-1-
SYSTEM AND METHOD OF AUTHENTICATING A MOBILE STATION'S IDENTITY AND HANDLING AUTHENTICATION FAILURES IN A RADIO TELECOMMUNICATIONS NETWORK
BACKGROUND OF THE INVENTION
Technical Field of the Invention
This invention relates to telecommunication systems and, more particularly, to a system and method of authenticating a mobile station's identity and handling authentication failures in a radio telecommunications network. Description of Related Art
In order to reduce fraud in radio telecommunications networks, existing networks include an authentication center (AC) which is normally co-located with a home location register (HLR). The AC is utilized to perform a verification of the identity of a mobile station each time the mobile station accesses the network. Each subscriber has an authentication key (A-key) stored in the AC and in the mobile station. For security reasons, the A-key is never sent out to other nodes in the network. Instead, the AC constructs what is known as Shared Secret Data (SSD). SSD is authentication data which may be shared between the AC, the HLR, the mobile station, and the mobile switching center (MSC) serving the mobile station. The SSD is normally calculated utilizing a random number, the subscriber's A-key, and some other factor such as the mobile identification number (MIN) of the subscriber's mobile station. The SSD may be sent from the AC to any MSC where the subscriber roams. Each time a mobile station accesses the radio telecommunications network, the access is challenged by the network which determines whether the information stored in the mobile station matches the information stored in the network's authentication center (AC). Each time the mobile station makes a system access in the network, and the authentication passes, a verification counter is incremented in the mobile station and in the AC. The verification count from the mobile station and the verification count from the network are compared at each system access, and must match for access to be granted. If the subscriber has roamed to a visited mobile
switching center (V-MSC), and the SSD has been sent to the V-MSC, the verification count is maintained in the V-MSC as long as the mobile station continues to operate there. When the subscriber roams to a different MSC and registers in the network, the AC goes back to the previous serving MSC to fetch the verification count. In this way, the AC always has the latest verification count associated with the mobile station.
A problem arises, however, when a fraudulent user makes and uses a clone of the legitimate subscriber's mobile station. If a fraudulent user has cloned the subscriber's mobile station (including MIN, A-key, and verification count), he will be able to access to the network. At that time, the verification count in the fraudulent mobile station and the AC is incremented. Then, when the legitimate subscriber subsequently attempts to access the network, the verification count in the legitimate mobile station does not match the verification count in the AC. Therefore, the legitimate subscriber is denied access.
In existing radio telecommunications networks, when a mobile station fails the verification count, the call is immediately dropped. Therefore, the legitimate subscriber cannot even utilize his mobile station to call the operator to correct the problem because each time he attempts to access the network, his call is dropped. To correct the problem, the subscriber must instead find a wireline telephone, or borrow someone else's mobile station to make the call to the operator. If another telephone is not readily available, the legitimate subscriber's mobile station is useless until the subscriber can be reinstated as an authorized subscriber.
Although there are no known prior art teachings of a solution to the aforementioned deficiency and shortcoming such as that disclosed herein, U.S. Patent Number 5,557,676 to Naslund discusses subject matter that bears some relation to matters discussed herein. Naslund discloses a method and system for authenticating the identification of mobile stations during system access. Naslund essentially describes the aforementioned method of storing event counts in both the mobile station and the network, and verifying that the event counts match before providing system access. Naslund further describes a method of encrypting the count information so that it is not readily discernable by fraudulent users ease dropping on network channels. However, Naslund does not teach or suggest a solution to the problem facing a legitimate subscriber who cannot access the network due to a verification
count mismatch.
Review of each of the foregoing references reveals no disclosure or suggestion of a system or method such as that described and claimed herein.
In order to overcome the disadvantage of existing solutions, it would be advantageous to have a method and system for authenticating a mobile station's identity and handling authentication failures in a radio telecommunications network which enables a legitimate subscriber to access a network operator following a verification count mismatch. The present invention provides such a method and system.
