SE516066C2 - Method, system and network node for providing services on the Internet - Google Patents

Description

25 30 35 516 us šï *: jjsjjwjjë 2 its customers, to have an account with the specific bank.

Alternatively, the accounts for the customer and the E-commerce company are with different separate banks. In both cases, however, the bank (s) must provide a system in which security aspects must be handled. Such systems may also include the transfer of a credit card number in encrypted form from the customer to one of the banks. An example of such a system is the SET system (Secure Electronic Transactions). One of the main disadvantages of the SET system, apart from the fact that it is quite complicated, is that it is expensive for an e-commerce company to participate in the system.

Regardless of the system used to enable payments over the Internet, security will be reflected in the administrative procedures used to handle payment transactions. Such routines include the actual payment but also the identification of the customer. A high level of security will often require complicated administrative routines and thus become a system that is more expensive to implement and more expensive for a company to participate in.

The use of IP telephony enables a user to make cheap outgoing calls in a more or less convenient way. A major disadvantage, however, is that incoming calls can only be received under certain limited conditions. The user must e.g. be connected to the Internet via a specific Internet service provider or a provider that offers voice services over the Internet, with this provider he must also have a subscription. The user is also dependent on having access to his normal equipment that has the appropriate software that is preconfigured in accordance with his subscription. Even more importantly, a user is not free to change his physical position, i.e. his IP address, if he wishes to be able to receive incoming calls over the Internet. The reason for this is that the calling party, or rather the telecommunications network, does not know a .. 10 15 20 25 30 35 516 066: IëiÃë-ëÃÃë ". routed to.

Summary of the invention An object of the present invention is to provide a service on an IP-based network which in a simple and reliable manner verifies an end user requesting access to said network.

Another object of the invention is to provide a service provider on an IP-based network with a service which offers the service provider a large potential customer base, in which each customer can be verified in a simple and reliable manner with the aid of said service.

These objects are achieved according to the present invention by a method, a system and a gateway node having the features defined in the appended claims.

According to a first aspect of the present invention, the above objects are achieved by a method for providing services on an IP-based network, to which an end user and a server are connected, which method comprises the steps of: in a terminal using said end users read an IC card which stores subscription information relating to a subscription of a digital, a GSM network; to request that a gateway operator of a cellular radio communication network, e.g. node verifies said end user by sending a message containing a verification request from said server to said gateway node, said gateway node being connected to said IP-based network and to either said digital cellular radio communication network or to a network of the same type as said digital cellular radio communication networks; and responding to said verification request with a message from said gateway node to said server, which message is based on a verification of said subscription stored on said IC card, which card e.g. is a SIM card (Subscription 10 15 20 25 30 35 o v - u o - c s1efoe6 4 Identity Module), in accordance with a verification method used by said digital, cellular radio communication networks, e.g. an authentication method used in GSM.

According to a second aspect of the present invention, the above objects are achieved by a system for providing services on an IP-based network to which an end user and a server are connected, said system comprising: an IC card which stores subscription information which refers to a subscription with an operator of a digital, cellular radio communication network, e.g. a GSM network; inverter and arranged to read said subscription information terminal used by said terminal from said IC card; and a gateway node interconnecting said IP-based network with either said digital cellular radio communication network or with a network of the same type as said digital cellular radio communication network, said node comprising: receiving means for receiving a verification request from said server to verify said end user; and verifying means for performing a verification of said subscription stored on said IC card, which card e.g. is a SIM card (Subscription Identity Module), in accordance with a verification method used by the said digital, cellular radio communication networks, e.g. an authentication method used in GSM.

According to a third aspect of the present invention, the above-mentioned objects are achieved by a network port node for providing services on an IP-based network, to which network an end-user terminal and a service provider's server are connected, which terminal is arranged to read a IC cards which store subscription information relating to a subscription with an operator of a digital cellular radio communication network, e.g. a GSM network, said network port node interconnecting said IP-based network with either said digital cellular radio communication network or with a network of the same type as and said digital cellular radio communication network, i - Wherein said gateway node is characterized by the features defined above in connection with the second aspect of the invention.

The present invention is thus based on the idea of providing services over the Internet which are based on already existing and reliable functionality, in particular an already existing functionality for user authentication, which is used in a digital, cellular radio communication network. Such services are intended for the use of servers on the Internet, especially servers of service providers, who for some reason want to verify the identity of a user or a customer requesting access to the server.

The use of pre-existing and reliable verification functionality provided by a digital, cellular radio communication network for verifying a user on the Internet makes user verification simple and inexpensive. A service provider or other party does not need to design, provide and operationally maintain a new, complex and costly system to enable a reliable way to verify users requesting access to servers on the Internet.

The advantages of the present invention are achieved regardless of the extent to which the verification functionality is actually performed by the cellular network or if part of the functionality is implemented by the gateway node according to the invention on the basis of the principles used by the cellular network.

