WO2000030391A1 - System and method for secured transference of temporary mobile subscriber information - Google Patents

System and method for secured transference of temporary mobile subscriber information Download PDF

Info

Publication number
WO2000030391A1
WO2000030391A1 PCT/SE1999/002019 SE9902019W WO0030391A1 WO 2000030391 A1 WO2000030391 A1 WO 2000030391A1 SE 9902019 W SE9902019 W SE 9902019W WO 0030391 A1 WO0030391 A1 WO 0030391A1
Authority
WO
WIPO (PCT)
Prior art keywords
random number
pseudo random
generator means
network
mobile station
Prior art date
Application number
PCT/SE1999/002019
Other languages
French (fr)
Inventor
Johan Rune
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Priority to EP99958568A priority Critical patent/EP1129594A1/en
Priority to AU15907/00A priority patent/AU1590700A/en
Priority to JP2000583285A priority patent/JP2002530960A/en
Publication of WO2000030391A1 publication Critical patent/WO2000030391A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention is directed to a system and method for improving the security of a cellular subscriber within a telecommunications system, and, particularly, to improving subscriber confidentiality during network access.
  • GSM Global System for Mobile Communication
  • PLMN Public Land Mobile Network
  • wireless network 10 which in turn is composed of a plurality of areas 12, each with a Mobile Services switching Center (MSC) 14 and an integrated Visitor Location Register (VLR) 16 therein.
  • LA Location Areas
  • Each Location Area 12 is divided into a number of cells 22.
  • Mobile Station (MS) 20 is the physical equipment, e ⁇ ., a car phone or other portable phone, used by mobile subscribers to communicate with the wireless network 10, each other, and users outside the subscribed network, both wireline and wireless.
  • the MSC 14 is in communication with at least one Base Transceiver Station (BTS) 24.
  • BTS Base Transceiver Station
  • the BTS 24 is the physical equipment, illustrated for simplicity as a radio tower, that provides radio coverage to the geographical part of the cell 22 for which it is responsible.
  • BSC Base Station Controller
  • BSC Base Station Controller
  • BSS Base Station System
  • the PLMN Service Area or wireless network 10 includes a Home Location Register (HLR) 26, which is a database maintaining all subscriber information, e.g., user profiles, current location information, International Mobile Subscriber Identity (IMSI) numbers, and other administrative information.
  • HLR Home Location Register
  • the HLR 26 may be co-located with a given MSC 14, integrated with the MSC 14, or alternatively can service multiple MSCs 14, the latter of which is illustrated in FIGURE 1.
  • the VLR 16 is a database containing information about all of the Mobile Stations 20 currently located within the MSC/VLR area 12. If a MS 20 roams into a new MSC/VLR area 12, the VLR 16 connected to that MSC 14 will request data about that Mobile Station 20 from its home HLR database 26 (simultaneously informing the HLR 26 about the current location of the MS 20). Accordingly, if the user of the MS 20 then wants to make a call, the local VLR 16 will have the requisite identification information without having to reinterrogate the home HLR 26. In the aforedescribed manner, the VLR and HLR databases 16 and 26, respectively, contain various subscriber information associated with a given MS 20.
  • Each user in a cellular network such as the GSM network 10 shown in FIGURE 1, has an International Mobile Subscriber Identity (IMSI) number associated therewith, a unique identity number to uniquely identify each subscriber.
  • IMSI International Mobile Subscriber Identity
  • the secret subscriber key used for generating the authentication response must remain confidential lest an unscrupulous third party impersonate a given subscriber, incurring phone and other charges by virtue of this identity theft. Since the mobile station 20 maintains its identity within a given Location Area 18, e.g., in the VLR 16, the IMSI number need not be transmitted until the subscriber leaves the given LA 18 to another LA 18 within which it is not known.
  • the transmission of the IMSI is not done in an effort to avoid the tracking of a subscriber's location and movements by listening to the IMSI (which is not secret).
  • the goal is to protect the subscriber's privacy and integrity.
  • GSM To thwart obvious eavesdropping of confidential information, GSM employs a Temporary Mobile Subscriber Identity (TMSI) as an alias for the true subscriber identity (IMSI) in order to avoid transmitting the IMSI in clear on the radio path.
  • TMSI numbers are allocated by the network on an LA 18 basis for unambiguously referring to a particular MS 20 therein.
  • This subscriber identity confidentiality is a feature employed in many cellular networks today, e.g., in GSM.
  • TMSI numbers attempt to thwart eavesdroppers from tracking the location or the movements of a subscriber merely by listening in on the communication between the respective BTS 24 and the MS 20.
  • the temporary identity is preferably replaced at every network access, e.g., call, location update, etc.
  • the TMSI When the TMSI is assigned to the mobile station 20 by the network 10, the TMSI must be transferred from the network to the MS 20. It should be understood that at this moment there is a risk that an eavesdropper may intercept the transfer, thereby being able to couple the TMSI with the particular IMSI which the aliasing TMSI replaces. This interception would also make it possible for the eavesdropper to track the subscriber's location and movements despite the use of TMSI identifiers.
  • the temporary identity is encrypted during this transfer, thereby preventing the eavesdropper from tracking the subscriber by monitoring the subsequent replacements of temporary identities.
  • the TMSI number is used by the MS 20 to identify itself to the network 10, it cannot be encrypted since the network 10, not yet knowing the identity of the subscriber, would not know which encryption key to utilize in decrypting the temporary identity.
  • the TMSI number must not only be replaced at every network access but it must also be encrypted when transferred from the network to the MS 20, creating a significant amount of signaling across the radio interface and consuming valuable radio resources.
  • the present invention is directed to telecommunications systems and methods for preventing the interception of temporary identifiers utilized in network access by and interaction with mobile stations.
  • a mobile station and the subscriber network synchronize a pseudo random number generator, the initial seed value for which is exchanged in encrypted form.
  • Subsequent temporary identifiers for the mobile station are derived from successive values of a pseudo random number generator algorithm or other, like algorithms.
  • FIGURE 1 is a block diagram of a telecommunications system that employs the principles of the present invention.
  • a preferred mechanism to safely permit the exchange of temporary identity numbers after each network access is to utilize a series of values that are difficult, if not nearly impossible, to predict. For example, if an eavesdropper listens to a series of temporary identity assignments, they may ascertain a pattern in those assignments and decode the information garnered. To avoid prediction, a series of successive values are needed that can be not only unambiguously calculated independently by both the network 10 and the MS 20, but at the same time are unpredictable to anyone else, i.e., a potential eavesdropper.