SUMMARY OF THE INVENTION
In one aspect, the present invention is a method of authenticating a mobile station's identity when a subscriber is attempting to access a radio telecommunications network to place a call. The radio telecom-munications network includes a mobile switching center (MSC) serving the mobile station. The method begins by determining in the MSC whether the mobile station's verification count received from the mobile station matches the mobile station's verification count received from the network. If the verification count received from the mobile station does not match the verification count received from the network, the method routes the call to a system operator who determines whether the subscriber is an authorized subscriber. The operator may obtain identification data from the subscriber to validate the subscriber's identity, and attempt a Shared Secret Data (SSD) update. If the subscriber is an authorized subscriber, access to the network is permitted. If it is determined that the subscriber is not an authorized subscriber, the call is dropped. In another aspect, the present invention is a system for authenticating a mobile station's identity when a subscriber is attempting to access a radio telecommunications network to place a call. The system includes a mobile switching center (MSC) serving the mobile station. The MSC includes means for determining whether the mobile station's verification count received from the mobile station matches the mobile station's verification count received from the network, and means for routing the call to a system operator upon determining that the mobile station's verification count received from the mobile station does not match the mobile station's verification count
-4- received from the network. The system also includes means for establishing a voice channel between the system operator and the mobile station which is utilized to obtain identification data from the subscriber, means for permitting access to the network upon determining that the subscriber is an authorized subscriber, and means for dropping the call upon determining that the subscriber is not an authorized subscriber.
The subscriber's record in the home location register (HLR) may also be flagged so that when the legitimate subscriber attempts to access the network, the call is forwarded to an operator.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention will be better understood and its numerous objects and advantages will become more apparent to those skilled in the art by reference to the following drawings, in conjunction with the accompanying specification, in which:
FIG. 1 is a simplified block diagram of the components of the authentication system of the present invention; and
FIG. 2 is a flow chart of the steps of the method of the present invention when a count mismatch is detected in the MSC.
DETAILED DESCRIPTION OF EMBODIMENTS FIG. 1 is a simplified block diagram of the components of the authentication system 10 of the present invention. The system includes a mobile station (MS) 11, a base station (BS) 12 serving the mobile station, a mobile switching center (MSC) 13, a home location register and authentication center (HLR/AC) 14, and a system operator 15. The HLR/AC 14 includes a database of subscriber profiles and mobile station information 16, a database of subscriber authentication keys (A-keys) 17, a function for generating shared secret data (SSD) 18, and a verification count record 19. In an exemplary configuration, the MSC 13 includes a central processor (CP) 20, a group switching subsystem (GSS) 21 for routing calls, and exchange terminal circuits (ETC) 22 and 23 for interfacing with the BS 12. The MSC also includes a special treatment designator 24 which directs the routing of calls requiring special treatment, and a count mismatch detector 25 which compares verification count information received from the mobile station 11 and the HLR/AC 14. The mobile station 11
includes a verification count record 26.
FIG. 2 is a flow chart of the steps of the method of the present invention when a count mismatch is detected in the MSC. The process begins at step 31 where the MS 11 sends its ID/count information to the MSC 13. At step 32, the MSC requests the ID/count information stored in the network from the HLR/AC 14. At step 33, the count mismatch detector 25 determines whether or not the ID/count information received from the MS (the mobile station count) matches the ID/count information received from the HLR/AC (the network count). If the mobile station count matches the network count, the process moves to step 34 where access to the network is permitted. If the counts do not match, the process moves from step 33 to step 35 where the MSC designates the call for special treatment in the special treatment designator 24. The MSC then routes the call at step 36 to the system operator 15. If the attempted access is an originating or terminating access, a voice channel is established between the system operator and the mobile station, and at step 37, the system operator, while on the voice channel with the mobile station, obtains personal identification data from the subscriber, which may be personal information on file with the operator. The operator then attempts a SSD update. If the attempted access is a registration, no voice channel is necessary. The operator merely attempts the SSD update. At step 38 it is determined whether or not the SSD update was successful. If not, the process determines that the subscriber attempting the access is fraudulent, and moves to step 39 where the call is dropped. At step 40, the process may additionally flag the subscriber's record indicating that a change of the subscriber's A-key may be necessary. This step assists in re-validating the legitimate subscriber when he next accesses the system. If the SSD update was successful, however, the process moves from step 38 to step 41 where access is permitted to the network. Then, at step 42, the count received from the MS for this access is utilized to reset the valid count in the HLR/AC to match the count in the MS.
It is thus believed that the operation and construction of the present invention will be apparent from the foregoing description. While the method, apparatus and system shown and described has been characterized as being preferred, it will be readily apparent that various changes and modifications could be made therein without
-6- departing from the spirit and scope of the invention as defined in the following claims.