According to an embodiment of the invention, said terminal used by said end user is a computer, e.g. a personal computer, which is arranged to read a SIM card via a SIM card reader connected to the computer. The computer is also used by the user to access the Internet.

The computer and the gateway node are arranged to communicate over the Internet using standard GSM signaling mechanisms. This communication involves the exchange of GSM authentication parameters in the process of verifying the SIM card subscription. This verification is performed in accordance with the verification, or authentication, that is normally performed in a GSM network. For this reason, the gateway node includes a database that implements the functionality of a VLR in the GSM network, as well as other necessary means and software for communication with the GSM network, to which the subscription is associated, in order to be able to use the debit and position update procedures provided by the GSM network.

According to another embodiment of the invention, said terminal used by said end user is a mobile station comprising a mobile telephone which reads a SIM card. By using the mobile station to initiate a GSM call against said gateway node, the mobile station is assigned a temporary verification code of the gateway node as a result of the reception of the call, and thus as a result of the calling subscriber being authenticated by the GSM network. The net. This number and this code can be used by the user when communicating with a service provider's server, by using the normal computer equipment used to access the Internet, in order to enable the service provider's server to finally verify the user. The user thus has no need for any additional equipment or software that must be distributed and maintained at the place where the user is located or in the terminal used for access to the Internet. As an alternative to calling a public telephone number, the mobile station establishes a communication with the gateway node by sending an SMS (Short Message Service) message, whereupon a call is established from the gateway node back to the GSM connected mobile station to transmit the temporary the verification code.

According to the invention, an operator of the gateway node can provide services relating to customer authentication and debiting of customers to any service provider on the Internet. It is also possible to provide a service that locates customers to a service provider that provides voice over the Internet.

All the Internet user, or customer, needs is a GSM subscription with which he can move outside his HPLM. He also needs a mobile phone, alternatively a SIM card reader connected to a terminal, such as a personal computer, together with a specific software stored on the computer for handling GSM signaling over the Internet. The user is of course required to have the tools required for Internet access (such as a PC or similar, a modem and an Internet subscription with an Internet service provider.

By providing an Internet service that is based on existing billing functionality in a digital, a GSM network, a convenient and efficient way to charge for an end-use cellular radio communication network, e.g. also simplifies the implementation of a cedar considerably. According to the invention, billing items are produced which are fed to a billing mechanism in the cellular network.

It will be appreciated that the described existing verification and billing functionalities and methods described in the present invention are not limited to those offered by a GSM network but may be provided by any digital, communication network having functionalities or methods. - cellular radio commodities corresponding to those found in a GSM network.

The invention thus offers a secure and simple way of verifying and debiting an end user over the Internet. Provided that the end user has a subscription to a cellular network of the same type as that to which the gateway node according to the invention is connected, any server connected to the Internet may use the open interface provided by the gateway node to verify and / or charge the end user requesting access to the server. The end user must, of course, have his IC card which stores his subscription information connected to his terminal's IC card reader, or, in accordance with another embodiment, to his mobile phone (Mobile Equipment, ME).

Thus, any service provider on the Internet can ensure that its server uses the services provided by the present invention. Within the scope of the present invention, a service provider is someone who provides services on the Internet. Such services include e.g. electronic commerce, IP telephony and the actual Internet access itself.

A service provider can therefore turn to all customers who have a subscription with an operator of a cellular network, such as a GSM network, since the principles that apply to roaming between cellular networks enable operators to offer services to others. operators' customers. In this way, a large number of potential customers will be able to be reached by an Internet application through the use of the services provided by the present invention.

A major advantage for a provider of voice over the Internet that uses the services provided by the system and the gateway node, is that it can offer its customers not only to make outgoing calls, but also to receive calls directed to the customer's MSISDN number in GSM network (Mobile Station Integrated Service Digital Network). This is independent of which physical address the customer is connected to. The invention thus provides the transfer of fixed connections, or mobility for customers who use Internet telephony.

Another advantage of the present invention is the ability to provide a very rapid introduction of services.

The gateway node according to the invention is preferably operated by an operator who on the Internet provides services for verification, debiting and services that enable mobility, i.e. the operator is a provider of Internet billing and mobility services. The network node 516 066: Åfëë fl š-ëfë "a now 10 15 20 25 30 35 9 port node shall be interpreted as a logical node that can be realized either as a single physical unit or as a number of separate, physical units, or sub- nodes, among which the functionality of the logical gateway node is distributed.

Brief Description of the Drawings Additional features and advantages of the present invention will become more apparent from the following detailed description of specific embodiments of the invention when taken in conjunction with the accompanying drawings, in which like reference numerals are used throughout to identify the same. and wherein: Fig. 1 shows a system and its mode of operation in accordance with an embodiment of the present invention; Fig. 2 shows a system and its mode of operation in accordance with another embodiment of the present invention; Fig. 3 shows a system and its mode of operation in accordance with yet another embodiment of the present invention; Fig. 4 schematically shows a night gate node included in the embodiment described with reference to Fig. 1; and Fig. 5 schematically shows a night gate node included in the embodiment described with reference to Figs. 2 and 3.

Detailed Description of Preferred Embodiments Fig. 1 shows an exemplary system and its mode of use in accordance with an embodiment of the present invention. to an IP-based network 110, gital, In Fig. 1 a network port node 100 is connected and a di-Connected such as Internet, cellular radio communication network 120. to the Internet 110 is a service provider server 130, in this case an E-commerce provider selling products v annu s 1 e oss íšæ fifl æ-a fifi fššè- o nu 10 15 20 25 30 35 10 or services over the Internet. Another service provider, namely an Internet Service Provider (Internet Service ISP), to the Internet as well as to a connected telecommunications Provider, has an access server 140 connected to network 150.

An IC card 160 stores subscription information relating to a subscription with an operator of a digital cellular telecommunication network. This cellular network provided by the subscriber's own operator is called an HPLMN network (Home Public Land Mobile Network) 1 either the cellular network 120, or the cellular network 125 to which the gateway node is connected via means and corresponds in Figs. to which the gateway node is connected, land-based telecommunication equipment. The connection between the gateway node 100 and the cellular network 120 can of course also alternatively take place via intermediate communication equipment, such as a connected telecommunication network in the form of a public switched telephone network (PSTN).

Thus, in Fig. 1, one of the cellular networks 120 and 125 is the HPLM network to which the subscription stored on the IC card 160 belongs. If the HPLMN network is the cellular network 125, the cellular network 120 is a Visited Public Land Mobile Network (VPLMN). The IC card 160 is received and read by a terminal 162, which terminal is a mobile station used by the end user. The end user uses the mobile station 162 to access the gateway node via one of the cellular networks 120 or 125.

To access and access the Internet 110, the end user uses a second terminal 164, preferably a personal computer (PC). This Internet access is provided e.g. via a modem connected to the PC, the telecommunication network 150 and a modem pole connected to the access server 140 belonging to the Internet service provider.

In Fig. 1, the digital, cellular radio communication networks 120 and 125 have been exemplified by GSM communication networks (Global System for Mobile communication). As the architecture and functional aspects of GSM 516 are well known to those skilled in the art, hereinafter only those aspects of GSM which are of direct relevance to the embodiments of the present invention will be described.

A GSM network typically includes a HLR (Home Location Register) 180, an AUC (Authentication Center) 181, a VLR (Visiting Location Register) 182, one or more MSCs (Mobile service Switching Centers) 184, a number of BS ( base stations) 185 and means 188 for implementing functionality relating to billing customer administration (BCA), in accordance with what is indicated in the GSM network 120. The GSM network 125 has corresponding elements, ie. CPR 190, AUC 191, MSC 194, BS 195 and BCA 198. The combination of CPR and AUC includes all information relating to the GSM subscribers in an operator's GSM network and is also aware of the latest known position of any of these subscribers. .

The VLR 182, which is often integrated with an MSC 184 and its functions, is a register which stores subscriber / subscription information received from the CPR 180 and which relates to subscribers who have moved to an area covered by it. the specific VLR 182, which area is part of the total area covered by the GSM network 120. The BCA 188 is used by the operator of the GSM network 120 when its subscribers are charged. The operation and operation of an MSC 184 and a BS 185, as well as other elements and their functions, are well known to those skilled in the art and, moreover, are not relevant in the context of the present invention.

Since the cellular network where the user has his subscription is a GSM network, the IC card 160 is a SIM card (Subscriber Identity Module). The SIM card 160 identifies a unique GSM subscription for the network and stores information and algorithms for subscription authentication and encryption, which is well known to those skilled in the art.

The following is a description of the operation of the system shown in Fig. 1 as it provides services on the Internet. The activities described below have been numbered 10 15 20 25 30 35 516 066 - 12 and each number is given in Fig. 1 in order to show more clearly which element (s) are involved in a certain activity.

In step 1, a user who has access to the Internet 110 via his ISP contacts a server 130 of a service provider, e.g. a provider of E-commerce services, and decides to make a purchase of some kind. In step 2, the user selects “GSM” as the payment method, possibly from a number of different possible choices of payment methods, and is then asked by the server 130 to enter his mobile station number, or an alias corresponding to this number, and a password. . The mobile station number, possibly via the said alias, constitutes in the publicly connected telephone network's (PSTN) numbering plan a unique identification of the user's subscription with an operator of a cellular network. As the cellular network is a GSM network, the mobile station number will consist of an MSISDN number (Mobile Station Integrated Service Digital Network) used in GSM.

The password is obtained by the user from the gateway node 100 in step 3. This is achieved by establishing communication from the GSM mobile station to the gateway node, e.g. by dialing a public telephone number from the mobile station 162 and thereby dialing the gateway node 100 via the user's HPLM network or, if the user has moved, via a VPLM network. the port node 100 calls and asks the user to enter a special PIN (Personal Identity Number), which code In step 4 answers network previously assigned to the user by the operator of the network node 100 when the user opened a subscription for services offered by the network node operator. The network port node examines the calling subscriber's number to check that this number is a number belonging to a subscription in a GSM network. The mere fact that the subscriber has been able to call the gateway node 100 with his GSM subscription is a proof that the subscriber has been authenticated by the GSM network 120 or 125. The gateway node 10 can also, in order to provide extra security to veri the connection process, interrupt the GSM connection and initiate a new connection with the GSM subscriber. As an alternative to dialing a public telephone number, the subscriber sends an SMS message (Short Message Service) to the network port node, which is also a receipt that the subscriber has been authenticated by the GSM network. The verification of the subscriber performed by the gateway node 100 is thus based on the authentication performed by the GSM network 120 or 125, after which authentication a number of additional measures are taken by the gateway node as described below. If the special PIN code received from the user is correct, i.e. if it matches the user's MSISDN number received by the gateway node when the user's call was received, in step 5 the gateway node 100 assigns another PIN code, which is a temporary PIN code (TPIN), to the user. The TPIN code is associated with the user's MSISDN number and is stored together with the MSISDN number in the gateway node 100 for later use, except that it is sent to the user's mobile station. In the SMS case described above, the TPIN code is sent to the user's mobile station through a call from the gateway node to the mobile station. The TPIN code is temporary in the sense that it is only valid for a short time and that it can only be used by the user on one occasion after it has been allocated to the user.

The TPIN code received by the user via his mobile station 162 is then used in step 6 during the Internet session with the Internet server 130, in this case a server of an E-commerce service provider, to which access is made possible by the the second terminal 164. Using the second terminal 164, the user enters his MSISDN number as the user identity and the received TPIN code as the password, 130 requests. and the TPIN code received from the user in a verification- all in accordance with what server In step 7, server 130 inserts the MSISDN numbering request sent over the Internet 110 to the network port number 10 15 20 25 30 35 516 oss áß-älëë fi- 14 the 100. In step 8, the gateway node 100 extracts the MSISDN number from the verification request, finds the corresponding MSISDN number and its previously associated TPIN code stored within the gateway node and checks whether the previously stored TPIN code is equal to the TPIN code extracted - was removed from the verification request received. If the TPIN codes match, the authentication in the gateway node by the user is complete and a response is sent to the server 130 indicating an acknowledgment of, or possibly a rejection of, the authentication request.

In step 9, following a received notification that the user has been verified by the gateway node 100, server 130 sends a debit request including the verified MSISDN number to the gateway node with the request that the node debit the specific MSISDN number, a debit based on use or by either debiting the subscriber a certain amount. In the following step, the gateway node 100 debits the subscription having the specific MSISDN number by either generating a CDR (Call Detail Record), (Transfer of Account Procedure Record), entry indicated in Fig. 1 as step 10a, or a TAP entry specified as step l0b. If a certain amount is to be debited, this debiting step may preferably involve checking an agreed credit level for the specific MSISDN number, whereby only amounts lower than said credit level will be accepted by the gateway node when performing the service to debit the subscriber. This credit level is either stored in the network port node or received from the GSM network.

If the HPLM network for the subscription having that specific, at the request of the node, coffee MSISDN number is the GSM network 120, the network port node 100 generates a CDR record which is transmitted over the GSM network 120 to 188 for that purpose. on the other hand, the customer billing management system (BCA) network, as indicated by step 10a, 125, a vPLNLN network, 10 15 20 25 30 35 516 066 15 similar items in accordance with the TAP standard and send them to a clearing house 123. A clearing house is an entity that receives TAP records from operators and "clears" these operators' charges between themselves for customers who move ("roam"). A debit of a customer in the GSM network 120 will thus be "cleared" and the BCA for the GSM network 125 will receive information from many.

CDR- send a rejection or a confirmation back to the clearing center, which information will be the basis for invoicing one of its connected subscriber- Depending on whether the gateway node generates one of these and TAP-like records or not, the node will server 130 as a result of said debit request.

The gate port node 100 will be further described later with reference to Fig. 4.

It will be appreciated that the operation of the system described above is also appropriate in a situation where the Internet service provider, the ISP, wishes to verify and charge its customers for the service to provide Internet access, using the verification and billing processes provided of the GSM network instead of having to administer its own billing system. In this case, the server that sends the verification and debit request to the gateway node will be the access server 140 belonging to the ISP, instead of a server of an E-commerce provider as described above.

Fig. 2 schematically shows another embodiment of the system and its mode of operation according to the present invention. The main system configuration corresponds to that shown in Fig. 1. All elements in Fig. 2 which have been assigned the same reference numerals as in Fig. 1 are identical to and have the same mode of operation as the corresponding Thus, only aspects of the mode of operation that differ elements are described with reference to Fig. 1 from the operation described with reference to Fig. 1, as well as further aspects relevant to the embodiment shown by Fig. 2, to be described below. The digital cellular radio communication networks 120 and 125 are again exemplified by GSM networks. The GSM network 120 is the HPLMN network for the subscription stored by the IC card 160, while the other GSM network 125 is a VPLMN network. In the embodiment described with reference to Fig. 2, the IC card 160 is again a SIM card which is now inserted into and read by a SIM card reader 261 connected to a terminal 262. In this embodiment, the terminal 262 is a desktop computer. for example a personal computer (PC). The PC executes a software application that communicates with the SIM card via the SIM card reader, with the user via a PC screen and with the port node 200 via an IP connection over the Internet 110.

The gateway node 200 has a mode of operation and an internal structure that differs from the corresponding gateway node referred to in Fig. 1. In the embodiment shown in Fig. 2, the gateway node 200 comprises a database in the form of a VLR as well as certain parts of the functionality normally found in an MSC / VLR in a GSM system. The operation of the gateway node and its interaction with the GSM networks 120 and 125 are described below. The internal structure of the gateway node itself is described more clearly with reference to Fig. 5.

In step 1, a user with Internet access via his ISP contacts a server 230 of a service provider, e.g. an e-commerce provider, and decides to make some kind of purchase. The user selects "GSM" as the payment method. The server 230 then sends in step 2 a verification request to the gateway node 200. Included in this verification request is an IP address associated with the terminal 262 used by the user.

In step 3, the gateway node 200 requests that terminal 262 at the previously received IP address make a registration request. A registration request is then sent in step 4 from terminal 262 over the Internet in the form of an IP message to the gateway node 200. The sent registration request is of the same type as the one sent from a mobile station when it is switched on or when this 10 15 20 25 30 35 CT uni »0. cr ß. ÛI 17 moves into a new geographical area and includes subscription information read from the SIM card 160. In step 5, the gateway node requests access to the VLR database. included in the gateway node for the purpose of obtaining the authentication parameters used within GSM, ie the verification parameters associated with the subscription represented by the SIM card 160, which subscription was derived from said received subscription information. If the subscriber has moved, i.e. if the user who has his SIM card 160 connected to a PC 262 for any reason, e.g. by connecting to a new PC or by having a new IP address associated with the PC that is currently is used, is associated with a different IP address than the one previously used by the user, or if necessary for other reasons, the gateway node will initiate a GSM standardized position update routine, as indicated by step 6. This position update is understands the registration of the subscriber in the CPRM 180 for the HPLM network, which is constituted by the GSM network 125, as being present in the area covered by the network port node 200, or rather by its included VLR. The position update routine also involves transmitting the authentication parameters utilized within GSM from the HLR 180 / AUC 181 to the gateway node 200 for storage in its (their) included VLR. These parameters received and stored by the gateway node are then used in the subsequent step 7, which step includes exchanging authentication parameters between the gateway node 200 and the terminal 262. If this GSM standardized way of exchanging authentication parameters results in the subscription being authenticated, the verification of the user by the gateway node 200 is completed, and a response is sent in step 8 to the server 230 indicating a confirmation of said verification request previously received from the server 230. Alternatively, of course, a verification request may result in a rejection being sent from the server. 10 15 20 25 30 35 516 066: - * 18 In step 9, server 230 sends a debit request to the gateway node 200 to debit the verified subscription for a product or service purchased. The network port node charges the subscription in a GSN standardized manner by either generating a CDR record or a TAP-like record. The generation of these items and the debiting procedure is performed in accordance with the GSM standard and in accordance with what has previously been described with reference to Fig. 1. As previously described with reference to Fig. 1, a response to said debit is also sent. The call request from the gateway node 200 to the server 230. Again, as described with reference to Fig. 1, the operation described above is also applicable when it is the access server 240 of the ISP requesting the gateway node to verify and charge a subscription.

It should be noted that a verification request to verify a user, as well as a request to charge a user, at a particular IP address can be requested at any time by a service provider's server 230. If the server is a server of an ISP, i.e. if server 230 using the services provided by the gateway node is one and the same server as the ISP's Internet access server 240, this server will send the verification request to the gateway node at the start of the Internet access session, which request at a later stage will be followed by a debit request to the gateway node from the Internet access server. The user's subscription is thus verified using the GSM system's authentication method and charging for surfing the Internet is done using the GSM system's debiting method. A server used by an E-commerce provider can send the verification request when the customer joins the E-commerce website or after a purchase has been made, i.e. before sending the debit request. The choice of time to send the verification request is completely up to the Internet service provider, as well as the debit request. lO 15 20 25 30 35 vø-o - I 516 066 eel? Fig. 3 schematically shows another embodiment of the present invention. This embodiment differs from that described with reference to Fig. 2 in that the server using the services provided by the gateway node 200, and the server providing a user with access to the Internet 110, are one and the same server, namely a server 330 used by a provider of speech over the Internet. Again, all elements in Fig. 3 which are identical and have the same mode of operation as those designated 1 and 2 have been assigned 1 and 2. written with reference to Fig. Added the same reference numerals as in Fig. Which is used by Fig. 3 shows how a terminal 262, a user designated an A-subscriber, initiates a telephone call over the Internet to a B-subscriber 360. The B-subscriber is connected to a gateway server 370 on the Internet via a connected telecommunication network 350. The gateway server 370 converts voice traffic from a circuit-switched network 350 to a packet-switched network 110. The server 330 that offers voice over the Internet communicates with the gateway server 370 during an Internet session.

The procedure for verifying and debiting the user is almost identical to that in the embodiment shown in Fig. 2. The difference is that when the user using terminal 262 connects to the server 330, which provides voice over the Internet, the server will automatically send a verification request. to the gateway node 200.

The verification of the user, i.e. the authentication of the GSM subscription is performed as described with reference to Fig. 2. whenever appropriate and debiting of the GSM subscriber- The server 330 sends a debit request many are performed as described in the two previous embodiments.

Application of the GSM system's principles for verifying the GSM subscription and, thus, the procedures for registration and position updating in accordance with GSM described in connection with Fig. 2, enables server 330 to provide its customers with services 10 15 20 25 30 35 516 066 šlï * šlí: - Pf- 20 relating to the reception of incoming telephone calls over the Internet, regardless of the user's location. This is possible because the HLR 180 of the subscriber's GSM-HPLNM network has registered the visited VLR / MSC address, in this case the gateway node 200, for a specific subscriber. The CPR requests from the visited gateway node to return a Mobile Station Roaming Number (MSRN) used to "route" an incoming call to the correct gateway node visited by the subscriber. The MSRN number is then used to establish a connection with the user when his GSM telephone is dialed into any international GSTN network connected to the user's GSM-HPLMN network, all in accordance with the GSM recommendations. The gateway node 200 will establish an Internet session with the IP address of the user's terminal 262, provided that the user is available at a public IP address within the global IP addressing.

Fig. 4 schematically shows an exemplary network port node included in the embodiment described with reference to Fig. 1.

The receiving means 410 is implemented by a standardized TCP / IP stack executed by the processor 400 and receives IP messages containing verification requests and billing requests from servers on the IP network.

The verification means 420 and 425 comprise first means for associating a TPIN number with an MSISDN number for a GSM telephone from which a call is received, second means for storing said TPIN number together with said MSISDN number and third body for checking the conformity between a code received with an MSISDN number in a verification request and a TPIN number stored together with this MSISDN number by the other body. The first and second means referred to by the reference numeral 420 are implemented in a simple manner with software routines by a programming expert and the second means, referred to by the reference numeral 420, 425, is implemented as a storage means, e.g. as a table in a database.

The charging means 430 comprises software routines for generating CDR records and TAP-like records which are communicated to a GSM network and to a clearing center, respectively.

Fig. 5 schematically shows an exemplary gateway node included in the embodiments described with reference to Fig. 2 and Fig. 3. The node includes a processor 500, receiving means 510, verification means 520, a database 527, charging means 530, first communication means 540, second communication means 550 and recording means 560. The receiving means 510 and the charging means 530 correspond to the previously described receiving and charging means described with reference to Fig. 4.

The verification process performed by the gateway node in Fig. 5 concerns the first and second communication means 540 and 550, respectively, the verification means 520, the database 527 and the registration means 560. The first communication means 540 comprise applicable parts of BSSAP (Base Station System Application Part) implemented on top of TCP / IP stack and handles the GSM signaling over the Internet to a user terminal. These first means 540 also include a software routine for requesting that a user terminal at a specific IP address transmit subscription information read from the SIM card connected to the user terminal. The user terminal connects the SIM card to the Internet using a SIM card reader and sends the read subscription information using the corresponding communication means in the terminal, which is also implemented by BSSAP on top of a TCP / IP stack. The first communication means 540 described above in the gateway node and the communication means of the terminal are used in exchanging the authentication parameters used within GSM 10 15 20 25 oo o a .man o 516 oss ¿¿during verification of the SIM card subscription. This exchange of authentication parameters is performed either as a result of a request from the gateway node to the terminal or as a result of an initiative from the terminal.

The database 527 stores authentication parameters of the type used in GSM and which are associated with different subscriptions. The database handles functionality that is normally provided by a VLR within a GSM system. If these parameters have to be transmitted from the CPR in the subscriber's HPLMN network, there are necessary software routines that the recording means 560 uses when using said second communication means 550, which communication means implements the GSM standardized MAP routines (Mobile Application Part). for signaling with the GSM network, to initiate a GSM routine for position updating by using appropriate signaling against the GSM-HPLMN network.

The verification means 520 comprises further software for coordinating all the means described above involved in the verification process, as well as software for e.g. control of possible credit levels associated with different subscriptions.

The foregoing descriptions of preferred embodiments are provided to enable those skilled in the art to practice the present invention. Various modifications of these embodiments will be apparent to those skilled in the art, and the general principles defined herein may be applied to other embodiments without the use of inventiveness. ouø u n n ..

Claims (33)

A method for providing services on an IP-based network, preferably the Internet, to which an end user and a server are already connected, which method comprises the steps of: in a gateway node receiving a verification request from said server to verify said end user, which gateway node is connected to said IP-based network and to a digital, cellular radio communication network; and answering from said gateway node said verification request with a message to said server, which message is based on a verification of a subscription used by said end user, which subscription is connected to an operator of said, or of a network of the same type as the said, digital, cellular radio communication networks, e.g. a GSM network, is also connected to an IC card, e.g. a SIM card, and which subscription and which verification takes place in accordance with a verification method used by said digital, cellular radio communication networks, e.g. an authentication method used in GSM. The method of claim 1, comprising the further steps of: receiving in the gateway node a debit request from said server; and in said network port node, in response to said billing request, performing a billing process for billing said subscription in accordance with a billing method applied by said digital, cellular radio communication network, e.g. a billing method included in a method for invoicing within GSM. 10 15 20 25 30 35 - i 516 066 24 A method according to claim 2, comprising requesting, from said gateway node, that said end user confirm said debiting process before executing the same. A method according to claim 2 or 3, wherein said debiting process comprises generating a debiting item, e.g. a CDR record, or to generate billing information, e.g. a TAP-like record, for use in a billing process of a digital, cellular radio communication network with which said end user has said subscription. A method according to any one of claims 1-4, wherein said end user's IC card is included in a mobile telephone, and wherein verifying said end user further comprises: receiving at said gateway node a call, or a short message, from said mobile telephone via said digital cellular radio communication network; associating at said gateway node a temporary verification code with a mobile number of the mobile telephone which has established a connection with the gateway node; storing said temporary verification code with said mobile telephone number at said gateway node; sending said temporary verification code to the mobile telephone which initiated the connection; and checking that a received verification code associated with a mobile number, both of which are received in said verification request from said server, is identical to the temporary verification code previously stored with said mobile number. The method of claim 5, comprising inserting at said server said mobile number and said verification code into said verification request for receiving said gateway node. A method according to claim 5 or 6, comprising the steps of: QS to establish using said mobile telephone a communication with said gateway node via said digital cellular radio communication network, either by dialing with a public telephone number or by sending a short message; receiving at said mobile telephone a temporary verification code from said gateway node in response to said step of establishing a communication; entering said mobile number and said verification code into a second terminal, which terminal is used by said end user for accessing said IP-based network; and sending said mobile number and said verification code to said server. A method according to any one of claims 5-7, wherein said mobile phone number uniquely identifies said subscription in the numbering plan of the publicly connected telephone network, e.g. an MSISDN number used in GSM. A method according to any one of claims 1-4, wherein said end user's IC card is connected via a card reader to a personal computer with which said end user has access to said IP-based network, said personal computer being associated with an IP address. . The method of claim 9, wherein said verification request comprises said IP address, which address is used by said gateway node to request said personal computer to transmit information about said subscription from said IC card to the gateway node. ll. A method according to any one of claims 1-4, 9 or 10, wherein said verifying said subscriptions comprises the steps of: obtaining verification parameters associated with said subscriptions, e.g. authentication parameters used within GSM, which are stored in a database, e.g. of the VLR type used in GSM, included in said gateway node; and 10 15 20 25 30 35 516 066 11. 1 l. KU to exchange verification parameters between said network port node and a user terminal to which said IC card is connected. The method of claim 10, wherein said transmitting said information about said subscription to the gateway node is performed in the form of a registration request sent from said personal computer, and wherein said method comprises registering, at said gateway node, said subscriptions in in accordance with a registration method used by said digital, cellular radio communication networks, e.g. a position updating method used in GSM. The method of claim 12, wherein said registering comprises: scanning a database for data corresponding to the subscription information; requesting, if consistent data has not been found during said scanning step or if it is otherwise deemed necessary, that the digital cellular radio communication network to which said end user has a subscription performs a registration update process based on the subscription information; storing data received from the digital cellular radio communication network in response to said requesting step in said database; and performing said verification of said subscription using said data stored in said database. A method according to any one of the preceding claims, wherein said server is a server used by a service provider on said IP-based network. The method of claim 14, wherein said service provider is either an E-commerce provider, an Internet voice provider, or an Internet access provider. (go. 16. Systems for the provision of services on an IP-based network, preferably the Internet, to which 10 l 25 20 25 30 35 516 us šï * i; Q? an end user and a server are already connected, said system comprising: an IC card which stores subscription information relating to a subscription with an operator of a digital cellular radio communication network, e.g. a GSM network; a terminal used by said end user and arranged to read said subscription information from said IC card; a gateway node interconnecting said IP-based and networking with either said digital cellular radio communication network or with a network of the same type as said digital cellular radio communication network, said node comprising: receiving means for receiving a verification request from said server to verify said end user; and verification means for performing a verification of said subscription stored on said IC card, which card e.g. is a SIM card (Subscription Identity Module), in accordance with a verification method used by said digital, cellular radio communication networks, e.g. an authentication method used in GSM. The system of claim 16, wherein: said receiving means in said node is further arranged to receive a debit request from said server to debit said end user; and said node further comprises charging means for debiting said subscriptions in accordance with a charging method used by said digital cellular radio communication networks, e.g. a debiting method included in a debiting method used within GSM. The system of claim 17, wherein said billing means is further adapted to generate a billing item, e.g. a CDR record, or for generating billing information, e.g. a TAP-like record, for use in a billing process in a digital, cellular radio communication network, in which said end user has said subscription. Said terminal is a mobile device which together with the System according to any one of claims 16-18, said IC card forming a mobile telephone. The system of claim 19, wherein said verifying means comprises: first means for associating a temporary verification code with a mobile phone number of said mobile phone from which a call has been received; other means for storing said temporary verification code together with said mobile number; and third means for checking whether a verification code, received together with a mobile phone number in said verification request, is identical to the temporary verification code stored together with said mobile phone number. The system of claim 20, comprising a second terminal with which said end user is granted access to said IP-based network and which is arranged to receive said temporary verification code and said mobile phone number. A system according to claim 20 or 21, wherein said mobile phone number uniquely identifies said subscription in the numbering plan of the public, connected telephone network, e.g. an MSISDN number used in GSM. A system according to any one of claims 16-18, wherein said terminal is a personal computer which is connected to a card reader for reading said IC card, said terminal being associated with an IP address and used by said end user for accessing said IC card. IP-based networks. Wherein said gateway node comprises a database in which System according to any of claims 16-18 or 23, verification parameters associated with subscriptions are stored, said parameters being retrieved during said verification of said end user. 10 15 20 25 30 35 516 oss äfaIs-ök-šš- = ::: = 14 A system according to any one of claims 16-18, 23 or 24, wherein said gateway node comprises first communication means for requesting said terminal to transmit said subscription information to said IC card, and wherein said terminal comprises communication means for transmitting said subscription information read from said IC card to said network port node. A system according to any one of claims 23-25, wherein said gateway node and said terminal are arranged to exchange verification parameters during said verification of said end user. A system according to any one of claims 23-26, wherein said terminal is arranged to send said subscription information to said gateway node, in response to a request from the gateway node, as a step in a registration request, and wherein said gateway node comprises registration means for performing a registration of said end user in accordance with a registration method applied by said digital cellular radio communication network. A system according to any one of claims 24-27, wherein said gateway node comprises other communication means for requesting, if necessary, that the digital cellular radio communication network, to which said end user has a subscription, perform a registration update with respect to on said subscription in order to receive verification parameters associated with said subscription. A system according to any one of claims 16-28, wherein said server is a server utilized by a service provider on said IT-based network. The system of claim 29, wherein said service provider is either an E-commerce provider, an Internet voice provider or an Internet access provider. A system according to any one of claims 16-30, wherein said gateway node is a logic node comprising a plurality of sub-nodes, among which work operations and functionality of said logic node are distributed. 32. Network port node for providing services on an IP-based network, preferably the Internet, to which network an end-user terminal and a service provider's server are already connected, which terminal is arranged to read an IC card which stores subscription information relating to a subscription with an operator of a digital cellular radio communication network, e.g. a GSM network, said gateway node interconnecting said IP-based network with either said digital cellular radio communication network or with a network of the same type as said digital cellular radio communication network, and said gateway node comprising: receiving means for receiving a verification request from said server to verify said end user; and verification means for performing a verification of said subscription stored on said IC card, which card e.g. is a SIM card (Subscription Identity Module), in accordance with a verification method used by said digital, cellular radio communication networks, e.g. an authentication method used in GSM. A node according to claim 32, which has the features of the node in the system according to any one of claims 16-18, 20, 24-28 or 31.