  • pseudo-random number generators One category of number-generating algorithms that satisfies the criteria of unpredictableness is pseudo-random number generators. As the name suggests, a series of seemingly (pseudo) random numbers are created, numbers having no obvious relationship to one another. Instead, the mechanism for creating the numbers employs elaborate calculations to mimic a purely random selection of numbers. Such number generators, however, require a starting or "seed" value, from which a particular series of numbers emanate. In other words, if a network 10 element and the MS 20 employ the same pseudo-random number generator (PRNG) and utilize a common seed value as input, an identical stream of numbers are generated, whereby the network 10 and the MS 20 are in synchronicity. Of course, a different seed value results in a different series of numbers.
  • PRNG pseudo-random number generator
  • a seed value is transferred from the network to the MS 20.
  • This transference corresponds to the assignment of the initial temporary identity in conventional systems, and, consequently, the seed value must be encrypted to prevent an eavesdropper from synchronizing their own algorithm with the subscriber's, thereby enabling the eavesdropper to track the subscriber's movements.
  • the temporary identity can be changed after every subsequent network access, without the transference of any subsequent information over the radio interface, by simply having the algorithm generate the next number in the pseudo random number series from the common, initial seed value.
  • the network 10 and the mobile station 20 were synchronized with the common seed value, the resulting sequences and identities will match.
  • a practical problem arises in that there is no guarantee as to the uniqueness of the temporary identity, which are normally only locally unique.
  • the range of possible values is kept small (to keep the identifier short) and the temporary identities are regularly reused as subscribers come and go through the local area of uniqueness, e.g., the location areas 18 in GSM, as shown in FIGURE 1.
  • the difficulty arises when many subscribers are present within the same LA 18 (or other uniqueness area), each subscriber employing the same instance of the PRNG algorithm. With a new temporary identity being produced after every network access and the pool of such identities being low, over time a new temporary identity number for a given subscriber will be produced that matches that already being utilized by another subscriber in the same area.
  • TMSI conflicts One obvious countermeasure against such TMSI conflicts is, of course, to extend the temporary identity, e.g., by adding one or two bits thereto.
  • the intent here is less that of accommodating increasing subscriber numbers, but more that of reducing the risk of creating a temporary identity conflict. It should be understood, however, that although the risk of conflict is reduced by these extension bits, it is not eliminated, leaving the need to cope with the conflict scenario.
  • the value is then stored in the network, the corresponding field in the array marked 'occupied', and if the network had to skip a number of values in the pseudo random number series (to arrive at an unoccupied value), the mobile terminal is informed of the number of skipped values. The mobile terminal can then skip the same number of values to keep the algorithm synchronized with the network.
  • the extension of the temporary identity also adds to the consumed radio resources, but this is a very small addition compared to what is saved by eliminating the many message exchanges assigning new temporary identities to the mobile terminal at every network access.
  • the messages to establish the ciphering mode can be eliminated in some cases. For instance, during a location update, the only reason to establish the ciphering mode is to be able to transfer a new temporary identity encrypted to the mobile terminal. Otherwise the network only sends a simple acknowledgment, which does not have to be encrypted. Accordingly, if using the present invention, a new temporary identity can be assigned without establishing the ciphering mode.
  • Suitable pseudo random number generators for use in the preferred embodiment of the present invention include a lagged Fibonnacci PRNG using addition and another, as yet unnamed, PRNG, both of which are described hereinbelow.
  • the n th number in this sequence is calculated as follows:
  • N n (N n _ k - N n .,) mod M
  • k and 1 are the lags (the largest of which should be at least about 1,000 to about 10,000 in order to achieve good results) and M defines the range within which the generated pseudo random numbers are kept.
  • M should be set to 1.
  • the bit patterns formed by floating point numbers can be utilized to produce temporary identities. For example, the extraction of a number of bits, pursuant to a rule such as starting from the low order bit, from a generated pseudo random number may be used to form a temporary identity number.
  • integer arithmetic is preferably employed, particularly using a large value of M. Should floating point arithmetic be used, however, both the network and the particular mobile station must use the same number representation (interims of size and structure), as well as the same floating point arithmetic algorithms and roundoff rules.
  • Another technique also produces pseudo random numbers distributed between 0 and 1.
  • the seeds X 0 , Y 0 and Z 0 in this alternative embodiment of the present invention are initially set to integer values between 1 and 30,000.
  • the pseudo random numbers N n are then calculated in this embodiment according to the following:
  • n th number pursuant to this unnamed technique may be calculated as follows:
  • N n [FLOAT(X n )/30269 + FLOAT(Y n )/30307 + FLOAT (Z n )/30323) AMOD 1
  • the floating point numbers generated by this algorithm also form bit patterns that can be used to create the desired temporary identities.
  • Mixture generator is used, for example, in RPK cryptographic systems.
  • Mixture generators are used to define private keys and derive public keys, and are useful in encryption and decryption, as is well understood to those skilled in the art.
  • the mixture generator which can be considered a simple finite state or Turing machine, normally produces only one bit at a time, so to produce a bit sequence that can be used as a temporary identifier of length n the mixture generator has to be stepped n times.
  • the temporary identities can be derived from the different states of the mixture generator. In the latter case, the mixture generator only has to be stepped once for each temporary identity it generates.
  • the 'seed' for a mixture generator can be defined as a certain number of steps from a predefined initial state. It should be understood that the sequence of outputs generated by the mixture generator will be the same regardless of how the mixture generator happened to arrive at that state. Additionally, as with the aforedescribed Fibonacci and the other technique, the generated outputs are complex and unpredictable in a well- defined sense so as to make it difficult for an eavesdropper or other observer to measure the output sequence and determine the details of the internal state in an effort to predict future outputs, thereby compromising the user's identity and confidentiality in the manner aforedescribed. Further details on the intricacies of mixture generators may be found in numerous treatises, patents and Internet documents on Public Key Cryptography, e.g., various writings by William M. Raike at the website www.rpk.co.nz.
  • the benefits of the various embodiments for the proposed solution include reducing the control signaling load put on the radio interfaces while maximizing the use of the requisite confidentiality features.
  • a large number of messages needed to assign new temporary identities are eliminated, and in some instances the messages to establish the ciphering mode area is also eliminated.
  • the temporary identity can be replaced after every network access, which is not always the case in existing systems since in those systems there is a trade off between the gained privacy and the consumed radio resources.

