GB2337668A - Mobile station authentication - Google Patents

Mobile station authentication Download PDF

Info

Publication number
GB2337668A
GB2337668A GB9811023A GB9811023A GB2337668A GB 2337668 A GB2337668 A GB 2337668A GB 9811023 A GB9811023 A GB 9811023A GB 9811023 A GB9811023 A GB 9811023A GB 2337668 A GB2337668 A GB 2337668A
Authority
GB
United Kingdom
Prior art keywords
network
call
mobile
mobile station
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB9811023A
Other versions
GB9811023D0 (en
Inventor
Ralph James Edwards
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Telefonaktiebolaget LM Ericsson AB
Original Assignee
Telefonaktiebolaget LM Ericsson AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget LM Ericsson AB filed Critical Telefonaktiebolaget LM Ericsson AB
Priority to GB9811023A priority Critical patent/GB2337668A/en
Publication of GB9811023D0 publication Critical patent/GB9811023D0/en
Priority to CN98119266A priority patent/CN1237072A/en
Publication of GB2337668A publication Critical patent/GB2337668A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/71Hardware identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/02Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
    • H04W8/06Registration at serving network Location Register, VLR or user mobility server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • H04W8/24Transfer of terminal data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Call requests from a mobile which supports authentication and roams to another network are refused if the network to which the mobile has roamed cannot support mobile authentication. The mobile user may deactivate the call rejection to a non-authenticating network for a period of time by entering a PIN. The arrangement may help prevent fraud in a total access communication system (TACS). Authentication may be provided by transmitting a modified electronic serial and mobile station number to the mobile switching centre.

Description

TELECOMMUNICATIONS NETWORKS 2337668 The present invention relates to
telecommunication networks, and in particular to total access communications system (TACS) networks.
is 1 DESCRIPTION OF THE RELATED ART
Total access communication system (TACS) networks provide analogue telecommunications networks for Europe and Asia. When such networks were initially set up, security of the systems was not a major concern and so subscribers could access the network (originate and receive calls) by simply transmitting a simple message including an electronic serial number. (ESN) and a mobile station number (MSNB or A number). However, fraud is becoming an increasing problem, and so security of TACS networks must be improved.
one way of giving a network greater security is to activate so-called "authentication" of mobile stations. Authentication capable mobile stations can detect the fact that authentication is activated in a network by monitoring a bit in the overhead messages on the air interface. If the bit is set, then authentication capable mobile stations transmitting modified electronic serial number (MESN) on the air interface when originating a call access. The MESN is generated by an algorithm in the mobile station and is based on a combination of a 16 digit authentication P.I.N., the dialled called party number (B number) and the ESN.
Operation of TACS networks will be described with reference to Figures 1, 2 and 3 of the accompanying drawings.
Figure 1 shows two mobile station subscribers 1 and 2, having a TACS network 3 as their home network. The first mobile subscriber 1 is shown communicating with the home network 3, by way of one of the nodes or mobile switching centres (MSC) 5 in the network 3. If is network 3 is a non-authenticating network, then when originating a call, the mobile station 1 transmits an ESN/MSNB pair to the mobile switching centre (MSC) 5, which then sends this ESN, together with location update information, to an authorisation node 6, for example the home location register HLR, for authorisation to set up the call. The authorisation node 6 compares the ESN/MSNB pair with stored information, and if the pair is valid then the location information is updated with the location of the current switching centre 5 and authorisation is given to set up the call.
origination of a call from a mobile station in its home, authenticating, network will now be described with reference to Figures 1 and 2. The mobile station 1, operating in its home network 3, detects that the network supports mobile station authentication (step 2a).
The mobile station 1 then originates the call (step 2b) and sends a modified ESN (MESN) to the MSC 5 (step 2c). The MSC 5 then sends the MESN plus location update information relating to the mobile station 1 to an authenticating node 6 (for example the HLR). (Step 2d). An authenticating node AN 6 runs the authentication algorithm to confirm that the MESN is valid (step 2e), and then authorises (step 2f) set up of the call (step 2g). If the MESN is invalid, then the call is rejected (step 2h). If the call is accepted, then the authentication node (eg HLR) updates the location information so that calls can be routed to the mobile station concerned.
In order that TACS networks are attractive to subscribers, it is desirable to allow a subscriber to roam away from his or her home network to another network. Intersystem roaming is generally implemented in TACS networks by creating a virtual homogenous network. Calling party number (A number) analysis tables are modified in visiting mobile station switching centres (VMSCs) to recognise subscribers from both the network concerned and from other networks.
When an authentication capable subscriber 2 roams to a non-authenticating network 7, when its home network 3 supports authentication of mobile stations significant security problems can be caused, as will be illustrated below with reference to figures 1 and 3.
The mobile subscriber 2 detects (step 3a) that the network 7 does not support authentication by monitoring the overhead messages from the network. The mobile subscriber 2 then originates a call (step 3b) and sends an unmodified ESN/MSBN pair to the VMSC 8 (step 3c).
The VMSC sends the ESN and location update information to the authorisation node in the home network (HLR) 6.
The ESN and MSNB are checked against stored information in'order to obtain authorisation for the call set up (step 3d). If the MSNB and ESN are valid (Step 3f) then the call is set up by the VMSC (step 3g).
However, if the MSNB and ESN are not valid, the call is rejected (step 3h).
However, a significant problem can arise because a clone mobile subscriber can have a valid MSNB and a cloned, unmodified, ESN which can be used in network 7 and authorised by the authorisation node 6 of network 3. The mobile station number used by the clone mobile subscriber indicates that the subscriber is connected to the home network 3, and so the VMSC 8 directs the location update and ESN messages to the authorisation node 6.
Non-authenticating network operators having roaming agreements with neighbouring network operators have been faced with such problems when TACS authentication is introduced. One possible solution is simply to terminate the roaming agreements and accept -4 is the loss of revenue that this implies. Such a situation has occurred between the U.K. and Ireland, when a U.K. network activated authentication. Roaming between Malaysia and Singapore is also due to be terminated for the same reasons. As an example of the significance of terminating such agreements, the TACS network in China has roaming agreements between each of the 15 regional operators. This produces what can be called a quasi-homogenous network. Each region purchases and administers it own network, but the roaming agreements bind them together into the National China TACS Network.
Currently, China has not activated TACS authentication but with the increase of fraud and the advent of prepaid subscription services, the situation is becoming more critical. It is becoming necessary for TACS operators to offer a prepaid service if they are to remain competitive. The added security afforded by TACS authentication is considered essential for-the successful introduction of a prepaid service.
clearly it is unacceptable to terminate roaming agreements in China as TACS authentication is activated in the regions. However, it is also impossible given the market conditions in China to take an holistic approach and activate authentication at national level.
In addition, the TACS networks in Italy and Austria may also experience such a problem. The TACS network in Austria seems unlikely to be capable of supporting authentication. In Italy, however, authentication has been activated since November 1997. If roaming is to be allowed, a way must be found to allow Italian subscribers to roam. to non-authenticating Austria without security risks.
The only solution to this problem that has been identified so far is to use code controlled call barring (CCB). In such a system, the subscriber is barred from making certain types of outgoing calls until they make a subscriber service call using a 4digit PIN to deactivate the feature. CCB remains deactivated until it is reactivated by another service call. The use of CCB is onerous for the subscriber if it is used to bar all calls and not just international calls, the subscriber would need to deactivate/activate CCB for every call. It is likely therefore that subscribers will leave it deactivated for long periods of time clone mobile subscribers will therefore still be able to access the system and losses will result.
SUMMARY OF THE PRESENT INVENTION is According to a first aspect of the present invention, there is provided a method of handling call requests in a mobile telephone network, comprising receiving a call request from a mobile station which is roaming to another network, and rejecting the call request if the other network does not support mobile station authentication.
According to a second aspect of the present invention, there is provided a method of operating a mobile telecommunications network in which mobile station authentication is supported, the method comprising:
receiving a call authorisation request from a visited node in another mobile telecommunications network, the call authorisation request relating to a call request received f rom a mobile station roaming to that other network, and including authentication information relating to the visited node; analyzing the received authentication information to determine whether or not the visited node is in a network which supports mobile station authentication; and if the received authentication information is indicates that the visited node is in an authenticating network, performing mobile station authentication for that call authorisation request; or if the received authentication information indicates that the visited node is in a nonauthenticating network, rejecting the call authorisation request.
According to a third aspect of the present invention, there is provided a mobile telecommunications network which supports mobile station authentication, comprising:
receiver means for receiving a call authorisation request from a visited node in another mobile telecommunications network, the call authorisation request relating to a call request received from a mobile station roaming to that other network, and including authentication information relating to the visited node; analyzer means for analyzing the received authentication information to determine whether the visited node concerned is in a network which supports mobile station authentication; and call authorisation means which are operable, if the received authentication information indicates that the visited node is in an authenticating network, to perform mobile station authentication for that call authorisation request or, if the received authentication information indicates that the visited node is in a non-authenticating network, to reject the call authorisation request.
According to a fourth aspect of the present invention, there is provided node apparatus for a mobile telecommunications network which supports mobile station authentication, the apparatus comprising:
receiver means for receiving a call authorisation request from a visited node in another mobile telecommunications network, the call authorisation request relating to a call request received from a mobile station roaming to that other network, and including authentication information relating to the visited node; analyzer means for analyzing the received authentication information to determine whether the visited node concerned is in a network which supports mobile station authentication; and call authorisation means which are operable, if the received authentication information indicates that the visited node is in an authenticating network, to perform mobile station authentication for that call authorisation request or, if the received authentication information indicates that the visited node is in a non-authenticating network, to reject the call authorisation request.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a schematic diagram showing two TACS networks; Figure 2 is a flow chart illustrating operation of home TACS network; Figure 3 is a flow chart illustrating operation of TACS network being visited by a mobile station; and Figure 4 is a block diagram illustrating a network node for operation in accordance with the present invention; Figure 5 is a flow chart illustrating a method embodying the invention of TACS networks when an authenticating mobile station is visiting a nonauthenticating network; and Figure 6 is a flow chart illustrating additional steps - a method embodying another aspect of the present invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT is Present TACS networks have been described with reference to Figures 1,2, and 3, and a method of operating a TACS network embodying the present invention will now be described with reference to Figures 1, 4, 5 and 6. For the purposes of this example, the home network 3 is an authenticating network, whilst the network 7 being visited is a non authenticating network. The mobile station 2 which is visiting the network 7 is authentication-capable, and therefore can transmit modified ESNs when required. The method of the invention is intended to alleviate problems of authentication-capable subscribers roaming to a non-authenticating network.
With reference to Figures 4 and 5, the mobile station detects that the network does not support authentication by monitoring the overhead messages on the air interface (step 5a). Accordingly, when the mobile station 2 originates a call (step 5b) it sends an unmodified ESN/MSNB pair to a visiting mobile switching centre VMSC for authorisation to originate a call. This ESN/MSNB pair, in combination with location update information and authentication information is transferred to an authorisation node 6 (HLR or AN) in the home network (step 5d). The authentication information indicates whether or not the VMSC 8 is in a network which supports mobile station authentication. In the present example, therefore, the authentication information indicates that the VMSC 8 does not support authentication.
Each mobile station having network 3 as its home network, has a subscriber record stored in subscriber record storage 66 of the AN 6. This record indicates which network facilities the subscriber has access to, for example voice mail, call barring, call redirection etc.. Preferably, all authentication capable subscribers from an authenticating network have the roamer limitation function activated, and this fact is recorder in the subscriber record. When a subscriber makes a call from an authenticating network, the roamer limitation function is preferably activated automatically. De-activation of the function will be described below.
When the AN 6 receives the VMSC data (ESN/MSNB, location and authentication information) in the VMSC data receive means 61, the authentication information is analyzed (step Se) by an authentication information analyzer 62. This analyzer 62 determines whether or not the authentication information indicates that the VMSC is in a network which supports mobile station authentication.
If the VMSC network does support authentication, then the call is accepted (step 5f), and passed for usual MS authentication by call authorising means 67. However, if the VMSC network does not support authentication, then the call is rejected (step 5g).
As mentioned, the roaming limitation function is preferably activated for all authentication capable mobile stations having an authenticating network as their home network. This serves to prevent a clone accessing the system from a non-authenticating network, since the VMSC in a nonauthenticating network is not able to supply valid authentication information.
In order to enable the valid mobile subscriber to roam to a non authentication network, the roamer limitation function can be disabled by the valid subscriber transmitting a 4-digit PIN to the authorisation node by using a subscriber service call.
Referring to Figures 4 and 6, the AN 6 receives (step 6b) the PIN using PIN receive means 63, and compares (steps 6c, 6d), using comparison means 65, the PIN with PIN information stored in storage means 64. If the received PIN is valid, then the roamer -10 limitation function data stored in the subscriber record is updated to indicated that the function has been disabled. The function can then be reactivated by the subscriber using another SSC, or automatically after a predetermined period of time. The period of time can usefully be determined by the network provider in order to increase flexibility.

Claims (13)

1. A method of handling call requests in a mobile telephone network, comprising receiving a call request from a mobile station which is roaming to another network, and rejecting the call request if the other network does not support mobile station authentication.
2. A method as claimed in claim 1, wherein rejection of call requests from a mobile subscriber roaming to a non-authenticating network is activated automatically when the mobile subscriber registers in an authenticating network.
3. A method as claimed in claim 1, wherein rejection of call requests from a mobile subscriber roaming to a non-authenticating network is activated by the mobile subscriber concerned.
4. A method as claimed in claim 1, 2 or 3, wherein rejection of call requests from a mobile subscriber roaming to a non-authenticating network can be deactivated by the mobile subscriber concerned.
5. A method as claimed in claim 4, wherein rejection of call requests from a mobile subscriber roaming to a non-authenticating network is reactivated after a predetermined time has elapsed.
6. A mobile telecommunications network operable in accordance with a call handling method as claimed in any one of the preceding claims.
7. Node apparatus for use in a mobile telecommunications network as claimed in claim 6.
8. A method of operating a mobile telecommunications network in which mobile station authentication is supported, the method comprising:
receiving a call authorisation request from a visited node in another mobile telecommunications network, the call authorisation request relating to a call request received from a mobile station roaming to is is that other network, and including authentication information relating to the visited node; analyzing the received authentication information to determine whether or not the visited node is in a network which supports mobile station authentication; and if the received authentication information indicates that the visited node is in an authenticating network, performing mobile station authentication for that call authorisation request; or if the received authentication information indicates that the visited node is in a nonauthenticating network, rejecting the call authorisation request.
9. A mobile telecommunications network which supports mobile station authentication, comprising:
receiver means for receiving a call authorisation request from a visited node in another mobile telecommunications network, the call authorisation request relating to a call request received from a mobile station roaming to that other network, and including authentication information relating to the visited node; analyzer means for analyzing the received authentication information to determine whether the visited node concerned is in a network which supports mobile station authentication; and call authorisation means which are operable, if the received authentication information indicates that the visited node is in an authenticating network, to perform mobile station authentication for that call authorisation request or, if the received authentication information indicates that the visited node is in a non-authenticating network, to reject the call authorisation request.
10. Node apparatus for a mobile -13 telecommunications network which supports mobile station authentication, the apparatus comprising:
receiver means for receiving a call authorisation request from a visited node in another mobile telecommunications network, the call authorisation request relating to a call request received from a mobile station roaming to that other network, and including authentication information relating to the visited node; analyzer means for analyzing the received authentication information to determine whether the visited node concerned is in a network which supports mobile station authentication; and call authorisation means which are operable, if the received authentication information indicates that the visited node is in an authenticating network, to perform mobile station authentication for that call authorisation request or, if the received authentication information indicates that the visited node is in a non-authenticating network, to reject the call authorisation request.
11. A method of operating a mobile telecommunications network substantially as hereinbefore described with reference to Figures 4 to 6 of the accompanying drawings.
12. A method of handling call requests in a mobile telecommunications network substantially as hereinbefore described with reference to Figure 4 to 6 of the accompanying drawings.
13. A mobile telecommunication network substantially as hereinbefore described with reference to, and as shown in, Figure 4 to 6 of the accompanying drawings.
GB9811023A 1998-05-21 1998-05-21 Mobile station authentication Withdrawn GB2337668A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB9811023A GB2337668A (en) 1998-05-21 1998-05-21 Mobile station authentication
CN98119266A CN1237072A (en) 1998-05-21 1998-09-11 Telecommunications networks

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB9811023A GB2337668A (en) 1998-05-21 1998-05-21 Mobile station authentication

Publications (2)

Publication Number Publication Date
GB9811023D0 GB9811023D0 (en) 1998-07-22
GB2337668A true GB2337668A (en) 1999-11-24

Family

ID=10832527

Family Applications (1)

Application Number Title Priority Date Filing Date
GB9811023A Withdrawn GB2337668A (en) 1998-05-21 1998-05-21 Mobile station authentication

Country Status (2)

Country Link
CN (1) CN1237072A (en)
GB (1) GB2337668A (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100536612C (en) * 2006-09-22 2009-09-02 华为技术有限公司 A method and device to perfect the terminal authentication

Also Published As

Publication number Publication date
GB9811023D0 (en) 1998-07-22
CN1237072A (en) 1999-12-01

Similar Documents

Publication Publication Date Title
CA2279367C (en) Cellular telephone network support of international mobile station identity (imsi)
US6754482B1 (en) Flexible access authorization feature to enable mobile users to access services in 3G wireless networks
RU2129760C1 (en) Mobile radio link operating process
US5564068A (en) Home location register for manual visitors in a telecommunication system
KR100349196B1 (en) International automatic roming service method
US7260409B2 (en) Wireless telecommunication network registration roaming call origination, and roaming call delivery methods
EP1527653B1 (en) Method and system for cellular network traffic redirection
US7206593B1 (en) Method for providing differing service levels in a wireless telecommunications network
US8472946B2 (en) Open to all prepaid roaming systems and methods
US6332075B1 (en) Use of distinctive ringing in a wireless communication system to inform a called party of an increased billing rate
US6044269A (en) Method for enhanced control of mobile call delivery
JP2000507768A (en) Dialing by abbreviated code
US7085565B1 (en) Method and apparatus for controlling a subscriber's local operation in a mobile communication system
KR101537392B1 (en) Minimizing the signaling traffic for home base stations
GB2337668A (en) Mobile station authentication
KR101187361B1 (en) Method and apparatus for processing location registration of outbound roaming subscriber
KR100874267B1 (en) Method and mobile station for controlling of transmiting mobile originated message in outbound roaming
KR100827063B1 (en) Method for restricted authentication on hlr down case in cellular network and apparatus thereof
KR20120000819A (en) System and method for blocking illegal call of roaming subscriber
GB2336971A (en) Authentication of a visiting mobile station
MXPA01002142A (en) Adaptive subscriber service allocation
NZ280767A (en) Mobile phone interconnections: one subscriber outside home base

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)