broadcast messages
CN1349723A (en) Authentication methods for cellular communicaltions systems
KR19990029103A (en) How to Switch Between PCS Authentication Methods
EP2171962A2 (en) Delivery of subscriber identity information
CN105025471A (en) Called terminal, calling terminal, voice communication method and system
KR20120037422A (en) Method and system for identifying compromised nodes
SK7505Y1 (en) System for secure transmission of voice communication via the communication network and method for secure transmission of voice communication
CN105025476B (en) A kind of mobile encrypted communication mechanism of space-time separation
GB2458102A (en) Providing authorised access to a cellular communication network (100) via an access point using the transmitted identification of wireless communication units
KR20080002095A (en) System for safety using voip receiver call number and thereof
EP0930795A1 (en) Method for authentication of a mobile subscriber in a telecommunication network

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20100118

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA MK RS

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: CASSIDIAN FINLAND OY

DAX Request for extension of the european patent (deleted)
17Q First examination report despatched

Effective date: 20140708

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20170103