Abstract

The present invention is directed to telecommunications systems and methods for preventing the tracking of subscriber's movements through the interception of temporary identifiers utilized in network (10) access by and in interaction with mobile stations (20). In a preferred embodiment of the present invention, a mobile station (20) and the subscriber network (10) synchronize a pseudo random number generator, the initial seed value for which is exchanged. Subsequent temporary identifiers for the mobile station (20) are derived from successive values of a shared pseudo random number generator algorithm.

Description

SYSTEM AND METHOD FOR SECURED TRANSFERENCE OF TEMPORARY MOBILE SUBSCRIBER INFORMATION
BACKGROUND OF THE PRESENT INVENTION Field of the Invention
The present invention is directed to a system and method for improving the security of a cellular subscriber within a telecommunications system, and, particularly, to improving subscriber confidentiality during network access.
Background and Objects of the Present Invention
The evolution of wireless communication over the past century, since Guglielmo Marconi's 1897 demonstration of radio's ability to provide continuous contact with ships sailing the English Channel, has been remarkable. Since Marconi's discovery, new wireline and wireless communication methods, services and standards have been adopted by people throughout the world. This evolution has been accelerating, particularly over the last ten years, during which the mobile radio communications industry has grown by orders of magnitude, fueled by numerous technological advances that have made portable radio equipment smaller, cheaper and more reliable. The exponential growth of mobile telephony will continue to rise in the coming decades as well, as this wireless network interacts with and eventually overtakes the existing wireline networks.
With reference now to FIGURE 1 of the drawings, there is illustrated a Global System for Mobile Communication (GSM) Public Land Mobile Network (PLMN), such as wireless network 10, which in turn is composed of a plurality of areas 12, each with a Mobile Services switching Center (MSC) 14 and an integrated Visitor Location Register (VLR) 16 therein. The MSC/VLR areas 12, in turn, include a plurality of Location Areas (LA) 18, which are defined as that part of a given MSC/VLR area 12 in which a mobile station (MS) 20 may move freely without having to send update location information to the MSC/VLR area 12 that controls the LA 18. Each Location Area 12 is divided into a number of cells 22. Mobile Station (MS) 20 is the physical equipment, e^ ., a car phone or other portable phone, used by mobile subscribers to communicate with the wireless network 10, each other, and users outside the subscribed network, both wireline and wireless.
The MSC 14 is in communication with at least one Base Transceiver Station (BTS) 24. The BTS 24 is the physical equipment, illustrated for simplicity as a radio tower, that provides radio coverage to the geographical part of the cell 22 for which it is responsible. It should be understood that a Base Station Controller (BSC) may be connected to several BTSs 24, and may be implemented as a stand-alone node or integrated with the MSC 14. In either event, the BSC and BTS 24 components, as a whole, are generally referred to as a Base Station System (BSS).
With further reference to FIGURE 1, the PLMN Service Area or wireless network 10 includes a Home Location Register (HLR) 26, which is a database maintaining all subscriber information, e.g., user profiles, current location information, International Mobile Subscriber Identity (IMSI) numbers, and other administrative information. The HLR 26 may be co-located with a given MSC 14, integrated with the MSC 14, or alternatively can service multiple MSCs 14, the latter of which is illustrated in FIGURE 1.
The VLR 16 is a database containing information about all of the Mobile Stations 20 currently located within the MSC/VLR area 12. If a MS 20 roams into a new MSC/VLR area 12, the VLR 16 connected to that MSC 14 will request data about that Mobile Station 20 from its home HLR database 26 (simultaneously informing the HLR 26 about the current location of the MS 20). Accordingly, if the user of the MS 20 then wants to make a call, the local VLR 16 will have the requisite identification information without having to reinterrogate the home HLR 26. In the aforedescribed manner, the VLR and HLR databases 16 and 26, respectively, contain various subscriber information associated with a given MS 20.
Each user in a cellular network, such as the GSM network 10 shown in FIGURE 1, has an International Mobile Subscriber Identity (IMSI) number associated therewith, a unique identity number to uniquely identify each subscriber. As is understood in the art, although the IMSI number itself may be transmitted freely, the secret subscriber key used for generating the authentication response must remain confidential lest an unscrupulous third party impersonate a given subscriber, incurring phone and other charges by virtue of this identity theft. Since the mobile station 20 maintains its identity within a given Location Area 18, e.g., in the VLR 16, the IMSI number need not be transmitted until the subscriber leaves the given LA 18 to another LA 18 within which it is not known. The transmission of the IMSI, even during location updates when the mobile station 20 has moved to a new LA, however, is not done in an effort to avoid the tracking of a subscriber's location and movements by listening to the IMSI (which is not secret). The goal is to protect the subscriber's privacy and integrity.
To thwart obvious eavesdropping of confidential information, GSM employs a Temporary Mobile Subscriber Identity (TMSI) as an alias for the true subscriber identity (IMSI) in order to avoid transmitting the IMSI in clear on the radio path. TMSI numbers are allocated by the network on an LA 18 basis for unambiguously referring to a particular MS 20 therein. This subscriber identity confidentiality is a feature employed in many cellular networks today, e.g., in GSM. TMSI numbers attempt to thwart eavesdroppers from tracking the location or the movements of a subscriber merely by listening in on the communication between the respective BTS 24 and the MS 20. To further prevent tracking, the temporary identity is preferably replaced at every network access, e.g., call, location update, etc. When the TMSI is assigned to the mobile station 20 by the network 10, the TMSI must be transferred from the network to the MS 20. It should be understood that at this moment there is a risk that an eavesdropper may intercept the transfer, thereby being able to couple the TMSI with the particular IMSI which the aliasing TMSI replaces. This interception would also make it possible for the eavesdropper to track the subscriber's location and movements despite the use of TMSI identifiers. To prevent the eavesdropper from intercepting the temporary identity as it is transferred from the network 10 (particularly, the respective MSC 14) to the MS 20, the temporary identity is encrypted during this transfer, thereby preventing the eavesdropper from tracking the subscriber by monitoring the subsequent replacements of temporary identities.
