WO2000027156A1 - Method of authenticating a mobile station handing-off from an anchor exchange to a serving exchange - Google Patents

Method of authenticating a mobile station handing-off from an anchor exchange to a serving exchange Download PDF

Info

Publication number
WO2000027156A1
WO2000027156A1 PCT/SE1999/001717 SE9901717W WO0027156A1 WO 2000027156 A1 WO2000027156 A1 WO 2000027156A1 SE 9901717 W SE9901717 W SE 9901717W WO 0027156 A1 WO0027156 A1 WO 0027156A1
Authority
WO
WIPO (PCT)
Prior art keywords
authenticating
exchange
mobile station
authentication
serving
Prior art date
Application number
PCT/SE1999/001717
Other languages
French (fr)
Inventor
Binh Nguyen
Original Assignee
Telefonaktiebolaget L M Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget L M Ericsson (Publ) filed Critical Telefonaktiebolaget L M Ericsson (Publ)
Priority to AU11943/00A priority Critical patent/AU1194300A/en
Priority to CA002347865A priority patent/CA2347865A1/en
Priority to BR9914909-5A priority patent/BR9914909A/en
Publication of WO2000027156A1 publication Critical patent/WO2000027156A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/062Pre-authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/14Backbone network devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W92/00Interfaces specially adapted for wireless communication networks
    • H04W92/16Interfaces between hierarchically similar devices
    • H04W92/24Interfaces between hierarchically similar devices between backbone network devices

