GB2458102A - Providing authorised access to a cellular communication network (100) via an access point using the transmitted identification of wireless communication units - Google Patents

Providing authorised access to a cellular communication network (100) via an access point using the transmitted identification of wireless communication units Download PDF

Info

Publication number
GB2458102A
GB2458102A GB0803877A GB0803877A GB2458102A GB 2458102 A GB2458102 A GB 2458102A GB 0803877 A GB0803877 A GB 0803877A GB 0803877 A GB0803877 A GB 0803877A GB 2458102 A GB2458102 A GB 2458102A
Authority
GB
United Kingdom
Prior art keywords
wireless communication
cell
access
network
request message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0803877A
Other versions
GB0803877D0 (en
GB2458102B (en
Inventor
David Neil
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
IP Access Ltd
Original Assignee
IP Access Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by IP Access Ltd filed Critical IP Access Ltd
Priority to GB0803877A priority Critical patent/GB2458102B/en
Publication of GB0803877D0 publication Critical patent/GB0803877D0/en
Publication of GB2458102A publication Critical patent/GB2458102A/en
Application granted granted Critical
Publication of GB2458102B publication Critical patent/GB2458102B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04Q7/30
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/08Access point devices

Abstract

The access point comprises transceiver circuitry (155) arranged to enable a connection to be established with one or more wireless communication units (114) located within the communication cell (150), and signal processing logic (165). The signal processing logic (165) is arranged to receive a connection request message from a wireless communication unit (114), the connection request message comprising information identifying the wireless communication unit (114) e.g. the IMSI (International Mobile Subscriber Identity), TMSI (International Mobile Subscriber Identity), IMEI (International Mobile Equipment Identity) or data cryptographically defined from one of these device identification numbers, and to determine whether the wireless communication unit (114) is authorised to connect to the cellular communication network (100) via the communication cell (150), based on the information identifying the wireless communication unit (114). The cryptographic derivation may be based upon a secure hash algorithm or a message digest algorithm. Encrypting the transmitted identification helps maintain device security.

