WO2001086883A2 - Procede et appareil de translation d'identificateurs d'adresse de reseau lies a des stations mobiles - Google Patents

Procede et appareil de translation d'identificateurs d'adresse de reseau lies a des stations mobiles Download PDF

Info

Publication number
WO2001086883A2
WO2001086883A2 PCT/US2001/014685 US0114685W WO0186883A2 WO 2001086883 A2 WO2001086883 A2 WO 2001086883A2 US 0114685 W US0114685 W US 0114685W WO 0186883 A2 WO0186883 A2 WO 0186883A2
Authority
WO
WIPO (PCT)
Prior art keywords
nai
mobile station
network
mobile
gateway router
Prior art date
Application number
PCT/US2001/014685
Other languages
English (en)
Other versions
WO2001086883A3 (fr
Inventor
Senthil Sengodan
Rajesh C. Bansal
Original Assignee
Nokia Internet Communications Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Internet Communications Inc. filed Critical Nokia Internet Communications Inc.
Priority to AU2001261239A priority Critical patent/AU2001261239A1/en
Publication of WO2001086883A2 publication Critical patent/WO2001086883A2/fr
Publication of WO2001086883A3 publication Critical patent/WO2001086883A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2854Wide area networks, e.g. public data networks
    • H04L12/2856Access arrangements, e.g. Internet access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/30Managing network names, e.g. use of aliases or nicknames
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4557Directories for hybrid networks, e.g. including telephone numbers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/58Caching of addresses or names
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/30Types of network names
    • H04L2101/395Internet protocol multimedia private identity [IMPI]; Internet protocol multimedia public identity [IMPU]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/04Network layer protocols, e.g. mobile IP [Internet Protocol]

