SE522792C2 - A system for digital mobile communication - Google Patents

Description

The problem is solved by the present invention in that the invention provides a system for digital mobile communication comprising a number of hierarchical communication levels, one of the levels comprising functionality of a digital mobile telephony system. ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../ .. and additionally includes functionality for a protocol within a mobile data network.

Since one of the levels in the system includes functionality for both types of systems, this level can be used as an "interface" between the two types in the system. If the "lowest" levels, in other words those closest to the end user, are levels retrieved from a digital mobile telephony system, the users of the system will be able to use terminals intended for the digital mobile telephony system without worries, while higher up the levels has integrated the mobile telephony system with a system for a mobile data network.

Further problems solved by the present invention are how a user who has a terminal intended for a digital mobile telephony system can be authenticated against the parts of the integrated system which are retrieved from a mobile data communication system, and how session keys can be handled in an integrated system. . How the invention solves these problems will be apparent from the description below.

DESCRIPTION OF THE DRAWINGS The invention will be described in more detail below, by means of exemplary embodiments and with reference to the accompanying drawings, in which: Fig. 1 shows an example of the structure of a digital mobile telephony system, and Fig. 2 shows an example of the structure of a digital mobile telephony system. a mobile data network, and Fig. 3 shows the basic structure of a system according to the present invention, and Fig. 4 shows how the authentication is built in a system according to the invention, and Fig. 5 shows authentication in a larger system, and »|» || 10 15 20 25 30. . . . Figures 6 to 7 show the invention applied to the system of Figure 5.

PREFERRED EMBODIMENTS The following abbreviations will be used in this specification: AAD - Agent Advertisement AAS - Agent Solicitation AUT - Authentication Function CHAP - PPP Challenge Handshake Authentication Protocol (RFC 1994) FA - Foreign Agent GGSN - Gateway GPRS Support Node Service HARS - General Packet - Home Agent MlP - Mobile lntemet Protocol (RFC2002) MN - Mobile Node MS - Mobile Station PPP - Point to Point Protocol (RFC 1661) RADIUS - Remote Authentication Dial ln User Service (RFC 2138) RRP - Registration Reply RRQ - Registration Request SGSN - Serving GPRS Support Node UMTS - Universal Mobile Telecommunications System UTRAN - UMTS Terrestrial Radio Access Network Fig. 1 shows the basic structure of a digital mobile telephony system, in the present case the so-called UMTS system. As can be seen from Fig. 1, the system is built up in a number of hierarchical levels, which finally connect the system to the overall nationwide telephone network. The levels shown in Fig. 1 are the MS - the subscriber level, usually a mobile phone, but a level that can actually be an arbitrary mobile terminal, in other words, for example, a computer or other equipment that has the ability to communicate with the nearest level, the so-called UTRAN level. This level, UTRAN, is the level that connects the subscribers to the rest of the system via base stations in the system's coverage area. The UTRAN level in turn is associated with the SGSN level, which in turn is associated with the GGSN level,; || a; 10 15 20 25 30 -. ~. nu 522 792 nu nu 1 1 1305 USN OO-05-12 4 whose function it is to link MS with external networks, which can include both data and numbers.

Fig. 2 shows the basic structure of a system for mobile data communication, in the present case a MIP-based system. As shown in Fig. 2, a MIP-based system is also built in hierarchical levels. A mobile user, called MN, communicates with the nearest level, FA, which in turn communicates with the next level, HA. The protocol in an MlP-based system is such that MN can communicate with the FA via a largely arbitrary medium, for example via radio or wired. The functions for FA and HA in a MIP-based system roughly correspond to the functions for SGSN and GGSN in the UMTS system, respectively.

There are many advantages, both technical and economic, to gain if you can combine "building blocks" from a MIP-based system with building blocks from a UMTS system, but a problem in this context is that MS will not be able to communicate with FA or HA. This problem is solved by the present invention, in a manner schematically illustrated in Fig. 3.

Fig. 3 shows a system for digital mobile communication according to the invention. As can be seen from the drawing, the system comprises a number of hierarchical communication levels, where a number of the levels (UTRAN, SGSN) are taken from the UMTS system, and other levels (HA, FA) are taken from a MIP-based system. To solve the problem that MS cannot communicate with HA or FA because these are retrieved from another system, one of the levels retrieved from the UMTS system, in this case the SGSN level, has been provided with functionality for the protocol within a MIP -based system.