When, however, the TMSI number is used by the MS 20 to identify itself to the network 10, it cannot be encrypted since the network 10, not yet knowing the identity of the subscriber, would not know which encryption key to utilize in decrypting the temporary identity.
It should, therefore, be understood that to effectively fulfill its purpose, the TMSI number must not only be replaced at every network access but it must also be encrypted when transferred from the network to the MS 20, creating a significant amount of signaling across the radio interface and consuming valuable radio resources.
It is, therefore, an object of the present invention to improve subscriber confidentiality by thwarting eavesdropper interception of the temporary identities.
SUMMARY OF THE INVENTION
The present invention is directed to telecommunications systems and methods for preventing the interception of temporary identifiers utilized in network access by and interaction with mobile stations. In a preferred embodiment of the present invention, a mobile station and the subscriber network synchronize a pseudo random number generator, the initial seed value for which is exchanged in encrypted form. Subsequent temporary identifiers for the mobile station are derived from successive values of a pseudo random number generator algorithm or other, like algorithms.
A more complete appreciation of the present invention and the scope thereof can be obtained from the accompanying drawing which is briefly summarized below, the following detailed description of the presently-preferred embodiments of the invention, and the appended claims.
BRIEF DESCRIPTION OF THE DRAWINGS
A more complete understanding of the method and apparatus of the present invention may be obtained by reference to the following Detailed Description when taken in conjunction with the accompanying Drawing, wherein:
FIGURE 1 is a block diagram of a telecommunications system that employs the principles of the present invention.
DETAILED DESCRIPTION OF THE PRESENTLY PREFERRED EXEMPLARY EMBODIMENTS
The present invention will now be described more fully hereinafter with reference to the accompanying drawings, in which preferred embodiments of the invention are shown. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
With reference again to the network 10 of FIGURE 1, a preferred mechanism to safely permit the exchange of temporary identity numbers after each network access is to utilize a series of values that are difficult, if not nearly impossible, to predict. For example, if an eavesdropper listens to a series of temporary identity assignments, they may ascertain a pattern in those assignments and decode the information garnered. To avoid prediction, a series of successive values are needed that can be not only unambiguously calculated independently by both the network 10 and the MS 20, but at the same time are unpredictable to anyone else, i.e., a potential eavesdropper.
One category of number-generating algorithms that satisfies the criteria of unpredictableness is pseudo-random number generators. As the name suggests, a series of seemingly (pseudo) random numbers are created, numbers having no obvious relationship to one another. Instead, the mechanism for creating the numbers employs elaborate calculations to mimic a purely random selection of numbers. Such number generators, however, require a starting or "seed" value, from which a particular series of numbers emanate. In other words, if a network 10 element and the MS 20 employ the same pseudo-random number generator (PRNG) and utilize a common seed value as input, an identical stream of numbers are generated, whereby the network 10 and the MS 20 are in synchronicity. Of course, a different seed value results in a different series of numbers.
With reference again to the network configuration in FIGURE 1 , to synchronize a PRNG algorithm between a network 10 element, e.g., MSC 14, and the MS 20, a seed value is transferred from the network to the MS 20. This transference corresponds to the assignment of the initial temporary identity in conventional systems, and, consequently, the seed value must be encrypted to prevent an eavesdropper from synchronizing their own algorithm with the subscriber's, thereby enabling the eavesdropper to track the subscriber's movements. In this manner, the temporary identity can be changed after every subsequent network access, without the transference of any subsequent information over the radio interface, by simply having the algorithm generate the next number in the pseudo random number series from the common, initial seed value. So long as the network 10 and the mobile station 20 were synchronized with the common seed value, the resulting sequences and identities will match. Although the above solution solves many of the security problems, a practical problem arises in that there is no guarantee as to the uniqueness of the temporary identity, which are normally only locally unique. Preferably, the range of possible values is kept small (to keep the identifier short) and the temporary identities are regularly reused as subscribers come and go through the local area of uniqueness, e.g., the location areas 18 in GSM, as shown in FIGURE 1. The difficulty arises when many subscribers are present within the same LA 18 (or other uniqueness area), each subscriber employing the same instance of the PRNG algorithm. With a new temporary identity being produced after every network access and the pool of such identities being low, over time a new temporary identity number for a given subscriber will be produced that matches that already being utilized by another subscriber in the same area.
One obvious countermeasure against such TMSI conflicts is, of course, to extend the temporary identity, e.g., by adding one or two bits thereto. The intent here is less that of accommodating increasing subscriber numbers, but more that of reducing the risk of creating a temporary identity conflict. It should be understood, however, that although the risk of conflict is reduced by these extension bits, it is not eliminated, leaving the need to cope with the conflict scenario.
One technique, the brute- force approach, is to have the network check every newly produced temporary identity against a list of already occupied temporary identities, which is generally feasible since the number range is typically along the order of only a few hundreds. A simple way to implement this technique to provide fast processing is to have an array with one field for each possible value of the temporary identity. The array would simply contain a flag for each temporary identity value, represented by the value of the corresponding field in the array. This means that to check if value X is occupied, the network simply checks the value of the flag in field number X in the array. If a newly produced temporary identity turns out to be already occupied, the network 10 then lets the algorithm produce the next value in the pseudo random number series. If this value also is occupied, another one is produced until an unoccupied value is produced. The value is then stored in the network, the corresponding field in the array marked 'occupied', and if the network had to skip a number of values in the pseudo random number series (to arrive at an unoccupied value), the mobile terminal is informed of the number of skipped values. The mobile terminal can then skip the same number of values to keep the algorithm synchronized with the network.