Definitions

  • This invention relates to a method of authenticating a mobile station, and more particularly to amethodof authenticating a mobile station handing-off from an anchor exchange to a serving exchange.
  • ESN Evolved Mobile Network
  • the cloning is performed by "listening" to the radio interface to find a MLN/ESN, and programming a second mobile station with the same
  • the Global Challenge procedure is performed on digital or analog control channel at system access, and involves validation of the authentication data received from the mobile station.
  • the Unique Challenge is a procedure that can be performed on either control or voice channel, and involves validation of the authentication data received from the mobile station.
  • the Shared Secret Data Update procedure is used to verify the mobile station's A-key.
  • the Shared Secret Data update procedure may be prompted by administrative procedures at the authentication center, expiration of an authentication time interval at the authentication center, or the detection of a possible fraudulent situation.
  • the CAVE algorithm, the set of parameters and random values are used to perform the updating of the SSD. If the new value of SSD is the same after verification at both ends, then the mobile station has successfully authenticated and is still allowed service.
  • the Shared Secret Data update involves sending a random number to the mobile station to generate a new Shared Secret Data value based on the mobile station's information and the random number received.
  • the Shared Secret Data Update is usually followed by a Unique Challenge procedure to validate the new Shared Secret Data.
  • the COUNT Update procedure is used to detect fully cloned mobile stations, i.e. mobile stations that have the same A-key and Shared Secret Data as their legitimate counterpart.
  • the COUNT Update procedure relies on incrementing Count value in the mobile station and at the authentication center after each successful authentication procedure. A consistency check is performed at the authentication center of the value of both counters, and any inconsistency may indicate a possible fraud or a fraudulent mobile station.
  • a consistency check is performed at the authentication center of the value of both counters, and any inconsistency may indicate a possible fraud or a fraudulent mobile station.
  • the non-completion of the authentication procedure either results in allowing a call that may be fraudulent, or barring a call of a legitimate mobile station. Therefore, for mobile station users, non-completion of authentication procedure is not desirable.
  • the present invention provides a method to allow completion of authentication procedure during inter-system hand-off.
  • the present invention is a method of authenticating with an authentication center a mobile station handing off from an anchor exchange to a serving exchange.
  • the method sends authenticating parameters for the mobile station from the authentication center to the anchor exchange.
  • the mobile station is asked to authenticate with the anchor exchange. While authenticating, the mobile station hands- off from the anchor exchange to the serving exchange.
  • the authenticating parameters are forwarded from the anchor exchange to the serving exchange, and the mobile station is asked to authenticate with the serving exchange.
  • the serving exchange receives the authenticating results from the mobile station, and sends them to the authentication center.
  • the present invention is a method of authenticating with an authentication center a mobile station.
  • the method has steps of asking the mobile station to authenticate with a first exchange, and detecting hand-off of the mobile station from the first exchange to a second exchange.
  • the method then forwards authenticating parameters from the first exchange to the second exchange, and asks the mobile station to authenticate' with the second exchange.
  • the second exchange receives the authenticating results from the mobile station and sends the authenticating results to the authentication center.
  • FIGURE 1 is a schematic diagram of a cellular telecommunications network
  • FIGURE 2 is a signal flow diagram of an authentication procedure in accordance with a first embodiment of the present invention
  • FIGURE 3 is a signal flow diagram of an authentication procedure in accordance with a second embodiment of the present invention.
  • FIGURE 4 is a flowchart of a method in accordance with the -present invention.
  • the present invention relates to allowing completion of an authentication procedure in situations of inter-system hand-off. For doing so, the invention provides a new failure indication to identify that the authentication could not be completed due to an inter-system hand off.
  • the method of the present invention also provides forwarding messages so as to order completion of the authentication procedure in the new serving system.
  • FIGURE 1 wherein there is shown a schematic diagram of a cellular network 10.
  • a plurality of switches also known as Mobile Switching Center (MSC) 12 or exchanges, are used to route calls to and receive calls from mobile stations 16.
  • the MSC 12 are sometimes co- located with a Visited Location Register (VLR) 13 such as shown on the FIGURE but may also consist of non co-located nodes.
  • VLR Visited Location Register
  • the mobile stations 16 communicate with nearly proximate base stations 14 through a radio interface 22. As known in the art, several base stations 14 can communicate with one MSC 12. Each base station communicates with the MSC 12 through a pair of signaling and voice links 24. To allow seamless service to a mobile station 16 that travels from a base station 14 serviced by a first MSC 12A, called Anchor-MSC, to a base station 14 serviced by a second MSC 12S, also called a Serving MSC, a pair of voice and signaling links 26 connect the first and second MSCs 12. The mobile stations 16 may travel within the cellular network and consecutively communicate with different base stations 14.
  • a mobile station 16 travels from an area that is serviced by a first base station 14 to an area serviced by another base station, the operation of transferring service from the first base station to the second base station is called a hand-off.
  • the mobile station 16 hands-off from abase station 14 linked to a first MSC 12A to a base station linked to a second MSC 12S, it then consists of an inter-system hand-off.