Since the problem is that MS must be able to communicate with the system, the functionality from a MIP-based system that SGSN has been provided with is the functionality for the subscriber level within a MIP-based system. SGSN can thus take the data sent between MS and SGSN and convert this to the protocol for MIP, which allows SGSN to communicate with FA, whereby FA will perceive this as if the communication that actually comes from an MS intended for UTRAN the system comes from an MN in a MIP-based system. »Line 10 15 20 25 30. -. n un 5212 792 o. nu 11 1305 USN 00-05-12 When communicating between MN and HA in a MIP-based system, a so-called "tunnel" is created between FA and HA, which means that a path for data communication is opened between HA and MN. It is the opening of such a path for data communication between MS and HA that SGSN can provide. In the following, it will first be briefly described how the tunnel is opened in an MIP-based system: When connected to an MIP-based system, MN receives an AAD from FA, either because MN has sent an AAS, or due to periodic transmission of AAD from FA. After this, MN transmits RRQ, which is granted by HA by transmitting RRP.

The signals within the MIP protocol that SGSN has been provided with according to the invention are the signals, RRQ and RRP, that are needed for MN to be able to tell HA where MN is, so that HA can direct, "tunnel", the traffic to raw FA.

Another requirement placed on the type of system provided according to the invention, in other words a system based on a combination of a system for digital mobile telephony and a system for a mobile data network, is that such a combination system must be able to authenticate an MS from a digital mobile telephony system versus building blocks in the system that have been retrieved from a mobile data network. Authentication here refers to checking that the user / subscriber is authorized to use the system. In MlP, the authentication proceeds as if the FA sends out a random number (so-called "cha | long") in the signal AAD. The user answers with his personal password, which is used to use the random number to generate a new number that is entered in RRQ, whereby HA receives RRQ and based on the new number that has been entered in RRQ and the originally sent random number, checks the password is correct. If the password is correct, RRP is sent to MN, in other words, a signal is sent that grants the user access to the system and those of its services that the user should have. HA's examination of whether the password is correct or not is preferably done in a separate function for this which is outside the HA itself, for example a so-called RADIUS function, which has information about the user's password. mnfn 10 15 20 25 30 _. n ... n .... lol QIO I Q ut 00 'cl i l' l. ..: z ;; g; :: ti ... .... -. . . . . .n n. . . -. zv; g 2 'fi. . a u n. o nu: v .. ,,. u. o. . . . q. eq- 1 1 1305 USN OO-05-12 6 In a UMTS system, the authentication method differs slightly from that in MIP. If a user wishes to use the UMTS system for data communication, this is often done through a computer. for example, a laptop connected to a terminal, a mobile phone, in the UMTS system. The mobile sends a random number to the PC via a CHAP message, and the user is asked to enter their password. With the help of the password and the random number, a new number is generated in the PC, after which this new number and the used random number together with information about the user's stated identity are sent up to SGSN via the mobile and then to GGSN. In GGSN, it is checked whether the user has access to the system, and if so, which functions in the system the user should have access to. This authentication of the user in GGSN preferably takes place in a function which is separate from the GGSN itself, suitably in a so-called RADIUS server, which has information about the user's password.

Figure 4 shows how the authentication is structured in a system according to the invention. The drawing shows an MS and a PC which is connected to this MS in order to be able to handle data communication wirelessly via the system according to the invention. Initially, an authentication procedure for a UMTS system takes place in the manner described above, in other words, the MS sends a CHAP message to the PC, where the CHAP message contains a random number. The user answers with his password, based on which a new number is calculated using the random number. Information about the random number, the number that has been generated based on the random number, and the user's stated identity is sent to SGSN by MS via UTRAN.