There can be different ways to inform the mobile terminal 20 of these skipped values. One way is, of course, an explicit message with this as the sole purpose. This consumes radio resources, but, depending on how much the temporary identity was extended, this message should only have to be sent for a small fraction of the cases. Another way is to include the information as an information element in a message that anyway had to be sent to the mobile terminal during the ongoing procedure.
The extension of the temporary identity also adds to the consumed radio resources, but this is a very small addition compared to what is saved by eliminating the many message exchanges assigning new temporary identities to the mobile terminal at every network access. In addition, the messages to establish the ciphering mode can be eliminated in some cases. For instance, during a location update, the only reason to establish the ciphering mode is to be able to transfer a new temporary identity encrypted to the mobile terminal. Otherwise the network only sends a simple acknowledgment, which does not have to be encrypted. Accordingly, if using the present invention, a new temporary identity can be assigned without establishing the ciphering mode.
Suitable pseudo random number generators for use in the preferred embodiment of the present invention include a lagged Fibonnacci PRNG using addition and another, as yet unnamed, PRNG, both of which are described hereinbelow. The first technique, the lagged Fibonnacci PRNG, employs Fibonacci numbers, i.e., numbers generated from the sum of the two preceding Fibonacci numbers, e.g., Nn = Nn , + Nn_2. In the lagged Fibonacci according to the present invention, however, the nth number in this sequence is calculated as follows:
Nn = (Nn_k - Nn.,) mod M
where k and 1 are the lags (the largest of which should be at least about 1,000 to about 10,000 in order to achieve good results) and M defines the range within which the generated pseudo random numbers are kept. Where the pseudo random numbers are floating point numbers between 0 and 1 , M should be set to 1. In fact, the bit patterns formed by floating point numbers can be utilized to produce temporary identities. For example, the extraction of a number of bits, pursuant to a rule such as starting from the low order bit, from a generated pseudo random number may be used to form a temporary identity number. To avoid roundoff and propagation errors in floating point calculations, integer arithmetic is preferably employed, particularly using a large value of M. Should floating point arithmetic be used, however, both the network and the particular mobile station must use the same number representation (interims of size and structure), as well as the same floating point arithmetic algorithms and roundoff rules.
Another technique, the as yet unnamed one, also produces pseudo random numbers distributed between 0 and 1. The seeds X0, Y0 and Z0 in this alternative embodiment of the present invention are initially set to integer values between 1 and 30,000. The pseudo random numbers Nn are then calculated in this embodiment according to the following:
X„ = 171 * (Xn , MOD 177) - 2 * Xn ,/177 (integer division) Yn = 171 * (Y„ , MOD 176) - 35 * Yn ,/176 (integer division) Z„ = 170 * (Zn l MOD 178) - 63 * Zn ,/l 78 (integer division) IF(Xn<0)Xn=Xn + 30269 IF (Yn<0)Yn=Y„ + 30307 IF (Zπ<0)Zn=Zn + 30323
Using the above formulas, the nth number pursuant to this unnamed technique may be calculated as follows:
Nn = [FLOAT(Xn)/30269 + FLOAT(Yn)/30307 + FLOAT (Zn)/30323) AMOD 1
where the calculations employ floating point division and the operator AMOD means that the output can be fractions of 1. As with the lagged Fibonacci approach, the floating point numbers generated by this algorithm also form bit patterns that can be used to create the desired temporary identities.
Another algorithm that has the desired properties is the so-called "mixture generator" that is used, for example, in RPK cryptographic systems. Mixture generators are used to define private keys and derive public keys, and are useful in encryption and decryption, as is well understood to those skilled in the art. However, the mixture generator, which can be considered a simple finite state or Turing machine, normally produces only one bit at a time, so to produce a bit sequence that can be used as a temporary identifier of length n the mixture generator has to be stepped n times. Alternatively the temporary identities can be derived from the different states of the mixture generator. In the latter case, the mixture generator only has to be stepped once for each temporary identity it generates. The 'seed' for a mixture generator can be defined as a certain number of steps from a predefined initial state. It should be understood that the sequence of outputs generated by the mixture generator will be the same regardless of how the mixture generator happened to arrive at that state. Additionally, as with the aforedescribed Fibonacci and the other technique, the generated outputs are complex and unpredictable in a well- defined sense so as to make it difficult for an eavesdropper or other observer to measure the output sequence and determine the details of the internal state in an effort to predict future outputs, thereby compromising the user's identity and confidentiality in the manner aforedescribed. Further details on the intricacies of mixture generators may be found in numerous treatises, patents and Internet documents on Public Key Cryptography, e.g., various writings by William M. Raike at the website www.rpk.co.nz.
The benefits of the various embodiments for the proposed solution include reducing the control signaling load put on the radio interfaces while maximizing the use of the requisite confidentiality features. In particular, with the exception of the initial "seeding" assignment, a large number of messages needed to assign new temporary identities are eliminated, and in some instances the messages to establish the ciphering mode area is also eliminated. Despite this, the temporary identity can be replaced after every network access, which is not always the case in existing systems since in those systems there is a trade off between the gained privacy and the consumed radio resources.
It should be understood that although the presently preferred embodiments of the instant invention are for use in a GSM system, the principles of the present invention can be used in any cellular system using temporary identities for the purpose of subscriber identity confidentiality.
Although preferred embodiments of the system and method of the present invention have been illustrated in the accompanying drawings and described in the foregoing detailed description, it will be understood that the invention is not limited to the embodiments disclosed, but is capable of numerous rearrangements, modifications and substitutions without departing from the spirit of the invention as set forth and defined by the following claims.

Claims

WHAT IS CLAIMED IS:
1. A telecommunication system providing user identity confidentiality, said telecommunication system comprising: a network providing wireless services to a plurality of users therein; a mobile station in communication with said network; and pseudo random number generator means, within said network and said mobile station, for generating a series of pseudo random number identifiers for said mobile station when accessing said network, said pseudo random number generator means, upon a first access by said mobile station to said network, forwarding a pseudo random number seed value to said network and said mobile station, said network and mobile station being thereafter synchronized, whereby successive access by said mobile station to said network utilizes subsequent ones of said pseudo random number identifiers in said series, thereby providing identity confidentiality to the user of said mobile station.
2. The telecommunication system according to claim 1 , wherein said subsequent ones of said pseudo random number identifiers are successive pseudo random number identifiers in said series.
3. The telecommunication system according to claim 1 , wherein said pseudo random number seed value is encrypted.
4. The telecommunication system according to claim 1 , wherein said pseudo random number generator means employs a lagged Fibonacci pseudo random number generator.
5. The telecommunication system according to claim 4, wherein successive values from said lagged Fibonacci pseudo random number generator are generated using the formula: Nn = (Nn k - Nn.1) mod M
where k and i are lag values and M is a range value.
6. The telecommunication system according to claim 1 , wherein said pseudo random number generator means generates pseudo random numbers substantially pursuant to the following:
Xn = 171 * (Xn , MOD 177) - 2 * Xn ,/l 77 (integer division) Yn = 171 * (Y„ , MOD 176) - 35 * Y„ ,/176 (integer division) Zn = 170 * (Zn , MOD 178) - 63 * Z„ ,/l 78 (integer division)
IF (Xn < 0) Xn= Xn + 30269 IF (Y„ < 0) Yn= Yn + 30307 IF (Z„ < 0) Z„= Z„ + 30323
where X0, Y0 and Z0 are integer seed values between 1 and 30,000, and the nth number is calculated as follows:
Nn = [FLOAT(Xn)/30269 + FLOAT(Yn)/30307 + FLOAT (Z„)/30323) AMOD 1
where AMOD means that Nn may be a fraction of one.
7. The telecommunication system according to claim 1 , wherein said pseudo random number identifiers are derived from floating point numbers.
8. The telecommunication system according to claim 7 , wherein said pseudo random number identifiers are derived from floating point numbers between 0 and 1.
9. The telecommunication system according to claim 1 , wherein said pseudo random number generator means employs integer arithmetic to generate said pseudo random number identifiers.
10. The telecommunication system according to claim 1 , wherein said pseudo random number generator means employs a mixture generator.
11. The telecommunication system according to claim 10, wherein said pseudo random number generator means employs successive states of said mixture generator to derive said pseudo random number identifiers.
12. The telecommunication system according to claim 10, wherein said pseudo random number generator means employs a series of successive bits generated by said mixture generator to derive a respective one of said pseudo random number identifiers.
13. The telecommunication system according to claim 1 , wherein said network is a Mobile Services switching Center.
14. The telecommunication system according to claim 1 , wherein said network comprises a table of temporary identities for a plurality of mobile stations accessing said network, whereby said pseudo random number generator means, after generating a given pseudo random number identifier, determines whether said table indicates that said given pseudo random number identifier therein is being used.
15. The telecommunication system according to claim 14, wherein said table contains a plurality of flags therein in correspondence with said plurality of pseudo random number identifiers, a given one of said flags corresponding to said given pseudo random number identifier and indicating current usage of said given pseudo random number identifier within said network, whereby said pseudo random number generator means, after generating said given pseudo random number identifier, checks the corresponding flag within said table, and whereby if said flag is checked said pseudo random number generator means generates a successive pseudo random number identifier for said mobile station.
16. The telecommunication system according to claim 14, wherein said pseudo random number generator means, after determining that said given flag for said given pseudo random number identifier is checked, generates at least one successive pseudo random number identifier, a skip value being associated with the number of said at least one successive pseudo random number identifiers produced by said pseudo random number generator means, until determining that said table does not contain a last one of said at least one successive pseudo random number identifiers.
17. The telecommunication system according to claim 16 , wherein said skip value is forwarded by said pseudo random number generator means to said mobile station, whereby said network and said mobile station maintain pseudo random number identifier synchronicity, via said pseudo random number generator means, after generation of said at least one successive pseudo random number identifier.
18. The telecommunication system according to claim 16 , wherein said skip value is forwarded by said pseudo random number generator means to said mobile station if greater than zero.