  • a Home Location Register (HLR) 18 keeps information on subscribers such as location and services subscribed to.
  • the HLR 18 may consist of a stand-alone HLR, or of a co-located Service Control Point (SCP) as shown on the FIGURE.
  • the HLR 18 communicates with the VLRs 13 through a signaling link 28. While the HLR 18 stores information for all mobile stations 16 subscribed to the cellular network 10, the VLRs 13 in turn store certain information on mobile stations 16 communicating through their co-operating MSC 12.
  • the cellular network 10 also has an authentication center 20.
  • the authentication center communicates with the HLR 18 through a signaling link 30.
  • the authentication center keeps information on the mobile stations 16 such as Shared Secret Data (SSD).
  • SSD Shared Secret Data
  • FIGURE 2 there is shown a signal flow diagram of an authentication procedure in accordance with a first embodiment of the present invention.
  • the authentication center 20 sends either a Shared Secret Data (SSD) Update message or a Unique Challenge Order message 40 to the HLR 18.
  • SSD Update message and the Unique Challenge Order message 40 are well known in ANSI-41 standard, which is incorporated by reference herein.
  • the HLR 18 forwards the SSD update message or unique challenge order message 40 to the VLR 13 of the serving system, which in turn forwards it to its associated MSC 12.
  • the MSC 12 acknowledges receipt of the SSD update message of unique challenge order message 40 by an appropriate return message such as an authdir message 42, that is sent to the AC 20 through the VLR 13 and HLR 18.
  • the serving MSC 12 initiates authentication with the mobile station 16 by sending an SSD update message or unique challenge message 44 to the latter containing authenticating parameters.
  • the authenticating parameters may include an authentication algorithm version and a shared secret data, or an authentication response unique challenge and a random variable unique challenge.
  • the authentication procedure takes place between the mobile station 16 and the AC 20 as known in the art, and as described in standards such as the ANSI-41, which is incorporated by reference herein.
  • the mobile station hands-off (step 46) from the serving MSC 12, which becomes an anchor-MSC (A-MSC), to a new serving MSC (S-MSC) 12. Then, the A-MSC 12 forwards the authenticating parameters to the S-MSC 12 in, for example, a Facilities Directive (FACDIR) message 48. In the event that the S-MSC 12 does not support authentication, it returns a FACDIR return result message 50 indicating so to the A-MSC. If the S-MSC is capable of supporting authentication, it asks the mobile station 16 to authenticate in a manner known in the art. When the authentication is completed between the S-MSC and the MS 16, the S- MSC receives authenticating results from the mobile station.
  • FACDIR Facilities Directive
  • the authenticating results may include a shared secret data update report or a unique challenge report.
  • the authenticating results are sent to the A-MSC in a MSONCH message 52.
  • the A-MSC forwards the outcome of the authentication, or an indication of the incapacity of the S-MSC to support authentication, in an ASREPORT message 54 to the AC 20 through the A-MSC, A- VLR and HLR 18.
  • FIGURE 3 there is shown a signal flow diagram of an authentication procedure in accordance with a second embodiment of the present invention.
  • the A-MSC informs the AC20 of the hand-off of the mobile station 16, and it is the AC 20 that instructs the A-MSC to forward the authentication parameters to the S-MSC to perform the authentication with the mobile station.
  • the authentication with the A-MSC, up until the mobile station 16 hands-off to the S-MSC is the same as for the first embodiment.
  • the A-MSC detects the hand-off, and informs the AC 20 by means of an Authentication Status Report (ASREPORT) message 60 of its incapability to complete the authentication due to a hand-off.
  • ASREPORT Authentication Status Report
  • the AC 20 instructs the A-MSC to forward the authenticating parameters to the S-MSC in an order message 62.
  • the A-MSC executes the order and sends the authenticating parameters to the S-MSC in an Authentication Directive Forward (AUTHDIRFWD) message 64.
  • AUTHDIRFWD Authentication Directive Forward
  • the S-MSC performs the authentication with the mobile station, and sends an AUTHDIRFWD return message 66 to the A-MSC that contains the authenticating results. Then, as in the first embodiment, the A-MSC returns the authenticating results to the AC with the ASREPORT message 54.
  • FIGURE 4 there is shown a flowchart of a method in accordance with the present invention. That method starts in step 70, where the AC 20 sends the authentication parameters to the A-MSC. Then, the A-MSC asks the mobile station 16 in step 72 to authenticate. While the mobile station 16 is authenticating, the A-MSC detects a hand-off of the mobile station 16 in step 74. The A-MSC informs the AC 20 in step 76 of the hand-off of the mobile station to the S-MSC. The AC 20 instructs in step 78 the A-MSC to forward the 0 authentication parameters to the
  • the A-MSC sends the authentication parameters to the S-MSC in step 80.
  • the S-MSC asks the mobile station 16 to authenticate in step 82 and performs the authentication therewith.
  • the S-MSC receives the authentication results from the mobile station in step 84, and sends these results to the AC 20 in step 86, thereby allowing completion of the authentication during an inter-system hand-off.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention relates to a method of authenticating with an authentication center (20) a mobile station (16) handing-off from an anchor exchange (12A) to a serving exchange (12S). The method sends authenticating parameters for the mobile station from the authentication center to the anchor exchange. The mobile station is asked to authenticate with the anchor exchange. While the authenticating takes place, the mobile station hands-off from the anchor exchange to the serving exchange. The authenticating parameters are forwarded from the anchor exchange to the serving exchange, and the mobile station is asked to authenticate with the serving exchange. The serving exchange receives the authenticating results from the mobile station, and sends them to the authentication center.

