GB2446623A - A heterogeneous wireless communication system and a method of operation thereof - Google Patents

A heterogeneous wireless communication system and a method of operation thereof Download PDF

Info

Publication number
GB2446623A
GB2446623A GB0703165A GB0703165A GB2446623A GB 2446623 A GB2446623 A GB 2446623A GB 0703165 A GB0703165 A GB 0703165A GB 0703165 A GB0703165 A GB 0703165A GB 2446623 A GB2446623 A GB 2446623A
Authority
GB
United Kingdom
Prior art keywords
authentication
user terminal
terminal
user
reconfiguration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0703165A
Other versions
GB0703165D0 (en
GB2446623B (en
Inventor
Marco Fratti
Didier Bourse
Alson Lee
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Motorola Solutions Inc
Original Assignee
Motorola Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Motorola Inc filed Critical Motorola Inc
Priority to GB0703165A priority Critical patent/GB2446623B/en
Publication of GB0703165D0 publication Critical patent/GB0703165D0/en
Priority to PCT/US2008/053027 priority patent/WO2008103544A1/en
Publication of GB2446623A publication Critical patent/GB2446623A/en
Application granted granted Critical
Publication of GB2446623B publication Critical patent/GB2446623B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • H04Q7/32
    • H04Q7/3205
    • H04Q7/321
    • H04Q7/38
    • H04Q7/3802
    • H04Q7/3874
    • H04Q7/3876
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B1/00Details of transmission systems, not covered by a single one of groups H04B3/00 - H04B13/00; Details of transmission systems not characterised by the medium used for transmission
    • H04B1/0003Software-defined radio [SDR] systems, i.e. systems wherein components typically implemented in hardware, e.g. filters or modulators/demodulators, are implented using software, e.g. by involving an AD or DA conversion stage such that at least part of the signal processing is performed in the digital domain
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/71Hardware identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • H04W8/24Transfer of terminal data
    • H04W8/245Transfer of terminal data from a network towards a terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • H04W88/06Terminal devices adapted for operation in multiple networks or having at least two operational modes, e.g. multi-mode terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W92/00Interfaces specially adapted for wireless communication networks
    • H04W92/02Inter-networking arrangements

Abstract

A heterogeneous wireless communication system supports reconfigurable user terminals. A user authentication server (107) of a visited communication network (105) for a user terminal (101) performs user authentication of a user of the user terminal (101) in response to user authentication information received from an authentication server (111) of the user terminal's home communication network. The user terminal (101) receives reconfiguration information for the visited communication network and requests reconfiguration data from the visited communication network. A terminal authentication server (117) performs terminal authentication of the user terminal (101). The terminal authentication server (117) is a common terminal authentication server for a plurality of communication networks including the visited and home communication network. A reconfiguration server (109) of the visited communication network (105) then provides user terminal reconfiguration data to the user terminal (101) conditional on the user authentication and the terminal authentication of the user terminal (101).

Description

A HETEROGENEOUS WIRELESS COMMUNICATION SYSTEM AND A METHOD
OF OPERATION THEREFOR
Field of the invention
The invention relates to a heterogeneous wireless communication system and a method of operation therefor, and in particular to authentication in a heterogeneous wireless communication system.
Background of the Invention
Wireless communication systems are becoming increasingly ubiquitous and are continuously developing to provide improved coverage and services. Currently, the trend is towards integrating different communication systems and standards to provide a more flexible and enhanced seamless user experience.
Specifically, communication systems may comprise a distributed network of heterogeneous Radio Access Technologies (RATs) including for example WiMAX, WIFiTM (IEEE8O2.lla/b/g/n, etc.), 3GPP, DVB-T and DAB access networks. In heterogeneous and reconfigurable wireless systems, terminals and network equipments have enhanced capabilities for adapting to the available environment. In particular, the mobile terminals served by the access networks typically include reconfigurable multi-mode terminals which can use different wireless access technologies and different RATs.
Thus, in many such systems, each terminal/user can use several strategies for getting the best service requested by the user. Reconfigurable terminals have the capability of reconfiguring in order to connect to a new radio access technology available in a cell.
Currently standardization of techniques and approaches for enabling heterogeneous communication systems is ongoing.
Specifically, the Institute of Electrical and Electronics Engineers (IEEE) have established the IEEE P.1900 Standards Group with the objective of developing supporting standards dealing with new technologies and techniques being developed for next generation radio and advanced spectrum management.
P.1900 systems allow heterogeneous networks with reconfigurable network elements and user terminals. As a specific exemplary scenario, as a reconfigurable terminal enters a new network it may be reconfigured to use new frequency bands or air interface techniques supported by the new network.
A problem faced by the P1900 standardization body is how to provide a reliable authentication and registration approach for IEEE P1900 based heterogeneous wireless system.
Specifically, authentication must be reliable and secure while at the same time remaining compatible with authentication procedures of existing RATs and supporting a range of different access networks each of which may have individual authentication functionality.
CMLO481 5M Hence, an improved heterogeneous wireless communication system would be advantageous and in particular a system allowing increased flexibility, facilitated implementation, improved backwards compatibility, improved and/or facilitated authentication and/or improved performance would be advantageous.
Summary of the Invention
Accordingly, the Invention seeks to preferably mitigate, alleviate or eliminate one or more of the above mentioned disadvantages singly or in any combination.
According to an aspect of the invention there is provided a heterogeneous wireless communication system supporting reconfigurable user terminals, the communication system comprising at least a user terminal and a first and second communication network, the first communication network being a visited network of the user terminal and the second communication network being a home network of the user terminal; a user authentication server of the first communication network comprising means for user authentication of a user of the user terminal for the first communication network in response to user authentication information received from an authentication server of the second communication network; the user terminal comprising means for receiving reconfiguration information for the first communication network and for requesting user terminal reconfiguration data from the second communication network; a terminal authentication server for terminal authentication of the user terminal, the terminal authentication server CMLO481 5M being a common terminal authentication server for a plurality of communication networks including the first and second communication network; reconfiguration means of the first communication network for providing user terminal reconfiguration data to the user terminal conditional on the user authentication and the terminal authentication of the user terminal.
The invention may provide an improved heterogeneous wireless communication system. The invention may particularly allow efficient authentication for mobile user terminals ensuring that both the user and the terminal have the permissions required for the reconfiguration. The invention may provide improved backwards compatibility and/or may allow individual networks to retain their existing authentication procedures.
The invention may facilitate operation and management and may in particular facilitate management of the individual networks as well as of the heterogeneous wireless communication system as a whole. For example, user authentication servers may be autonomously operated by individual network operators whereas the terminal authentication server may be operated by a common network authority managing the interworking of the individual networks.
The user terminal may comprise a terminal authentication client and means for coupling to a replaceable and/or removable subscriber module comprising a user terminal authentication client where the terminal authentication client supports the terminal authentication and the user authentication client supports the user authentication. The user authentication client may for example be part of a CMLO4B1 5M Subscriber Identity Module and the user authentication may depend only on the SIN whereas the terminal authentication may depend only on the user terminal and may be independent of the SIN.
According to another aspect of the invention there is provided a method of operation for a heterogeneous wireless communication system supporting reconfigurable terminals, the communication system comprising at least a user terminal and a first and second communication network, the first communication network being a visited network of the user terminal and the second communication network being a home network of the user terminal; the method comprising: a user authentication server of the first communication network performing a user authentication of a user of the user terminal for the first communication network in response to user authentication information received from an authentication server of the second communication network; the user terminal receiving reconfiguration information for the first communication network and requesting user terminal reconfiguration data from the first communication network; a user terminal authentication server performing a terminal authentication of the user terminal, the user terminal authentication server being a common user terminal authentication server for a plurality of communication networks including the first and second communication networks; and a reconfiguration server of the first communication network providing user terminal reconfiguration data to the user terminal conditional on the user authentication and the terminal authentication of the user terminal.
CMLO481 5M These and other aspects, features and advantages of the invention will be apparent from and elucidated with reference to the embodiment(s) described hereinafter.
Brief Description of the Drawings
Embodiments of the invention will be described, by way of example only, with reference to the drawings, in which FIG. 1 illustrates an example of a heterogeneous wireless communication system in accordance with some embodiments of the invention; FIG. 2 illustrates a specific example of a signalling flow in the heterogeneous communication system in accordance with some embodiments of the invention; and FIG. 3 illustrates a method of operation for a heterogeneous wireless communication system in accordance with some embodiments of the invention.
Detailed Description of Some Embodiments of the Invention The following description focuses on embodiments of the invention applicable to a heterogeneous wireless communication system following the current specifications and requirements for a P.1900 communication system. However, it will be appreciated that the invention is not limited to CMLO481 5M this application but may be applied to many other heterogeneous wireless communication systems.
FIG. 1 illustrates an example of a heterogeneous wireless communication system in accordance with some embodiments of the invention.
The communication system comprises a plurality of heterogeneous wireless access networks using different radio access technologies. Thus access points of different networks may operate in accordance with different access technologies! communication standards. For example, some access points may be UNTS base stations, other access points may be IEEE 802.llx wireless Local Area Network access points (such as WiFiTM hotspot access points) etc. Furthermore, the different access networks may utilise different frequency bands.
FIG. 1 illustrates a user terminal 101 which is currently supported by a first access point 103. The user terminal 101 may have capability for using one or more of the communication standards of the heterogeneous communication system including e.g. UMTS, IEEE 802.llx, DAB functionality.
Furthermore, the user terminal 101 is reconfigurable such that it can be reconfigured to operate in accordance with different communication standards depending on the specific network which is currently serving the user terminal 101.
Specifically, the user terminal 101 is a Software Definable Radio (SDR) allowing it to be reconfigured by downloading of executable firmware! software.
CMLO481 5M The access point 103 belongs to a first communication network 105 which is capable of communicating with user terminals using a given communication standard and specified frequency bands. In the example, the first communication network is not the home network of the user terminal 101 but is network visited by the user terminal 101. In this example, a home network is the network in which the user terminal 101 is registered. Thus, the home network is the network operated by the network operator with which the user of the user terminal 101 is subscribed. Accordingly, the default routing address for the user terminal 101 is in a different communication network and the subscriber information and authentication data is also stored in a different communication network.
The first communication network 105 is thus a visited communication network which provides a temporary support of the user terminal 101 while this is roaming within the coverage area of the first communication network 105.
The first communication network 105 comprises a first user authentication server 107 which is operable to provide user authentication for user terminals supported by the first communication network 105. Specifically, the first user authentication server 107 comprises subscriber and user authentication data sufficient to allow an autonomous user authentication of any user subscribed to the first communication network 105, i.e. to any user having the first communication network 105 as the home network. The first user authentication server 107 is managed by a network operator for the first communication network.
CMLO481 5M The first communication network 105 furthermore comprises a reconfiguration server 109 which is operable to provide reconfiguration data to user terminals supported by the first communication network 105. For example, the reconfiguration server 109 can transmit reconfiguration data allowing a user terminal to be reconfigured to use a specific frequency band used by the first communication network 105. The reconfiguration server 109 may specifically be capable of transmitting reconfiguration firmware to SDR user terminals.
In FIG. 1 the first user authentication server 107 is shown to be coupled to the access point 103 and to the reconfiguration server 109. It will be appreciated, that such couplings need not be direct connections but may be logical connections including a number of intervening network elements.
As mentioned, the first user authentication server 107 can autonomously authenticate any user subscribed to the first communication network 105. However, as the user terminal 101 is not subscribed to the first communication network but rather to a second communication network, the first user authentication server 107 cannot autonomously perform user authentication for the user terminal 101.
Accordingly, the first user authentication server 107 is coupled to a second user authentication server 111 which belongs to the home communication network of the user terminal 101. The second user authentication server 111 comprises subscriber and user authentication data for the user terminal 101. The second user authentication server 111 CMLO481 5M is managed by the network operator of the second communication network; i.e. the operators of the first and second user authentication servers 107, 111 are different.
When the user terminal 101 is switched on and within the coverage area of the second communication system 105, the boot operation includes a transmission of an attach request to the access point 103 (following a suitable access point discovery procedure as will be known to the person skilled in the art) The attach request is forwarded to the first user authentication server 107 which in response proceeds to perform a user authentication. The first user authentication server 107 specifically interacts with a user authentication client 115 of the user terminal 101 to perform a user authentication for the user terminal 101. In the example, the user authentication client is embedded in a removable module allowing the user terminal 101 to be used by different users/subscribers. Specifically, the user authentication client 115 is embedded on a Subscriber Identity Module which furthermore comprises a subscriber identity that is unique within the heterogeneous communication system.
Thus, the user authentication is directly performed between the removable user authentication client 101 and the first user authentication server 107 and may be completely independent of the characteristics and identity of the user terminal 101 itself.
CMLO481 5M The attach message comprises the subscriber identity and the first user authentication server 107 uses this to identify that the user of the user terminal 101 is subscribed to a different communication network. It then proceeds to contact the user authentication server of that communication network, i.e. it interfaces with the second user authentication server 111 to retrieve suitable authentication data relating to the user of the user terminal 101. Such identification data may for example include an indication of a set of suitable authentication challenges to transmit to the user authentication client 115 as well as an indication of the responses which should be provided by the authentication client 115. In some embodiments, these authentication challenges and responses may simply be identified by a suitable authentication key from which challenges and responses can be derived (such as a public key or a shared key) . The second user authentication server 111 may furthermore provide specific subscriber data that indicates e.g. which services the user has subscribed to, charging information etc. Such data exchange may be used to implement Service Level Agreements implemented between the network operators of the first and second communication network.
The first user authentication server 107 proceeds to perform user authentication by sending authentication challenges to the user authentication client 115 and comparing the authentication results to the expected response(s) . If the received authentication response(s) matches the expected response(s), the user of the user terminal 101 is designated 0ML0481 5M as authenticated and the user terminal 101 is allowed to use the first communication network (105) Furthermore, the user terminal 101 is arranged to receive reconfiguration information for the first communication network 105. Such reconfiguration information can include an indication of the communication schemes, standards and frequency bands employed by the first communication network 105. The reconfiguration information may alternatively or additional include an indication of the reconfiguration services that are provided by the first communication network 105, such as an indication of specific firmware downloads that are available from the reconfiguration server 109.
Specifically, the reconfiguration information may be obtained from data which is broadcast by the access points of the first communication network 105 e.g. using appropriate message fields embedded in a common broadcast channel.
However, in the specific example, the reconfiguration information is provided directly to the user terminal 101 from the reconfiguration server 109. Specifically, a logical connection between the user terminal 101 and the reconfiguration server 109 may be established via the access point 103. Furthermore, when the first user authentication server 107 has successfully performed the user authentication of the user of the user terminal 101 it transmits an indication of the subscriber identity that has been authenticated to the reconfiguration server 109. In response, the reconfiguration server 109 establishes a CMLO481 5M communication (e.g. using the Internet Protocol, IP) with the user terminal 101 and generates reconfiguration information that is transmitted to the user terminal 101 using this communication connection.
When the user terminal 101 receives the reconfiguration information, it proceeds to determine whether a reconfiguration of the user terminal 101 is required or desired. The reconfiguration server 109 may specifically be arranged generate the reconfiguration information depending on a characteristic of the user terminal 101 or of the user thereof. For example, the reconfiguration server 109 may receive information from the first user authentication server 107 indicating which services the user has subscribe to (as provided by the second user authentication server 111) . In response, it can determine the appropriate configurations that are used by the first communication network 105 to support these services, such as the appropriate frequency band to use, the modulation scheme etc. the configuration data appropriate for these settings is then transmitted to the user terminal 101.
When the user terminal 101 receives the configuration data it can use this to determine which configuration is needed for a desired communication service to be supported in the first communication network 105. It can then determine whether the user terminal 101 currently supports such a configuration. If not, it can generate a request for reconfiguration which is transmitted to the access point 103. This request can specifically indicate which configuration data is needed, such as a firmware download, new frequency synthesizer settings etc. CMLO481 5M Thus, the exchange of reconfiguration information and the determination to perform a reconfiguration is performed based only on the user authentication by the first user authentication server 107 interacting with the user authentication client 115. Specifically, the reconfiguration information exchange and reconfiguration decision is performed prior to any terminal authentication.
However, in response to the reconfiguration, a terminal authentication is initiated for the user terminal 101. This, terminal authentication may specifically be initiated by the user terminal 101 transmitting a registration request (e.g. it may transmit a specific request for terminal authentication) in response to which the first communication network 105 begins authentication. However, in the specific example, the reconfiguration request itself is used both as a request for reconfiguration data as well as a request for registration! terminal authentication. Thus, the use terminal 101 merely transmits a configuration data request which results in first the terminal authentication being performed and then, if the terminal authentication is successful, the download of reconfiguration data.
Specifically, in the example, the reconfiguration request is received by the first user authentication server 107. For example, the reconfiguration request may be transmitted to the reconfiguration server 109 via the first user authentication server 107 which detects the request message.
As another example, the reconfiguration server 109 may directly receive the reconfiguration request from the user terminal 101 and forward this to the first user CMLO481 5M authentication server 107 or equivalently generate another message indicating that the request message has been received.
In response to detecting that the user terminal 101 has transmitted a reconfiguration request, the first user authentication server 107 proceeds to initiate a terminal authentication for the user terminal 101. However, the terminal authentication is not performed by the first user authentication server 107 but is performed by a terminal authentication server 117 coupled to the first user authentication server 107.
The terminal authentication server 117 is not a dedicated terminal authentication server for the first communication network 105 but is rather a server which is common for a plurality of the access networks. Thus, a centralised terminal authentication server 117, which may be independent of the individual user authentication servers, is used to provide an additional level of authentication. Furthermore, this level of authentication is not directed to the user/subscriber of the user terminal but is directly related to the terminal itself. As such, the terminal authentication is supported by a terminal authentication client 119 of the user terminal 101 which is not part of a removable module but is embedded in the user terminal 101 and is inseparable from this.
The terminal authentication is furthermore based on a unique terminal identity. This terminal identity may typically be assigned to the user terminal during manufacturing and may CMLO481 5M specifically be the International Mobile Equipment Identity (IMEI) Thus, the terminal authentication is directly performed between the terminal authentication client 119 of the user terminal 101 itself and the terminal authentication server 117 and may be completely independent of the characteristics and identity of the current user of the user terminal 101, and specifically may be completely independent of the SIN.
The terminal authentication server 117 is managed by a common authority for the individual access networks. Thus the terminal authentication server 117 can provide a common means of controlling the heterogeneous networks by a
suitable authority.
In the example of FIG. 1, the terminal authentication server 117 is a common terminal authentication server for both the first and second communication networks and is shown to be coupled to both the first user authentication server 107 and the second user authentication server 111. It will be appreciated that these couplings are logical connections which may be direct or indirect connections with intervening network elements of the first, second or other networks.
In the example, when the first user authentication server 107 detects that the user terminal 101 has requested reconfiguration data it proceeds to send a message to the terminal authentication server 117 requesting this to initiate a terminal authentication of the user terminal 101.
CMLO481 5M In response, the terminal authentication server 117 proceeds to perform the terminal authentication. Specifically, the user terminal can transmit a user terminal identification (e.g. the IMEI) to the terminal authentication server 117, e.g. in response to a direct request from the terminal authentication server 117 or as part of the reconfiguration request which is forwarded by the first user authentication server 107.
The terminal authentication server 117 comprises a data store which contains a list of registered user terminal identifications and associated user terminal characterising data. Thus, for each terminal registered with the terminal authentication server 117 the terminal authentication server 117 may store the IMEI as well as some data that characterises aspects or features of the terminal.
Specifically the characterising data can characterise the capabilities of the user terminal, such as the capability associated with different configurations, the ability to reconfigure, characteristics and requirements of any firmware that can be downloaded to the terminal etc. The terminal authentication server 117 can then proceed to compare the received IMEI to the list of user terminal identifications. If the IMEI is found in the list, the terminal authentication server 117 proceeds to perform a terminal authentication for the user terminal 101 and otherwise it informs the first authentication server 107 that the user terminal 101 has not been authenticated.
In some embodiments, the terminal authentication server 117 may further comprise means for retrieving the characterising CMLO481 5M data for the user terminal and comparing this to characteristics of the first communication network 105. If the characterising data indicates that the user terminal 101 can be configured to operate with the first communication network 105, the terminal authentication server 117 initiates the terminal authentication and otherwise it informs the first authentication server 107 that the user terminal 101 could not be authenticated. This may ensure that only user terminals compatible with the specific communication network to which it is attached will be authenticated for reconfiguration.
It will be appreciated, that the characterising data may be stored for each terminal type and the appropriate terminal type associated with each IMEI may be used to retrieve the appropriate data.
The terminal authentication is performed by an interaction between the terminal authentication server 117 and the terminal authentication client 119 of the user terminal 101.
Specifically, the terminal authentication server 117 can transmit authentication challenges to the user terminal 101.
In response to receiving the authentication challenges the terminal authentication client 119 determines appropriate responses and transmitter fees back to the turn authentication server 117. This compares the responses to the expected responses and determines that the user terminal 101 is terminal authenticated if the responses match the expected responses.
In the specific example, the terminal authentication server 107 transmits a terminal authentication indication to the CMLO481 5M first user authentication server 117 when the user terminal 101 has achieved the terminal authentication.
Upon receiving this authentication indication, the first user authentication server 107 is aware that both a user authentication and a terminal authentication have successfully been performed for the user terminal 101. The first user authentication server 107 then proceeds to transmit an indication of the terminal authentication to the reconfiguration server 109. In the example, terminal authentication is only performed if user authentication has already been performed (otherwise the first user authentication server 107 will not initiate the terminal authentication and the first communication network will not support communications from the user terminal 101) The reconfiguration server 109 then proceeds to provide reconfiguration data to the user terminal 101. The reconfiguration server 109 does not transmit any reconfiguration data to the user terminal 101 unless it has already obtained a terminal authentication and specifically does not transmit anyreconfiguration data to the user terminal 101 until the terminal authentication indication is the received from the first user authentication server 107.
Accordingly, the provision of reconfiguration data is conditional on the successful terminal authentication.
In some embodiments, the reconfiguration data which is generated by the reconfiguration server 109 depends on the terminal identity indication received for the user terminal 101. For example, the reconfiguration request may comprise a specific identity indication of the unique terminal identity CMLO481 5M (e.g. the INEI) and/or a group identity indication (e.g. indicating a terminal type or model) In this case, the reconfiguration data is selected such that it suits the specific user terminal 101. For example, if the reconfiguration request is a request to obtain firmware in order to enable the user terminal 101 to use a new modulation scheme and/or frequency band, the reconfiguration server 109 may select the specific firmware that is applicable to the specific user terminal 101.
When the reconfiguration data is received by the user terminal 101 it proceeds to reconfigure itself using this reconfiguration data. For example, it proceeds to implement and use the firmware that has been downloaded. The user terminal 101 then proceeds to use the desired communication services of the first indication network 105 using the appropriate configuration and communication settings for that network.
The described system thus provides easy to implement means of ensuring that any reconfiguration of a user terminal is only performed if this is associated with a subscriber having the correct permissions and if the terminal is capable of, and permitted to, support this reconfiguration.
Furthermore, the authentication is provided by different entities which can be controlled by different authorities.
Specifically, it allows both common terminal authentication as well as individual autonomous authentication by the individual network. Furthermore, the user authentication may be performed in accordance with existing authentication CMLO4B1 5M procedures thereby providing improved backwards compatibility.
In the specific example of FIG. 1, the authentication communication between the terminal authentication server 117 and the terminal authentication client 119 is routed by the first user authentication server 107. Specifically, the first user authentication server 107 receives the terminal authentication challenges from the terminal authentication server 117 and forwards these to the terminal authentication client 119. Similarly, the first user authentication server 107 receives the authentication responses from the terminal authentication client 119 and forwards these to the terminal authentication server 117.
As the first user authentication server 107 acts as a relay for the authentication messages, the local authentication authority for the first communication system has full visibility of the terminal authentication of any user terminal within the network. This may allow the first user authentication server 107 to monitor and control aspects of the terminal authentication.
In the specific example, the first user authentication server 107 prevents the relaying of authentication messages if the user authentication of the user terminal 101 has not been successful. Thus, in the example, the terminal authentication process is only supported by the first user authentication server 107 if a user authentication has already been successfully performed for the user terminal 101. Thus, the first user authentication server 107 can ensure that any terminal authentication is only successful CMLO4O1 5M if the user authentication has already been performed, and accordingly that any terminal authentication also signifies a user authentication.
In some embodiments, the first user authentication server 107 is arranged to detect that a terminal authentication has been successful in response to the authentication messages that are exchanged between the terminal authentication client 119 and the terminal authentication server 117.
Specifically, the first user authentication server 107 can obtain information of the expected responses to the authentication challenges generated by the terminal authentication server 117 (e.g. from the terminal authentication server 117 itself or e.g. from the user authentication server of the user terminal's home network) It may then itself compare the authentication responses generated by the terminal authentication client 119 to the expected responses and determine that a terminal authentication will be provided by the terminal authentication server 117 if the correct responses are detected.
FIG. 2 illustrates a specific example of a signalling flow in the heterogeneous communication system of FIG. 1. In the specific example, the reconfiguration server 109 is a spectrum controller which is capable of providing information of different frequency bands supported by the first communication network 105 and of providing frequency band reconfiguration data allowing the user terminal 101 to be reconfigured to use new frequency bands.
CMLO481 5M The specific steps of the signalling flow will be described in more detail in the following.
1. The user terminal performs a conventional attach request procedure and accesses the first communication network 105. The user is roaming in the first communication network (referred to as Domain 2 with the home communication network being referred to as Domain 1) and accordingly the attach request is relayed to the second user authentication server 111 in Domain 1 by first user authentication server 107 in Domain 2.
2. Subsequently, the authentication procedures for authenticating the SIN of the user terminal 101 are executed. These authentication procedures may be conventional authentication procedures implemented in the individual communication networks. For instance, 3GPP AKA (Authentication and Key Agreement) procedures may be used. The second user authentication server 111 sends temporary authentication and encryption keys (generated from a master key) to the first user authentication server 107 where they are stored and used to initiate the authentication challenge with the user terminal 101. The user authentication client 115 has the same master key and is therefore able to generate the temporary keys and comply with the challenge procedure. Successful completion of this step implies user authentication.
3. Upon successful challenge completion and terminal attachment to the first communication network 105, the user terminal 101 and the reconfiguration server 109 CMLO4S1 5M starts and IP based handshake with the purpose of discovering whether the user terminal is spectrum adaptable. A device naming convention (for instance the IMET) can be used in this respect. The reconfiguration server can then present the alternative spectrum options available to the user terminal 101.
4. At this point, the user terminal 101 is aware that other spectrum is available but that it lacks the proper software to utilise this (for instance, specific re-tuning is needed for the radio head-end) 5. The terminal authentication client 119 in response requests registration to the terminal authentication server 117 using the first communication network. This registration request includes the IMEI as a hardware identifier (e.g. identifier of the device itself) . The registration request is relayed by the first user authentication server 107 to the terminal authentication server 117.
6. The terminal authentication server 117 then verifies that the IMEI identifies a reconfiguration enabled terminal, i.e. that it can be reconfigured by the system.
7. Upon successful verification, terminal authentication procedures based on authentication challenges are executed between the terminal authentication client 119 and the terminal authentication server 117. These authentication challenges can e.g. rely on a PKI (Public Key Infrastructure) framework and can entail key generation under control of the reconfiguration CMLO481 5M service provider. The first communication network 105 allows the transport of the reconfiguration terminal authentication / registration challenges. Secure IP-based protocols (e.g. https) may advantageously be used for this and for the further software update operations.
8. The first user authentication server 107 is made aware of the authentication results and the reconfiguration server is informed accordingly.
9. The user terminal 101 requests a software update, in order to enable it to operate on the new frequency band. The request can be made via https and sent to the reconfiguration server 109.
10. A software update response is transmitted to the user terminal 101 from the reconfiguration server 109.
The provided software may depend on the device type (authenticated via its IMEI in step 6.) and of the chosen spectrum option. The response contains specific parameters that are needed in order for the device to operate in the new spectrum (for instance, frequency synthesizer/PLL parameters) 11. The user terminal 101 receives, decrypts and decodes the response. The user terminal 101 is retuned to the new spectrum and proceeds to access the communication services of the first communication network 105.
CMLO481 5M FIG. 3 illustrates a method of operation for a heterogeneous wireless communication system in accordance with some embodiments of the invention.
The communication system supports reconfigurable terminals and comprises at least a user terminal and a first and second communication network. The first communication network is a visited network of the user terminal and the second communication network is a home network of the user terminal.
The method initiates in step 301 wherein a user authentication server of the first communication network performs a user authentication of a user of the user terminal for the first communication network in response to user authentication information received from an authentication server of the second communication network.
Step 301 is followed by step 303 wherein the user terminal receives reconfiguration information for the first communication network and request user terminal reconfiguration data from the first communication network.
Step 303 is followed by step 305 wherein a user terminal authentication server performs a terminal authentication of the user terminal. The user terminal authentication server is a common user terminal authentication server for a plurality of communication networks including the first and second communication networks.
Step 305 is followed by step 307 wherein a reconfiguration server of the first communication network provides user CML0481 5M terminal reconfiguration data to the user terminal conditional on the user authentication and the terminal authentication of the user terminal.
It will be appreciated that the above description for clarity has described embodiments of the invention with reference to different functional units and processors.
However, it will be apparent that any suitable distribution of functionality between different functional units or processors may be used without detracting from the invention. For example, functionality illustrated to be performed by separate processors or controllers may be performed by the same processor or controllers. Hence, references to specific functional units are only to be seen as references to suitable means for providing the described functionality rather than indicative of a strict logical or physical structure or organization.
The invention can be implemented in any suitable form including hardware, software, firmware or any combination of these. The invention may optionally be implemented at least partly as computer software running on one or more data processors and/or digital signal processors. The elements and components of an embodiment of the invention may be physically, functionally and logically implemented in any suitable way. Indeed the functionality may be implemented in a single unit, in a plurality of units or as part of other functional units. As such, the invention may be implemented in a single unit or may be physically and functionally distributed between different units and processors.
CMLO4B1 5M Although the present invention has been described in connection with some embodiments, it is not intended to be limited to the specific form set forth herein. Rather, the scope of the present invention is limited only by the accompanying claims. Additionally, although a feature may appear to be described in connection with particular embodiments, one skilled in the art would recognize that various features of the described embodiments may be combined in accordance with the invention. In the claims, the term comprising does not exclude the presence of other elements or steps.
Furthermore, although individually listed, a plurality of means, elements or method steps may be implemented by e.g. a single unit or processor. Additionally, although individual features may be included in different claims, these may possibly be advantageously combined, and the inclusion in different claims does not imply that a combination of features is not feasible and/or advantageous. Also the inclusion of a feature in one category of claims does not imply a limitation to this category but rather indicates that the feature is equally applicable to other claim categories as appropriate. Furthermore, the order of features in the claims does not imply any specific order in which the features must be worked and in particular the order of individual steps in a method claim does not imply that the steps must be performed in this order. Rather, the steps may be performed in any suitable order.
CML04815M

Claims (20)

1. A heterogeneous wireless communication system supporting reconfigurable user terminals, the communication system comprising at least a user terminal and a first and second communication network, the first communication network being a visited network of the user terminal and the second communication network being a home network of the user terminal; a user authentication server of the first communication network comprising means for user authentication of a user of the user terminal for the first communication network in response to user authentication information received from an authentication server of the second communication network; the user terminal comprising means for receiving reconfiguration information for the first communication network and for requesting user terminal reconfiguration data from the second communication network; a terminal authentication server for terminal authentication of the user terminal, the terminal authentication server being a common terminal authentication server for a plurality of communication networks including the first and second communication network; reconfiguration means of the first communication network for providing user terminal reconfiguration data to the user terminal conditional on the user authentication and the terminal authentication of the user terminal.
2. The heterogeneous wireless communication system of claim 1 wherein the user authentication server comprises: CMLO481 5M means for relaying authentication messages between the user terminal and the terminal authentication server for terminal authentication of the user terminal.
3. The heterogeneous wireless communication system of claim 2 wherein the user authentication server comprises: means for preventing the relaying if the user terminal has no user authentication.
4. The heterogeneous wireless communication system of claim 2 wherein the user authentication server comprises: detection means for detecting the terminal authentication of the user terminal; and means for transmitting an indication of the terminal authentication to the reconfiguration means.
5. The heterogeneous wireless communication system of claim 4 wherein the detection means is arranged to detect the terminal authentication in response to authentication challenge messages from the user terminal authentication server and authentication response messages from the user terminal.
6. The heterogeneous wireless communication system of claim 4 wherein the terminal authentication server is arranged to transmit a terminal authentication indication to the user authentication detection means in response to the terminal authentication of the user terminal and the detection means is arranged to detect the terminal authentication in response to receiving the terminal authentication message.
CMLO481 5M
7. The heterogeneous wireless communication system of claim 2 wherein the authentication messages comprise authentication challenge messages from the user terminal authentication server to the user terminal and authentication response messages from the user terminal to the user terminal authentication server.
8. The heterogeneous wireless communication system of claim 1 wherein the reconfiguration means is arranged to provide user terminal reconfiguration data to the user terminal if an indication of terminal authentication has been received for the user terminal.
9. The heterogeneous wireless communication system of claim 2 wherein the terminal authentication server comprises: means for receiving a user terminal identification for the user terminal; a data store comprising a list of registered user terminal identifications and associated user terminal characterising data; means for comparing the user terminal identification to the list of registered user terminal identifications; means for retrieving user terminal characterising data for a registered user terminal identification matching the user terminal identification; and means for initiating an authentication procedure for the user terminal only if the retrieved characterising data matches a criterion.
10. The heterogeneous wireless communication system of claim 1 wherein the user terminal comprises means for CML04815M determining a preference for a reconfiguration in response to the reconfiguration information; and means for transmitting a registration request message in response to the preference.
11. The heterogeneous wireless communication system of claim 10 wherein the first communication network comprises: means for initiating the terminal authentication of the user terminal in response to receiving the registration request message.
12. The heterogeneous wireless communication system of claim 10 wherein the reconfiguration means comprises: means for generating reconfiguration information comprising an indication of configurations supported by the second network; and means for transmitting the reconfiguration information to the user terminal prior to terminal authentication of the user terminal.
13. The heterogeneous wireless communication system of claim 1 wherein the reconfiguration information comprises an indication of a frequency band supported by the first communication network; and the reconfiguration data comprises data for reconfiguring the user terminal to use the frequency band.
14. The heterogeneous wireless communication system of claim 1 wherein the user authentication is in response to a subscriber identity of a Subscriber Identity Module, SIM.
CMLO481 5M
15. The heterogeneous wireless communication system of claim 1 comprising means for initiating the user authentication in response to a network attach request from the user terminal.
16. The heterogeneous wireless communication system of claim 1 wherein the user terminal comprises an embedded terminal authentication client for performing the terminal authentication; and means for supporting a removable subscriber identity module comprising user authentication data required for the user authentication.
17. The heterogeneous wireless communication system of claim 1 wherein the terminal authentication is in response to a unique terminal identity of the user terminal.
18. The heterogeneous wireless communication system of claim 1 wherein the unique terminal identity is an International Mobile Equipment Identity, IMEI.
19. The heterogeneous wireless communication system of claim 1 wherein the reconfiguration server is arranged to generate the reconfiguration data in response to a terminal identity indication for the user terminal.
20. A method of operation for a heterogeneous wireless communication system supporting reconfigurable terminals, the communication system comprising at least a user terminal and a first and second communication network, the first communication network being a visited network of the user terminal and the second communication network being a home network of the user terminal; the method comprising CML0481 SM a user authentication server of the first communication network performing a user authentication of a user of the user terminal for the first communication network in response to user authentication information received from an authentication server of the second communication network; the user terminal receiving reconfiguration information for the first communication network and requesting user terminal reconfiguration data from the first communication network; a user terminal authentication server performing a terminal authentication of the user terminal, the user terminal authentication server being a common user terminal authentication server for a plurality of communication networks including the first and second communication networks; and a reconfiguration server of the first communication network providing user terminal reconfiguration data to the user terminal conditional on the user authentication and the terminal authentication of the user terminal.
CMLO4B1 5M
GB0703165A 2007-02-19 2007-02-19 A heterogeneous wireless communication system and a method of operation therefor Active GB2446623B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB0703165A GB2446623B (en) 2007-02-19 2007-02-19 A heterogeneous wireless communication system and a method of operation therefor
PCT/US2008/053027 WO2008103544A1 (en) 2007-02-19 2008-02-05 A heterogeneous wireless communication system and a method of operation therefor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0703165A GB2446623B (en) 2007-02-19 2007-02-19 A heterogeneous wireless communication system and a method of operation therefor

Publications (3)

Publication Number Publication Date
GB0703165D0 GB0703165D0 (en) 2007-03-28
GB2446623A true GB2446623A (en) 2008-08-20
GB2446623B GB2446623B (en) 2009-07-15

Family

ID=37908862

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0703165A Active GB2446623B (en) 2007-02-19 2007-02-19 A heterogeneous wireless communication system and a method of operation therefor

Country Status (2)

Country Link
GB (1) GB2446623B (en)
WO (1) WO2008103544A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1638261A1 (en) * 2004-09-16 2006-03-22 Matsushita Electric Industrial Co., Ltd. Configuring connection parameters in a handover between access networks
WO2007004846A2 (en) * 2005-07-05 2007-01-11 Lg Electronics Inc. Method of supporting media independent handover with resource management function in a mobile communication system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6502192B1 (en) * 1998-09-03 2002-12-31 Cisco Technology, Inc. Security between client and server in a computer network
GB9909275D0 (en) * 1999-04-23 1999-06-16 Philips Electronics Nv Reconfigurable communications network
US7184759B2 (en) * 2001-07-26 2007-02-27 Kyocera Wireless Corp. Modular software components for wireless communication devices
JP2003122442A (en) * 2001-10-16 2003-04-25 Sony Corp Wireless data communications method and apparatus for software download system
US20040063425A1 (en) * 2002-09-30 2004-04-01 Kabushiki Kaisha Toshiba Wireless communication terminal

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1638261A1 (en) * 2004-09-16 2006-03-22 Matsushita Electric Industrial Co., Ltd. Configuring connection parameters in a handover between access networks
WO2007004846A2 (en) * 2005-07-05 2007-01-11 Lg Electronics Inc. Method of supporting media independent handover with resource management function in a mobile communication system

Also Published As

Publication number Publication date
GB0703165D0 (en) 2007-03-28
WO2008103544A1 (en) 2008-08-28
GB2446623B (en) 2009-07-15

Similar Documents

Publication Publication Date Title
US20210329435A1 (en) Method and device for selective communication service in communication system
CN108206857B (en) Profile setting method and device
CN109417701B (en) Method and apparatus for accessing a cellular network to obtain a SIM profile
EP2304902B1 (en) Network discovery and selection
KR102046159B1 (en) Security and information supporting method and system for using policy control in re-subscription or adding subscription to mobile network operator in mobile telecommunication system environment
WO2019128906A1 (en) Method, apparatus, and system for accessing network hotspot device by device to be distributed a network
EP3205149B1 (en) Methods and apparatus for standalone lte ran using unlicensed frequency band
CN111263334A (en) Configuring an electronic subscriber identity module for a mobile wireless device
US20160205557A1 (en) Controlling network access
EP2385729A2 (en) Control of electronic features in a network
EP3905742A1 (en) Apparatus and method for access control on esim
US20230062452A1 (en) Device and method for providing service according to wireless communication network type in edge computing system
EP3155866B1 (en) Method and device for selective communication service in communication system
WO2014194783A1 (en) Method and apparatus for detecting target networks coverage
ES2398799T3 (en) Procedure for obtaining information from a local environment of a terminal
US20220240210A1 (en) Onboarding Network Procedures for UE and Network
EP4142319A1 (en) Method and apparatus for transferring network access information between terminals in mobile communication system
KR20210104540A (en) Apparatus and method for providing edge computing service according to wireless communication network type
EP3328135B1 (en) Simultaneous operator domain attachment of a communication terminal
EP3499958A1 (en) A method of, and devices for, a user terminal to select a network to be used as a visited network in a telecommunication network
GB2446623A (en) A heterogeneous wireless communication system and a method of operation thereof
US20130288670A1 (en) Signaling of preferred visited nsp for roaming services
KR101131841B1 (en) System and method for adaptive roaming threshold parameter setup
US20230413036A1 (en) Cellular wireless service plan transfer between non-linked wireless devices
WO2016113060A1 (en) Wireless access technology configuration