Definitions

  • This invention relates to translating identity information of a first network to identity information of a second network and, more particularly, to a method and apparatus for translating the authenticated identity provided by a mobile station for purposes of interconnect to a mobile network, to an identity used to identify at least one user on a public packet data network (PDN).
  • PDN public packet data network
  • Dialup users of data networks that use the Point-to-point Protocol make use of a unique identifier, such as a Network Address Identifier (NAI) for user identification.
  • NAI Network Address Identifier
  • the NAI is also used in situations where a user dials an Internet Service Provider, or (ISP) which connects the user to a home network.
  • ISP Internet Service Provider
  • the user dials into a Network Access Server (NAS) belonging to an ISP that is conveniently near the user, and the ISP then provides access to a home network.
  • NAS Network Access Server
  • a home network is a network that recognizes the NAI as belonging to a user who has contracted for services related to a packet data network (PDN), e.g. the internet.
  • PDN packet data network
  • the user's NAI is used in a challenge/response authentication between the user's equipment and the Remote Access Server (RAS), which operates as a gateway into the host ISP home network and as a key to accessing services provided by the home network.
  • RAS Remote Access Server
  • the user connects by modem through local loop wiring to communicate to a NAS in the vicinity of the user. Entry of an identifier and a password has been treated as a routine requirement to access the services of the home data network.
  • Such services may include, Hypertext Transport Protocol (HTTP), File Transfer Protocol (FTP), e- mail and other services associated with intranet and internet connectivity.
  • HTTP Hypertext Transport Protocol
  • FTP File Transfer Protocol
  • e- mail other services associated with intranet and internet connectivity.
  • Fig. 1 depicts the prior art way of dialing up a remote ISP via a local access point.
  • Terminal 101 uses a modem to access the dialup network 103.
  • PPP Point-to-point Tunneling Protocol
  • PAC Point-to-point Access Concentrator
  • L2TP Layer 2 Tunneling Protocol
  • the NAS 105 establishes a tunnel using nodes of a TCP/IP network 107, wherein the NAS 105 gets two-way communication to a Remote Access Server (RAS) 109.
  • RAS Remote Access Server
  • the RAS 109 may challenge the terminal for identifying information such as a user ID and a password. If the terminal provides correct identifying information, i.e. that which matches data stored by the home data network, access is granted to the home data network 11 1.
  • Cellular system users have encountered a similar problem, wherein it is desirable to give a cellular user access to cellular service while roaming distant from a network that the user has a contract for service with. Such roaming may occur state to state, or country to country.
  • Cellular systems make use of a unique identifier, e.g. International Mobile Station Identity (IMSI), or a Mobile identifier Number (MIN) to obtain access on home cellular systems and on roaming cellular systems.
  • IMSI International Mobile Station Identity
  • MIN Mobile identifier Number
  • the challenge/response typically entails the unique identifier being transmitted from cellular phone to the cellular network, wherein a centralized authentication database creates a challenge dependent on the unique identifier. If the cellular phone creates a response to match the challenge, service is provided, wherein the service is limited to telephony traffic carried over the cellular system, both radio and wired, near to the cellular phone, which is a type of mobile station.
  • ITSI Individual Tetra Subscriber Identity
  • a challenge/response method is used to determine if service is granted.
  • a system of challenges and responses has required conscious effort by the user to give a user ID, for purposes of access to a packet data network through a RAS.
  • GPRS General Packet Radio Service
  • IMSI a unique identifier is stored in the mobile station
  • IMSI an authentication mechanism for authenticating the mobile station.
  • a user of a GPRS mobile station has needed to manually trigger transmittal from the mobile station of a user ID for purposes of accessing a packet data network through a RAS.
  • GPRS General Packet Radio Service
  • GSM Global System for Mobiles
  • GPRS Internet Protocol
  • IP Internet Protocol
  • GPRS makes sparing use of network and radio resources, i.e. a GPRS mobile station uses radio resources only when there is data to be sent or received. Because GPRS uses resources only when a packet is sent, it allows end user applications to only occupy the network when a payload is being transferred, and so is well adapted to the very bursty nature of data applications.
  • Another important feature of GPRS is that it provides immediate connectivity and high throughput, once the mobile station is powered up and authenticated to the IP network provider, which may be an ISP or a corporate Virtual Private Network (VPN) among others.
  • IP network provider which may be an ISP or a corporate Virtual Private Network (VPN) among others.
  • a pool of modems has been available to receive the data calls of a itinerant laptop user.
  • the NAS is able to "tunnel", sometimes using a secure protocol, through a packet data network, like a TCP/IP network, to the RAS.
  • the analog to the NAS in a GPRS network is the Gateway GPRS Support Node (GGSN).
  • GGSN Gateway GPRS Support Node
  • the GGSN tunnels through the TCP/IP network to a RAS.
  • the RAS unless it is a free resource open to all, authenticates the originator of the communication, whether the originator be a laptop user or mobile station.
  • a wireless network is a network that can support a mobile station that communicates to the WN through a wireless link.