Description

METHOD OF AUTHENTICATING A MOBILE STATION HANDING-OFF FROM AN ANCHOR EXCHANGE TO A SERVING EXCHANGE
BACKGROUND OF THE INVENTION
Technical Field of the Invention
This invention relates to a method of authenticating a mobile station, and more particularly to amethodof authenticating a mobile station handing-off from an anchor exchange to a serving exchange.
Description of Related Art
Ever since their introduction on the market, mobile stations have changed the way people communicate. Now, it is possible to reach a person almost anywhere, using only one number. The number is no longer linked to a location, but is rather linked to a mobile station that communicates through a radio interface with a cellular network. So wherever the mobile station is located, i.e. within the cellular network coverage, it can originate or receive a call by means of the radio interface. For originating a call through the cellular network, the mobile station has to identify itself by providing its Mobile Identification Number (MIN) and Electronic Serial Number
(ESN). The MLN/ESN allows the cellular network to recognize which mobile station is calling, so to charge fees incurred for the call appropriately.
A problem that has emerged with the ever-increasing popularity of mobile stations is the cloning. The cloning is performed by "listening" to the radio interface to find a MLN/ESN, and programming a second mobile station with the same
MLN/ESN. By doing so, the fees incurred for calls originated by the second mobile station are charged to the first mobile station. This method of fraud has caused important financial damages to cellular network providers and to owners of mobile stations. To solve that problem, the security of cellular networks has been improved with authentication procedures to which the mobile stations must participate. In D- AMPS networks, different authentication procedures have been developed: Global Challenge, Unique Challenge, Shared Secret Data Update, and Count Update. These authentication procedures rely on using an algorithm called CAVE, and in an exchange of parameters between the mobile station and an authentication center. The authentication center stores a set of data for each mobile station including their MIN and ESN, along with an A-key and a Shared Secret Data (SSD) also called authentication data. The set of data is used as input parameters to the CAVE algorithm to verify authenticity of the mobile station.
More precisely, the Global Challenge procedure is performed on digital or analog control channel at system access, and involves validation of the authentication data received from the mobile station.
The Unique Challenge is a procedure that can be performed on either control or voice channel, and involves validation of the authentication data received from the mobile station.
The Shared Secret Data Update procedure is used to verify the mobile station's A-key. The Shared Secret Data update procedure may be prompted by administrative procedures at the authentication center, expiration of an authentication time interval at the authentication center, or the detection of a possible fraudulent situation. The CAVE algorithm, the set of parameters and random values are used to perform the updating of the SSD. If the new value of SSD is the same after verification at both ends, then the mobile station has successfully authenticated and is still allowed service. The Shared Secret Data update involves sending a random number to the mobile station to generate a new Shared Secret Data value based on the mobile station's information and the random number received. The Shared Secret Data Update is usually followed by a Unique Challenge procedure to validate the new Shared Secret Data.
Finally, the COUNT Update procedure is used to detect fully cloned mobile stations, i.e. mobile stations that have the same A-key and Shared Secret Data as their legitimate counterpart. The COUNT Update procedure relies on incrementing Count value in the mobile station and at the authentication center after each successful authentication procedure. A consistency check is performed at the authentication center of the value of both counters, and any inconsistency may indicate a possible fraud or a fraudulent mobile station. However, it has been noticed that when an inter-system hand-off occurs during one of the authentication procedures, the latter is not completed. The non-completion of the authentication procedure either results in allowing a call that may be fraudulent, or barring a call of a legitimate mobile station. Therefore, for mobile station users, non-completion of authentication procedure is not desirable.
In order to overcome the disadvantage of existing solutions, it would be advantageous to have a method which would allow completion of authentication procedure during inter-system hand-off.
SUMMARY OF THE INVENTION
The present invention provides a method to allow completion of authentication procedure during inter-system hand-off.