The random number, the new number that has been generated using the password and the random number, as well as the information about the user's stated identity that comes to SGSN from PC via MS and UTRAN is changed in SGSN in such a way that the information is entered in a so-called MIP extension, in other words a message in MIP format, after which it is sent to FA, and then on to HA. In HA, the authentication method for a MIP-based system described above takes place, which method as mentioned preferably takes place in an authentication function which is separate from the HA itself, for example a so-called RADIUS function. Since the information, random numbers and newly generated numbers that come to HA and the authentication function originate from a CHAP procedure, this must be stated in the information sent to »r fl ou 10 15 20 25 30 ao nu o n nu u. | | r e vi '".: a c Ü Û 9' v co: ß 2: 1 :: 1: 1" unng-u 2 7. u. u un: nu c O! I '": 2:' 'Ö I I b G C il l u - 1. U n 111305 USN 00-05-12 7 the authentication function, preferably in the same extension as the other information from the CHAP system.

The authentication in MIP-based systems described above works well, but if the system becomes too large, that type of authentication can become difficult to handle. For example, if the system includes a plurality of HAs, then each FA and MN must be able to authenticate to each HA and vice versa, which can lead to a large amount of load on the devices. Fig. 5 shows a known alternative way of solving the authentication in larger MIP-based systems with a smaller load on HA and FA.

In the MIP-based system shown in Fig. 5, all authentication is placed in a separate function, preferably in a separate server, hereinafter referred to as AUT, which communicates directly with HA and FA, as shown by bidirectional arrows in the drawing, and has a protocol for to handle authentication between the different devices in the system. An example of such a protocol is the so-called DIAMETER protocol. When MN, FA and HA are to initiate communication, the authentication is handled by AUT, but once the authentication has been completed, the further communication takes place directly between the respective units.

In order to facilitate the understanding of a further aspect of the invention, it will be briefly described below how the authentication takes place in the type of existing systems shown in Fig. 5.

The initial authentication in the system in Fig. 5 proceeds as if MN sends RRQ to FA, which creates a new message with MN's RRQ i, and forwards this message to AUT which examines and authenticates MN. Upon successful authentication, AUT sends a message to a suitable HA (the system may contain a plurality of HAs, for simplicity, Fig. 5 shows only one), where the message contains, among other things, MN's RRQ. HA responds with RRP to AUT, and has at this stage opened its end of the "tunnel" for communication that has been described previously. RRP is forwarded from AUT to FA which lifts RRP out of the message from AUT and sends RRP to MN. After receiving the RRP from the AUT, the FA opens "its" end of the tunnel, and communication between the MN, FA and HA can take place without going through the AUT. When RRP .i, | » 10 15 20 25 30 522 792 äjg -a 1: 1 'z -.- = .. n .. 11 1305 USN 00-05-12 8 sent, from AUT to FA and from FA to MN, it can either be sent for himself or embedded in another message.

During all further communication in the system, each of the three units concerned, MN / FA / HA, will examine whether received messages come from the correct sender. This is done with the help of so-called "session keys fi which during the session are used by a sending unit to use the message unit to send away create a checksum, which is sent together with the message. A receiving unit '_' | scoops up" the message with using its session key, and checks if the checksum is correct. In the event that a device (eg FA) forwards a message between two other devices (eg MN-HA), the forwarding device will check if the message comes from the correct sender. using its session key add its own checksum to the message before it is forwarded.

The following combinations of transmitting / receiving units will be available: Transmitting Receiving HA FA HA MN FA MN FA HA MN FA MN HA Each unit will thus need to have two session keys, as each unit will communicate with two other units. In other words, in total, the system in Fig. 5 will need six session keys for MN / FA / HA during one session. However, only three of the keys will need to be different, as two devices that communicate with each other should use the same key.

The session keys are created by AUT for each session, and sent to each unit by AUT after the initial authentication is done. To prevent -> »» n 10 15 20 25 30 522 792 111305USN. ... _, .. ... Unauthorized use of the keys, they are sent in encrypted form, where the encryption is done by means of a cryptographic key that is known in advance by the respective units. Fig. 6 shows a system according to the invention, in other words a system with components and functionality from both UMTS (UTRAN, SGSN, MS) and MIP (FA, HA), where the system has been provided with the type of separate authentication function, AUT, which has been described above in connection with Fig. 5. The initial authentication of MS in the system takes place in the manner described in connection with Fig. 4, with the difference that the authentication takes place by means of the separate function for this, AUT.

As described above in connection with Fig. 4, in a system according to the invention, the SGSN will resolve the messages to be to and from the MS, respectively, and embrace them as if they came to or from an MN in a MIP-based system.

This thus presupposes that SGSN has access to the session keys that have been sent from AUT to "MN" at the initial authentication, which in turn presupposes that SGSN has access to the password for MS, as this is the only common secret that AUT and MS have access to, and thus is the only cryptographic key that they (AUT / MS) could use when transmitting session keys.

Entering the password for MS, in other words the password for an individual user, in SGSN is both technically difficult to implement and inappropriate for security reasons. To still enable MS to communicate with other devices in the system, the session keys sent by AUT to "MN" at the beginning of the session will be encrypted with the same cryptographic key used by FA. This means that messages to MS can be resolved by the FA and sent to SGSN for further transmission to MS, and messages coming from MS are provided by the FA with checksums, as if they came from an MN in a MIP-based system . That AUT encrypts the session keys that are going to "MN" with the same cryptographic key used by FA is due to the fact that AUT in a system according to the invention knows that the user, "MN". is actually an MS from a UTRAN system.

The authentication function, AUT, that has been described, is usually unique to a particular operator and area. Fig. 7 shows schematically how a user, MS1, has | »; un 10 15 20 25 30 -. n; Entered into a system according to the invention used by an operator other than the one with which the user, MS1, has his subscription. The units in the "home system" for the user, MS1, will hereinafter be denoted by the number one (1) after their usual designations, and the units in the "foreign" system will be denoted by the number two (2) after their usual designations.

The HA that MS1 will want to communicate with is HA1, even though MS1 is in a foreign system, which means that HA2 does not need to be involved in the communication from / to MS1.

When MS1 is to authenticate itself in the foreign system, it sends RRQ to SGSN2, which goes on to FA2 and from there to AUT2. AUT2 recognizes that MS1 is a device belonging to AUT1, and therefore forwards RRQ to AUT1 which authenticates MS1, creating the six session keys that will be needed.

RRQ can either be sent separately, or embedded in another message.

The session keys must be encrypted before AUT1 sends them to the respective unit, which means that the unit that sends the session keys must have a cryptographic key in common with the receiving unit. The following devices will have common crypto keys: AUT1 - HA 1 AUT1- AUT 2 AUT2 - FA 2 AUT1 encrypts the session keys to HA1 with a crypto key that these devices have in common, and sends RRQ and session keys to HA1, whereby HA1 opens its "tunnel end" and responds with an RRP to AUT1, which then proceeds to AUT2.

The session keys for FA2 encrypt AUT1 using the cryptographic key that AUT1 has in common with AUT2. AUT2 resolves the session key, encrypts it with the cryptographic key common to AUT2 and FA2, and forwards it to FA2, where the session key is decrypted, and used in the manner described in connection with Fig. 6. After each unit has received its session keys can communicate in the manner shown in fi g 7, in other words between MS1- SGSN2-FA2-HA1. From the explanation of the example shown in Fig. 7, another reason is understood as to why it would be inappropriate to enter the cryptographic key for an MS in SGSN: To obtain the desired function for the system in Fig. 7, the password for MS1 would need to be entered in SGSNZ, in other words an SGSN for a foreign system. If you instead solved the problem of encryption of session keys by allowing SGSN2 to have access to the cryptographic key for an MN in "system number one", SGSN2 would have access to a cryptographic key used in that system, which would also be inappropriate.

Claims (5)

10 15 20 522 792 111305 USN 2003-11-18 12 PATENTKRAV A system for digital mobile communication comprising a number of hierarchical communication levels (MS, UTRAN, SGSN, FA, HA), in which system one of the levels comprises functionality (SGSN) for a digital mobile telephony system (SGSN) and also comprises functionality (FA) for a protocol within a mobile data network system, characterized in that the functionality of a mobile data network protocol included in one of the levels of the system comprises the functionality of a subscriber (MS). A system according to claim 1, wherein the functionality of a mobile data network protocol included in a system's levels further comprises functionality for authenticating a subscriber. A system according to any one of claims 1 or 2, further comprising functionality for handling session keys. A system according to any one of claims 1-3, wherein the digital mobile telephony system whose functionality (SGSN) is included in one of the levels is the UMTS system. A system according to any one of claims 1-4, wherein the mobile data network for whose protocol one of the levels in the system comprises functionality (FA) is a MIP-based system.