Description

METHOD ND APPARATUS FOR PROVIDING ACCESS TO A CELLULAR
CO(UNICAT ION NETWORK
Field of the invention
The field of the invention relates to a method and
apparatus for providing access to a cellular communication network, and more particularly to a method and apparatus for providing access to a cellular communication network via an access point for a femto-cell.
Background of the Invention
Wireless communication systems, such as the 3 Generation (3G) of mobile telephone standards and technology, are well known. An example of such 3G standards and technology is the Universal Mobile Telecommunications System (UMTS), developed by the 3d Generation Partnership Project (3GPP) (www.3gpp.org) Typically, wireless communication units, or User Equipment (UE) as they are often referred to in 3G parlance, communicate with a Core Network (CN) of the 3G wireless communication system via a Radio Network Subsystem (RNS) . A wireless communication system typically comprises a plurality of radio network subsystems, each radio network subsystem comprising one or more cells to which USs may attach, and thereby connect to the network.
The 3 generation of wireless communications has been developed for macro-cell mobile phone communications.
Such macro cells utilise high power base stations (NodeBs in 3GPP parlance) to communicate with UEs within a relatively large coverage area.
Lower power (and therefore smaller coverage area) femto-cells or p1cc-cells are a recent development within the field of wireless cellular communication systems. Femto-cells or p1cc-cells (with the term femto-cells being used hereafter to encompass p1cc-cells or similar) are effectively communication coverage areas supported by low power base stations (otherwise referred to as Access Points (APs)) . These femto cells are intended to be able to be piggy-backed onto the more widely used macro-cellular network and support communications to UEs in a restricted, for example in-building', environment.
In this regard, a femto cell that is intended to support communications according to the 3GPP standard will hereinafter be referred to as a 3G femto cell.
Similarly, an access controller intended to support communications with a low power base station in a femto cell according to the 3GPP standard will hereinafter be referred to as a 3 generation access controller (3G AC) Similarly, an Access Point intended to support communications in a femto cell according to the 3CPP standard will hereinafter be referred to as a 3rI Generation Access Point (3G AP) Typical applications for such femto-cell APs include, by way of example, residential and commercial (e.g. office) locations, hotspots', etc, whereby an AP can be connected to a core network via, for example, the Internet using a broadband connection or the like. In this manner, femto-cells can be provided in a simple, scalable deployment in specific in-building locations where, for example, network congestion at the macro-cell level may be problematic.
Typically, each femto-cell AP is owned by a member of the public, as opposed to a Network Operator, and the owner of the femto-cell AP pays for the network resources, such as Digital Subscriber Line (DSL) bandwidth, used by the femto-cell. As a result, it is undesirable for unauthorised UEs to use the femto-cell as it will result in the owner paying for the network resources utilised by an unauthorised user. Accordingly, it is desirable for an owner of a 3G AP to be able to control which UEs are able to access the network via the femto-cell.
In order for the 3G AP to perform access control, the 3G AP needs to be able to identify any UE attempting to connect to it.
In a traditional macro-cellular network, since base stations (Node Bs) are generally owned and operated by the Network Operator, it has not been necessary to provide cell level access control. Instead, access control is provided on a network level basis.
Consequently, UE identification at a cellular level has not been provided for within existing cellular communication systems. Thus, it is known that Network Operators are able to bar' individual Node-Bs and thereby stop all UEs accessing the Node-B. However, the Network Operators do not have a mechanism for allowing some UEs and blocking other UBs on a cellular level.
Support of Localised Service Area (S0LSA) was developed by 3GPP to provide cell level access control. However, S0LSA required modifications to be made at many levels within the network, including within the core network and the access network, as well as within UEs themselves.
Accordingly, S0LSA has riot been adopted by the manufacturers of UEs or network elements.
One method of identifying a UE attempting to connect to a cell, which has been proposed for use in 3GPP femto-cells, is for the 3G AP to send a Mobility Management (MM) Identity Request message, asking the UE for its International Mobile Subscriber Identity (]IMSI) number.
When the UE responds, the 3G AP can check the IMSI against a stored access control list and decide whether a UE associated with the IMSI is authorised to access the femto-cell.
However, a problem with this proposed solution is that, in the 3GPP standards, the MM Identity Request message is only ever sent from the core network (CN); it is never sent from the access network (femto-cell 3G AP or 3G AC) Although it may be possible to identify a UE in the manner proposed above, it is a misuse of the 3GPP standards, and in particular of the Mobility Management mechanism, which in itself is undesirable.
Another problem with this mechanism is that the IMSI is considered to be a secure identity, and the transmission of this information should be minimised. Since this approach causes a UE to transmit its IMSI each time it attempts to access the cell, it is an inherently undesirable solution.
Thus, there exists a need for a method and apparatus for providing improved access to a cellular communication network.
Summary of the Invention
Accordingly, the invention seeks to mitigate, alleviate or eliminate one or more of the abovementioned disadvantages, singly or in any combination.
According to a first aspect of the invention, there is provided an access point for providing access to a cellular communication network via a communication cell.
The access point comprises transceiver circuitry arranged to enable a connection to be established with at least one wireless communication unit located within the communication cell, and signal processing logic. The signal processing logic is arranged to receive a connection request message from the at least one wireless communication unit, the connection request message comprising information identifying the at least one wireless communication unit, and to determine whether the at least one wireless communication unit is authorised to connect to the cellular communication network via the communication cell, based on the information identifying the at least one wireless communication unit. The signal processing logic is further arranged, if the wireless communication unit is authorised to connect to the cellular communication network via the communication cell, to establish a connection with the wireless communication unit. If the wireless communication unit is not authorised to connect to the cellular communication network via the communication cell, the signal process.ng logic declines to establish a connection with the wireless communication unit.
In this manner, the access point is provided with the ability to control access to the communication network via the, or each, communication cell provided by the access point. By providing such access control at the cellular level, the owner of the access point is able to selectively control whether particular wireless communication units are able to access the communication network via the communication cell (s) . Thus, the owner is able to substantially prevent unauthorised access to the network via the access point, and thus substantially preventing the owner having to pay for unauthorised communication network resource usage.
According to a second aspect of the invention, there is provided a method for providing access to a cellular communication network via a communication cell. The method comprises receiving a connection request message from a wireless communication unit, the connection request message comprising information identifying the wireless communication unit, and determining whether the wireless communication unit is authorised to connect to the cellular communication network via the communication cell, based on the information identifying the wireless communication unit. The method further comprises the steps of, if the wireless communication unit is authorised to connect to the cellular communication network via the communication cell, establishing a connection with the wireless communication unit, or, if the wireless communication unit is not authorised to connect to the cellular communication network via the communication cell, declining to establish a connection with the wireless communication unit.
According to a third aspect of the invention, there is provided a wireless communication system adapted to support the ahovementioned method for providing access to a cellular communication network via a communication cell.
According to a fourth aspect of the invention there is provided a computer-readable storage element having computer-readable code stored thereon for programming signal processing logic to perform the aforementioned method for providing access to a cellular communication network via a communication cell.
These and other aspects, features and advantages of the invention will be apparent from, and elucidated with reference to, the embodiments described hereinafter.
Brief Description of the Drawings
Embodiments of the invention will be described, by way of example only, with reference to the accompanying drawings, in which: FIG. 1 illustrates an example of part of a cellular communications network adapted in accordance with some embodiments of the invention; FIG. 2 illustrates an example of a message sequence chart for an authorised wireless communication unit requesting a connection with an access point in accordance with some emhodiments.of the invention; FIG. 3 illustrates an example of a message sequence chart for an unautt�^orised wireless communication unit requesting a connection with' an access point in accordance with some embodiments of the invention; FIG. 4 illustrates a simplified flowchart of a method for providing access to a cellular communication network via a communication cell according to some embodiments of the invention; FIG. 5 illustrates a simplified flowchart of a method of accessing a network via a communication cell according to some embodiments of the invention; and FIG. 6 illustrates a typical computing system that may be employed to implement signal processing functionality in embodiments of the invention.
Detailed Description of Embodiments of the Invention Referring now to the drawings, and in particular FIG. 1, an example of part of a 3rd Generation Partnership Project (3GPP) network, adapted in accordance with some embodiments of the invention, is illustrated and indicated generally at 100. In FIG. 1, there is illustrated an example of a cellular communication system 100 combining macro cells 185 and femto-cells 150 in accordance with one embodiment of the invention. For the embodiment illustrated in FIG. 1, the cellular communication system 100 comprises two distinct radio network sub-system (RNS) architectures to handle the respective macro cell and femto-cell communications. In the macro cell scenario, the macro cell RNS comprises a radio network controller (RNC) 136 operably coupled to a Node B 124 for providing a macro cell. The RNC 136 is further operably coupled to a core network element 142, such as a serving GPRS support node (SGSN)/mobile switching centre (MSC), as known.
In a femto-cell scenario, a 3G femto cell RNS 110 comprises a network element in a form of a 3G Access Point (3G AP) 130, and a controller in a form of an 3G Access controller (3G AC) 140. As will be appreciated by a skilled artisan, a 3G Access Point, such as 3G AP 130, is a communication element that provides access to a cellular communication network via a communication cell, such as a femto-cell 150. One application is that a 3G AP 130 may be purchased by a member of the public and installed in their home. The 3G AP 130 may then be connected to a 3G Access controller 140 via a publicly or commercially available communication medium, such as via the Internet over the owner's broadband Internet connection 160.
Thus, a 3G AP 130 is a scalable, multi-channel, two-way communication device that may be provided within, say, residential arid commercial (e.g. office) locations, hoLspots' etc, to extend or improve upon network coverage within those locations. Although there are no standard criteria for the functional components of a 3G AP, an example of a typical 3G AP for use within a 3GPP system may comprise some aspects of Node-B functionality and some aspects of radio network controller (RNC) 136 -10 -functionality. The 3G AP 130 further comprises radio frequency (RF) transceiver circuitry 155 arranged to enable a connection to be established with one or more wireless communication units located within Lhe communicaLion cell 150; such as User Equipment (UE) 114, via a wireless intLerface (Uu) The 3G Access Controller 140 may be coupled to the core network (CN) 142 via an lu interface as shown. In this manner, the 3G AP 130 is able to provide voice and data services to a cellular handset, such as UE 114, in a femto-cell in the same way as a conventional Node-B, but with the deployment simplicity of, for example, a Wireless Local Area Network (WLAN) access point.
The US 114 is a wireless communication unit comprising signal processing logic 118 and transceiver circuitry 116 arranged to transmit and receive signals. As would be appreciated by a skilled person, UE 114 comprises numerous other functional and logical elements to support wireless communications and functionality, which will not be described further herein.
As previously mentioned, a femto-cell AP, such as 3G AP 130 is typically owned by a member of the public, as opposed to a network operator, and the owner of the femto-cell AP pays for the network resources, such as Digital Subscriber Line (DSL) bandwidth, used by the femto-cell. As a result, it is undesirable for unauthorised UEs to use the femto-cell as it will result in the owner paying for the resources utilised.
Therefore, it is desirable for an owner of the femto-cell -11 - 3G AP to be able to control those UEs that are able to access the network via the femto-cell.
Thus, and in accordance with some embodiments of the invention, signal processing logic 165 of 3G AP 130 is arranged to receive a connection request message from a wireless communication unit, such as UE 114. The connection request message comprises information identifying the UE 114. Upon receipt of such a connection request message, the signal processing logic is further arranged to determine whether the UB 114 is authorised to connect to a cellular communication network, which for the illustrated embodiment comprises 3GPP network 100, via the communication cell 150 provided by the 3G AP 130.
Thus, determination is based upon the information identifying the UE 114. For example, the signal processing logic 165 may compare the received identification information with information stored within memory element 170 of 3G AP 130. If it is determined that the UE 114 is authorised to connect to the network via the communication cell 150, the signal processing logic 165 is arranged to establish a connection with the UE 114. Conversely, if it is determined that the UB 114 is not authorised to connect to the network 100 via the communication cell 150, the signal processing logic 165 is arranged to decline to establish a connection with the tiE 114.
In this manner, the 3G AP 130 is provided with an ability to control access to the network via the communication cell supported by the 3G A? 130. By providing such -12 -access control at the cellular level by an 3G AP 130, the owner of the AP 130 is able to selectively control those wireless communication units that access the femto cell network via the communication cell(s) supported by the 3G AP 130. Thereby, the owner of the 3G AP 130 is able to substantially prevent unauthorised access to the network via the 3G AP 130, and thus substantially prevent the owner having to pay for unauthorised network resource usage.
FIG. 2 illustrates an example of a message sequence chart for an authorised US 114 requesting a connection with a 3G AP 130 according to some embodiments of the invention. The US 114 initiates the establishment of a connection by sending a Connection Request message to the 3G AP 130. For the embodiment illustrated in FIG. 2, the Connection Request message comprises a Radio Resource Control (RRC) connection request message 210. The RRC protocol is defined in the Universal Mobile Telecommunications System (UMTS) Radio Resource Control (RRC) Protocol specification (3GPP TS 25.331), and forms part of the network layer between the US 114 and the UMTS Terrestrial Radio Access Network (UTRAN) Upon receipt of the RRC Connection Request Message 210, the 3G AP 130 determines whether the UE 114 requesting that the connection is authorised.
As previously mentioned, the connection request message comprises information that identifies the UE 114 requesting the connection. As is well known in the art, an RRC Connection Message comprises an Initial UE Identity' Information Element IE, the purpose of which is -13 -to provide a unique UE identification at the establishment of an RRC connection. The type of identification provided within the Initial UE Identity' IS Js determined as follows: (i) If available, the Temporary Mobile Subscriber Identity (TMSI) is chosen for the Initial UE Identity'; (ii) If no TMSI is available, the Packet (P-) TMSI is chosen for the Initial US Identity'; (iii) If no TMSI or P-TMSI is available the International Mobile Subscriber Identity (IMSI) is chosen for the Initial UE Identity'; or (iv) If none of the above is available, the International Mobile Equipment Identity (IMEI) shall be chosen for the Initial US Identity' The TMSI is a randomly allocated number that is provided to a US by the network, when the UE is switched on and connects to the network. The TMSI is the identity that is most commonly sent between the UE and the network, and is used for services provided through Mobile Switching Centres (MSCs) The P-TMSI, like the TMSI, is a randomly allocated number that is given to the US by the network, and is used for services provided through Serving GPRS (General Packet Radio Service) Support Nodes (SGSNs) The IMSI is a unique number associated with each user of the network, and provides a mechanism by which a user can be identified, for example for the purposes of billing, service subscription, etc. Typically, the IMSI is stored within a Subscriber Identity Module (SIM) -14 -The IMEI is a number unique to each wireless communication device, and provides a mechanism by which a UF may he identified, for example for the purposes of tracking stolen devices, etc. As will be appreciated by a ski1ed artisan, the Initial UE Identity' IE within the connection request message will typically comprise the TMSI or P-TMSI. However, Node-Bs and 3G APs are not provided with information associating TMSIs to specific UE5. Accordingly, the 3G AP 130 is not able to identify a UE based on its TMSI, and therefore is generally unable to identify a UE based on the information provided within the Initial UE Identity' IE.
Thus, according to some embodiments of the invention, the RRC Connection Request Message may be adapted to comprise information identifying the UE other than the Initial UE Identity' IE. For example, the RRC Connection Request may be adapted to comprise a further IE in which the information identifying the UE is provided.
In accordance with some embodiments of the invention, the information identifying the UE comprises an identification number for the UE. For example, the information identifying the UF may comprise an IMSI of the user of the UE, or an IMEI of the wireless communication unit itself.
In this manner, the 3G AP 130 may be provided with authorised identification numbers, for example the IMSIs or IMEIs, and upon receipt of a connection request message, determine from the identification information -15 -within the connection request message, whether the sender of the connection request message is authorised' to connect to the network via the AP 130.
In accordance with an alternative embodiment, the information identifying the UE 114 may comprise a value cryptographically derived from an identification number for the US. In this manner, the identification number (e.g. 1MSI or IMEI) is not itself transmitted, but rather a hash value or the like, derived therefrom, is transmitted. As will be appreciated, this is advantageous from the point of view of security, in particular in a case where the identification number comprises the IMSI of the user of the US 114.
For example, a value may be derived using a Secure Hash Algorithm (SHA) hash function. SHA hash functions are well known cryptographic hash functions, designed by the National Security Agency (NSA), and published by the National Institute of Standards and Technology (NIST) in the Secure Hash Standard as a United States Federal Information Processing Standard, which is available at WWW. I-list. qc.v.
Another example of cryptographically deriving a value from the identification number is to use a Message Digest-5 (MD5) algorithm. The MD5 is a widely used cryptographic hash function with a 128-bit hash value.
As an Internet standard (RFC1321), MD5 has been employed in a wide variety of security applications, and is therefore well known in the art.
-16 -In accordance with some embodiments of the invention, the cryptographic derivation of the hash value may also comprise a use of a changing value that is known to both the UI and the AP. For example, due to the direct communication between the UE and AP over the air interface Uu, changing values such as frame numbers or the like, that are substantially only known to the UI and AP may be used.
Referring back to FIG. 2, upon receipt of the Connection Request Message 210, the 3G AP 130 extracts the identification information. The 3G AP 130 then determines whether the UE 114 is authorised to access the network through the 3G AP 130, as illustrated by the message processing operation in step 220.
For example, as previously mentioned, the 3G AP 130 may comprise memory element 170, which in accordance with some embodiments of the invention stores information identifying wireless communication units authorised to access the network 100 via the 3G AP 130. Thus, the signal processing logic 165 of the 3G AP 130 may be arranged to compare an identification of the UI 114 requesting a connection, to identification information of wireless communication units stored within memory element 170.
For those embodiments in which a hash value, cryptographically derived from the identification number for the UE, is transmitted within the connection request message, the signal processing logic 165 of the 3G AP 130 may further be arranged to cryptographically derive hash values for identification information of wireless -17 -communication units stored in memory element 170, and compare the hash value extracted from the received connection request message to those derived values.
In accordance with some embodiments of the invention, the 3G AP 130 comprises an interface 175, for example a user interface (UI) or a data interface, over which identification information of authorised wireless communication units may be provided to the 3G AP 130.
Accordingly, signal processing logic 165 may be further arranged to store in memory element 170 the identification information of authorised wireless communication units received over the interface 175.
In this manner, the owner or user of the access point is able to configure those wireless communication units that are authorised to access the network via the access point.
For the embodiment illustrated in FIG. 2, the UE requesting a connection is authorised to access the network via the 3G AP 130. Accordingly, having determined that the US is authorised to access the network via the 3G AP 130, for example upon matching the identification of the UE 114 requesting a connection to an identification stored within memory element 170, the 3G AP 130 returns a Connection Setup' message 230, providing the US 114 with connection configuration information.
Upon receipt of the Connection Setup message 230, the UE 114 configures itself in accordance with configuration information provided within the Connection Setup message -18 - 230, and transmits back a Connection Setup Complete' message 240, indicating to the 3G AP 130 that the US 114 is configured appropriately. A connection between the US 114 arid 3G AP 130 is now established.
Referring now to FIG. 3, there is illustrated an example of a message sequence chart 300 for an unauthorised UE 114 requesting a connection with a 3G AP 130 according to some embodiments of the invention. In the same way as for the example illustrated in FIG. 2, the US 114 initiates message exchange by sending a Connection Request message to the 3G AP 130, which for the illustrated embodiment is in a form of an RRC Connection Request message 310.
Upon receipt of the RRO Connection Request message 310, the 3G AP 130 extracts the identification information from the Connection Request message 310, and, if necessary, decrypts the received information, or otherwise resolves the identification of the UE 114. The 3G AP 130 then determines whether the US 114 is autborised to access the network through the 3G AP 130, as illustrated by the signal processing operation, in step 320.
For the embodiment illustrated in FIG. 3, the UE 114 requesting a connection is not authorised to access the network via the 3G AP 130. Accordingly, having determined that the US is not authorised to access the network via the AP 130, the 3G AP 130 declines to establish a connection with the UE 114. For the embodiment illustrated in FIG. 3, the 3G AP 130 declines -19 -to establish a connection with the UE 114 by transmitting a Connection Reject' message 330 to the UE 114.
Referring now to FIG. 4, there is illustrated an exemplary simplified flowchart /4QQ of a method for providing access to a cellular communication network via a communication cell according to some embodiments of the invention. For example, the method of FIG. 4 may he implemented by the 3G AP 130 of FIG. 1.
The method starts at step 410, with a receipt of a connection request message from a wireless communication unit. Next, in step 420, information identifying the wireless communication unit is extracted from the connection request message.
Having extracted the identification information in step 420, the method moves on to step 430, where it is determined whether the wireless communication unit is authorised to connect to the cellular communication network via the communication cell, based on the information identifying the wireless communication unit.
If it is determined that the wireless communication unit is not authorised to connect to the cellular communication network via the communication cell in step 430, the method moves on to step 440, and the establishment of a connection with the wireless communication unit is declined, and the method ends.
However, if it is determined that the wireless communication unit is authorised to connect to the cellular communication network via the communication cell -20 -in step 430, the method moves on to step 450, where a connection setup message is transmitted back to the wireless communication unit, requesting a connection.
Next, in step 460, a connection setup complete message is received by the UE, signifying the establishment of a connection, and the method ends.
In this manner, the ability to control access to the network via the, or each, communication cell is provided at the cellular level. By providing such access control at the cellular level, the owner of an access point, such as a femto-cell access point, is able to control those wireless communication units that are allowed to access the network via the communication cell(s) provided by the access point. In this manner the femto cell owner is substantially able to prevent unauthorised access to the network via the access point, thereby substantially preventing the owner having to pay for unauthorised network resource usage.
Referring now to FIG. 5 there is illustrated a simplified flowchart 500 of a method of accessing a network via a communication cell according to some embodiments of the invention. For example, the method of FIG. 5 may be implemented by the UE 114 of FIG. 1.
The method starts at step 510, for example when the UE 114 requires access to the network 100 of FIG. 1, and moves to step 520 a generation of information identifying the UE 114. For example, the generation of identification information may comprise simply retrieving the IMSI or IMEI from a memory element 153 of the UE 114 of FIG. 1. Alternatively, the generation of -21 -identification information may further comprise cryptographically deriving a value from, for example, the IMSI or IMET of the UE 114, as previously described above.
Next, in step 530, a connection request message is transmitted that comprises the generated identification information. For example, the connection request message may comprise a RRC Connection Request message, as previously described above.
Having transmitted the connection request message, the method moves on to step 540 with the receipt of a response to the connection request message. If the response to the connection request message comprises a connection reject message, the method ends.
However, if the response is not a connection reject message, for example the response comprises a connection setup message, the method moves on to step 550, where the connection setup is configured. For example, the connection setup may be configured in accordance with configuration information provided in the connection setup message. Next, in step 560, a connection setup complete message is transmitted, and the method ends.
Referring back to FIG. 1, as will be appreciated by a skilled artisan, each cell within a UMTS network is assigned a Location Area Code (LAO), and each time a UE 114 moves to a new cell comprising a different LAO to that of the cell from which it has moved from, the UE 114 sends a Location Update Request message to the core network. In this manner, as soon as the UE 114 moves to -22 -such a cell, the UE 114 requests a connection with the Node-B or 3.G access point, in order to send the Location Update Request message.
In accordance with some embodiments of the invention, the cell 150 provided by 3G AP 130 is assigned a locally unique LAC, such that the cell 150 provided by the 3G AP comprises a different LAC to each of its neighbouring cells. In this manner, when a UE enters the cell 150, it will attempt to send a location update request message to the network by initially sending a connection request message to the 3G AP 130. In this manner, a determination of whether the UB 114 is authorised to access the network via the 3G AP 130 may be performed substantially as soon as the UE 114 enters the cell.
In accordance with some embodiments of the invention, the 3G AP 130 may allow emergency calls, namely calls to the emergency services such as the police, fire department, etc, from a UE 114 otherwise unauthorised to access the network via the 3G AP 130. For example, the 3G AP 130 may determine that an UE 114 is attempting to make an emergency call due to an Establishment cause' IE within an RRC connection request message being set to Emergency Call'.
Referring now to FIG. 6, there is illustrated a typical computing system 600 that may be employed to implement signal processing functionality in embodiments of the invention. Computing systems of this type may be used in access points and wireless communication units. Those skilled in the relevant art will also recognize how to implement the invention using other computer systems or -23 -architectures. Computing system 600 may represent, for example, a desktop, laptop or notebook computer, hand-held computing device (PDA, cell phone, palmtop, etc.), mainframe, server, client, or any other type of special or general purpose computing device as may he desirable or appropriate for a given application or environment.
Computing system 600 can include one or more processors, such as a processor 604. Processor 604 can he implemented using a general or special-purpose processing engine such as, for example, a microprocessor, microcontroller or other control logic. In this example, processor 604 is connected to a bus 602 or other communications medium.
Computing system 600 can also include a main memory 608, such as random access memory (RAM) or other dynamic memory, for storing information and instructions to be executed by processor 604. Main memory 608 also may be used for storing temporary variables or other intermediate information during execution of instructions to be executed by processor 604. Computing system 600 may likewise include a read only memory (RON) or other static storage device coupled to bus 602 for storing static information and instructions for processor 604.
The computing system 600 may also include information storage system 610, which may include, for example, a media drive 612 and a removable storage interface 620.
The media drive 612 may include a drive or other mechanism to support fixed or removable storage media, such as a hard disk drive, a floppy disk drive, a magnetic tape drive, an optical disk drive, a compact disc (CD) or digital video drive (DVD) read or write -24 -drive (R or RW), or other removable or fixed media drive.
Storage media 618 may include, for example, a hard disk, floppy disk, magnetic tape, optical disk, CD or DVD, or other fixed or removable medium that is read by and written to by media drive 612. As these examples illustrate, the storage media 618 may include a computer-readable storage medium having particular computer software or data stored therein.
In alternative embodiments, information storage system 610 may include other similar components for allowing computer programs or other instructions or data to be loaded into computing system 600. Such components may include, for example, a removable storage unit 622 and an interface 620, such as a program cartridge and cartridge interface, a removable memory (for example, a flash memory or other removable memory module) and memory slot, and other removable storage units 622 and interfaces 620 that allow software and data to be transferred from the removable storage unit 618 to computing system 600.
Computing system 600 can also include a communications interface 624. Communications interface 624 can be used to allow software arid data to be transferred between computing system 600 and external devices. Examples of communications interface 624 can include a modem, a network interface (such as an Ethernet or other NIC card), a communications port (such as for example, a universal serial bus (USB) port), a PCMCIA slot and card, etc. Software and data transferred via communications interface 624 are in the form of signals which can be electronic, electromagnetic, and optical or other signals capable of being received by communications interface -25 - 624. These signals are provided to communications interface 624 via a channel 628. This channel 628 may carry signals and may be implemented using a wireless medium, wire or cable, fiber optics, or other communicaLions medium. Some examples of a channel include a phone line, a cellular phone link, an RF link, a network interface, a local or wide area network, and other communications channels.
In this document, the terms computer program product' computer-readable medium' and the like may be used generally to refer to media such as, for example, memory 608, storage device 618, or storage unit 622. These and other forms of computer-readable media may store one or more instructions for use by processor 604, to cause the processor to perform specified operations. Such instructions, generally referred to as computer program code' (which may be grouped in the form of computer programs or other groupings), when executed, enable the computing system 600 to perform functions of embodiments of the present invention. Note that the code may directly cause the processor to perform specified operations, be compiled to do so, and/or be combined with other software, hardware, and/or firmware elements (e.g., libraries for performing standard functions) to do so.
In an embodiment where the elements are implemented using software, the software may be stored in a computer-readable medium and loaded into computing system 600 using, for example, removable storage drive 622, drive 612 or communications interface 624. The control logic (in this example, software instructions or computer program code) , when executed by the processor 604, causes -26 -the processor 604 to perform the functions of the invention as described herein.
It will be appreciated that, for clarity purposes, the
above description has described embodiments of the
invention with reference to different functional elements and processors. However, it will be apparent that any suitable distribution of functionality between different functional elements or processors, for example with respect to the base station or controller, may be used without detracting from the invention. For example, it is envisaged that functionality illustrated to be performed by separate processors or controllers may be performed by the same processor or controller. Hence, references to specific functional units are only to be seen as references to suitable means for providing the described functionality, rather than indicative of a strict logical or physical structure or organization.
Aspects of the invention may be implemented in any suitable form including hardware, software, firmware or any combination of these. The invention may optionally be implemented, at least partly, as computer software running on one or more data processors and/or digital signal processors. Thus, the elements and components of an embodiment of the invention may be physically, functionally and logically implemented in any suitable way. Indeed, the functionality may be implemented in a single unit, in a plurality of units or as part of other functional units.
-27 -Although one embodiment of the invention describes a 3G AP for a UMTS network, it is envisaged that the inventive concept is not restricted to this embodiment.
It is envisaged that the aforementioned �nventive concept aims to provide one or more of the following advantages: (i) enabling access control to he provided on a cellular level, without misusing the 3GPP standards; (ii) enabling an owner of an access point to control access to a network via the access point; (iii) enabling an access point to identify a UE attempting Lo connect thereto, without unnecessary transmission of the UE's IMSI; (iv) substantially preventing unauthorised access to a network via an access point; (v) substantially preventing the owner of an access point from having to pay for network resources used through an unauthorised access of the network via the access point.
Although the invention has been described in connection with some embodiments, it is not intended to be limited to the specific form set forth herein. Rather, the scope of the present invention is limited only by the accompanying claims. Additionally, although a feature may appear to be described in connection with particular embodiments, one skilled in the art would recognize that various features of the described embodiments may be combined in accordance with the invention. In the claims, the term comprising' does not exclude the presence of other elements or steps.
-28 - Moreover, an embodiment can be implemented as a computer-readable storage element having computer readable code stored thereon for programming a computer (e.g., comprising a signal processing device) to perform a method as described and claimed herein. Examples of such computer-readable storage elements include, but are not limited to, a hard disk, a CD-ROM, an optical storage device, a magnetic storage device, a ROM (Read Only Memory), a PROM (Programmable Read Only Memory), an EPROM (Erasable Programmable Read Only Memory), an EEPROM (Electrically Erasable Programmable Read Only Memory) and a Flash memory. Further, it is expected that one of ordinary skill, notwithstanding possibly significant effort and many design choices motivated by, for example, available time, current technology, and economic considerations, when guided by the concepts and principles disclosed herein will be readily capable of generating such software instructions and programs and integrated circuits (ICs) with minimal experimentation.
Furthermore, although individually listed, a plurality of means, elements or method steps may be implemented by, for example, a single unit or processor. Additionally, although individual features may be included in different claims, these may possibly be advantageously combined, and the inclusion in different claims does not imply that a combination of features is not feasible and/or advantageous. Also, the inclusion of a feature in one category of claims does not imply a limitation to this category, but rather indicates that the feature is equally applicable to other claim categories, as appropriate. -29
Furthermore, the order of features in the claims does not imply any specific order in which the features must be performed and in particular the order of individual steps in a method claim does not imply that the steps must be performed in this order. Rather, the steps may he performed in any suitable order. In addition, singular references do not exclude a plurality. Thus, references to a', an', first', second' etc. do not preclude a plurality.
Thus, a method and apparatus for providing access to a cellular communication network via a communication cell have been described, which substantially addresses at least some of the shortcomings of past and present cell location techniques and/or mechanisms.
GB0803877A 2008-03-03 2008-03-03 Method and apparatus for providing access to a cellular communication network Expired - Fee Related GB2458102B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0803877A GB2458102B (en) 2008-03-03 2008-03-03 Method and apparatus for providing access to a cellular communication network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0803877A GB2458102B (en) 2008-03-03 2008-03-03 Method and apparatus for providing access to a cellular communication network