In one aspect, the present invention is a method of authenticating with an authentication center a mobile station handing off from an anchor exchange to a serving exchange. The method sends authenticating parameters for the mobile station from the authentication center to the anchor exchange. The mobile station is asked to authenticate with the anchor exchange. While authenticating, the mobile station hands- off from the anchor exchange to the serving exchange. The authenticating parameters are forwarded from the anchor exchange to the serving exchange, and the mobile station is asked to authenticate with the serving exchange. The serving exchange receives the authenticating results from the mobile station, and sends them to the authentication center.
In another aspect, the present invention is a method of authenticating with an authentication center a mobile station. The method has steps of asking the mobile station to authenticate with a first exchange, and detecting hand-off of the mobile station from the first exchange to a second exchange. The method then forwards authenticating parameters from the first exchange to the second exchange, and asks the mobile station to authenticate' with the second exchange. The second exchange receives the authenticating results from the mobile station and sends the authenticating results to the authentication center. BRIEF DESCRIPTION OF THE DRAWINGS
The invention will be better understood and its numerous objects and advantages will become more apparent to those skilled in the art by reference to the following drawings, in conjunction with the accompanying specification, in which: FIGURE 1 is a schematic diagram of a cellular telecommunications network;
FIGURE 2 is a signal flow diagram of an authentication procedure in accordance with a first embodiment of the present invention;
FIGURE 3 is a signal flow diagram of an authentication procedure in accordance with a second embodiment of the present invention; and FIGURE 4 is a flowchart of a method in accordance with the -present invention.
DETAILED DESCRIPTION OF EMBODIMENTS
The present invention relates to allowing completion of an authentication procedure in situations of inter-system hand-off. For doing so, the invention provides a new failure indication to identify that the authentication could not be completed due to an inter-system hand off. The method of the present invention also provides forwarding messages so as to order completion of the authentication procedure in the new serving system. Reference is now made to FIGURE 1 wherein there is shown a schematic diagram of a cellular network 10. In the cellular network 10, a plurality of switches, also known as Mobile Switching Center (MSC) 12 or exchanges, are used to route calls to and receive calls from mobile stations 16. The MSC 12 are sometimes co- located with a Visited Location Register (VLR) 13 such as shown on the FIGURE but may also consist of non co-located nodes. The mobile stations 16 communicate with nearly proximate base stations 14 through a radio interface 22. As known in the art, several base stations 14 can communicate with one MSC 12. Each base station communicates with the MSC 12 through a pair of signaling and voice links 24. To allow seamless service to a mobile station 16 that travels from a base station 14 serviced by a first MSC 12A, called Anchor-MSC, to a base station 14 serviced by a second MSC 12S, also called a Serving MSC, a pair of voice and signaling links 26 connect the first and second MSCs 12. The mobile stations 16 may travel within the cellular network and consecutively communicate with different base stations 14. More particularly, when a mobile station 16 travels from an area that is serviced by a first base station 14 to an area serviced by another base station, the operation of transferring service from the first base station to the second base station is called a hand-off. When the mobile station 16 hands-off from abase station 14 linked to a first MSC 12A to a base station linked to a second MSC 12S, it then consists of an inter-system hand-off.
In the cellular network 10, a Home Location Register (HLR) 18 keeps information on subscribers such as location and services subscribed to. The HLR 18 may consist of a stand-alone HLR, or of a co-located Service Control Point (SCP) as shown on the FIGURE. The HLR 18 communicates with the VLRs 13 through a signaling link 28. While the HLR 18 stores information for all mobile stations 16 subscribed to the cellular network 10, the VLRs 13 in turn store certain information on mobile stations 16 communicating through their co-operating MSC 12. The cellular network 10 also has an authentication center 20. The authentication center communicates with the HLR 18 through a signaling link 30. The authentication center keeps information on the mobile stations 16 such as Shared Secret Data (SSD).