  • the WN has one or more fixed nodes that operate for common carriage of the mobile station's voice and data, either between subscribers, or to a land based network, such as a Public Switched Telephone Network (PSTN).
  • PSTN Public Switched Telephone Network
  • a WN may also have one or more gateways to a land based packet data network operating using, e.g. internet protocols (IP) to interconnect nodes. Such gateways may communicate to a Remote Access Server (RAS) of a host ISP of a user. Such gateways may communicate to a RAS of a corporate Virtual Private Network (VPN).
  • IP internet protocols
  • RAS Remote Access Server
  • VPN corporate Virtual Private Network
  • Both of the above networks typically are able to route to external packet- switched data networks one-way or two-way traffic flows from a mobile station.
  • such wireless networks may authenticate a mobile subscriber identity which is communicated for the mobile station to the network.
  • the mobile subscriber identity is the IMSI.
  • the mobile subscriber identity is the ITSI.
  • the data for the mobile subscriber identity may be stored in a permanent fashion in a Subscriber Identity Module (SIM) that is removable from the larger mobile station.
  • SIM Subscriber Identity Module
  • Some wireless systems under some circumstances, may provide a mobile station with a Temporary Mobile Subscriber Identity (TMSI).
  • TMSI may be stored at the mobile station, and transmitted from the mobile station to obtain various services. This is also a type of mobile subscriber identity.
  • the internet which is an example of a packet data network, has evolved separately from networks that support mobile stations, e.g. the cellular networks.
  • Internet, and other data packet networks have been geared toward connecting to terminals that are intermittently on, and seldom moved, whereas cellular networks are geared toward mobile stations that are always on, and frequently moved.
  • Internet terminals have typically been large, and equipped with fast CPUs and prodigious local data storage.
  • Cellular mobile stations are usually small, have modest CPUs and very little data storage.
  • hand entry of alphanumeric mnemonics has been the first step in any session for accessing services available over a packet data network, whereas cellular mobile station identities have historically been numeric, and embedded within the hardware of the cellular mobile station for automatic retrieval.
  • Internet identities may be fanciful, and suggest attributes a user either does not have, or aspires to have.
  • Cellular mobile station identities typically are unchanging, impersonal, and have been historically intended to thwart fraud of any kind.
  • Storage of customer records in ISPs has been in a myriad of start-up entities that own equipment, typically in a small region.
  • Storage of customer records in cellular networks has been in a limited number of state-wide, and nation-wide wireless carriers that are usually well financed. ISPs are subject to limited government control in most jurisdictions, whereas wireless carriers are subject to approval by national government bodies prior to operation.
  • a method of caching a Network Address Identifier (NAI), relating to a mobile station is disclosed.
  • a wireless network node receives a NAI encoded in a packet.
  • the wireless network node caches the NAI for retrieval in connection with mobile station data traffic.
  • the wireless network node also encapsulates the NAI for use in communication with a packet data network.
  • An embodiment of the invention discloses a GPRS system having a wireless authenticator.
  • the wireless authenticator may provide services to authenticate a mobile station to a local wireless system operator or to a remote wireless system operator.
  • the wireless authenticator may receive messages that carry the International Mobile Station Identity (IMSI) of a mobile station.
  • IMSI International Mobile Station Identity
  • the wireless authenticator looks up in a database to see if there is a matching user identifier to the IMSI.
  • the user identifier may be used to provide identity information of the mobile station to a Remote Access Server (RAS) across a packet network. If there is a user ' identifier that corresponds to the IMSI, the user identifier is transmitted from the wireless authenticator to a wireless network node that is proximal to a gateway router.
  • RAS Remote Access Server
  • a tunnel which may have security features, is formed between the gateway router, and a RAS, if the operator of the mobile station requests connectivity to the RAS.
  • the operator of the mobile station benefits in that when communications to the RAS begin, the wireless network node transparently provides sufficient identifying information to the RAS, that the RAS need only query the user for a password to completely authenticate the user for access to services of the RAS.
  • the wireless network node in this case, is proximal to the gateway router.
  • the wireless network and the RAS may be sufficient to provide access to the RAS without need to challenge a user for a password.
  • the knowledge by the RAS of the identity of the wireless network, and the user identifier provided through the wireless network may be sufficient to remove all speed-bumps between a user of a mobile subscriber, and the data services provided by the RAS.
  • the wireless authenticator may provide services to authenticate a mobile station to a local wireless system operator or to a remote wireless system operator.
  • the wireless authenticator may provide functionality of an Individual Subscriber Home Database (l-HDB).
  • the wireless authenticator may receive messages that carry the Individual TETRA Subscriber Identity (ITSI) of a mobile station.
  • the wireless authenticator looks up in a database to see if there is a matching Network Address Identity (NAI) or user identifier to the IMSI.
  • NAI Network Address Identity
  • the user identifier may be used to provide identity information of the mobile station to a Remote Access Server (RAS) across a packet network.
  • RAS Remote Access Server
