GB2336971A - Authentication of a visiting mobile station - Google Patents
Authentication of a visiting mobile station Download PDFInfo
- Publication number
- GB2336971A GB2336971A GB9808951A GB9808951A GB2336971A GB 2336971 A GB2336971 A GB 2336971A GB 9808951 A GB9808951 A GB 9808951A GB 9808951 A GB9808951 A GB 9808951A GB 2336971 A GB2336971 A GB 2336971A
- Authority
- GB
- United Kingdom
- Prior art keywords
- mobile station
- network
- authentication
- identity information
- visiting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/71—Hardware identity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/02—Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
- H04W8/06—Registration at serving network Location Register, VLR or user mobility server
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
- H04W8/24—Transfer of terminal data
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
In a Total Access Communication System (TACS) mobile telephone network which supports mobile station authentication, a switching centre stores identity information of a visiting mobile station which has a home network which does not support authentication. The stored identity information is suitable for use in a non-authenticating network. Subsequent call access by the visiting mobile station results in transmission of modified identity information in accordance with the authentication of the network. The stored (unmodified) identity information can then be used by the home network for call set up.
Description
2336971 TELECOM4UNI9ATIONS NETWORKS
The present invention relates to telecommunications networks, and in particular to total access communication system (TACS) networks. DESCRIPTION OF THE RELATED ART
Total access communication system (TACS) networks provide analogue telecommunications networks for Europe and Asia. When such networks were initially set up, security of the systems was not a major concern and so subscribers could access the network (originate and receive calls) by simply transmitting a simple message including an electronic serial number (ESN). However, fraud is becoming an increasing problem, and so is security of TACS networks must be improved.
one way of giving a network greater security is to activate so-called nauthenticationll of mobile stations. Authentication-capable mobile stations can detect the fact that authentication is activated in a network by monitoring a bit in the overhead messages on the air interface. If the bit is set, authentication-capable mobile stations transmit a modified electronic serial number (MESN) on the air interface when originating call access. The MESN is generated by an algorithm in the mobile and is based on a combination of a 16 digit authentication PIN, the dialled called party number M-number) and the ESN.
The MESN is passed to an authentication node (AN), for example the home location register HLR, where the algorithm is run again using the dialled B-number and the ESN and authentication PIN stored in the authentication node AN. If the result matches the MESN transmitted by the mobile station, the access is allowed, otherwise it is rejected.
In order that TACS networks are attractive to subscribers, it is desirable to allow a subscriber to is roam away from his or her home network into another network. Two non- authenticating TACS networks are illustrated in Figure 1 of the accompanying drawings. The mobile subscriber 1 has a home network 2 and is roaming in a visiting network 3. Inter-system roaming is generally implemented in TACS networks by creating a virtual homogenous network. Calling party number (A-number) analysis tables are modified in the visiting mobile station switching centre (VMSC) 5 of the visiting network 3, to recognise subscribers from both networks 2 and 3 and provide their home exchange pointer. When the subscriber 1, from network 2 roams to network 3 and registers or originates a call, the mobile station 1 transmits an electronic serial number, and location updating is performed towards their home exchange 4 in network 2. The home exchange 4 performs a check on the electronic serial number (ESN) of the mobile station to ensure it allows valid access before returning the subscriber categories to the VMSC 5 of the visiting network 3. The home exchange 4 is updated with the subscriber's location and call delivery can be performed. If the serial number check fails in the home system, categories are not returned and the access request is rejected.
However, significant problems can occur when authentication-capable subscribers roam into a network which supports authentication, when the home network does not.
Referring again to Figure 1, if the visiting network 3 has activated TACS authentication but the home network 2 has not, inter-system roaming ceases to function for authentication-capable mobile stations having network 2 as their home network. Figure 2 illustrates the steps which lead to the inability of subscriber 1 to roam into network 3. The authentication-capable subscriber 1 detects that the is network 3 supports authentication (step a). The subscriber 1 originates a call (step b), and sends a modified ESN to the network 3 (step c), since the overhead message of the visiting network 3 indicates that authentication is activated. The MESN is transmitted to the home exchange 4 in the home network 2 to retrieve subscriber categories from the home location register (HLR) 4 (step d). The HLR 4 compares the received MESN with the stored ESN for the subscriber concerned (step e) and then rejects the call request because the ESN is not equivalent to the MESN (step f). The rejection is passed to the visiting network 3 and the call is rejected (step g).
Non-authenticating network operators having roaming agreements with neighbouring networks have been faced with such problems when TACS Authentication is introduced. One solution is simply to terminate the roaming agreements and accept the loss of revenue that this implies. Such a situation occurred between the UK and Ireland, when a UK network activated authentication. Roaming between Malaysia and Singapore is also due to be terminated for the same reasons. As an example of the significance of terminating such agreements, the TACS network in China has roaming agreements between each of the fifteen regional operators. This produces what can be called quasihomogenous network. Each region purchases and administers its own network, but the roaming agreements bind them together into the national China TACS network.
Currently China has not activated.TACS authentication but with the increase of fraud and the advent of prepaid subscriptions, the situation is becoming more critical. It is becoming necessary for TACS operators to offer a prepaid service if they are to remain competitive. The added security afforded by TACS Authentication is considered essential for the successful introduction of a prepaid service.
Clearly, it is unacceptable to terminate roaming agreements in China as TACS Authentication is activated in the regions. However it is impossible given the market conditions in China to take a holistic approach and activate it at a national level.
In addition, the TACS networks in Italy and Austria may also experience such a problem. The TACS network in Austria seems unlikely to be capable of supporting authentication. In Italy, however, TACS authentication has been activated since November 1997. If roaming is to be allowed, a way must be found to allow Austrian subscribers to roam to Italy.
The only solution to this problem that has been identified so far has been to inhibit serial number checks in the home location register (HLR).
This, however, has serious implications for network security. The security of non-authenticating TACS networks relies on the serial number (ESN) check to limit fraudulent access. If this check is removed, any clone telephone with a valid Mobile Subscriber Number (MSN) will be able to access the network. SUMMARY OF THE PRESENT INVENTION
According to a first aspect of the present invention, there is provided a method of operating a mobile telecommunications network in which mobile station authentication is supported, the method comprising:
receiving and storing first identity information from a visiting mobile station which has a home network and which is operable to support mobile station authentication, the first identity information being suitable for use in a network which does not support mobile station authentication; receiving a call request from the visiting mobile station, which call request includes second identity information suitable for use in a network which supports mobile station authentication; obtaining information indicating whether the home network of the visiting mobile station supports mobile station authentication; and if the home network of the visiting station does not support mobile station authentication, sending the stored first identity information to the home network of the visiting mobile station in response to the received call request, or, if the home network does support mobile station authentication, sending the received second identity information to the home network of the visiting mobile station in response to the received call request.
According to a second aspect of the present invention, there is provided a mobile telecommunications network in which mobile station authentication is supported, the network comprising:
receive means for receiving and storing first identity information from a visiting mobile station which has a home network and which is operable to support mobile station authentication, the first identity information being suitable for use in a network which does not support mobile station authentication; call processing means for receiving a call request from the visiting mobile station, which call request includes second identity information suitable for use in a network which supports mobile station authentication; and verification means for obtaining information indicating whether the home network of the visiting mobile station supports mobile station authentication, the verification means being operable, if the home network of the visiting station does not support mobile is station authentication, to send the stored first identity information to the home network of the visiting mobile station in response to the received call request, or, if the home network does support mobile station authentication, to send the received second identity information to the home network of the visiting mobile station in response to the received call request. BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a schematic view of two TACS networks; Figure 2 is a flow chart illustrating operation of roaming mobile station; Figure 3 is a flow chart illustrating operation of roaming mobile station in accordance with the present invention; and Figure 4 is a block diagram illustrating a TACS network and mobile station for use in accordance with the present invention. D&SCRIPTION OF THE PREFERRED EMBODIMENT An embodiment of the present invention will now be described with reference to Figures 1, 3 and 4. As previously described, a subscriber 1 having a home network 2, can roam into a visiting network 3. In networks operated in accordance with the present invention, when the authentication-capable mobile station 1 detects, using authentication detector means 9, that the visiting network 3 supports authentication (step a,) (by reference to the overhead message of network 3, as before), it registers its presence by sending its ESN and location information to the visiting mobile switching centre (VMSC) 5 of network 3 (step bl), using ESN/location registration means 10. The ESN and location information is stored in the VMSC 5 (step cl) in a ESN/location data storage area 6. when the mobile station 1 originates a call (step d'), it sends a MESN to the visiting network 3.
is Alternatively, the mobile station may register its ESN in response to a change in area identity (AID) signal on the overhead message.
Stored cooperating exchange administration data 10 of the VMSC 5 includes data concerning the authentication capabilities of all HLRs in the network 3 and in all networks with which roaming is allowed (e.g. home network 2) to be specified.
when the mobile station 1 makes a call originating access (by transmitting an MESN), its mobile station number (MSNB) is analyzed to ascertain its home exchange. The authentication capability of the home exchange is then retrieved from the stored cooperating exchange data 10. If the home exchange of the mobile supports authentication, the MESN is forwarded to the authentication node or HLR for authentication as normal by transmit means 8. If, however, the cooperating exchange data indicates that the home exchange does not support authentication, the location of the last registration/page/audit response is examined (step fl) by comparison means 7. If the location information matches the location of the call originating access, the MESN is overwritten by the stored ESN for the mobile station, and the ESN is forwarded to the home network node or HLR 4 (step g'). If the location information does not match, the MESN is forwarded to the home network node as normal.
The home network node 4 then completes its check of the received ESN (step h'), and accepts the call (step il), since the stored ESN is equivalent to the received ESN.
An authentication-capable mobile from a home network where authentication is not activated will then be able to roam to a visiting network 3 where authentication is activated, provided that the mobile. station 1 registers or responds to a page/audit request is in a valid location.
A mobile station clone with an invalid ESN will have very limited ability to access the system with this feature active even though it involves using the ESN from one access to validate another. The serial number is checked for all accesses, including registrations and page/audit responses. Under normal circumstances therefore, all accesses from such mobiles will be rejected. If, however, the clone with an invalid ESN happened to make an originating access in the same location as the valid subscriber, the access would be allowed. The size of the location is therefore crucial to the security offered by the feature. If either cell or location area is used to define the location of an access, the chances of the clone and the valid subscriber roaming to the same location are very slight.
Clones with valid ESNs will be able to access the system, but these accesses would be allowed in the home network anyway, so there is no change of the level of security provided by the network.
If the location from which the originating access was received differs from the location stored for the last registration or page/audit response, the access will still be rejected. This provides protection against a clone with an invalid ESN, but may give some loss of service to the valid subscriber. The implications are different depending on whether the location area or cell is used to define the location of the subscriber.
If location area is used rejection may occur if the subscriber had the mobile station turned off before originating a call or originated a call just after crossing allocation area boundary. In both cases the mobile station did not have time to register before originating the call. These are not normal situations, is and are unlikely to cause serious problems to the subscriber since the mobile will perform a forced registration immediately after the failed access. If the subscriber then attempts to call again, the access will be allowed.
If the location of the last access is identified by cell rather than location area, there is more chance of rejection due to differing locations. This is because forced registrations occur between location areas, not cells. This can be ameliorated by the VMSC auditing the subscriber following the rejection. The mobile will then return an audit response containing its location and ESN which can be stored in the VMSC if the subscriber then attempts to call again, the access will be allowed.
Thus operating networks in accordance with the present invention allows roaming agreements to be maintained between authenticating and nonauthenticating TACS networks with minimal loss of security for the nonauthenticating network.
The invention will have no effect on subscribers roaming from nonauthenticating networks to authenticating networks if the mobile is not authentication capable. Full service to these subscribers will be maintained.
The security may be tailored for individual markets by choosing units of location carefully for geographically compact networks the location of the last access may be identified by cell to limit the chance of a clone with an invalid ESN and the valid subscriber roaming to the same location.
Claims (10)
1. A method of operating a mobile telecommunications network in which mobile station authentication is supported, the method comprising: receiving and storing first identity information from a visiting mobile station which has a home network and which is operable to support mobile station authentication, the first identity information being is suitable for use in a network which does not support mobile station authentication; receiving a call request from the visiting mobile station, which call request includes second identity information suitable for use in a network which supports mobile station authentication; obtaining information indicating whether the home network of the visiting mobile station supports mobile station authentication; and if the home network of the visiting station does not support mobile station authentication, sending the stored first identity information to the home network of the visiting mobile station in response to the received call request, or, if the home network does support mobile station authentication, sending the received second identity information to the home network of the visiting mobile station in response to the received call request.
2. A method as claimed in claim 1, further comprising storing information indicating whether the home network supports mobile station authentication.
3. A method as claimed in claim 1 or 2, comprising transmitting an authentication message indicating that the network supports mobile station authentication, and wherein the first identity information is transmitted from the mobile station in response to receipt of the authentication message.
is
4. A method as claimed in claim 1 or 2, wherein the first identity information is transmitted from the mobile station in response to a change in the area identity information transmitted by the network.
5. A mobile telecommunications network in which mobile station authentication is supported, the network comprising:
receive means for receiving and storing first identity information from a visiting mobile station which has a home network and which is operable to support mobile station authentication, the first identity information being suitable for use in a network which does not support mobile station authentication; call processing means for receiving a call request from the visiting mobile station, which call request includes second identity information suitable for use in a network which supports mobile station authentication; and verification means for obtaining information indicating whether the home network of the visiting mobile station supports mobile station authentication, the verification means being operable, if the home network of the visiting station does not support mobile station authentication, to send the stored first identity information to the home network of the visiting mobile station in response to the received call request, or, if the home network does support mobile station authentication, to send the received second identity information to the home network of the visiting mobile station in response to the received call request.
6. A network as claimed in claim 5, further comprising:
storage means for storing network information indicating whether a home network supports mobile is station authentication; and wherein the verification means are operable to retrieve such stored network information in response to a call request from a visiting mobile station.
7. A network as claimed in claim 5 or 6, comprising transmit means for transmitting an authentication message indicating that the network supports mobile station authentication, and wherein the first identity information is transmitted from the mobile station in response to receipt of the authentication message.
8. A network as claimed in claim 5 or 6, wherein the first identity information is transmitted from the mobile station in response to a change in the area identity information transmitted by the network.
9. A method of operating a mobile telephone network, substantially as hereinbefore described with reference to the accompanying drawings.
10. A mobile telecommunications network substantially as hereinbefore described with reference to, and as shown in, the accompanying drawings.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB9808951A GB2336971B (en) | 1998-04-27 | 1998-04-27 | Telecommunications networks |
CN98115617A CN1233895A (en) | 1998-04-27 | 1998-06-30 | Telecommunication networks |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB9808951A GB2336971B (en) | 1998-04-27 | 1998-04-27 | Telecommunications networks |
Publications (3)
Publication Number | Publication Date |
---|---|
GB9808951D0 GB9808951D0 (en) | 1998-06-24 |
GB2336971A true GB2336971A (en) | 1999-11-03 |
GB2336971B GB2336971B (en) | 2002-12-11 |
Family
ID=10831040
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB9808951A Expired - Fee Related GB2336971B (en) | 1998-04-27 | 1998-04-27 | Telecommunications networks |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN1233895A (en) |
GB (1) | GB2336971B (en) |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1996005702A2 (en) * | 1994-07-29 | 1996-02-22 | Motorola Inc. | Method and apparatus for authentication in a communication system |
-
1998
- 1998-04-27 GB GB9808951A patent/GB2336971B/en not_active Expired - Fee Related
- 1998-06-30 CN CN98115617A patent/CN1233895A/en active Pending
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1996005702A2 (en) * | 1994-07-29 | 1996-02-22 | Motorola Inc. | Method and apparatus for authentication in a communication system |
Also Published As
Publication number | Publication date |
---|---|
GB9808951D0 (en) | 1998-06-24 |
GB2336971B (en) | 2002-12-11 |
CN1233895A (en) | 1999-11-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1157570B1 (en) | System and method for providing access to value added services for roaming users of mobile telephones | |
US6081705A (en) | Cellular telephone network support of international mobile station identity (IMSI) | |
US5564068A (en) | Home location register for manual visitors in a telecommunication system | |
US5933784A (en) | Signaling gateway system and method | |
EP1754390B1 (en) | Method and radio communication network for detecting the presence of fraudulent subscriber identity modules | |
EP1575313A1 (en) | System and method for sms message filtering | |
GB2322998A (en) | Method of Interconnecting Communication Networks | |
CA2217284C (en) | Method for providing ubiquitous service to mobile subscribers using a wireless gateway switch | |
US7215943B2 (en) | Mobile terminal identity protection through home location register modification | |
WO2009004316A1 (en) | Controlling the use of access points in a telecommunications network | |
US20020002049A1 (en) | Method and devices for improved location updating in a mobile communication system | |
US6044269A (en) | Method for enhanced control of mobile call delivery | |
WO1996034502A1 (en) | Mobile communication system with intelligent network services | |
CN101420678B (en) | Terminal closedown register method used for PHS system and PHS system implementing the method | |
GB2336971A (en) | Authentication of a visiting mobile station | |
KR20000019457A (en) | Method for controlling call for lost mobile terminal | |
KR100693747B1 (en) | Authentication period adjustment apparatus based on subsribers and method thereof | |
GB2337668A (en) | Mobile station authentication | |
KR100827063B1 (en) | Method for restricted authentication on hlr down case in cellular network and apparatus thereof | |
KR100280211B1 (en) | Monitoring method of illegal terminal use in mobile communication network | |
WO2000027156A1 (en) | Method of authenticating a mobile station handing-off from an anchor exchange to a serving exchange | |
CN116405955A (en) | Terminal communication service method, device and system | |
KR101449756B1 (en) | Method and telecommunication system for providing wired telephone service to mobile communication subscriber |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PCNP | Patent ceased through non-payment of renewal fee |
Effective date: 20040427 |