Referring now to FIGURE 2, there is shown a signal flow diagram of an authentication procedure in accordance with a first embodiment of the present invention. To initiate the authentication procedure, the authentication center 20 sends either a Shared Secret Data (SSD) Update message or a Unique Challenge Order message 40 to the HLR 18. The SSD Update message and the Unique Challenge Order message 40 are well known in ANSI-41 standard, which is incorporated by reference herein. The HLR 18 forwards the SSD update message or unique challenge order message 40 to the VLR 13 of the serving system, which in turn forwards it to its associated MSC 12. The MSC 12 acknowledges receipt of the SSD update message of unique challenge order message 40 by an appropriate return message such as an authdir message 42, that is sent to the AC 20 through the VLR 13 and HLR 18. The serving MSC 12 initiates authentication with the mobile station 16 by sending an SSD update message or unique challenge message 44 to the latter containing authenticating parameters. The authenticating parameters may include an authentication algorithm version and a shared secret data, or an authentication response unique challenge and a random variable unique challenge. The authentication procedure takes place between the mobile station 16 and the AC 20 as known in the art, and as described in standards such as the ANSI-41, which is incorporated by reference herein.
During the authentication procedure, the mobile station hands-off (step 46) from the serving MSC 12, which becomes an anchor-MSC (A-MSC), to a new serving MSC (S-MSC) 12. Then, the A-MSC 12 forwards the authenticating parameters to the S-MSC 12 in, for example, a Facilities Directive (FACDIR) message 48. In the event that the S-MSC 12 does not support authentication, it returns a FACDIR return result message 50 indicating so to the A-MSC. If the S-MSC is capable of supporting authentication, it asks the mobile station 16 to authenticate in a manner known in the art. When the authentication is completed between the S-MSC and the MS 16, the S- MSC receives authenticating results from the mobile station. The authenticating results may include a shared secret data update report or a unique challenge report. The authenticating results are sent to the A-MSC in a MSONCH message 52. The A-MSC forwards the outcome of the authentication, or an indication of the incapacity of the S-MSC to support authentication, in an ASREPORT message 54 to the AC 20 through the A-MSC, A- VLR and HLR 18. Referring now to FIGURE 3, there is shown a signal flow diagram of an authentication procedure in accordance with a second embodiment of the present invention. In that second embodiment, the A-MSC informs the AC20 of the hand-off of the mobile station 16, and it is the AC 20 that instructs the A-MSC to forward the authentication parameters to the S-MSC to perform the authentication with the mobile station. In that second embodiment, the authentication with the A-MSC, up until the mobile station 16 hands-off to the S-MSC, is the same as for the first embodiment. When the mobile station hands-off to the S-MSC, the A-MSC detects the hand-off, and informs the AC 20 by means of an Authentication Status Report (ASREPORT) message 60 of its incapability to complete the authentication due to a hand-off. Then, the AC 20 instructs the A-MSC to forward the authenticating parameters to the S-MSC in an order message 62. The A-MSC executes the order and sends the authenticating parameters to the S-MSC in an Authentication Directive Forward (AUTHDIRFWD) message 64. The S-MSC performs the authentication with the mobile station, and sends an AUTHDIRFWD return message 66 to the A-MSC that contains the authenticating results. Then, as in the first embodiment, the A-MSC returns the authenticating results to the AC with the ASREPORT message 54. Referring now to FIGURE 4, there is shown a flowchart of a method in accordance with the present invention. That method starts in step 70, where the AC 20 sends the authentication parameters to the A-MSC. Then, the A-MSC asks the mobile station 16 in step 72 to authenticate. While the mobile station 16 is authenticating, the A-MSC detects a hand-off of the mobile station 16 in step 74. The A-MSC informs the AC 20 in step 76 of the hand-off of the mobile station to the S-MSC. The AC 20 instructs in step 78 the A-MSC to forward the 0 authentication parameters to the
S-MSC. Then, the A-MSC sends the authentication parameters to the S-MSC in step 80. The S-MSC asks the mobile station 16 to authenticate in step 82 and performs the authentication therewith. The S-MSC receives the authentication results from the mobile station in step 84, and sends these results to the AC 20 in step 86, thereby allowing completion of the authentication during an inter-system hand-off. It is thus believed that the operation and construction of the present invention will be apparent from the foregoing description. While the method and system shown and described have been characterized as being preferred, it will be readily apparent that various changes and modifications could be made therein without departing from the spirit and scope of the invention as defined in the following claims.