  • the user identifier is transmitted from the wireless authenticator to a wireless network node that is proximal to a gateway router.
  • a tunnel which may have security features, is formed between the gateway router, and a RAS, if the operator of the mobile station requests connectivity to the RAS.
  • the operator of the mobile station benefits in that when communications to the RAS begin, the wireless network node transparently provides sufficient identifying information to the RAS, that the RAS need only query the user for a password to completely authenticate the user for access to services of the RAS. In this case, the wireless network node is proximal to the gateway router.
  • one or more of the disclosed embodiments provides a way to transmit a user ID, e.g. a Network
  • Another advantage provided by one or more embodiments of the invention is the reduction of wireless airtime devoted to establishing identity of a mobile station to the satisfaction of a Remote Access Server (RAS), as compared to what occurs when a user of a mobile station transmits identity to the RAS or other network element of the Internet Service Provider (ISP) or Virtual Private Network (VPN).
  • RAS Remote Access Server
  • ISP Internet Service Provider
  • VPN Virtual Private Network
  • Yet another advantage provided by one or more embodiments of the invention is that the loss of a mobile station does not render a user ID vulnerable to detection based on storage within the mobile station.
  • the mobile station need not store the user ID, since the invention places responsibility for storage of the user ID on a typically fixed device, typically owned by the wireless system network operator.
  • a typically fixed device typically owned by the wireless system network operator.
  • an improved level of data security is achieved since one of the keys, or prerequisites to access, resides remote from the mobile station.
  • Yet another advantage provided by one or more embodiments of the invention is that a user of a mobile station is freed from the need to remember, key in correctly, and dispatch a user identifier to become authenticated to a packet data network provider, e.g. a TCP/IP service provider.
  • Figure 1 depicts a block diagram of a dial-up connection of a roaming client to a home data network according to the prior art
  • Figure 2 depicts a block diagram according to an embodiment of the invention of a mobile station communicating to a remote access server
  • Figure 3 depicts a block diagram according to an embodiment of the invention of a mobile station communicating with a remote access server through a Terrestrial Trunked Radio (TETRA) network.
  • TETRA Terrestrial Trunked Radio
  • Fig. 2 illustrates an embodiment of the invention for a mobile station 201 equipped to operate using packet radio.
  • the mobile station 201 may use the signaling of General Packet Radio Service (GPRS) to establish connectivity to its local wireless carrier, e.g. the owner or operator of a wireless network.
  • GPRS General Packet Radio Service
  • the mobile station must be provisioned in an authentication database of the wireless carrier for which a service contract is established.
  • HLR Home Location Register
  • HLR 209 Among the functions of a HLR 209 are authenticating a communication from a mobile station bearing a unique identifier such as an International Mobile Subscriber Identity (IMSI), or a Mobile Identification Number (MIN).
  • IMSI International Mobile Subscriber Identity
  • MIN Mobile Identification Number
  • the HLR 209 stores the unique identifier for each mobile station that for which the wireless carrier has a service contract. Such information is stored in a storage device, which may be nonvolatile storage such as magnetic media.
  • the authentication database, or modified HLR 209 of the embodiment of the invention includes additional data, i.e. a relation for a IMSI to at least one unique identifier of a user for the packet data network, which may be a Network Address Identifier (NAI).
  • NAI Network Address Identifier
  • Such a NAI has many features in common with IP e-mail addresses, such as the NAI may be formed to use the domain name portion of a e-mail address of the SMTP.
  • the authentication database 209 may distribute a NAI while the mobile station 201 operates in the coverage area of the wireless carrier, sometimes called a home cellular network 221 .
  • the HLR 209 may provide the NAI while the mobile station is roaming in a distant coverage area of a second wireless carrier, sometimes called a visited cellular network 223. The timing of messages that occur in the embodiment will now be discussed.
  • the embodiment uses GPRS messages, which are prior art, except that the messages are enhanced by the embodiment to carry additional data shown in Table 1.
  • Table 1 shows the additional parameter that is new with this embodiment. Some rows for the standard GPRS parameters are omitted for clarity in Table 1.
  • the sequence of messages may be carried out in situations where the mobile has recently powered up; when handing-over to a second cell in the network of the same wireless carrier; or when handing-over to a second cell of a second wireless carrier.
  • a mobile station 201 transmits a ATTACH_REQUEST message 251 packet according to GPRS.
  • the ATTACH_REQUEST message 251 is addressed to a wireless network node known as the Serving GPRS Support Node (SGSN) 207.
  • the ATTACH_REQUEST message 251 may be received and retransmitted by several intermediary wireless network nodes, such as a Base Transceiver Station (BTS) 203, and a Base Station Controller (BSC) 205.
  • the ATTACH_REQUEST message 251 carries the mobile subscriber's International Mobile Subscriber Identity (IMSI) or other mobile subscriber identity.
  • IMSI International Mobile Subscriber Identity
  • the SGSN 207 transmits a LOCATIONJJPDATE message 252 to the Home Location Register (HLR) 209 of the wireless carrier that the mobile station 201 has a service contract with.
  • the LOCATION_UPDATE message 252 contains the unique identifier of the mobile station, in the case of this embodiment, the IMSI.
  • the embodiment of the invention uses a NAI retriever, that is an improved HLR 209, so that the HLR looks up the correspondence of the IMSI to a NAI within a storage device located nearby. If a match is found, the HLR 209 sends the NAI embedded within a INSERT_SUBSCRIBER_DATA message 253, as formatted according to Table 1. Additional parameters may be embedded in the message 253.
  • the SGSN 207 receives the message 253.
  • the storage device may be a single disk drive housed within a cabinet, or it may be several disk drives housed in modular racks in a common building with a CPU of the authentication database 209.
  • the HLR may support look-up of NAIs by storing, maintaining, retrieving and transmitting the data concerning correspondence of NAIs to unique mobile IDs.
  • a HLR configured in such a way, i.e. populated with data showing mobile IDs matched to network address identifiers, is called a NAI retriever.
  • Other wireless network nodes may operate as NAI retrievers in systems other than GPRS.
  • the NAI retriever is essentially a networked database, which is used to provide identity data for granting of service to networks beyond the wireless network.
  • the NAI retriever may be geographically remote from the mobile station. It may communicate securely to the SGSN.
  • the NAI retriever may have a transceiver such as a 10-base-T transceiver to transmit packets onto a link to the packet data network.
  • the transceiver may operate to receive packets routed to the NAI retriever.
  • the transceiver may be a transceiver to transmit and receive electrical signals.
  • the transceiver may be a transceiver to transmit and receive optical signals.
  • a CPU operates to filter inputs appearing through the transceiver so that data may be stored or retrieved from a non-volatile storage.
  • the NAI retriever's primary function is data storage and retrieval, as opposed to reception and routing of voice and data, which is the principal function of devices such as BTSs and BSCs, e.g. BTS 203, and BSC 205.
  • both wireless authentication data, and packet data network authentication data may be looked up by a single lookup in the database.
  • a responsive GPRS message from the HLR 209 may grant access for the wireless network, and operate to carry a user ID such as the NAI to a node such as the SGSN 207 for caching.
  • the SGSN 207 of the embodiment may store or cache the NAI that matches the IMSI in local storage.
  • the Gateway GPRS Support Node (GGSN) 211 may cache the NAI in a local storage device.
  • Such storage may persist until the mobile is powered off, or leaves the vicinity of BTSs that are served by the SGSN 207.
  • Storage of the NAI may be in locations of volatile memory, such as, e.g. RAM.
  • the SGSN 207 may send a ATTACH_ACCEPT 254 to the mobile station 201.
  • the SGSN 207 may forward data from the mobile station 201 to a RAS 213 via Gateway GPRS Support Node (GGSN) 211 , wherein GGSN encapsulates the data into packets that may carry the NAI to the RAS 213 across a packet data network.
  • GGSN Gateway GPRS Support Node
  • the GGSN may include a transceiver such as a 10-base-T transceiver to transmit packets onto a link to the packet data network.
  • the packet data network may receive and forward packets according to internet protocols, or X.25 standards.
  • the GGSN 211 may encapsulate by using Open
  • the GGSN 211 operates as a gateway router.
  • a gateway router has physical connections to wireless network nodes, as well as to nodes not a part of the wireless network.
  • the SGSN is proximal to the GGSN in that there are no intermediate packet routers between them. Further communications from the mobile subscriber to the packet data network, which bear the IMSI, may be converted at SGSN or GGSN by encapsulating the data with the NAI previously obtained from the HLR. This may be done for as long as the NAI is cached.
  • NAI is cached in local storage
  • the gateway router permits the gateway router to locally look up the information concerning which NAI relates to which mobile station. This eliminates the need to frequently obtain the NAI across a series of links, which would be considered a remote look up.
  • a cache of NAIs in local storage reduces the size of the local database needed to list the NAIs for mobile stations that are served by the gateway router, and which are currently, or recently active in the wireless network served by the gateway router.
  • Authentication of the mobile subscriber at the RAS may be accomplished based upon a NAI.
  • One situation in which it is desirable to encapsulate the NAI in a packet traversing the tunnel from GGSN 211 to RAS 213 would be in an authentication protocol wherein the RAS challenges the mobile station 201 for a unique identifier.
  • a RAS 213 could generate such a challenge upon receiving the first packet from the SGSN 207 that carries a NAI of the mobile subscriber 201.
  • SGSN 207 may forward such a challenge message for transmission to the mobile subscriber 201.
  • the mobile subscriber may respond with an appropriate password.
  • Completed authentication between RAS 213 and mobile station 201 may occur when the response is carried to the RAS 213 encapsulated by the GGSN 211 , and the RAS 213 or other supporting node confirms a good match with the records of the service provider e.g. a virtual private network, or a internet service provider.
  • the service provider e.g. a virtual private network, or a internet service provider.
  • the GGSN does not need to cause additional network traffic to look up the NAI. This is because according to the embodiment, the NAI is cached locally, so that the GGSN may locally look up the NAI when a packet, bound for the public data network, needs the NAI, as would occur when tunneling.
  • the embodiment of the invention provides for enhancements to the INSERT_SUBSCRIBER_DATA message 253, wherein the enhancements change the message from how it is currently specified in ETS 300 974, "Digital Cellular Telecommunications System (Phase 2+); Mobile Application Part (MAP) specification", European Telecommunications Standards Institute (ETSI), August 1998.
  • the embodiment of the invention provides for an additional payload space of Network Address Identifier (NAI).
  • NAI Network Address Identifier
  • the availability of a wireless data node, such as the HLR 209, configured to create and transmit such an enhanced message 253, and the availability of a SGSN 207 to receive and parse such a message is helpful to the implementation of the embodiment.
  • Such a reliance on a framework of messages largely specified in existing standards, reduces the need to implement additional messages, with the attendant network signaling overhead.
  • the Terrestial Trunked Radio mobile subscribers rely currently on Individual TETRA Subscriber Identity (ITSI) for authentication between mobile station and wireless network.
  • ITSI Individual TETRA Subscriber Identity
  • the TETRA-based embodiment uses an existing framework of wireless network nodes and messages.
  • the TETRA-based embodiment provides enhancements to some nodes and messages to position a cache of mobile ID to NAIs at a wireless network node proximal to a gateway router.
  • Fig. 3 shows a wireless network according to TETRA.
  • the mobile subscriber is said to be roaming. If the cell in to which the mobile subscriber has moved is on a second SwMI 313, the mobile subscriber is said to have migrated.
  • the databases of mobile IDs and NAIs may be stored in a Individual Subscriber Home Database (l-HDB).
  • the l-HDB is a part of the home SwMI 317.
  • TETRA messaging formats are specified in ETSI standards, specifically ETS 300 392 3-5: Terrestial Trunked Radio; Voice plus Data (V+D); Part 3: Interworking at Inter-System Interface (ISI); Sub-part 5: Additional Feature for Mobility Management (ANF-ISIMM).
  • the existing framework of authenticating a mobile subscriber by the wireless network comprises six messages, wherein the mobile subscriber has migrated from its home SwMI to a visited SwMI: 1 ) U-LOCATION UPDATE DEMAND PDU 301 ;
  • FIG. 3 shows the architecture of two TETRA SwMIs that support the
  • Mobile station 311 initiates communication to a visited SwMI 313 using U-LOCATION UPDATE DEMAND PDU 301.
  • Visited SwMI 313 transmits to ANF-ISIMM 315 the Migration_request primitive 302.
  • ANF-ISIMM 315 locates the Home SwMI 317, and generates a Migrationjndication primitive 303 to the Home SwMI 317.
  • the Home SwMI comprises at least one NAI retriever, wherein data is stored such as the mobile user IDs, made up of ITSIs, and corresponding NAIs where a mobile station subscribes to an ISP or VPN.
  • the SwMI dispatches a Migration_response primitive 304 that carries the NAI providing a NAI is found by the NAI retriever that matches any ITSI previously sent in the Migrationjndication primitive 303.
  • ANF-ISIMM retransmits the Migration_response primitive 304 as a Migration_confirm primitive 305, also carrying the NAI, if available from the Migration_response primitive 304.
  • the Visited SwMI 313 may store the NAI locally for the duration that the mobile station operates on the Visited SwMI network 313.
  • a wireless node in the visited SwMI 313 may cache the NAI.
  • the wireless node may then encapsulate the NAI in a communication through the packet data network 321 , and initiate a tunnel 323 to a RAS 325.
  • RAS 325 may challenge the mobile subscriber for a password, which may be based on a NAI transmitted over the tunnel.
  • Access to the home data network 327 may be granted based on the response from the mobile subscriber.
  • the NAI use in the TETRA embodiment may be used to initiate tunneling to a RAS to which the mobile station 311 subscribes, either as a ISP or VPN provided service.
  • the originating endpoint to the tunnel is on a wireless network node in the Visited SwMI.
  • the NAI is stored within the Home SwMI while the mobile station operates on it.
  • the TETRA embodiment may be operated with enhanced primitives, wherein a field, not specified by TETRA, may be added to the Migration_Response 304 and Migration_Confirm 305 primitives for the intended purpose of carrying NAI data.
  • a field not specified by TETRA
  • Migration_Confirm 305 may be added to the Migration_Response 304 and Migration_Confirm 305 primitives for the intended purpose of carrying NAI data.
  • a NAI retriever may be implemented as a stand-alone database, which may operate as a common resource to supplement one or more HLRs (in GPRS embodiment), or l-HDB (in TETRA embodiment). Queries to the NAI retriever may operate in parallel or series with a query message sent to an HLR or l-HDB.
  • Mobile stations may be large and heavy, and can be affixed to other things. Tunneling protocols may or may not implement data security functions.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne une façon de translater des identités d'abonnés mobiles. Immédiatement après l'initialisation du fonctionnement d'une station mobile, ou une entrée récente de la station mobile, dans une réseau sans fil, un message est envoyé à une grande base de données de translateur d'identificateur d'adresse de réseau. Ce translateur obtient l'identificateur d'adresse de réseau applicable à l'identité de l'abonné mobile, et transmet cet identificateur à un routeur de filtrage, qui dessert le réseau sans fil dans la zone géographique où la station mobile opère. Le routeur de filtrage stocke ensuite l'identificateur d'adresse de réseau dans une base de données relativement plus petite, en utilisant par ex. une mémoire volatile. Il recherche localement l'identificateur d'adresse de réseau lorsque la station mobile envoie des paquets destinés au réseau de données public et encapsule ces paquets au moyen de l'identificateur d'adresse de réseau pour les paquets de la station mobile acheminés vers le routeur de filtrage.
PCT/US2001/014685 2000-05-05 2001-05-07 Procede et appareil de translation d'identificateurs d'adresse de reseau lies a des stations mobiles WO2001086883A2 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001261239A AU2001261239A1 (en) 2000-05-05 2001-05-07 Method and apparatus for translating network address identifiers related to mobile stations