19. In a telecommunications system having a network providing wireless services to a plurality of users therein, a method for providing user identity confidentiality within said telecommunication system, said method comprising the steps of: generating, by a pseudo random number generator means upon a first access by a mobile station to said network, a pseudo random number seed value; forwarding said pseudo random number seed value, by said pseudo random number generator means, to said network and said mobile station; and generating, by said pseudo random number generator means, based upon said pseudo random number seed value, a series of pseudo random number identifiers for said mobile station when subsequently accessing said network, whereby said network and said mobile station are synchronized for said accessing, thereby providing identity confidentiality to the user of said mobile station.
20. The method according to claim 19, wherein said step of forwarding said pseudo random number seed value further comprises the step of: encrypting said pseudo random number seed value.
21. The method according to claim 19, wherein, in said generating steps, said pseudo random number generator means generates said series of pseudo random number identifiers using a lagged Fibonacci pseudo random number generator.
22. The method according to claim 21 , wherein successive values from said lagged Fibonacci pseudo random number generator are generated using the formula: Nn = (Nn_k - Nn_,) mod M
where k and i are lag values and M is a range value.
23. The method according to claim 19, wherein said pseudo random number generator means generates pseudo random numbers substantially pursuant to the following:
Xn = 171 * (Xn , MOD 177) - 2 * Xn ,/177 (integer division) Yn = 171 * (Yn l MOD 176) - 35 * Y„ ,/l 76 (integer division) Zn = 170 * (Z„., MOD 178) - 63 * Z„ ,/178 (integer division)
IF (X„ < 0) Xn= Xn + 30269 IF (Yn < 0) Yn= Yn + 30307 IF (Z„ < 0) Zn= Zn + 30323
Owhere X0, Y0 and Z0 are integer seed values between 1 and 30,000, and the nth number is calculated as follows:
Nn = [FLOAT(Xn)/30269 + FLOAT(Yn)/30307 + FLOAT (Zn)/30323) AMOD 1
where AMOD means that Nn may be a fraction of one.
24. The method according to claim 19, wherein, in said step of generating said series of pseudo random number identifiers, said pseudo random number identifiers are derived from floating point numbers.
25. The method according to claim 24, wherein said pseudo random number identifiers are derived from floating point numbers between 0 and 1.
26. The method according to claim 19, wherein, in said step of generating said series of pseudo random number identifiers, said pseudo random number generator means employs integer arithmetic to generate said pseudo random number identifiers.
27. The method according to claim 19, wherein, in said step of generating said series of pseudo random number identifiers, said pseudo random number generator means employs a mixture generator.
28. The method according to claim 27, wherein said pseudo random number generator means, in said step of generating said series of pseudo random number identifiers, employs successive states of said mixture generator to derive said pseudo random number identifiers.
29. The method according to claim 27, wherein said pseudo random number generator means, in said step of generating said series of pseudo random number identifiers, employs a series of successive bits generated by said mixture generator to derive a respective one of said pseudo random number identifiers.
30. The method according to claim 19, wherein said first access by said mobile station is to a Mobile Services switching Center.
31. The method according to claim 19, further comprising the step of: accessing, within said network, a table of temporary identities for a plurality of mobile stations accessing said network, whereby said pseudo random number generator means, after generating a given pseudo random number identifier, determines whether said table indicates that said given pseudo random number identifier therein is being used.
32. The method according to claim 31, wherein said step of accessing said table further comprises accessing a plurality of flags contained therein, said flags being in correspondence with said plurality of pseudo random number identifiers, a given one of said flags corresponding to said given pseudo random number identifier and indicating current usage of said given pseudo random number identifier within said network, whereby said pseudo random number generator means, after generating said given pseudo random number identifier, checks the corresponding flag within said table, and whereby if said flag is checked said pseudo random number generator means generates a successive pseudo random number identifier for said mobile station.
33. The method according to claim 31, wherein said step of accessing said table comprises said pseudo random number generator means, after determining that said given flag for said given pseudo random number identifier is checked, generating at least one successive pseudo random number identifier, a skip value being associated with the number of said at least one successive pseudo random number identifiers produced by said pseudo random number generator means, until determining that said table does not contain a last one of said at least one successive pseudo random number identifiers.
34. The method according to claim 33, wherein, in said step of accessing, said skip value is forwarded by said pseudo random number generator means to said mobile station, whereby said network and said mobile station maintain pseudo random number identifier synchronicity, via said pseudo random number generator means, after generation of said at least one successive pseudo random number identifier.
35. The method according to claim 33 , wherein said skip value is forwarded by said pseudo random number generator means to said mobile station if greater than zero.
PCT/SE1999/002019 1998-11-12 1999-11-08 System and method for secured transference of temporary mobile subscriber information WO2000030391A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP99958568A EP1129594A1 (en) 1998-11-12 1999-11-08 System and method for secured transference of temporary mobile subscriber information
AU15907/00A AU1590700A (en) 1998-11-12 1999-11-08 System and method for secured transference of temporary mobile subscriber information
JP2000583285A JP2002530960A (en) 1998-11-12 1999-11-08 System and method for secure transfer of temporary subscriber information

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US19101698A 1998-11-12 1998-11-12
US09/191,016 1998-11-12

Publications (1)

Publication Number Publication Date
WO2000030391A1 true WO2000030391A1 (en) 2000-05-25

Family

ID=22703785

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE1999/002019 WO2000030391A1 (en) 1998-11-12 1999-11-08 System and method for secured transference of temporary mobile subscriber information

Country Status (5)

Country Link
EP (1) EP1129594A1 (en)
JP (1) JP2002530960A (en)
CN (1) CN1333987A (en)
AU (1) AU1590700A (en)
WO (1) WO2000030391A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1578155A2 (en) * 2004-03-16 2005-09-21 Broadcom Corporation Integration of secure identification logic into cell phone
WO2007095473A1 (en) * 2006-02-10 2007-08-23 Qualcomm Incorporated Signaling with opaque ue identities
EP2456242A1 (en) * 2010-11-23 2012-05-23 Alcatel Lucent Communication involving a network and a terminal
WO2013087318A1 (en) * 2011-12-16 2013-06-20 Telefonaktiebolaget L M Ericsson (Publ) Circuit switched fallback proxy
AU2011260987B2 (en) * 2010-08-12 2014-06-05 Huawei Technologies Co., Ltd. Method and system for accessing network

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100353786C (en) * 2003-07-25 2007-12-05 华为技术有限公司 Message tracing method for mobile subscriber
JP4587229B2 (en) * 2007-04-12 2010-11-24 Necアクセステクニカ株式会社 Facsimile data transmission / reception system, facsimile apparatus and facsimile data transmission / reception method

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0028273A1 (en) * 1979-11-03 1981-05-13 PATELHOLD Patentverwertungs- &amp; Elektro-Holding AG Method and device for generating secret keys
EP0397384A1 (en) * 1989-05-04 1990-11-14 Nortel Networks Corporation Sequence synchronisation
US5185796A (en) * 1991-05-30 1993-02-09 Motorola, Inc. Encryption synchronization combined with encryption key identification
US5412730A (en) * 1989-10-06 1995-05-02 Telequip Corporation Encrypted data transmission system employing means for randomly altering the encryption keys
US5740247A (en) * 1995-12-22 1998-04-14 Pitney Bowes Inc. Authorized cellular telephone communication payment refill system
DE1803062C1 (en) * 1968-10-15 1999-02-25 Telefunken Patent Synchronisation device for random number generators
WO1999030787A1 (en) * 1997-12-12 1999-06-24 Zach Robert W Wagering system with improved communication between host computers and remote terminals

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE1803062C1 (en) * 1968-10-15 1999-02-25 Telefunken Patent Synchronisation device for random number generators
EP0028273A1 (en) * 1979-11-03 1981-05-13 PATELHOLD Patentverwertungs- &amp; Elektro-Holding AG Method and device for generating secret keys
EP0397384A1 (en) * 1989-05-04 1990-11-14 Nortel Networks Corporation Sequence synchronisation
US5412730A (en) * 1989-10-06 1995-05-02 Telequip Corporation Encrypted data transmission system employing means for randomly altering the encryption keys
US5185796A (en) * 1991-05-30 1993-02-09 Motorola, Inc. Encryption synchronization combined with encryption key identification
US5740247A (en) * 1995-12-22 1998-04-14 Pitney Bowes Inc. Authorized cellular telephone communication payment refill system
WO1999030787A1 (en) * 1997-12-12 1999-06-24 Zach Robert W Wagering system with improved communication between host computers and remote terminals

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1578155A2 (en) * 2004-03-16 2005-09-21 Broadcom Corporation Integration of secure identification logic into cell phone
WO2007095473A1 (en) * 2006-02-10 2007-08-23 Qualcomm Incorporated Signaling with opaque ue identities
EP2437460A1 (en) * 2006-02-10 2012-04-04 Qualcomm Incorporated Signaling with opaque UE identities
US8195943B2 (en) 2006-02-10 2012-06-05 Qualcomm Incorporated Signaling with opaque UE identities
US9154464B2 (en) 2006-02-10 2015-10-06 Qualcomm Incorporated Obscuring temporary user equipment identities
AU2011260987B2 (en) * 2010-08-12 2014-06-05 Huawei Technologies Co., Ltd. Method and system for accessing network
EP2456242A1 (en) * 2010-11-23 2012-05-23 Alcatel Lucent Communication involving a network and a terminal
WO2012069233A1 (en) * 2010-11-23 2012-05-31 Alcatel Lucent Communication involving a network and a terminal
WO2013087318A1 (en) * 2011-12-16 2013-06-20 Telefonaktiebolaget L M Ericsson (Publ) Circuit switched fallback proxy

Also Published As

Publication number Publication date
CN1333987A (en) 2002-01-30
AU1590700A (en) 2000-06-05
EP1129594A1 (en) 2001-09-05
JP2002530960A (en) 2002-09-17

Similar Documents

Publication Publication Date Title
EP0506637B1 (en) Cellular verification and validation system
KR0181566B1 (en) Method and apparatus for efficient real-time authentication and encryption in a communication system
EP0788688B1 (en) Method and apparatus for secure identification of a mobile user in a communication network
CA2087433C (en) Method for authentication and protection of subscribers in telecommunication systems
EP0856233B1 (en) Subscriber authentication in a mobile communications system
EP0841770B1 (en) Method for sending a secure message in a telecommunications system
US6373949B1 (en) Method for user identity protection
KR101170029B1 (en) A self-synchronizing authentication and key agreement protocol
KR20040004925A (en) Wireless local area network system with a guarantee of users&#39; anonymity and method of guaranteeing users&#39; anonymity therein
GB2297016A (en) Identity confidentiality using public key encryption in radio communication
CN101420686B (en) Industrial wireless network security communication implementation method based on cipher key
EA014148B1 (en) Method and system for providing a mobile ip key
CN101641935A (en) Power distribution system secure access communication system and method
CN110475247A (en) Message treatment method and device
CN110212991B (en) Quantum wireless network communication system
WO2000030391A1 (en) System and method for secured transference of temporary mobile subscriber information
KR100320322B1 (en) Improved security in cellular telephones
US7515713B2 (en) Secure generation of temporary mobile station identifiers
KR100321716B1 (en) Key authentication method in authentication system
Zahednejad et al. A novel and efficient privacy preserving TETRA authentication protocol
JP2000184452A (en) Cipher communication equipment
GB2388282A (en) Secure communication between mobile terminals using private public key pairs stored on contactless smartcards
Duraiappan et al. Improving Speech Security and Authentication in Mobile Communications
Suri et al. SECURITY ASPECTS IN GSM AND ITS FLAWS
Ateniesey et al. On traveling incognito

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 99815600.0

Country of ref document: CN

ENP Entry into the national phase

Ref document number: 2000 15907

Country of ref document: AU

Kind code of ref document: A

AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
ENP Entry into the national phase

Ref document number: 2000 583285

Country of ref document: JP

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 1999958568

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1999958568

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWW Wipo information: withdrawn in national office

Ref document number: 1999958568

Country of ref document: EP