Claims

WHAT IS CLAIMED IS:
1. A method of authenticating with an authentication center a mobile station handing-off from an anchor exchange to a serving exchange, the method comprising steps of: sending from the authentication center authenticating parameters for the mobile station to the anchor exchange; asking the mobile station to authenticate with the an exchange; handing-off the mobile station from the anchor exchange to the serving exchange during the authenticating; forwarding the authenticating parameters from the anchor exchange to the serving exchange; asking the mobile station to authenticate with the serving exchange; receiving at the serving exchange authenticating results from the mobile station; and sending the authenticating results to the authentication center.
2. The method of authenticating of claim 1, wherein the authenticating parameters include an authentication algorithm version and a shared secret data.
3. The method of authenticating of claim 1 , wherein the authenticating parameters include an authentication response unique challenge and a random variable unique challenge.
4. The method of authenticating of claim 1 , wherein the authenticating results include a shared secret data update report or a unique challenge report.
5. The method of authenticating of claim 1, wherein method further comprises a step of informing the authentication center of the incapability of the anchor exchange to complete authenticating because of a hand-off of the mobile station to the serving exchange.
6. The method of authenticating of claim 5, wherein the method further comprises a step of: instructing from the authentication center the anchor exchange of forwarding the authenticating parameters to the serving exchange.
7. A method of authenticating with an authentication center a mobile station, the method comprising steps of: asking the mobile station to authenticate with a first exchange; detecting hand-off of the mobile station from the first exchange to a second exchange; forwarding authenticating parameters from the first exchange to the second exchange; asking the mobile station to authenticate with the second exchange; receiving at the second exchange authenticating results from the mobile station; and sending the authenticating results to the authentication center.
8. The method of authenticating of claim 7, further comprising a step of sending from the authentication center authentication parameters for the mobile station to the first exchange prior to asking the mobile station to authenticate with the first exchange.
9. The method of authenticating of claim 7, wherein the authenticating parameters include an authentication algorithm version and a shared secret data.
10. The method of authenticating of claim 7, wherein the authenticating parameters include an authentication response unique challenge and a random variable unique challenge.
11. The method of authenticating of claim 7, wherein the authenticating results includes a shared secret data update report or a unique challenge report.
12. The method of authenticating of claim 7, wherein the method further comprises a step of infon-ning the authentication center of the incapability of the first exchange to complete the authenticating because of a hand-off of the mobile station to the second exchange.
13. The method of authenticating of claim 12, wherein the method further comprises a step of: instructing from the authentication center the first exchange of forwarding the authenticating parameters to the second exchange.
PCT/SE1999/001717 1998-10-30 1999-09-28 Method of authenticating a mobile station handing-off from an anchor exchange to a serving exchange WO2000027156A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
AU11943/00A AU1194300A (en) 1998-10-30 1999-09-28 Method of authenticating a mobile station handing-off from an anchor exchange toa serving exchange
CA002347865A CA2347865A1 (en) 1998-10-30 1999-09-28 Method of authenticating a mobile station handing-off from an anchor exchange to a serving exchange
BR9914909-5A BR9914909A (en) 1998-10-30 1999-09-28 Method for authenticating a mobile station with an authentication center

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US18344598A 1998-10-30 1998-10-30
US09/183,445 1998-10-30

Publications (1)

Publication Number Publication Date
WO2000027156A1 true WO2000027156A1 (en) 2000-05-11

Family

ID=22672820

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE1999/001717 WO2000027156A1 (en) 1998-10-30 1999-09-28 Method of authenticating a mobile station handing-off from an anchor exchange to a serving exchange

Country Status (5)

Country Link
AR (1) AR020786A1 (en)
AU (1) AU1194300A (en)
BR (1) BR9914909A (en)
CA (1) CA2347865A1 (en)
WO (1) WO2000027156A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001020925A2 (en) * 1999-09-10 2001-03-22 Telefonaktiebolaget Lm Ericsson (Publ) System and method of passing encryption keys after inter-exchange handoff
EP1534042A1 (en) * 2003-11-20 2005-05-25 Lucent Technologies Inc. Method for global authentication with continuity during handoff to a neighboring mobile switching center
WO2007137488A1 (en) * 2006-05-15 2007-12-06 Huawei Technologies Co., Ltd. A method for relocating anchor paging controller to mobile station

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1992002103A1 (en) * 1990-07-16 1992-02-06 Motorola, Inc. Method for authentication and protection of subscribers in telecommunication systems
WO1993011646A1 (en) * 1991-12-03 1993-06-10 Electronic Data Systems Corporation Apparatus for detecting and preventing subscriber number tumbling in a cellular mobile telephone system
WO1995032592A1 (en) * 1994-05-20 1995-11-30 Siemens Aktiengesellschaft Process for subscriber data transmission when changing the radiocommunication system
WO1996005702A2 (en) * 1994-07-29 1996-02-22 Motorola Inc. Method and apparatus for authentication in a communication system
US5557676A (en) * 1993-11-24 1996-09-17 Telefonaktiebolaget Lm Ericsson Authentication for analog communication systems

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1992002103A1 (en) * 1990-07-16 1992-02-06 Motorola, Inc. Method for authentication and protection of subscribers in telecommunication systems
WO1993011646A1 (en) * 1991-12-03 1993-06-10 Electronic Data Systems Corporation Apparatus for detecting and preventing subscriber number tumbling in a cellular mobile telephone system
US5557676A (en) * 1993-11-24 1996-09-17 Telefonaktiebolaget Lm Ericsson Authentication for analog communication systems
WO1995032592A1 (en) * 1994-05-20 1995-11-30 Siemens Aktiengesellschaft Process for subscriber data transmission when changing the radiocommunication system
WO1996005702A2 (en) * 1994-07-29 1996-02-22 Motorola Inc. Method and apparatus for authentication in a communication system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001020925A2 (en) * 1999-09-10 2001-03-22 Telefonaktiebolaget Lm Ericsson (Publ) System and method of passing encryption keys after inter-exchange handoff
WO2001020925A3 (en) * 1999-09-10 2001-09-20 Ericsson Telefon Ab L M System and method of passing encryption keys after inter-exchange handoff
EP1534042A1 (en) * 2003-11-20 2005-05-25 Lucent Technologies Inc. Method for global authentication with continuity during handoff to a neighboring mobile switching center
WO2007137488A1 (en) * 2006-05-15 2007-12-06 Huawei Technologies Co., Ltd. A method for relocating anchor paging controller to mobile station

Also Published As

Publication number Publication date
AR020786A1 (en) 2002-05-29
BR9914909A (en) 2001-08-07
CA2347865A1 (en) 2000-05-11
AU1194300A (en) 2000-05-22

Similar Documents

Publication Publication Date Title
US6081705A (en) Cellular telephone network support of international mobile station identity (IMSI)
CA2363667C (en) Fraud detection method for mobile telecommunication networks
AU728514B2 (en) Localised special services in a mobile communications system
US6236852B1 (en) Authentication failure trigger method and apparatus
JP3964677B2 (en) Security procedures for universal mobile phone services
US5564068A (en) Home location register for manual visitors in a telecommunication system
CA2311889C (en) System and method for mobile terminal positioning
US6038440A (en) Processing of emergency calls in wireless communications system with fraud protection
US20030104813A1 (en) Optimization of circuit call setup and delivery associated with inter-MSC packet data handoff
JP2002505056A (en) How to limit the use of terminal equipment
US20060286978A1 (en) Method and system for cellular network traffic redirection
GB2322998A (en) Method of Interconnecting Communication Networks
WO1998019489A2 (en) System and method of detecting and preventing fraudulent telephone calls in a radio telecommunications network
WO1996034500A1 (en) System and method for restricting mobility of subscribers assigned to fixed subscription areas in a cellular telecommunications network
JP3955446B2 (en) Apparatus, method, and system for providing a default mode for authentication failure in a mobile communication network
WO2000027156A1 (en) Method of authenticating a mobile station handing-off from an anchor exchange to a serving exchange
US20050113094A1 (en) Global authentication continuity feature for handoff to a neighboring mobile switching center
KR100444509B1 (en) Method of authenticating user on the basis of peculiar information of user and cdma system using the same in cdma network using user identity module
EP1150529A1 (en) System and method for registering a wireless unit at the border between geographic service areas
WO2000035215A2 (en) Method of performing a base station challenge in a cellular telecommunications network
CN101420678A (en) Terminal closedown register method used for PHS system and PHS system implementing the method
GB2365687A (en) Authentication process using sequence numbers
KR100651995B1 (en) User authentication service method, and a mobile phone using for the method
JPH099349A (en) Verification control system
KR101286098B1 (en) Method and apparatus for authentication of subscriber in a mobile communication system

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref country code: AU

Ref document number: 2000 11943

Kind code of ref document: A

Format of ref document f/p: F

AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
ENP Entry into the national phase

Ref document number: 2347865

Country of ref document: CA

Ref country code: CA

Ref document number: 2347865

Kind code of ref document: A

Format of ref document f/p: F

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase