CA2347865A1 - Method of authenticating a mobile station handing-off from an anchor exchange to a serving exchange - Google Patents
Method of authenticating a mobile station handing-off from an anchor exchange to a serving exchange Download PDFInfo
- Publication number
- CA2347865A1 CA2347865A1 CA002347865A CA2347865A CA2347865A1 CA 2347865 A1 CA2347865 A1 CA 2347865A1 CA 002347865 A CA002347865 A CA 002347865A CA 2347865 A CA2347865 A CA 2347865A CA 2347865 A1 CA2347865 A1 CA 2347865A1
- Authority
- CA
- Canada
- Prior art keywords
- authenticating
- exchange
- mobile station
- authentication
- serving
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/062—Pre-authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/0005—Control or signalling for completing the hand-off
- H04W36/0011—Control or signalling for completing the hand-off for data sessions of end-to-end connection
- H04W36/0033—Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
- H04W36/0038—Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/14—Backbone network devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W92/00—Interfaces specially adapted for wireless communication networks
- H04W92/16—Interfaces between hierarchically similar devices
- H04W92/24—Interfaces between hierarchically similar devices between backbone network devices
Abstract
The present invention relates to a method of authenticating with an authentication center (20) a mobile station (16) handing-off from an anchor exchange (12A) to a serving exchange (12S). The method sends authenticating parameters for the mobile station from the authentication center to the anchor exchange. The mobile station is asked to authenticate with the anchor exchange. While the authenticating takes place, the mobile station hands-off from the anchor exchange to the serving exchange. The authenticating parameters are forwarded from the anchor exchange to the serving exchange, and the mobile station is asked to authenticate with the serving exchange. The serving exchange receives the authenticating results from the mobile station, and sends them to the authentication center.
Description
METHOD OF AUTHENTICATING A MOBILE STATION HANDING-OFF
FROM AN ANCHOR EXCHANGE TO A SERVING EXCHANGE
BACKGROUND OF THE INVENTION
Technical Field of the Invention This invention relates to a method of authenticating a mobile station, and more particularly to a method of authenticating a mobile station handing-off from an anchor IO exchange to a serving exchange.
Description of Related Art Ever since their introduction on the market, mobile stations have changed the way people communicate. Now, it is possible to reach a person almost anywhere, using only one number. The number is no longer linked to a location, but is rather linked to a mobile station that communicates through a radio interface with a cellular network. So wherever the mobile station is located, i.e. within the cellular network coverage, it can originate or receive a call by means of the radio interface.
For originating a call through the cellular network, the mobile station has to identify itself by providing its Mobile Identification Number (MIN) and Electronic Serial Number (ESN). The MIN/ESN allows the cellular network to recognize which mobile station is calling, so to charge fees incurred for the call appropriately.
A problem that has emerged with the ever-increasing popularity of mobile stations is the cloning. The cloning is performed by "listening" to the radio interface to find a MIN/ESI\. and programming a second mobile station with the same MIN/ESN. By doing so, the fees incurred for calls originated by the second mobile station are charged to the first mobile station. This method of fraud has caused important financial damages to cellular network providers and to owners of mobile stations.
To solve that problem, the security of cellular networks has been improved with authentication procedures to which the mobile stations must participate.
In D-AMPS networks, different authentication procedures have been developed: Global
FROM AN ANCHOR EXCHANGE TO A SERVING EXCHANGE
BACKGROUND OF THE INVENTION
Technical Field of the Invention This invention relates to a method of authenticating a mobile station, and more particularly to a method of authenticating a mobile station handing-off from an anchor IO exchange to a serving exchange.
Description of Related Art Ever since their introduction on the market, mobile stations have changed the way people communicate. Now, it is possible to reach a person almost anywhere, using only one number. The number is no longer linked to a location, but is rather linked to a mobile station that communicates through a radio interface with a cellular network. So wherever the mobile station is located, i.e. within the cellular network coverage, it can originate or receive a call by means of the radio interface.
For originating a call through the cellular network, the mobile station has to identify itself by providing its Mobile Identification Number (MIN) and Electronic Serial Number (ESN). The MIN/ESN allows the cellular network to recognize which mobile station is calling, so to charge fees incurred for the call appropriately.
A problem that has emerged with the ever-increasing popularity of mobile stations is the cloning. The cloning is performed by "listening" to the radio interface to find a MIN/ESI\. and programming a second mobile station with the same MIN/ESN. By doing so, the fees incurred for calls originated by the second mobile station are charged to the first mobile station. This method of fraud has caused important financial damages to cellular network providers and to owners of mobile stations.
To solve that problem, the security of cellular networks has been improved with authentication procedures to which the mobile stations must participate.
In D-AMPS networks, different authentication procedures have been developed: Global
-2-Challenge, Unique Challenge, Shared Secret Data Update, and Count Update.
These authentication procedures rely on using an algorithm called CAVE, and in an ' exchange of parameters between the mobile station and an authentication center. The authentication center stores a set of data for each mobile station including their MIN
and ESN, along with an A-key and a Shared Secret Data (SSD) also called authentication data. The set of data is used as input parameters to the CAVE
algorithm to verify authenticity of the mobile station.
More precisely, the Global Challenge procedure is performed on digital or analog control channel at system access, and involves validation of the authentication data received from the mobile station.
The Unique Challenge is a procedure that can be performed on either control or voice channel, and involves validation of the authentication data received from the mobile station.
The Shared Secret Data Update procedure is used to verify the mobile station's A-key. The Shared Secret Data update procedure may be prompted by administrative procedures at the authentication center, expiration of an authentication time interval at the authentication center, or the detection of a possible fraudulent situation. The CAVE algorithm, the set of parameters and random values are used to perform the updating of the SSD. If the new value of SSD is the same after verification at both ends, then the mobile station has successfully authenticated and is still allowed service. The Shared Secret Data update involves sending a random number to the mobile station to generate a new Shared Secret Data value based on the mobile station's information and the random number received. The Shared Secret Data Update is usually followed by a Unique Challenge procedure to validate the new Shared Secret Data.
Finally, the COUNT Update procedure is used to detect fully cloned mobile stations, i.e. mobile stations that have the same A-key and Shared Secret Data as their legitimate counterpart. The COUNT Update procedure relies on incrementing Count value in the mobile station and at the authentication center after each successful authentication procedure. A consistency check is performed at the authentication center of the value of both counters, and any inconsistency may indicate a possible fraud or a fraudulent mobile station.
W~ 00/27156 PCT/SE99/0171'7
These authentication procedures rely on using an algorithm called CAVE, and in an ' exchange of parameters between the mobile station and an authentication center. The authentication center stores a set of data for each mobile station including their MIN
and ESN, along with an A-key and a Shared Secret Data (SSD) also called authentication data. The set of data is used as input parameters to the CAVE
algorithm to verify authenticity of the mobile station.
More precisely, the Global Challenge procedure is performed on digital or analog control channel at system access, and involves validation of the authentication data received from the mobile station.
The Unique Challenge is a procedure that can be performed on either control or voice channel, and involves validation of the authentication data received from the mobile station.
The Shared Secret Data Update procedure is used to verify the mobile station's A-key. The Shared Secret Data update procedure may be prompted by administrative procedures at the authentication center, expiration of an authentication time interval at the authentication center, or the detection of a possible fraudulent situation. The CAVE algorithm, the set of parameters and random values are used to perform the updating of the SSD. If the new value of SSD is the same after verification at both ends, then the mobile station has successfully authenticated and is still allowed service. The Shared Secret Data update involves sending a random number to the mobile station to generate a new Shared Secret Data value based on the mobile station's information and the random number received. The Shared Secret Data Update is usually followed by a Unique Challenge procedure to validate the new Shared Secret Data.
Finally, the COUNT Update procedure is used to detect fully cloned mobile stations, i.e. mobile stations that have the same A-key and Shared Secret Data as their legitimate counterpart. The COUNT Update procedure relies on incrementing Count value in the mobile station and at the authentication center after each successful authentication procedure. A consistency check is performed at the authentication center of the value of both counters, and any inconsistency may indicate a possible fraud or a fraudulent mobile station.
W~ 00/27156 PCT/SE99/0171'7
-3-However, it has been noticed that when an inter-system hand-off occurs during one of the authentication procedures, the tatter is not completed. The non-completion of the authentication procedure either results in allowing a call that may be fraudulent, or barring a call of a legitimate mobile station. Therefore, for mobile station users, S non-completion of authentication procedure is not desirable.
In order to overcome the disadvantage of existing solutions, it would be advantageous to have a method which would allow completion of authentication procedure during inter-system hand-off.
SUMMARY OF THE INVENTION
The present invention provides a method to allow completion ofauthentication procedure during inter-system hand-off.
In one aspect, the present invention is a method of authenticating with an authentication center a mobile station handing off from an anchor exchange to a serving exchange. The method sends authenticating parameters for the mobile station from the authentication center to the anchor exchange. The mobile station is asked to authenticate with the anchor exchange. While authenticating, the mobile station hands-off from the anchor exchange to the serving exchange. The authenticating parameters are forwarded from the anchor exchange to the serving exchange, and the mobile station is asked to authenticate with the serving exchange. The serving exchange receives the authenticating results from the mobile station, and sends them to the authentication center.
In another aspect, the present invention is a method of authenticating with an authentication center a mobile station. The method has steps of asking the mobile station to authenticate with a first exchange, and detecting hand-off of the mobile station from the first exchange to a second exchange. The method then forwards authenticating parameters from the first exchange to the second exchange, and asks the mobile station to authenticate' with the second exchange. The second exchange receives the authenticating results from the mobile station and sends the authenticating results to the authentication center.
- WO 00/27156 PC'I'/SE99/01717
In order to overcome the disadvantage of existing solutions, it would be advantageous to have a method which would allow completion of authentication procedure during inter-system hand-off.
SUMMARY OF THE INVENTION
The present invention provides a method to allow completion ofauthentication procedure during inter-system hand-off.
In one aspect, the present invention is a method of authenticating with an authentication center a mobile station handing off from an anchor exchange to a serving exchange. The method sends authenticating parameters for the mobile station from the authentication center to the anchor exchange. The mobile station is asked to authenticate with the anchor exchange. While authenticating, the mobile station hands-off from the anchor exchange to the serving exchange. The authenticating parameters are forwarded from the anchor exchange to the serving exchange, and the mobile station is asked to authenticate with the serving exchange. The serving exchange receives the authenticating results from the mobile station, and sends them to the authentication center.
In another aspect, the present invention is a method of authenticating with an authentication center a mobile station. The method has steps of asking the mobile station to authenticate with a first exchange, and detecting hand-off of the mobile station from the first exchange to a second exchange. The method then forwards authenticating parameters from the first exchange to the second exchange, and asks the mobile station to authenticate' with the second exchange. The second exchange receives the authenticating results from the mobile station and sends the authenticating results to the authentication center.
- WO 00/27156 PC'I'/SE99/01717
-4-BRIEF DESCRIPTION OF THE DRAWINGS
The invention will be better understood and its numerous objects and advantages will become more apparent to those skilled in the art by reference to the following drawings, in conjunction with the accompanying specification, in which:
S FIGURE I is a schematic diagram of a cellular telecommunications network;
FIGURE 2 is a signal flow diagram of an authentication procedure in accordance with a first embodiment of the present invention;
FIGURE 3 is a signal flow diagram of an authentication procedure in accordance with a second embodiment of the present invention; and FIGURE 4 is a flowchart of a method in accordance with the -present invention.
DETAILED DESCRIPTION OF EMBODIMENTS
The present invention relates to allowing completion of an authentication 1 S procedure in situations o.f inter-system hand-off. For doing so, the invention provides a new failure indication to identify that the authentication could not be completed due to an inter-system hand off. The method of the present invention also provides forwarding messages so as to order completion of the authentication procedure in the new serving system.
Reference is now made to FIGURE 1 wherein there is shown a schematic diagram of a cellular network 10. In the cellular network 10, a plurality of switches, also known as Mobile Switching Center (MSC) 12 or exchanges, are used to route calls to and receive calls from mobile stations 16. The MSC 12 are sometimes co-located with a Visited Location Register (VLR) 13 such as shown on the FIGURE
but may also consist of non co-located nodes. The mobile stations 16 communicate with nearly proximate base stations 14 through a radio interface 22. As known in the art, several base stations 14 can communicate with one MSC 12. Each base station communicates with the MSC 12 through a pair of signaling and voice links 24.
To allow seamless sen~ice to a mobile station 16 that travels from a base station serviced by a first MSC 12A, called Anchor-MSC, to a base station 14 serviced by a second MSC I 2S, also called a Serving MSC, a pair of voice and signaling links 26 connect the first and second MSCs 12.
WO 00/27156 PC'T/SE99/01717
The invention will be better understood and its numerous objects and advantages will become more apparent to those skilled in the art by reference to the following drawings, in conjunction with the accompanying specification, in which:
S FIGURE I is a schematic diagram of a cellular telecommunications network;
FIGURE 2 is a signal flow diagram of an authentication procedure in accordance with a first embodiment of the present invention;
FIGURE 3 is a signal flow diagram of an authentication procedure in accordance with a second embodiment of the present invention; and FIGURE 4 is a flowchart of a method in accordance with the -present invention.
DETAILED DESCRIPTION OF EMBODIMENTS
The present invention relates to allowing completion of an authentication 1 S procedure in situations o.f inter-system hand-off. For doing so, the invention provides a new failure indication to identify that the authentication could not be completed due to an inter-system hand off. The method of the present invention also provides forwarding messages so as to order completion of the authentication procedure in the new serving system.
Reference is now made to FIGURE 1 wherein there is shown a schematic diagram of a cellular network 10. In the cellular network 10, a plurality of switches, also known as Mobile Switching Center (MSC) 12 or exchanges, are used to route calls to and receive calls from mobile stations 16. The MSC 12 are sometimes co-located with a Visited Location Register (VLR) 13 such as shown on the FIGURE
but may also consist of non co-located nodes. The mobile stations 16 communicate with nearly proximate base stations 14 through a radio interface 22. As known in the art, several base stations 14 can communicate with one MSC 12. Each base station communicates with the MSC 12 through a pair of signaling and voice links 24.
To allow seamless sen~ice to a mobile station 16 that travels from a base station serviced by a first MSC 12A, called Anchor-MSC, to a base station 14 serviced by a second MSC I 2S, also called a Serving MSC, a pair of voice and signaling links 26 connect the first and second MSCs 12.
WO 00/27156 PC'T/SE99/01717
-5-The mobile stations 16 may travel within the cellular network and consecutively communicate with different base stations 14. More particularly, when a mobile station 16 travels from an area that is serviced by a first base station 14 to an area serviced by another base station, the operation of transferring service from the first base station to the second base station is called a hand-off. When the mobile station 16 hands-off from a base station 14 linked to a first MSC 12A to a base station linked to a second MSC 12S, it then consists of an inter-system hand-off.
In the cellular network 10, a Home Location Register (HLR) 18 keeps information on subscribers such as location and services subscribed to. The may consist of a stand-alone HLR, or of a co-located Service Control Point (SCP) as shown on the FIGURE. The HLR 18 communicates with the VLRs 13 through a signaling link 28. While the HLR 18 stores information for all mobile stations subscribed to the cellular network 10, the VLRs 13 in turn store certain information on mobile stations 16 communicating through their co-operating MSC 12.
I S The cellular network 10 also has an authentication center 20. The authentication center communicates with the HLR 18 through a signaling link 30. The authentication center keeps information on the mobile stations 16 such as Shared Secret Data (SSD).
Referring now to FIGURE 2, there is shown a signal flow diagram of an authentication procedure in accordance with a first embodiment of the present invention. To initiate the authentication procedure, the authentication center 20 sends either a Shared Secret Data (SSD) Update message or a Unique Challenge Order message 40 to the HLR 18. The S SD Update message and the Unique Challenge Order message 40 are well known in ANSI-41 standard, which is incorporated by reference herein. The HLR 18 forwards the SSD update message or unique challenge order message 40 to the VLR 13 of the serving system, which in turn forwards it to its associated MSC 12. The MSC I2 acknowledges receipt of the SSD update message of unique challenge order message 40 by an appropriate return message such as an authdir message 42, that is sent to the AC 20 through the VLR 13 and HLR 18.
The serving MSC 12 initiates authentication with the mobile station 16 by sending an SSD update message or unique challenge message 44 to the latter containing authenticating parameters. The authenticating parameters may include an
In the cellular network 10, a Home Location Register (HLR) 18 keeps information on subscribers such as location and services subscribed to. The may consist of a stand-alone HLR, or of a co-located Service Control Point (SCP) as shown on the FIGURE. The HLR 18 communicates with the VLRs 13 through a signaling link 28. While the HLR 18 stores information for all mobile stations subscribed to the cellular network 10, the VLRs 13 in turn store certain information on mobile stations 16 communicating through their co-operating MSC 12.
I S The cellular network 10 also has an authentication center 20. The authentication center communicates with the HLR 18 through a signaling link 30. The authentication center keeps information on the mobile stations 16 such as Shared Secret Data (SSD).
Referring now to FIGURE 2, there is shown a signal flow diagram of an authentication procedure in accordance with a first embodiment of the present invention. To initiate the authentication procedure, the authentication center 20 sends either a Shared Secret Data (SSD) Update message or a Unique Challenge Order message 40 to the HLR 18. The S SD Update message and the Unique Challenge Order message 40 are well known in ANSI-41 standard, which is incorporated by reference herein. The HLR 18 forwards the SSD update message or unique challenge order message 40 to the VLR 13 of the serving system, which in turn forwards it to its associated MSC 12. The MSC I2 acknowledges receipt of the SSD update message of unique challenge order message 40 by an appropriate return message such as an authdir message 42, that is sent to the AC 20 through the VLR 13 and HLR 18.
The serving MSC 12 initiates authentication with the mobile station 16 by sending an SSD update message or unique challenge message 44 to the latter containing authenticating parameters. The authenticating parameters may include an
-6-authentication algorithm version and a shared secret data, or an authentication response unique challenge and a random variable unique challenge. The authentication procedure takes place between the mobile station 16 and the AC 20 as known in the art, and as described in standards such as the ANSI-41, which is incorporated by reference herein.
During the authentication procedure, the mobile station hands-off (step 46) from the serving MSC 12, which becomes an anchor-MSC (A-MSC), to a new serving MSC (S-MSC) 12. Then, the A-MSC 12 forwards the authenticating parameters to the S-MSC 12 in, for example, a Facilities Directive (FACDIR) message 48. In the event that the S-MSC 12 does not support authentication, it returns a FACDIR return result message SO indicating so to the A-MSC. If the S-MSC is capable of supporting authentication, it asks the mobile station 16 to authenticate in a manner known in the art. When the authentication is completed between the S-MSC and the MS 16, the S-MSC receives authenticating results from the mobile station. The authenticating results 1 S may include a shared secret data update report or a unique challenge report. The authenticating results are sent to the A-MSC in a MSONCH message 52. The A-MSC
forwards the outcome of the authentication, or an indication of the incapacity of the S-MSC to support authentication, in an ASREPORT message 54 to the AC 20 through the A-MSC, A-VLR and HLR 18.
Referring now to FIGURE 3, there is shown a signal flow diagram of an authentication procedure in accordance with a second embodiment of the present invention. In that second embodiment, the A-MSC informs the AC20 of the hand-off of the mobile station 16, and it is the AC 20 that instructs the A-MSC to forward the authentication parameters to the S-MSC to perform the authentication with the mobile station. In that second embodiment, the authentication with the A-MSC, up until the mobile station 16 hands-off to the S-MSC, is the same as for the first embodiment.
When the mobile station hands-off to the S-MSC, the A-MSC detects the hand-off, and informs the AC 20 by means of an Authentication Status Report (ASREPORT) message 60 of its incapability to complete the authentication due to a hand-off. Then, the AC 20 instructs the A-MSC to forward the authenticating parameters to the S-MSC
in an order message 62. The A-MSC executes the order and sends the authenticating parameters to the S-MSC in an Authentication Directive Forward (AUTHDIRFWD) WO, 00/Z7156 PCT/SE99/01717 -7_ message 64. The S-MSC performs the authentication with the mobile station, and sends an AUTHDIRFWD return message 66 to the A-MSC that contains the authenticating results. Then, as in the first embodiment, the A-MSC returns the authenticating results to the AC with the ASREPORT message 54.
S Referring now to FIGURE 4, there is shown a flowchart of a method in accordance with the present invention. That method starts in step 70, where the AC 20 sends the authentication parameters to the A-MSC. Then, the A-MSC asks the mobile station 16 in step 72 to authenticate. While the mobile station 16 is authenticating, the A-MSC detects a hand-off of the mobile station 16 in step 74. The A-MSC
informs the AC 20 in step 76 of the hand-off of the mobile station to the S-MSC. The instructs in step 78 the A-MSC to forward the 0 authentication parameters to the S-MSC. Then, the A-MSC sends the authentication parameters to the S-MSC in step 80. The S-MSC asks the mobile station 16 to authenticate in step 82 and performs the authentication therewith. The S-MSC receives the authentication results from the mobile station in step 84, and sends these results to the AC 20 in step 86, thereby allowing completion of the authentication during an inter-system hand-off. It is thus believed that the operation and construction of the present invention will be apparent from the foregoing description. While the method and system shown and described have been characterized as being preferred, it will be readily apparent that , various changes and modifications could be made therein without departing from the spirit and scope of the invention as defined in the following claims.
During the authentication procedure, the mobile station hands-off (step 46) from the serving MSC 12, which becomes an anchor-MSC (A-MSC), to a new serving MSC (S-MSC) 12. Then, the A-MSC 12 forwards the authenticating parameters to the S-MSC 12 in, for example, a Facilities Directive (FACDIR) message 48. In the event that the S-MSC 12 does not support authentication, it returns a FACDIR return result message SO indicating so to the A-MSC. If the S-MSC is capable of supporting authentication, it asks the mobile station 16 to authenticate in a manner known in the art. When the authentication is completed between the S-MSC and the MS 16, the S-MSC receives authenticating results from the mobile station. The authenticating results 1 S may include a shared secret data update report or a unique challenge report. The authenticating results are sent to the A-MSC in a MSONCH message 52. The A-MSC
forwards the outcome of the authentication, or an indication of the incapacity of the S-MSC to support authentication, in an ASREPORT message 54 to the AC 20 through the A-MSC, A-VLR and HLR 18.
Referring now to FIGURE 3, there is shown a signal flow diagram of an authentication procedure in accordance with a second embodiment of the present invention. In that second embodiment, the A-MSC informs the AC20 of the hand-off of the mobile station 16, and it is the AC 20 that instructs the A-MSC to forward the authentication parameters to the S-MSC to perform the authentication with the mobile station. In that second embodiment, the authentication with the A-MSC, up until the mobile station 16 hands-off to the S-MSC, is the same as for the first embodiment.
When the mobile station hands-off to the S-MSC, the A-MSC detects the hand-off, and informs the AC 20 by means of an Authentication Status Report (ASREPORT) message 60 of its incapability to complete the authentication due to a hand-off. Then, the AC 20 instructs the A-MSC to forward the authenticating parameters to the S-MSC
in an order message 62. The A-MSC executes the order and sends the authenticating parameters to the S-MSC in an Authentication Directive Forward (AUTHDIRFWD) WO, 00/Z7156 PCT/SE99/01717 -7_ message 64. The S-MSC performs the authentication with the mobile station, and sends an AUTHDIRFWD return message 66 to the A-MSC that contains the authenticating results. Then, as in the first embodiment, the A-MSC returns the authenticating results to the AC with the ASREPORT message 54.
S Referring now to FIGURE 4, there is shown a flowchart of a method in accordance with the present invention. That method starts in step 70, where the AC 20 sends the authentication parameters to the A-MSC. Then, the A-MSC asks the mobile station 16 in step 72 to authenticate. While the mobile station 16 is authenticating, the A-MSC detects a hand-off of the mobile station 16 in step 74. The A-MSC
informs the AC 20 in step 76 of the hand-off of the mobile station to the S-MSC. The instructs in step 78 the A-MSC to forward the 0 authentication parameters to the S-MSC. Then, the A-MSC sends the authentication parameters to the S-MSC in step 80. The S-MSC asks the mobile station 16 to authenticate in step 82 and performs the authentication therewith. The S-MSC receives the authentication results from the mobile station in step 84, and sends these results to the AC 20 in step 86, thereby allowing completion of the authentication during an inter-system hand-off. It is thus believed that the operation and construction of the present invention will be apparent from the foregoing description. While the method and system shown and described have been characterized as being preferred, it will be readily apparent that , various changes and modifications could be made therein without departing from the spirit and scope of the invention as defined in the following claims.
Claims (13)
1. A method of authenticating with an authentication center a mobile station handing-off from an anchor exchange to a serving exchange, the method comprising steps of:
sending from the authentication center authenticating parameters for the mobile station to the anchor exchange;
asking the mobile station to authenticate with the an exchange;
handing-off the mobile station from the anchor exchange to the serving exchange during the authenticating;
forwarding the authenticating parameters from the anchor exchange to the serving exchange;
asking the mobile station to authenticate with the serving exchange;
receiving at the serving exchange authenticating results from the mobile station; and sending the authenticating results to the authentication center.
sending from the authentication center authenticating parameters for the mobile station to the anchor exchange;
asking the mobile station to authenticate with the an exchange;
handing-off the mobile station from the anchor exchange to the serving exchange during the authenticating;
forwarding the authenticating parameters from the anchor exchange to the serving exchange;
asking the mobile station to authenticate with the serving exchange;
receiving at the serving exchange authenticating results from the mobile station; and sending the authenticating results to the authentication center.
2. The method of authenticating of claim 1, wherein the authenticating parameters include an authentication algorithm version and a shared secret data.
3. The method of authenticating of claim 1, wherein the authenticating parameters include an authentication response unique challenge and a random variable unique challenge.
4. The method of authenticating of claim 1, wherein the authenticating results include a shared secret data update report or a unique challenge report.
5. The method of authenticating of claim 1, wherein method further comprises a step of informing the authentication center of the incapability of the anchor exchange to complete authenticating because of a hand-off of the mobile station to the serving exchange.
6. The method of authenticating of claim 5, wherein the method further comprises a step of:
instructing from the authentication center the anchor exchange of forwarding the authenticating parameters to the serving exchange.
instructing from the authentication center the anchor exchange of forwarding the authenticating parameters to the serving exchange.
7. A method of authenticating with an authentication center a mobile station, the method comprising steps of:
asking the mobile station to authenticate with a first exchange;
detecting hand-off of the mobile station from the first exchange to a second exchange;
forwarding authenticating parameters from the first exchange to the second exchange;
asking the mobile station to authenticate with the second exchange;
receiving at the second exchange authenticating results from the mobile station; and sending the authenticating results to the authentication center.
asking the mobile station to authenticate with a first exchange;
detecting hand-off of the mobile station from the first exchange to a second exchange;
forwarding authenticating parameters from the first exchange to the second exchange;
asking the mobile station to authenticate with the second exchange;
receiving at the second exchange authenticating results from the mobile station; and sending the authenticating results to the authentication center.
8. The method of authenticating of claim 7, further comprising a step of sending from the authentication center authentication parameters for the mobile station to the first exchange prior to asking the mobile station to authenticate with the first exchange.
9. The method of authenticating of claim 7, wherein the authenticating parameters include an authentication algorithm version and a shared secret data.
10. The method of authenticating of claim 7, wherein the authenticating parameters include an authentication response unique challenge and a random variable unique challenge.
11. The method of authenticating of claim 7, wherein the authenticating results includes a shared secret data update report or a unique challenge report.
12. The method of authenticating of claim 7, wherein the method further comprises a step of infon-ning the authentication center of the incapability of the first exchange to complete the authenticating because of a hand-off of the mobile station to the second exchange.
13. The method of authenticating of claim 12, wherein the method further comprises a step of:
instructing from the authentication center the first exchange of forwarding the authenticating parameters to the second exchange.
instructing from the authentication center the first exchange of forwarding the authenticating parameters to the second exchange.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US18344598A | 1998-10-30 | 1998-10-30 | |
| US09/183,445 | 1998-10-30 | ||
| PCT/SE1999/001717 WO2000027156A1 (en) | 1998-10-30 | 1999-09-28 | Method of authenticating a mobile station handing-off from an anchor exchange to a serving exchange |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2347865A1 true CA2347865A1 (en) | 2000-05-11 |
Family
ID=22672820
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002347865A Abandoned CA2347865A1 (en) | 1998-10-30 | 1999-09-28 | Method of authenticating a mobile station handing-off from an anchor exchange to a serving exchange |
Country Status (5)
| Country | Link |
|---|---|
| AR (1) | AR020786A1 (en) |
| AU (1) | AU1194300A (en) |
| BR (1) | BR9914909A (en) |
| CA (1) | CA2347865A1 (en) |
| WO (1) | WO2000027156A1 (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001020925A2 (en) * | 1999-09-10 | 2001-03-22 | Telefonaktiebolaget Lm Ericsson (Publ) | System and method of passing encryption keys after inter-exchange handoff |
| US20050113094A1 (en) * | 2003-11-20 | 2005-05-26 | Dumser Shawn K. | Global authentication continuity feature for handoff to a neighboring mobile switching center |
| WO2007137488A1 (en) * | 2006-05-15 | 2007-12-06 | Huawei Technologies Co., Ltd. | A method for relocating anchor paging controller to mobile station |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5239294A (en) * | 1989-07-12 | 1993-08-24 | Motorola, Inc. | Method and apparatus for authenication and protection of subscribers in telecommunication systems |
| WO1993011646A1 (en) * | 1991-12-03 | 1993-06-10 | Electronic Data Systems Corporation | Apparatus for detecting and preventing subscriber number tumbling in a cellular mobile telephone system |
| KR960700616A (en) * | 1993-11-24 | 1996-01-20 | 타게 뢰흐그렌; 얼링 블로메 | AUTHENTICATION FOR ANALOG COMMUNICATION SYSTEMS |
| DE4417779C1 (en) * | 1994-05-20 | 1995-12-07 | Siemens Ag | Mobile radio system |
| US5537474A (en) * | 1994-07-29 | 1996-07-16 | Motorola, Inc. | Method and apparatus for authentication in a communication system |
-
1999
- 1999-09-28 BR BR9914909-5A patent/BR9914909A/en not_active Application Discontinuation
- 1999-09-28 WO PCT/SE1999/001717 patent/WO2000027156A1/en active Application Filing
- 1999-09-28 CA CA002347865A patent/CA2347865A1/en not_active Abandoned
- 1999-09-28 AU AU11943/00A patent/AU1194300A/en not_active Abandoned
- 1999-10-12 AR ARP990105159A patent/AR020786A1/en unknown
Also Published As
| Publication number | Publication date |
|---|---|
| AU1194300A (en) | 2000-05-22 |
| BR9914909A (en) | 2001-08-07 |
| AR020786A1 (en) | 2002-05-29 |
| WO2000027156A1 (en) | 2000-05-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6081705A (en) | Cellular telephone network support of international mobile station identity (IMSI) | |
| JP3964677B2 (en) | Security procedures for universal mobile phone services | |
| US7065340B1 (en) | Arranging authentication and ciphering in mobile communication system | |
| CA2311889C (en) | System and method for mobile terminal positioning | |
| EP1282319B1 (en) | Method and system for providing a picture as caller identification | |
| US5564068A (en) | Home location register for manual visitors in a telecommunication system | |
| CA2363667C (en) | Fraud detection method for mobile telecommunication networks | |
| US8090347B2 (en) | Method and radio communication network for detecting the presence of fraudulent subscriber identity modules | |
| US20040029587A1 (en) | Method for supporting a handover between radio access networks | |
| US20030104813A1 (en) | Optimization of circuit call setup and delivery associated with inter-MSC packet data handoff | |
| US7590417B2 (en) | Method, system and computer program product for countering anti-traffic redirection | |
| US6038440A (en) | Processing of emergency calls in wireless communications system with fraud protection | |
| JP2002505056A (en) | How to limit the use of terminal equipment | |
| US20090124248A1 (en) | Mobile communication system, core network, radio network system, and method for selecting network for containing the system | |
| GB2322998A (en) | Method of Interconnecting Communication Networks | |
| KR20010111633A (en) | Apparatus, method and system for providing a default mode for authentication failures in mobile telecommunication networks | |
| CA2347865A1 (en) | Method of authenticating a mobile station handing-off from an anchor exchange to a serving exchange | |
| CN105828399B (en) | Tracking area updating method and device | |
| US20050113094A1 (en) | Global authentication continuity feature for handoff to a neighboring mobile switching center | |
| EP1150529A1 (en) | System and method for registering a wireless unit at the border between geographic service areas | |
| WO2000035215A2 (en) | Method of performing a base station challenge in a cellular telecommunications network | |
| KR100651995B1 (en) | User authentication service method, and a mobile phone using for the method | |
| WO2006099389A2 (en) | Method, system and computer program product for countering anti-traffic redirection | |
| GB2365687A (en) | Authentication process using sequence numbers | |
| CN101472227B (en) | Method and device for controlling user terminal to implement cluster call |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FZDE | Dead |