Publications (3)

Publication Number Publication Date
GB0803877D0 GB0803877D0 (en) 2008-04-09
GB2458102A true GB2458102A (en) 2009-09-09
GB2458102B GB2458102B (en) 2010-02-24

Family

ID=39315817

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0803877A Expired - Fee Related GB2458102B (en) 2008-03-03 2008-03-03 Method and apparatus for providing access to a cellular communication network

Country Status (1)

Country Link
GB (1) GB2458102B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2516837A (en) * 2013-07-31 2015-02-11 Ip Access Ltd Network elements, wireless communication system and methods therefor
EP3780688A4 (en) * 2018-06-13 2021-06-30 Huawei Technologies Co., Ltd. Method and apparatus for restricting access of terminal device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004079985A1 (en) * 2003-03-06 2004-09-16 Tim Italia S.P.A. Method and software program product for mutual authentication in a communications network
WO2005065214A2 (en) * 2003-12-22 2005-07-21 Ibis Telecom, Inc. Private base station with exclusivity
US20050276418A1 (en) * 2004-04-22 2005-12-15 Seiko Epson Corporation Connection authentication in wireless communication network system
WO2007040449A1 (en) * 2005-10-04 2007-04-12 Telefonaktiebolaget Lm Ericsson (Publ) Access control in radio access network having pico base stations
WO2007136339A2 (en) * 2006-05-19 2007-11-29 Telefonaktiebolaget Lm Ericsson (Publ) Access control in a mobile communication system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004079985A1 (en) * 2003-03-06 2004-09-16 Tim Italia S.P.A. Method and software program product for mutual authentication in a communications network
WO2005065214A2 (en) * 2003-12-22 2005-07-21 Ibis Telecom, Inc. Private base station with exclusivity
US20050276418A1 (en) * 2004-04-22 2005-12-15 Seiko Epson Corporation Connection authentication in wireless communication network system
WO2007040449A1 (en) * 2005-10-04 2007-04-12 Telefonaktiebolaget Lm Ericsson (Publ) Access control in radio access network having pico base stations
WO2007136339A2 (en) * 2006-05-19 2007-11-29 Telefonaktiebolaget Lm Ericsson (Publ) Access control in a mobile communication system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2516837A (en) * 2013-07-31 2015-02-11 Ip Access Ltd Network elements, wireless communication system and methods therefor
GB2516837B (en) * 2013-07-31 2015-12-09 Ip Access Ltd Network elements, wireless communication system and methods therefor
US9654979B2 (en) 2013-07-31 2017-05-16 Ip.Access Limited Network elements, wireless communication system and methods therefor
EP3780688A4 (en) * 2018-06-13 2021-06-30 Huawei Technologies Co., Ltd. Method and apparatus for restricting access of terminal device
US11678187B2 (en) 2018-06-13 2023-06-13 Huawei Technologies Co., Ltd. Method for restricting access of terminal device and apparatus

Also Published As

Publication number Publication date
GB0803877D0 (en) 2008-04-09
GB2458102B (en) 2010-02-24

Similar Documents

Publication Publication Date Title
US8571523B2 (en) Network element and method for providing access control for a cellular communciation network
US9769867B2 (en) Optimization of power consumption in dual SIM mobiles in connected mode in a wireless network
RU2519821C2 (en) Access admission control method and system for mobile communication system
US8811987B2 (en) Method and arrangement for creation of association between user equipment and an access point
KR101319153B1 (en) Method and system for restricted access configuration of access point base stations
US20110009113A1 (en) Access control using temporary identities in a mobile communication system including femto base stations
EP2227918B1 (en) Method and node to control access to a telecommunications network core
CN107659935B (en) Authentication method, authentication server, network management system and authentication system
US8441980B2 (en) Mobile communication method, network device and radio base station
WO2012087189A1 (en) Methods and user equipments for granting a first user equipment access to a service
EP2378802B1 (en) A wireless telecommunications network, and a method of authenticating a message
GB2458102A (en) Providing authorised access to a cellular communication network (100) via an access point using the transmitted identification of wireless communication units
KR101026064B1 (en) System and method for authenticating mobile communication terminal in femto cell service environment
GB2450575A (en) Controlling the use of access points in a telecommunications network
KR20090108149A (en) User Access Controlling Method by Femto cell System
GB2458448A (en) Controlling access to a cellular communication network
EP2305000B1 (en) Method and apparatus for establishing a connection to at least one neighbouring network element in a cellular communications network
EP4096264A1 (en) On-device physical sim to esm conversion
KR20090116401A (en) Method for identifying mobile station, and mobile station and core network apparauts for executing the method
GB2458103A (en) Restricting access to a particular access point in a cellular communication network
WO2009112323A1 (en) Method and apparatus for controlling access to a cellular communication network
KR20100079198A (en) Communications method and communications systems

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20190303