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US56589100A 2000-05-05 2000-05-05
US09/565,891 2000-05-05

Publications (2)

Publication Number Publication Date
WO2001086883A2 true WO2001086883A2 (fr) 2001-11-15
WO2001086883A3 WO2001086883A3 (fr) 2002-04-18

Family

ID=24260549

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/014685 WO2001086883A2 (fr) 2000-05-05 2001-05-07 Procede et appareil de translation d'identificateurs d'adresse de reseau lies a des stations mobiles

Country Status (2)

Country Link
AU (1) AU2001261239A1 (fr)
WO (1) WO2001086883A2 (fr)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003081859A1 (fr) * 2002-03-19 2003-10-02 Cisco Technology, Inc. Procede et systeme de fourniture de services de reseau
EP1530883A1 (fr) * 2002-08-13 2005-05-18 Thomson Licensing S.A. Protection de l'identite des utilisateurs dans un agencement d'interconnexion de systemes universels de telephonie mobile par reseau local sans fil
US7209741B2 (en) * 2004-08-23 2007-04-24 Telefonaktiebolaget Lm Ericsson (Publ) Method of acquiring a mobile station identifier in a hybrid network
CN100420171C (zh) * 2003-03-25 2008-09-17 华为技术有限公司 一种使用用户标识模块信息进行用户认证的方法
CN102448185A (zh) * 2010-09-30 2012-05-09 中国移动通信集团公司 远程接入方法及设备
CN103379592A (zh) * 2012-04-28 2013-10-30 华为终端有限公司 用于远程接入本地网络的方法及装置

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0483547A1 (fr) * 1990-10-29 1992-05-06 International Business Machines Corporation Gestion d'adresses de réseau pour un réseau câblé qui supporte une communication sans fil pour une pluralité d'utilisateurs mobiles
WO1999038303A1 (fr) * 1998-01-22 1999-07-29 Nortel Networks Corporation Serveur mandataire pour portabilite d'adresse reseau tcp/ip
WO2000002406A2 (fr) * 1998-07-07 2000-01-13 Nokia Networks Oy Systeme et procede d'authentification dans un systeme de telecommunications mobile
EP0999672A2 (fr) * 1998-11-06 2000-05-10 Nortel Networks Corporation Système et méthode pour associer des entités fonctionnelles de paquets de données en des éléments dans un réseau de communication
EP1052861A2 (fr) * 1999-05-14 2000-11-15 Siemens Aktiengesellschaft Sytème de communication mobile

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0483547A1 (fr) * 1990-10-29 1992-05-06 International Business Machines Corporation Gestion d'adresses de réseau pour un réseau câblé qui supporte une communication sans fil pour une pluralité d'utilisateurs mobiles
WO1999038303A1 (fr) * 1998-01-22 1999-07-29 Nortel Networks Corporation Serveur mandataire pour portabilite d'adresse reseau tcp/ip
WO2000002406A2 (fr) * 1998-07-07 2000-01-13 Nokia Networks Oy Systeme et procede d'authentification dans un systeme de telecommunications mobile
EP0999672A2 (fr) * 1998-11-06 2000-05-10 Nortel Networks Corporation Système et méthode pour associer des entités fonctionnelles de paquets de données en des éléments dans un réseau de communication
EP1052861A2 (fr) * 1999-05-14 2000-11-15 Siemens Aktiengesellschaft Sytème de communication mobile

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003081859A1 (fr) * 2002-03-19 2003-10-02 Cisco Technology, Inc. Procede et systeme de fourniture de services de reseau
CN100405781C (zh) * 2002-03-19 2008-07-23 思科技术公司 用于提供网络服务的方法和系统
US8041819B1 (en) 2002-03-19 2011-10-18 Cisco Technology, Inc. Method and system for providing network services
EP1530883A1 (fr) * 2002-08-13 2005-05-18 Thomson Licensing S.A. Protection de l'identite des utilisateurs dans un agencement d'interconnexion de systemes universels de telephonie mobile par reseau local sans fil
EP1530883A4 (fr) * 2002-08-13 2010-12-01 Thomson Licensing Protection de l'identite des utilisateurs dans un agencement d'interconnexion de systemes universels de telephonie mobile par reseau local sans fil
CN100420171C (zh) * 2003-03-25 2008-09-17 华为技术有限公司 一种使用用户标识模块信息进行用户认证的方法
US7209741B2 (en) * 2004-08-23 2007-04-24 Telefonaktiebolaget Lm Ericsson (Publ) Method of acquiring a mobile station identifier in a hybrid network
CN102448185A (zh) * 2010-09-30 2012-05-09 中国移动通信集团公司 远程接入方法及设备
CN103379592A (zh) * 2012-04-28 2013-10-30 华为终端有限公司 用于远程接入本地网络的方法及装置

Also Published As

Publication number Publication date
WO2001086883A3 (fr) 2002-04-18
AU2001261239A1 (en) 2001-11-20

Similar Documents

Publication Publication Date Title
EP1693988B1 (fr) Procede de selection par un terminal d'abonne de la passerelle de paquets de donnees dans un reseau local sans fil
US8233934B2 (en) Method and system for providing access via a first network to a service of a second network
US6275693B1 (en) Method and apparatus for performing bearer independent wireless application service provisioning
EP1330073B1 (fr) Méthode et dispositif pour contrôler l'accès d'un terminal sans fil dans un réseau de communication
CN1689369B (zh) 用于经由接入网建立连接的方法和系统
EP2403283B1 (fr) Authentification d'abonnés améliorée pour la signalisation d'un accès mobile sans licence
US7542455B2 (en) Unlicensed mobile access (UMA) communications using decentralized security gateway
US7706788B2 (en) Method for network selection in communication networks, related network and computer program product therefor
EP1842353B1 (fr) Procede de selection de nom de point d'acces (apn) pour un terminal mobile dans un reseau de telecommunications a commutation par paquets
US7272397B2 (en) Service access control interface for an unlicensed wireless communication system
US20060223498A1 (en) Service access control interface for an unlicensed wireless communication system
JP2004507973A (ja) 総称的wlanアーキテクチャ
EP1967032A1 (fr) Acces prioritaire a un reseau pour reseaux d'acces sans fil
EP1602200B1 (fr) Solution de couplage serre pour reseau local sans fil
CN100450110C (zh) 基于ip接入网络与移动网络短消息互通的系统和方法
WO2001086883A2 (fr) Procede et appareil de translation d'identificateurs d'adresse de reseau lies a des stations mobiles
US20080132207A1 (en) Service access control interface for an unlicensed wireless communication system
US20020042820A1 (en) Method of establishing access from a terminal to a server

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP