WO2007071275A1 - Subscriber authentication in mobile communication networks using unlicensed access networks - Google Patents

Subscriber authentication in mobile communication networks using unlicensed access networks Download PDF

Info

Publication number
WO2007071275A1
WO2007071275A1 PCT/EP2005/013872 EP2005013872W WO2007071275A1 WO 2007071275 A1 WO2007071275 A1 WO 2007071275A1 EP 2005013872 W EP2005013872 W EP 2005013872W WO 2007071275 A1 WO2007071275 A1 WO 2007071275A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile terminal
unlicensed
permanent identifier
secure connection
identifier
Prior art date
Application number
PCT/EP2005/013872
Other languages
French (fr)
Inventor
Johan Rune
Tomas Nylander
Magnus Hallenstal
Tomas GOLDBECK-LÖWE
Jari Arkko
Original Assignee
Telefonaktiebolaget L.M. Ericsson
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget L.M. Ericsson filed Critical Telefonaktiebolaget L.M. Ericsson
Priority to PCT/EP2005/013872 priority Critical patent/WO2007071275A1/en
Publication of WO2007071275A1 publication Critical patent/WO2007071275A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/126Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/061Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key

Definitions

  • the invention relates to mobile communication networks containing access networks using unlicensed radio technologies, such as wireless LAN, WiMAX or Bluetooth.
  • Unlicensed mobile access is a technique whereby conventional mobile communications services, such as GSM, GPRS or UMTS, can be provided via wireless networks, preferably wireless IP networks, such as wireless LANs.
  • wireless IP networks such as wireless LANs.
  • higher layer protocols such as the GSM protocols, are run over an IP network instead of the associated GSM radio layer.
  • Fig. 1 illustrates a mobile network providing GSM and GPRS services that is accessible via both a conventional access network 10 and an unlicensed mobile access network 30.
  • the conventional access network 10 comprises a number of base station transceivers BTS 101 capable of supporting a connection with a mobile terminal MT 1 over the standard Um interface.
  • the base station transceivers BTS 101 are connected to a base station controller BSC 103 via a private network 102.
  • the unlicensed access network 30 includes a number of access points AP 301, only one of which is illustrated. Each access point 301 is capable of supporting a connection with a suitably enabled mobile terminal MT 1 over an unlicensed radio interface, such as Bluetooth, Wi-Fi or the like. Each access point is further connected to an unlicensed mobile access network controller and security gateway UNC/SGW 303 via a broadband network, which in the illustrated example is an IP access network.
  • the unlicensed mobile access network controller UNC and the security gateway SGW may be combined in a single node or alternatively be implemented as separate nodes.
  • the mobile terminal 1 is a dual-mode device capable of operating over both the conventional Um interface and the unlicensed radio interface.
  • both the base station controller 103 and the unlicensed network controller UNC/SGW 303 communicate with the core mobile network 20.
  • the core mobile network 20 is represented by only those nodes relevant for the present invention. It will be appreciated by those skilled in the art that the core network 20 will comprise several other elements not illustrated or described here.
  • the base station controller 103 and the unlicensed network controller UNC/SGW 303 are capable of communicating with mobile services switching centers 201 and serving GPRS support nodes SGSN over the standard A and Gb interfaces, respectively.
  • the unlicensed access network uses the same security mechanisms as conventional GSM/GPRS or UMTS networks when connecting a mobile terminal to the core network, but additionally includes an extra mechanism to provide a secure connection to the unlicensed access network. Once a connection is established between a user and the unlicensed network controller
  • the unlicensed network controller UNC/SGW303 controls a user's entitlement to connect to the unlicensed access network, aided by an Authentication, Authorisation and Accounting AAA server.
  • Separate mechanisms executed by core network nodes including the mobile services switching center in association with the visitor location register MSC/VLR, the serving GPRS support node SGSN and a home location register in association with an authentication center HLR/AuC (not illustrated), are used for authenticating a user's identity and authorisation to access GSM or GPRS services.
  • the independent nature of these two security systems means that the mobile core network need not be aware of the type of access used, and hence requires no modification to accommodate unlicensed mobile access networks. However, there is nevertheless a danger that once a first user has opened access to the UNC/SGW over the broadband network, another user could utilise this open connection to make calls.
  • a similar and perhaps more likely threat is that a user acquires access to the unlicensed network controller using a first identifier but in the subsequent communication with the core network uses a different identifier that pertains to a different subscription. This would allow the user to illegally exploit any differences in the two subscriptions, such as the type of access authorized (access through an unlicensed access network may be allowed for one subscription but not for the other), geographical restrictions, charging rates or the like.
  • the invention resides in the association of a specific permanent identifier with an established secure connection between a user of a mobile terminal and the unlicensed access network.
  • the permanent identifier is obtained by the unlicensed access network, specifically an unlicensed network controller in this unlicensed access network, when the secure connection with the mobile terminal is established. Any subsequent attempt by the user to solicit services from the core network over this established secure connection will fail unless the user supplies either this permanent identifier or an identifier, such as a temporary identifier, that is associated with the permanent identifier. More specifically, such an attempt results in the established connection being terminated.
  • the present invention imposes the use of a single identifier, or associated identities relating to the same subscription or user, both for the establishment of a secure connection over the unlicensed radio access network and for communication with the conventional mobile communications network.
  • the permanent identifier is obtained from identity information contained in messages received from the mobile terminal either directly, or by deriving the permanent identifier from a temporary identifier contained in these messages.
  • the determination as to whether the user is authorised to connect to the core network over the established unlicensed access network connection may be made either in the unlicensed access network or in the core network.
  • the unlicensed access network informs a solicited core network node of the permanent identifier associated with the secure unlicensed access network connection. The core network node then uses this identifier to generate authentication parameters. If a different user, i.e.
  • the unlicensed access network can inform the core network of the permanent identifier in a variety of ways.
  • One method that has a limited impact on existing core network configuration is for the unlicensed access network to intercept messages sent by the user to the core network, and to replace any identity information contained in these messages with the permanent identifier associated with the unlicensed access network connection.
  • the core network actively requests an identifier from the user. This request is intercepted in the unlicensed access network by the unlicensed network controller and a response returned by the unlicensed network controller which contains the permanent identifier associated with the established unlicensed access network connection.
  • the unlicensed access network actively informs the core network of the permanent identifier associated with the secure unlicensed access network connection, either by embedding this information in a conventional message or repeated messages, or by sending a specific message.
  • the core network can then compare the permanent identifier received from the unlicensed access network with an identifier received from the user, or retrieved from identification received from the user. If they do not match, the user is not authenticated.
  • the core network may also obtain a user identifier in accordance with a still further embodiment of the present invention.
  • the core network extracts identity information contained in a message received from the user's mobile terminal, retrieves a permanent identifier if the extracted identity information contains a temporary identity, and transmits this to the unlicensed access network.
  • the unlicensed access network compares the received identifier with the permanent identifier associated with the secure connection between the user and the unlicensed access network and permits this connection to continue only if they match.
  • Fig. 1 schematically depicts a GSM/GPRS mobile communications network including both a conventional and unlicensed access network
  • Fig. 2 schematically depicts an access path between a mobile terminal and a GSM/GPRS core network via an unlicensed radio access network in accordance with a first embodiment of the present invention
  • Fig. 3 a is a signalling diagram showing the exchange of messages between the mobile terminal, the unlicensed network controller UNC/SGW, the switching node and the AAA server of Fig. 2 in accordance with a first embodiment of the present invention
  • Fig. 3b is a signalling diagram showing the exchange of messages required for handover for the embodiment illustrated in Fig. 3 a
  • Fig. 4 is a signalling diagram showing the exchange of messages between the mobile terminal, the unlicensed network controller UNC/SGW, the switching node and the AAA server of Fig. 2 in accordance with a second embodiment of the present invention.
  • Fig. 5 is a signalling diagram showing the exchange of messages between the mobile terminal, the unlicensed network controller UNC/SGW, the switching node and the AAA server of Fig. 2 in accordance with a third embodiment of the present invention.
  • Fig. 2 schematically depicts a connection path between a mobile terminal 1 and mobile core network 20 via an unlicensed access network.
  • the unlicensed network includes the unlicensed network controller UNC/SGW303 and an element representing the unlicensed access network
  • the mobile core network 20 is represented by a switching node 402, which may be a mobile services switching center and associated visitor location register MSC/VLR for GSM services or a serving GPRS support node SGSN. Also depicted as part of the core network is an Authentication, Authorisation and Accounting AAA server 401.
  • the conventional configuration and function of this server is well known in the art. The present description will thus be limited only to modifications of this server relevant to the present invention.
  • Figs. 3-5 illustrate the signalling between the mobile terminal, the unlicensed network controller UNC/SGW, the switching node and the AAA server in accordance with different embodiments of the present invention.
  • an authentication procedure is carried out in order to establish a secure connection between the mobile terminal and the unlicensed network controller UNC/SGW 303.
  • This typically follows standard authentication procedures, such as the extensible authentication protocol with authentication and key agreement (EAP-AKA), which enables authentication and session key distribution using the UTMS authentication or with authentication and session key distribution using the GSM subscriber identity module (EAP-SIM).
  • EAP-AKA extensible authentication protocol with authentication and key agreement
  • EAP-SIM GSM subscriber identity module
  • the details of authentication are not illustrated in Fig. 3a, but involve the exchange of messages between the mobile terminal MT and the unlicensed network controller UNC/SGW.
  • the steps illustrated at event 1 occur. Specifically, at event 1 in Fig. 3 a the mobile terminal MT provides the unlicensed network controller UNC/SGW with identification information or an identity MT-ID.
  • This identity MT-ID may or may not include the subscriber's international mobile subscriber identity IMSI.
  • the IMSI is a unique identifier allocated to each mobile subscriber in a GSM and UMTS network. It consists of a mobile country code MCC, a mobile network code MNC and a mobile terminal identification number MSIN. If the identity MT-ID does not contain the IMSI in clear text, for example embedded in a Network Access Identifier NAI, the unlicensed network controller UNC/SGW receives the permanent identifier IMSI for the user from the AAA server.
  • the AAA server determines the IMSI associated with the mobile terminal identity MT-ID in the conventional way and provides this IMSI to the unlicensed network controller UNC/SGW. All temporary identities used by the mobile terminal are associated with the IMSI and thus enable the AAA server to identify the subscriber.
  • Examples of temporary identities include a temporary mobile subscriber identifier TMSI or a packet TMSI allocated to a visiting subscriber by a mobile services switching center together with a visitor location register MSC/VLR or a serving GPRS support node SGSN for telephony or packet services, the temporary logical link identifier, TLLI, used to provide a signalling address for communication between the subscriber and a serving GPRS support node SGSN and a network access identifier NAI pseudonym used to address a user within a specific internet domain.
  • TMSI temporary mobile subscriber identifier
  • packet TMSI allocated to a visiting subscriber by a mobile services switching center together with a visitor location register MSC/VLR or a serving GPRS support node SGSN for telephony or packet services
  • TLLI temporary logical link identifier
  • NAI pseudonym used to address a user within a specific internet domain.
  • the unlicensed network controller UNC/SGW When the unlicensed network controller UNC/SGW receives the IMSI, either in a message from the mobile terminal MT or from the AAA server, it stores this as a permanent identifier for the user of the mobile terminal IMSI P and associates this with the authenticated secure connection established with this mobile terminal.
  • the AAA server may send the IMSI associated with the user's identity MT-ID only when messages received from the user do not contain the permanent identifier. Alternatively, this may be transmitted in all cases, in which case this is redundant information for the unlicensed network controller UNC/SGW when the permanent identifier IMSI is received from the MT.
  • the connection between the mobile terminal and the unlicensed network controller UNC/SGW is open.
  • the mobile terminal can then communicate directly with the switching node, i.e. a mobile services switching center and visitor location register MSC/VLR or alternatively with a serving GPRS support node.
  • the unlicensed network controller UNC/SGW monitors or snoops all subsequent signalling between the mobile terminal and the switching node over this secure connection.
  • the unlicensed network controller UNC/SGW replaces this identity with the associated permanent identifier IMSI P . This is illustrated at event 2a in Fig. 3 a. It is possible that the unlicensed network controller UNC/SGW simply inserts the associated permanent identifier IMSI P in place of all identity information relating to the mobile terminal user without checking whether the replaced information is the permanent identifier IMSI P .
  • the switching node subsequently authenticates the mobile terminal at event 3 in the conventional manner (e.g.
  • the switching node sends the mobile terminal MT a challenge parameter that has been generated for authentication of the user identifier IMSI p .
  • the mobile terminal MT specifically using the subscriber identity module or universal subscriber identity module SIM/USIM, uses a secret key shared between the SIM/USIM and the core network to generate a response to the challenge.
  • the key is unique to the subscriber's permanent identifier IMSI p .
  • the response is returned to the switching node, which compares the received response with an expected response. If the responses match, the authentication is successful and the core network will continue to serve the mobile terminal MT.
  • the mobile terminal when communicating with the core network, the mobile terminal does not use the permanent identifier IMSI P associated with the secure connection with the unlicensed network controller UNC/SGW (or an identity linked to this permanent identifier), because it is another user, or even the same user attempting to use a different subscription, the response will be generated using a different key. This response will then not match the expected response generated in the core network. Consequently, authentication will fail. An authentication reject message is then sent by the core network node as shown at event 4. The unlicensed network controller UNC/SGW may then terminate the secure connection.
  • the authentication of the mobile terminal with the switching node is instead preceded by an IDENTITY REQUEST message from the switching node, requesting the mobile terminal to provide its IMSI. This is shown at event 2b.
  • the IDENTITY REQUEST message while intended for the MT, is intercepted by the unlicensed network controller UNC/SGW.
  • the unlicensed network controller UNC/SGW returns an IDENTITY RESPONSE message on behalf of the mobile terminal and includes the permanent identifier IMSI P associated with the secure unlicensed access network connection in this message.
  • the authentication at event 3 then continues as described above.
  • Permitting the unlicensed network controller UNC/SGW to intercept the IDENTITY REQUEST message and respond in place of the mobile terminal rather than replacing an identity in the response from the mobile terminal has the advantage that the additional delay introduced by the IDENTITY REQUEST/RESPONSE message exchange is reduced.
  • This alternative mechanism should be seen as a complement to the previously described identity replacement mechanism. It is useful particularly when the MT uses the general packet radio service GPRS and identifies itself to a serving GPRS support node SGSN using only a temporary logical link identity TLLI, which is not easily replaceable by a permanent identifier IMSI P .
  • This mechanism may also be used when handover of the mobile terminal is required.
  • the target switching node need only request the identity in an IDENTITY REQUEST message as shown at event 2b, because the switching node will already have a permanent identifier IMSI associated with the mobile terminal (this would have been obtained in the normal handover mechanism). In this situation it is not necessary for authentication to follow.
  • the switching node can compare the IMSI P in the IDENTITY RESPONSE message with that already associated with the mobile terminal. If these match, the switching node continues to serve the MT. If they do not match, the switching node can instruct the unlicensed network controller UNC/SGW to disconnect the mobile terminal communicating on the secure unlicensed access connection.
  • the additional step of issuing an identity request and obtaining a response prior to authenticating a user of a mobile terminal 1 with the switching node 402 will naturally add delay to any contact between the mobile terminal 1 and the switching node 402. This can be mitigated by configuring each unlicensed network controller UNC/SGW 303 with a unique Routing Area Identity RAI for packet switched traffic and a unique Location Area Identity if this step is applied for circuit switched traffic. This forces the mobile terminal 1 to perform a routing area or location area update through the unlicensed network controller UNC/SGW 303.
  • the relevant switching node 402 serving GPRS support node SGSN 202 for a routing area update and mobile services switching center/visitor location register MSC/VLR 201 for a location area update
  • a preceding identity request such as shown at event 2b in Fig. 3 a.
  • CKSN Ciphering Key Sequence Number
  • FIG. 3b illustrates an exchange of messages required for handover when authentication with the core network is carried out according to the first described example illustrated in Fig. 3a, i.e. when the step 2a is performed.
  • the secure connection between the mobile terminal MT and the unlicensed access network will have been established, and the permanent identifier IMSI P associated with this secure connection. This is shown at event 11.
  • the switching node sends a handover request message (using the base station subsystem management application part BSSMAP protocol or base station system GPRS protocol BSSGP) that includes a mobile terminal identifier IMSI H o to the target unlicensed network controller UNC/SGW as shown at event 12.
  • the handover request message also includes a handover reference.
  • GPRS packet switched
  • this follows the conventional behaviour of the system using a standard BSSGP message.
  • the BSSMAP message follows the standardised format, but the behaviour of the MSC/VLR may need some modification to include the permanent identifier IMSI H o- Present handover specifications require the BSSMAP message to include the IMSI only when the MT is dual transfer mode (DTM) capable, but the method illustrated in figure 3b requires that the MSC/VLR includes the IMSI in the BSSMAP message also when the MT is not DTM capable.
  • the handover request is acknowledged in the normal way at event 13.
  • the unlicensed network controller UNC/SGW receives a handover access message from the mobile terminal (using an unlicensed mobile access radio resource protocol,
  • the unlicensed network controller UNC/SGW then compares the identifier IMSIH O received in the handover request message with the permanent identifier IMSI P associated with the secure unlicensed access network connection over which the handover access message from the MT was received. If they match, handover is permitted to proceed and a handover complete message is despatched to the switching node as illustrated at event 15. If no match is found, the unlicensed network controller UNC/SGW rejects the handover access message and may close the secure unlicensed access network connection over which the handover access message from the MT was received.
  • Fig. 4 the signalling required for authentication according to a further embodiment of the present invention is illustrated.
  • the signalling at event 21 is identical to that illustrated in event 1 of Fig. 3 a. More specifically, at event 21 the user of the mobile terminal 1 is authenticated by the unlicensed network controller UNC/SGW 303 to establish a secure connection with the unlicensed access network. During this procedure, the unlicensed network controller UNC/SGW 303 receives an identifier IMSI associated with the mobile terminal either from the mobile terminal directly or from the AAA server. The unlicensed network controller UNC/SGW then stores this as a permanent identifier IMSI P associated with the established secure connection between the mobile terminal MT and the unlicensed network controller UNC/SGW.
  • the unlicensed network controller UNC/SGW 303 explicitly informs the relevant switching node 402 of the permanent identifier IMSI p associated with the secure connection. This occurs at event 22 in Fig. 4.
  • the permanent identifier IMSI P may be included in all messages sent to the switching node, in which case it can be incorporated in all messages using the base station subsystem management application part BSSMAP protocol or base station subsystem GPRS protocol BSSGP, or both.
  • the unlicensed network controller UNC/SGW can transfer the stored permanent identifier IMSI P in a single message, which may be a modified BSSMAP or BSSGP message or in a new message specific to unlicensed access networks.
  • the mobile terminal initiates communication with the switching node 402 e.g. to send data, request a connection or send some other signalling message.
  • This message includes some identity information shown as MT-ID in Fig. 4, which may be a temporary identity or a permanent identifier IMSI.
  • the switching node compares the permanent identifier IMSI P received from the unlicensed network controller UNC/SGW at event 22 with the IMSI contained in the mobile terminal message or retrieved using the received temporary identity information MT-ID. If they match, the process is allowed to continue.
  • the switching node 402 rejects the connection request, or other communication, from the mobile terminal as illustrated at event 25.
  • the switching node 402 may order the unlicensed network controller IMC/SGW 303 to terminate the secure connection between the mobile terminal 1 and the UNC/SGW 303.
  • This process of comparing the permanent identifier IMSI P associated with the secure unlicensed access network connection and received from the unlicensed network controller UNC/SGW with the permanent identifier contained in or associated with the identifier received from the mobile terminal performed at event 24 is preferably performed prior to any authentication procedure. This then minimises the expenditure of core network resources in the event that the mobile terminal is not authorised to access the core network via that secure unlicensed access network connection.
  • the single message or repeated messages sent at event 22 may coincide with the initiation of communication by the mobile terminal 1.
  • a message sent from the mobile terminal 1 to the serving GPRS support node SGSN may be encapsulated in a BSSGP message in which the unlicensed network controller UNC/SGW 303 includes the permanent identifier IMSI P .
  • the switching node will receive a single message from which it must extract the permanent identifier IMSI p associated with the secure unlicensed access network connection and the user identity identifying the mobile terminal user, whether this be a permanent identifier or some temporary identity.
  • Fig. 5 illustrates the signalling in accordance with a still further embodiment of the present invention.
  • the establishment of a secure connection between the mobile terminal and the unlicensed network controller at event 31 is identical to that illustrated in Fig. 3a.
  • the unlicensed network controller UNC/SGW 303 receives the permanent identifier IMSI P associated with the mobile terminal either from the mobile terminal directly or from the AAA server.
  • the unlicensed network controller UNC/SGW then associates this permanent identifier IMSI P with the established secure connection between the mobile terminal MT and the unlicensed network controller UNC/SGW.
  • the switching node the switching node
  • the switching node 402 receives a message from the mobile terminal containing some identity MT-ID (permanent identifier IMSI or a temporary identity) and so becomes aware that the mobile terminal 1 is attached to the mobile network through the unlicensed network controller UNC/SGW 303.
  • This message may take several different forms. For example, it may be a layer-3 service request from the mobile terminal, such as a page response, an outgoing call or a location update.
  • Other possible messages that may be received by the switching node 402 include an attach request or a routing area update request. Using the mobile terminal identity MT-ID contained in the received message the switching node then retrieves the associated IMSI as shown at event 33.
  • the unlicensed network controller UNC/SGW 303 compares the received IMSI with the permanent identifier IMSI P associated with the secure connection with the mobile terminal 1. If these match, the process is allowed to continue.
  • the unlicensed network controller UNC/SGW informs the switching node concerned in a response message as shown at event 36.
  • the unlicensed network controller UNC/SGW 303 may terminate the secure connection with the mobile terminal.

Abstract

In order to prevent unauthorised use of an unlicensed access network connection (300) to access services in a mobile communications network (20), it is proposed to associate a permanent identifier with an established secure connection between a mobile terminal (1) user and an unlicensed network controller (303). The permanent identifier is obtained by the unlicensed access network (300), specifically an unlicensed network controller (303) in this unlicensed access network, when the secure connection with the mobile terminal is established. Any subsequent attempt by the user to solicit services from the core network (20) over this established secure connection will fail unless the user supplies either this permanent identifier or an identity, such as a temporary identifier, that is associated with the permanent identifier. More specifically, such an attempt results in the established secure connection being terminated.

Description

Subscriber authentication in mobile communication networks using unlicensed access networks
Field of invention
The invention relates to mobile communication networks containing access networks using unlicensed radio technologies, such as wireless LAN, WiMAX or Bluetooth.
Background art
Unlicensed mobile access is a technique whereby conventional mobile communications services, such as GSM, GPRS or UMTS, can be provided via wireless networks, preferably wireless IP networks, such as wireless LANs. In a connection via an unlicensed mobile access network, higher layer protocols, such as the GSM protocols, are run over an IP network instead of the associated GSM radio layer. Fig. 1 illustrates a mobile network providing GSM and GPRS services that is accessible via both a conventional access network 10 and an unlicensed mobile access network 30. The conventional access network 10 comprises a number of base station transceivers BTS 101 capable of supporting a connection with a mobile terminal MT 1 over the standard Um interface. The base station transceivers BTS 101 are connected to a base station controller BSC 103 via a private network 102. The unlicensed access network 30 includes a number of access points AP 301, only one of which is illustrated. Each access point 301 is capable of supporting a connection with a suitably enabled mobile terminal MT 1 over an unlicensed radio interface, such as Bluetooth, Wi-Fi or the like. Each access point is further connected to an unlicensed mobile access network controller and security gateway UNC/SGW 303 via a broadband network, which in the illustrated example is an IP access network. The unlicensed mobile access network controller UNC and the security gateway SGW may be combined in a single node or alternatively be implemented as separate nodes. However, they are always mutually associated and for simplicity these elements will henceforth be treated as a single unit denoted by the term unlicensed network controller UNC/SGW 303. The mobile terminal 1 is a dual-mode device capable of operating over both the conventional Um interface and the unlicensed radio interface. In the access networks 10, 30 both the base station controller 103 and the unlicensed network controller UNC/SGW 303 communicate with the core mobile network 20. In the interest of conciseness the core mobile network 20 is represented by only those nodes relevant for the present invention. It will be appreciated by those skilled in the art that the core network 20 will comprise several other elements not illustrated or described here. The core network 20 shown in Fig. 1 thus includes conventional switching nodes; mobile service switching centers MSC 201 with associated visitor location registers VLR 203 and serving GPRS support nodes SGSN 203 supporting the General Packet Radio Service GPRS.. The base station controller 103 and the unlicensed network controller UNC/SGW 303 are capable of communicating with mobile services switching centers 201 and serving GPRS support nodes SGSN over the standard A and Gb interfaces, respectively.
The unlicensed access network uses the same security mechanisms as conventional GSM/GPRS or UMTS networks when connecting a mobile terminal to the core network, but additionally includes an extra mechanism to provide a secure connection to the unlicensed access network. Once a connection is established between a user and the unlicensed network controller
UNC/SGW in a secure way, for example using an IP security (IPsec) tunnel between the user and the unlicensed network controller UNC/SGW, the conventional GSM/GPRS or UMTS authentication and ciphering is performed. The two security mechanisms are entirely independent of one another and are overseen by separate elements. The unlicensed network controller UNC/SGW303 controls a user's entitlement to connect to the unlicensed access network, aided by an Authentication, Authorisation and Accounting AAA server. Separate mechanisms executed by core network nodes, including the mobile services switching center in association with the visitor location register MSC/VLR, the serving GPRS support node SGSN and a home location register in association with an authentication center HLR/AuC (not illustrated), are used for authenticating a user's identity and authorisation to access GSM or GPRS services. The independent nature of these two security systems means that the mobile core network need not be aware of the type of access used, and hence requires no modification to accommodate unlicensed mobile access networks. However, there is nevertheless a danger that once a first user has opened access to the UNC/SGW over the broadband network, another user could utilise this open connection to make calls. A similar and perhaps more likely threat is that a user acquires access to the unlicensed network controller using a first identifier but in the subsequent communication with the core network uses a different identifier that pertains to a different subscription. This would allow the user to illegally exploit any differences in the two subscriptions, such as the type of access authorized (access through an unlicensed access network may be allowed for one subscription but not for the other), geographical restrictions, charging rates or the like.
SUMMARY OF THE INVENTION It is thus an object of the present invention to address this danger and ensure that only users authorised to access the core mobile network via an unlicensed access network are able to do so.
It is a further object of this invention to improve the security of access to a mobile network when using an unlicensed access network while minimising the impact on the mobile network itself.
The above objects are achieved in a method and unlicensed access node in accordance with the appended claims.
More specifically, the invention resides in the association of a specific permanent identifier with an established secure connection between a user of a mobile terminal and the unlicensed access network. The permanent identifier is obtained by the unlicensed access network, specifically an unlicensed network controller in this unlicensed access network, when the secure connection with the mobile terminal is established. Any subsequent attempt by the user to solicit services from the core network over this established secure connection will fail unless the user supplies either this permanent identifier or an identifier, such as a temporary identifier, that is associated with the permanent identifier. More specifically, such an attempt results in the established connection being terminated.
This ensures that only those users that are authenticated as permitted to communicate over the unlicensed access network will be allowed to connect to the core network. Any attempt by a user to exploit an open unlicensed access network connection will inevitably fail. In effect, the present invention imposes the use of a single identifier, or associated identities relating to the same subscription or user, both for the establishment of a secure connection over the unlicensed radio access network and for communication with the conventional mobile communications network.
The permanent identifier is obtained from identity information contained in messages received from the mobile terminal either directly, or by deriving the permanent identifier from a temporary identifier contained in these messages. The determination as to whether the user is authorised to connect to the core network over the established unlicensed access network connection may be made either in the unlicensed access network or in the core network. In accordance with a first preferred embodiment of the invention, the unlicensed access network informs a solicited core network node of the permanent identifier associated with the secure unlicensed access network connection. The core network node then uses this identifier to generate authentication parameters. If a different user, i.e. one with a different permanent identifier, attempts to connect to the core network via the established unlicensed access network connection, authentication will inevitably fail, as any authentication parameters generated by the user's mobile terminal will not be generated using the permanent identifier associated with the established unlicensed access network connection.
The unlicensed access network can inform the core network of the permanent identifier in a variety of ways. One method that has a limited impact on existing core network configuration is for the unlicensed access network to intercept messages sent by the user to the core network, and to replace any identity information contained in these messages with the permanent identifier associated with the unlicensed access network connection.
In accordance with a further embodiment of the invention, the core network actively requests an identifier from the user. This request is intercepted in the unlicensed access network by the unlicensed network controller and a response returned by the unlicensed network controller which contains the permanent identifier associated with the established unlicensed access network connection.
In an alternative embodiment of the present invention, the unlicensed access network actively informs the core network of the permanent identifier associated with the secure unlicensed access network connection, either by embedding this information in a conventional message or repeated messages, or by sending a specific message. The core network can then compare the permanent identifier received from the unlicensed access network with an identifier received from the user, or retrieved from identification received from the user. If they do not match, the user is not authenticated.
The core network may also obtain a user identifier in accordance with a still further embodiment of the present invention. In this case, the core network extracts identity information contained in a message received from the user's mobile terminal, retrieves a permanent identifier if the extracted identity information contains a temporary identity, and transmits this to the unlicensed access network. The unlicensed access network then compares the received identifier with the permanent identifier associated with the secure connection between the user and the unlicensed access network and permits this connection to continue only if they match.
BRIEF DESCRIPTION OF THE DRAWINGS
Further objects and advantages of the present invention will become apparent from the following description of the preferred embodiments that are given by way of example with reference to the accompanying drawings. In the figures:
Fig. 1 schematically depicts a GSM/GPRS mobile communications network including both a conventional and unlicensed access network,
Fig. 2 schematically depicts an access path between a mobile terminal and a GSM/GPRS core network via an unlicensed radio access network in accordance with a first embodiment of the present invention, Fig. 3 a is a signalling diagram showing the exchange of messages between the mobile terminal, the unlicensed network controller UNC/SGW, the switching node and the AAA server of Fig. 2 in accordance with a first embodiment of the present invention,
Fig. 3b is a signalling diagram showing the exchange of messages required for handover for the embodiment illustrated in Fig. 3 a
Fig. 4 is a signalling diagram showing the exchange of messages between the mobile terminal, the unlicensed network controller UNC/SGW, the switching node and the AAA server of Fig. 2 in accordance with a second embodiment of the present invention, and
Fig. 5 is a signalling diagram showing the exchange of messages between the mobile terminal, the unlicensed network controller UNC/SGW, the switching node and the AAA server of Fig. 2 in accordance with a third embodiment of the present invention.
DETAILED DESCRIPTION OF THE DRAWINGS
Fig. 2 schematically depicts a connection path between a mobile terminal 1 and mobile core network 20 via an unlicensed access network. In this figure, the unlicensed network includes the unlicensed network controller UNC/SGW303 and an element representing the unlicensed access network
300, which includes the access points 301 and broadband IP network 302 illustrated in Fig. 1, and hence includes both an unlicensed radio link and an IP network connection. The mobile core network 20 is represented by a switching node 402, which may be a mobile services switching center and associated visitor location register MSC/VLR for GSM services or a serving GPRS support node SGSN. Also depicted as part of the core network is an Authentication, Authorisation and Accounting AAA server 401. The conventional configuration and function of this server is well known in the art. The present description will thus be limited only to modifications of this server relevant to the present invention.
The authentication procedure will be described with reference to Figs. 3-5, which illustrate the signalling between the mobile terminal, the unlicensed network controller UNC/SGW, the switching node and the AAA server in accordance with different embodiments of the present invention.
Referring first to Fig. 3 a, when a mobile terminal 1 first connects to the unlicensed access network, an authentication procedure is carried out in order to establish a secure connection between the mobile terminal and the unlicensed network controller UNC/SGW 303. This typically follows standard authentication procedures, such as the extensible authentication protocol with authentication and key agreement (EAP-AKA), which enables authentication and session key distribution using the UTMS authentication or with authentication and session key distribution using the GSM subscriber identity module (EAP-SIM). The details of authentication are not illustrated in Fig. 3a, but involve the exchange of messages between the mobile terminal MT and the unlicensed network controller UNC/SGW. During this authentication procedure the steps illustrated at event 1 occur. Specifically, at event 1 in Fig. 3 a the mobile terminal MT provides the unlicensed network controller UNC/SGW with identification information or an identity MT-ID.
This identity MT-ID may or may not include the subscriber's international mobile subscriber identity IMSI. As is known to those skilled in the art, the IMSI is a unique identifier allocated to each mobile subscriber in a GSM and UMTS network. It consists of a mobile country code MCC, a mobile network code MNC and a mobile terminal identification number MSIN. If the identity MT-ID does not contain the IMSI in clear text, for example embedded in a Network Access Identifier NAI, the unlicensed network controller UNC/SGW receives the permanent identifier IMSI for the user from the AAA server. The AAA server determines the IMSI associated with the mobile terminal identity MT-ID in the conventional way and provides this IMSI to the unlicensed network controller UNC/SGW. All temporary identities used by the mobile terminal are associated with the IMSI and thus enable the AAA server to identify the subscriber. Examples of temporary identities include a temporary mobile subscriber identifier TMSI or a packet TMSI allocated to a visiting subscriber by a mobile services switching center together with a visitor location register MSC/VLR or a serving GPRS support node SGSN for telephony or packet services, the temporary logical link identifier, TLLI, used to provide a signalling address for communication between the subscriber and a serving GPRS support node SGSN and a network access identifier NAI pseudonym used to address a user within a specific internet domain. When the unlicensed network controller UNC/SGW receives the IMSI, either in a message from the mobile terminal MT or from the AAA server, it stores this as a permanent identifier for the user of the mobile terminal IMSIP and associates this with the authenticated secure connection established with this mobile terminal.
The AAA server may send the IMSI associated with the user's identity MT-ID only when messages received from the user do not contain the permanent identifier. Alternatively, this may be transmitted in all cases, in which case this is redundant information for the unlicensed network controller UNC/SGW when the permanent identifier IMSI is received from the MT.
Following unlicensed mobile access authentication, the connection between the mobile terminal and the unlicensed network controller UNC/SGW is open. The mobile terminal can then communicate directly with the switching node, i.e. a mobile services switching center and visitor location register MSC/VLR or alternatively with a serving GPRS support node. The unlicensed network controller UNC/SGW monitors or snoops all subsequent signalling between the mobile terminal and the switching node over this secure connection. If in a signalling message directed towards the switching node the mobile terminal includes a temporary identity or an IMSI that is not equal to the permanent identifier IMSIP associated with the secure connection between the controller and this mobile terminal, the unlicensed network controller UNC/SGW replaces this identity with the associated permanent identifier IMSIP. This is illustrated at event 2a in Fig. 3 a. It is possible that the unlicensed network controller UNC/SGW simply inserts the associated permanent identifier IMSIP in place of all identity information relating to the mobile terminal user without checking whether the replaced information is the permanent identifier IMSIP. The switching node subsequently authenticates the mobile terminal at event 3 in the conventional manner (e.g. using an authentication center AuC and home location register in the core network) but using the permanent identifier IMSIP substituted by the unlicensed network controller UNC/SGW. Specifically, the switching node sends the mobile terminal MT a challenge parameter that has been generated for authentication of the user identifier IMSIp. The mobile terminal MT, specifically using the subscriber identity module or universal subscriber identity module SIM/USIM, uses a secret key shared between the SIM/USIM and the core network to generate a response to the challenge. The key is unique to the subscriber's permanent identifier IMSIp. The response is returned to the switching node, which compares the received response with an expected response. If the responses match, the authentication is successful and the core network will continue to serve the mobile terminal MT. If, when communicating with the core network, the mobile terminal does not use the permanent identifier IMSIP associated with the secure connection with the unlicensed network controller UNC/SGW (or an identity linked to this permanent identifier), because it is another user, or even the same user attempting to use a different subscription, the response will be generated using a different key. This response will then not match the expected response generated in the core network. Consequently, authentication will fail. An authentication reject message is then sent by the core network node as shown at event 4. The unlicensed network controller UNC/SGW may then terminate the secure connection.
In an alternative embodiment, instead of replacing any temporary identity (or different IMSI) with the permanent identifier IMSIP at event 2a, the authentication of the mobile terminal with the switching node is instead preceded by an IDENTITY REQUEST message from the switching node, requesting the mobile terminal to provide its IMSI. This is shown at event 2b. The IDENTITY REQUEST message, while intended for the MT, is intercepted by the unlicensed network controller UNC/SGW. The unlicensed network controller UNC/SGW returns an IDENTITY RESPONSE message on behalf of the mobile terminal and includes the permanent identifier IMSIP associated with the secure unlicensed access network connection in this message. The authentication at event 3 then continues as described above. Permitting the unlicensed network controller UNC/SGW to intercept the IDENTITY REQUEST message and respond in place of the mobile terminal rather than replacing an identity in the response from the mobile terminal has the advantage that the additional delay introduced by the IDENTITY REQUEST/RESPONSE message exchange is reduced. This alternative mechanism should be seen as a complement to the previously described identity replacement mechanism. It is useful particularly when the MT uses the general packet radio service GPRS and identifies itself to a serving GPRS support node SGSN using only a temporary logical link identity TLLI, which is not easily replaceable by a permanent identifier IMSIP.
This mechanism may also be used when handover of the mobile terminal is required. In this case, the target switching node need only request the identity in an IDENTITY REQUEST message as shown at event 2b, because the switching node will already have a permanent identifier IMSI associated with the mobile terminal (this would have been obtained in the normal handover mechanism). In this situation it is not necessary for authentication to follow.
The switching node can compare the IMSIP in the IDENTITY RESPONSE message with that already associated with the mobile terminal. If these match, the switching node continues to serve the MT. If they do not match, the switching node can instruct the unlicensed network controller UNC/SGW to disconnect the mobile terminal communicating on the secure unlicensed access connection.
The additional step of issuing an identity request and obtaining a response prior to authenticating a user of a mobile terminal 1 with the switching node 402 will naturally add delay to any contact between the mobile terminal 1 and the switching node 402. This can be mitigated by configuring each unlicensed network controller UNC/SGW 303 with a unique Routing Area Identity RAI for packet switched traffic and a unique Location Area Identity if this step is applied for circuit switched traffic. This forces the mobile terminal 1 to perform a routing area or location area update through the unlicensed network controller UNC/SGW 303. During this routing area or location area update the relevant switching node 402 (serving GPRS support node SGSN 202 for a routing area update and mobile services switching center/visitor location register MSC/VLR 201 for a location area update) can then authenticate the mobile terminal 1 with a preceding identity request such as shown at event 2b in Fig. 3 a. This means that during any subsequent contact between the mobile terminal 1 and the switching node 402 a fast re-authentication procedure based on the Ciphering Key Sequence Number (CKSN) can be used, using a CKSN generated in the regular authentication procedure, without a preceding identity request. Fig. 3b illustrates an exchange of messages required for handover when authentication with the core network is carried out according to the first described example illustrated in Fig. 3a, i.e. when the step 2a is performed. Prior to handover, the secure connection between the mobile terminal MT and the unlicensed access network will have been established, and the permanent identifier IMSIP associated with this secure connection. This is shown at event 11. When handover of a mobile terminal connected to the unlicensed access network is required, the switching node sends a handover request message (using the base station subsystem management application part BSSMAP protocol or base station system GPRS protocol BSSGP) that includes a mobile terminal identifier IMSIHo to the target unlicensed network controller UNC/SGW as shown at event 12. The handover request message also includes a handover reference. For the packet switched (GPRS) case, this follows the conventional behaviour of the system using a standard BSSGP message. For the circuit switched case the BSSMAP message follows the standardised format, but the behaviour of the MSC/VLR may need some modification to include the permanent identifier IMSIHo- Present handover specifications require the BSSMAP message to include the IMSI only when the MT is dual transfer mode (DTM) capable, but the method illustrated in figure 3b requires that the MSC/VLR includes the IMSI in the BSSMAP message also when the MT is not DTM capable. The handover request is acknowledged in the normal way at event 13. At event 14, the unlicensed network controller UNC/SGW receives a handover access message from the mobile terminal (using an unlicensed mobile access radio resource protocol,
URR, message) containing the handover reference previously received from the switching node. The unlicensed network controller UNC/SGW then compares the identifier IMSIHO received in the handover request message with the permanent identifier IMSIP associated with the secure unlicensed access network connection over which the handover access message from the MT was received. If they match, handover is permitted to proceed and a handover complete message is despatched to the switching node as illustrated at event 15. If no match is found, the unlicensed network controller UNC/SGW rejects the handover access message and may close the secure unlicensed access network connection over which the handover access message from the MT was received.
Turning now to Fig. 4 the signalling required for authentication according to a further embodiment of the present invention is illustrated.
The signalling at event 21 is identical to that illustrated in event 1 of Fig. 3 a. More specifically, at event 21 the user of the mobile terminal 1 is authenticated by the unlicensed network controller UNC/SGW 303 to establish a secure connection with the unlicensed access network. During this procedure, the unlicensed network controller UNC/SGW 303 receives an identifier IMSI associated with the mobile terminal either from the mobile terminal directly or from the AAA server. The unlicensed network controller UNC/SGW then stores this as a permanent identifier IMSIP associated with the established secure connection between the mobile terminal MT and the unlicensed network controller UNC/SGW.
In accordance with this embodiment of the invention, the unlicensed network controller UNC/SGW 303 explicitly informs the relevant switching node 402 of the permanent identifier IMSIp associated with the secure connection. This occurs at event 22 in Fig. 4. The permanent identifier IMSIP may be included in all messages sent to the switching node, in which case it can be incorporated in all messages using the base station subsystem management application part BSSMAP protocol or base station subsystem GPRS protocol BSSGP, or both. Alternatively, the unlicensed network controller UNC/SGW can transfer the stored permanent identifier IMSIP in a single message, which may be a modified BSSMAP or BSSGP message or in a new message specific to unlicensed access networks. At event 23, the mobile terminal initiates communication with the switching node 402 e.g. to send data, request a connection or send some other signalling message. This message includes some identity information shown as MT-ID in Fig. 4, which may be a temporary identity or a permanent identifier IMSI. At event 24 the switching node then compares the permanent identifier IMSIP received from the unlicensed network controller UNC/SGW at event 22 with the IMSI contained in the mobile terminal message or retrieved using the received temporary identity information MT-ID. If they match, the process is allowed to continue.
If no match is found, the switching node 402 rejects the connection request, or other communication, from the mobile terminal as illustrated at event 25. Alternatively, or additionally, the switching node 402 may order the unlicensed network controller IMC/SGW 303 to terminate the secure connection between the mobile terminal 1 and the UNC/SGW 303. This process of comparing the permanent identifier IMSIP associated with the secure unlicensed access network connection and received from the unlicensed network controller UNC/SGW with the permanent identifier contained in or associated with the identifier received from the mobile terminal performed at event 24 is preferably performed prior to any authentication procedure. This then minimises the expenditure of core network resources in the event that the mobile terminal is not authorised to access the core network via that secure unlicensed access network connection.
It should be appreciated that the single message or repeated messages sent at event 22 may coincide with the initiation of communication by the mobile terminal 1. For example, a message sent from the mobile terminal 1 to the serving GPRS support node SGSN may be encapsulated in a BSSGP message in which the unlicensed network controller UNC/SGW 303 includes the permanent identifier IMSIP. In other words, the switching node will receive a single message from which it must extract the permanent identifier IMSIp associated with the secure unlicensed access network connection and the user identity identifying the mobile terminal user, whether this be a permanent identifier or some temporary identity.
Fig. 5 illustrates the signalling in accordance with a still further embodiment of the present invention. In this embodiment also, the establishment of a secure connection between the mobile terminal and the unlicensed network controller at event 31 is identical to that illustrated in Fig. 3a. More specifically, the unlicensed network controller UNC/SGW 303 receives the permanent identifier IMSIP associated with the mobile terminal either from the mobile terminal directly or from the AAA server. The unlicensed network controller UNC/SGW then associates this permanent identifier IMSIP with the established secure connection between the mobile terminal MT and the unlicensed network controller UNC/SGW. At event 32 the switching node
402 receives a message from the mobile terminal containing some identity MT-ID (permanent identifier IMSI or a temporary identity) and so becomes aware that the mobile terminal 1 is attached to the mobile network through the unlicensed network controller UNC/SGW 303. This message may take several different forms. For example, it may be a layer-3 service request from the mobile terminal, such as a page response, an outgoing call or a location update. Other possible messages that may be received by the switching node 402 include an attach request or a routing area update request. Using the mobile terminal identity MT-ID contained in the received message the switching node then retrieves the associated IMSI as shown at event 33.
Obviously this latter step is not necessary if the received message contains a permanent identifier IMSI. This received permanent identifier IMSI is then transmitted to the unlicensed network controller UNC/SGW 303 at event 34. The IMSI may be sent in a modified BSSMAP or BSSGP message, or in a new unlicensed mobile access message. A further possibility is the incorporation of the IMSI in a BSSMAP Handover Request message or in a BSSGP PS Handover Request message, neither of which would need modification. At event 35, the unlicensed network controller UNC/SGW 303 compares the received IMSI with the permanent identifier IMSIP associated with the secure connection with the mobile terminal 1. If these match, the process is allowed to continue. If the two IMSI values do not match, the unlicensed network controller UNC/SGW informs the switching node concerned in a response message as shown at event 36. Alternatively, or additionally, the unlicensed network controller UNC/SGW 303 may terminate the secure connection with the mobile terminal.

Claims

Claims:
1. A method of authenticating a user of a mobile terminal accessing a mobile communications core network via an unlicensed radio access network
(300) that is controlled by an unlicensed network controller (303), said method including the steps of: establishing a secure connection between said mobile terminal and the unlicensed network controller over said unlicensed radio access network and obtaining a unique permanent identifier for said user from identity information received from said mobile terminal, said unlicensed network controller associating said permanent identifier with the established secure connection and terminating said established secure connection with said mobile terminal when a message directed to said core network over said established secure connection over said unlicensed radio access network includes identity information that is neither equal to, nor associated with, said permanent identifier
2. A method of authenticating a user of a mobile terminal accessing a mobile communications core network via an unlicensed radio access network (300) that is controlled by an unlicensed network controller (303), said method including the steps of: establishing a secure connection between said mobile terminal and the unlicensed network controller over said unlicensed radio access network and obtaining a unique permanent identifier for said user from identity information received from said mobile terminal, said unlicensed network controller associating said permanent identifier with the established secure connection , transmitting said permanent identifier to a node of said mobile communications core network for use in retrieving authentication parameters for authenticating the user communicating via said established secure connection and terminating said established secure connection with said mobile terminal when a message directed to said core network over said established secure connection over said unlicensed radio access network includes identity information that is neither equal to, nor associated with, said permanent identifier.
3. A method as claimed in claim 1 or 2, wherein the step of obtaining a permanent identifier for said user includes the steps of obtaining identity information from said user, said identity information including a temporary identity and obtaining from said core network said permanent identifier associated with said temporary identity.
4. A method as claimed in any previous claim, further including the step of transmitting said permanent identifier to a node of said mobile communications core network by intercepting at least one signalling message sent by said mobile terminal to said core network node and replacing identity information contained in said signalling message with said permanent identifier.
5. A method as claimed in any one of claims 1 to 3, further including the step of transmitting said permanent identifier to said node (402) of said mobile communications core network by intercepting an identity request message from said core network node to said mobile terminal and transmitting a response in place of said mobile terminal, said response including said permanent identifier.
6. A method as claimed in any one of claims 1 to 3 and 5, further including the step of: said core network node (402) sending an identity request message to said mobile terminal and receiving a response to said identity request message containing said permanent identifier for use in retrieving authentication parameters for authenticating said user.
7. A method of authenticating a user of a mobile terminal accessing a mobile communications core network via an unlicensed radio access network
(300) that is controlled by an unlicensed network controller (303), said method including the steps of: establishing a secure connection between said mobile terminal and the unlicensed network controller over said unlicensed radio access network and obtaining a unique permanent identifier for said user from identity information received from said mobile terminal, said unlicensed network controller associating said permanent identifier with the established secure connection a core network node (402) transmitting an identity request message to said mobile terminal (10) via said unlicensed network controller (303); said unlicensed network controller (303) intercepting said identity request message and transmitting a response in place of said mobile terminal, said response including said permanent identifier and said core network node (402) comparing said permanent identifier with a second identifier relating to a user of a mobile terminal requiring handover to said unlicensed network controller, terminating the secure connection with said mobile terminal if the second identifier and said permanent identifier do not match.
8. A method as claimed in claim 7, wherein the step of obtaining a permanent identifier for said user includes the steps of obtaining identity information from said user, said identity information including a temporary identity and obtaining from said core network said permanent identifier associated with said temporary identity.
9. A method of authenticating a user of a mobile terminal accessing a mobile communications core network via an unlicensed radio access network (300) that is controlled by an unlicensed network controller (303), said method including the steps of: establishing a secure connection between said mobile terminal and the unlicensed network controller over said unlicensed radio access network and obtaining a unique permanent identifier for said user from identity information received from said mobile terminal, said unlicensed network controller associating said permanent identifier with the established secure connection , said unlicensed network controller transmitting said permanent identifier to a node (402) of said mobile communications core network, said core network node (402) obtaining a second identifier from identity information contained in a message received from said mobile terminal and comparing said permanent identifier with said second identifier, terminating the secure connection with said mobile terminal when said permanent identifier does not match said second identifier.
10. A method as claimed in claim 9, wherein the step of obtaining a permanent identifier for said user includes the steps of obtaining identity information from said user, said identity information including a temporary identity and obtaining from said core network said permanent identifier associated with said temporary identity.
1 LA method as claimed in claim 9 or 10, wherein said step of said unlicensed network controller transmitting said permanent identifier to a node of said mobile communications core network includes: inserting said permanent identifier in messages that are transmitted from said unlicensed access network to said core network node and that relate to said mobile terminal.
12. A method as claimed in any one of claims 9 to 11, wherein said step of said unlicensed network controller transmitting said permanent identifier to a node of said mobile communications core network includes: encapsulating said message transmitted by said mobile terminal to said core network node with information containing said permanent identifier to form a second message, and wherein the step of said core network node (402) obtaining a second identifier from identity information contained in a message received from said mobile terminal includes obtaining said permanent identifier and second identifier from said second message.
13. A method as claimed in any one of claims 9 to 12, wherein said step of said unlicensed network controller transmitting said permanent identifier to a node of said mobile communications core network includes using a base station subsystem management application part (BSSMAP) protocol or a base station subsystem GPRS protocol (BSSGP).
14. A method of authenticating a user of a mobile terminal accessing a mobile communications core network via an unlicensed radio access network (300) controlled by an unlicensed network controller (303), said method including the steps of: establishing a secure connection between said mobile terminal and the unlicensed network controller over said unlicensed radio access network and obtaining a unique permanent identifier for said user from identity information received from said mobile terminal, said unlicensed network controller associating said permanent identifier with the established secure connection, said unlicensed network controller receiving a handover request from said core network, said handover request including a unique identifier identifying a user of a mobile terminal requiring handover to the unlicensed network controller, comparing said unique identifier included in said handover request with said permanent identifier associated with said established secure connection and terminating said established secure connection with said mobile terminal if said unique identifier included in said handover request fails to match said permanent identifier.
15. A method as claimed in claim 14, wherein the step of obtaining a permanent identifier for said user includes the steps of obtaining identity information from said user, said identity information including a temporary identity and obtaining from said core network said permanent identifier associated with said temporary identity.
16. A method as claimed in claim 14 or 15, wherein in said step of receiving a handover request from said core network, said handover request is a base station subsystem management application part (BSSMAP) message.
17. A method of authenticating a user of a mobile terminal accessing a mobile communications core network via an unlicensed radio access network (300) controlled by an unlicensed network controller (303), said method including the steps of: establishing a secure connection between said mobile terminal and the unlicensed network controller over said unlicensed radio access network and obtaining a unique permanent identifier for said user from identity information received from said mobile terminal, said unlicensed network controller associating said permanent identifier with the established secure connection, a node in said core network obtaining a second identifier from identity information contained in a message received from the mobile terminal connected via said established secure connection over said unlicensed radio access network, said core network node transmitting said second identifier to said unlicensed network controller, and said unlicensed network controller comparing said second identifier with the permanent identifier associated with said established secure connection and terminating said secure connection if said second identifier fails to match said permanent identifier.
18. A method as claimed in claim 17, wherein the step of obtaining a permanent identifier for said user includes the steps of obtaining identity information from said user, said identity information including a temporary identity and obtaining from said core network said permanent identifier associated with said temporary identity.
19. A method as claimed in claim 17 or 18, wherein the message received from said mobile terminal is any one of a page response, an outgoing call request, a location area update request, an attach request or a routing area update request.
20. A method as claimed in any previous claim, wherein an identifier is an international mobile subscriber identity uniquely associated with said user and said identity information includes an identifier or a temporary identity associated with an international mobile subscriber identity, such as a temporary mobile subscriber identity (TMSI), a packet TMSI, a temporary logical link identity (TLLI) or a network access identifier (NAI) pseudonym.
21. A method as claimed in any previous claim, wherein said step of establishing a secure connection between said mobile terminal and the unlicensed network controller includes applying an extensible authentication protocol.
22. A method as claimed in any previous claim, wherein a core network node is either a mobile services switching centre node associated with a visitor location register or a serving GPRS support node.
23. An unlicensed network controller (303) arranged to communicate with mobile terminal users (1) via a broadband access network (300) and to communicate with at least one node (401, 402) of a core network portion of a mobile communications network, said unlicensed network controller (303) being adapted to establish a secure connection with a mobile terminal over said unlicensed access network (300), characterised in that said unlicensed network controller is further adapted to obtain a permanent identifier assigned to a user of said mobile terminal using identity information received from said mobile terminal and to associate said permanent identifier with said established secure connection to said mobile terminal (1), and to terminate said connection if identification information that is neither equal to or associated with said permanent identifier is used by said mobile terminal to access services via said established secure connection.
24. An unlicensed network controller (303) arranged to communicate with mobile terminal users (1) via a broadband access network (300) and to communicate with at least one node (401, 402) of a core network portion of a mobile communications network, said unlicensed network controller (303) being adapted to establish a secure connection with a mobile terminal over said unlicensed access network (300), characterised in that said unlicensed network controller is further adapted: to obtain a permanent identifier assigned to a user of said mobile terminal using identity information received from said mobile terminal and to associate said permanent identifier with said established secure connection to said mobile terminal (1), to transmit said permanent identifier to a node of said mobile communications core network for use in retrieving authentication parameters for authenticating the user communicating via said established secure connection and to terminate said connection if identification information that is neither equal to or associated with said permanent identifier is used by said mobile terminal for authentication with said core network via said established secure connection.
25. An unlicensed network controller as claimed in claim 23 or 24, further characterised in that said unlicensed network controller (303) is adapted to intercept messages from said mobile terminal (1) directed to said node (402) of said core network over said established secure connection and to replace identity information relating to the mobile terminal user contained in said messages with the permanent identifier associated with said established secure connection.
26. An unlicensed network controller as claimed in claim 23 or 24, further characterised in that said unlicensed network controller (303) is adapted to intercept an identity request message sent by said core network node (402) to said mobile terminal (1) over said established secure connection and to send a response to said identity request message that includes the permanent identifier associated with said established secure connection.
27. An unlicensed network controller as claimed in any one of claims 23 to 26, further characterised in that said unlicensed network controller (303) is adapted to terminate said established secure connection in response to a message from said core network node (402).
28. An unlicensed network controller (303) arranged to communicate with mobile terminal users (1) via a broadband access network (300) and to communicate with at least one node (401, 402) of a core network portion of a mobile communications network, said unlicensed network controller (303) being adapted to establish a secure connection with a mobile terminal over said unlicensed access network (300), characterised in that said unlicensed network controller is further adapted to obtain a permanent identifier assigned to a user of said mobile terminal using identity information received from said mobile terminal and to associate said permanent identifier with said established secure connection to said mobile terminal (1), to transmit the permanent identifier associated with said established secure connection to said core network node (402), to receive a message from said core network node (402) when the user of the mobile terminal communicating over said established secure connection has a permanent identifier that differs from the permanent identifier associated with said secure connection, and to respond to the received message by terminating said established secure connection.
29. An unlicensed network controller (303) arranged to communicate with mobile terminal users (1) via a broadband access network (300) and to communicate with at least one node (401, 402) of a core network portion of a mobile communications network, said unlicensed network controller (303) being adapted to establish a secure connection with a mobile terminal over said unlicensed access network (300), characterised in that said unlicensed network controller is further adapted to obtain a permanent identifier assigned to a user of said mobile terminal using identity information received from said mobile terminal and to associate said permanent identifier with said established secure connection to said mobile terminal (1), to receive a message from said core network node (402) containing a user identifier obtained from identity information used by a mobile terminal communicating over said established secure connection, comparing said received user identifier with the permanent identifier associated with said established secure connection and terminating said established secure connection if said received identifier and the permanent identifier do not match.
30. An unlicensed network controller as claimed in any one of claims 23 to 29, wherein an identifier is an international mobile subscriber identity uniquely associated with said user and identity information includes an identifier or a temporary identity associated with an international mobile subscriber identity, such as a temporary mobile subscriber identity (TMSI), a packet TMSI, a temporary logical link identity (TLLI) or a network access identifier (NAI) pseudonym.
PCT/EP2005/013872 2005-12-22 2005-12-22 Subscriber authentication in mobile communication networks using unlicensed access networks WO2007071275A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2005/013872 WO2007071275A1 (en) 2005-12-22 2005-12-22 Subscriber authentication in mobile communication networks using unlicensed access networks

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2005/013872 WO2007071275A1 (en) 2005-12-22 2005-12-22 Subscriber authentication in mobile communication networks using unlicensed access networks

Publications (1)

Publication Number Publication Date
WO2007071275A1 true WO2007071275A1 (en) 2007-06-28

Family

ID=36809185

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2005/013872 WO2007071275A1 (en) 2005-12-22 2005-12-22 Subscriber authentication in mobile communication networks using unlicensed access networks

Country Status (1)

Country Link
WO (1) WO2007071275A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009152676A1 (en) * 2008-06-17 2009-12-23 中兴通讯股份有限公司 Aaa server, p-gw, pcrf, method and system for obtaining the ue's id
CN101400152B (en) * 2007-09-30 2010-09-15 华为技术有限公司 Method, system and apparatus for controlling related information using transmission policy
US20110010282A1 (en) * 2000-09-26 2011-01-13 Olin Haakan Access point for mobile devices in a packet based network and a method and a system for billing in such a network

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005104597A1 (en) * 2004-04-26 2005-11-03 Nokia Corporation Improved subscriber authentication for unlicensed mobile access signaling

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005104597A1 (en) * 2004-04-26 2005-11-03 Nokia Corporation Improved subscriber authentication for unlicensed mobile access signaling

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
GRECH S; ERONEN P: "Implications of Unlicensed Mobile Access (UMA) for GSM security", SECURECOMM 2005, 5 September 2005 (2005-09-05), ATHENS, pages 1 - 10, XP002395799, Retrieved from the Internet <URL:www.ieee.org> [retrieved on 20060823] *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110010282A1 (en) * 2000-09-26 2011-01-13 Olin Haakan Access point for mobile devices in a packet based network and a method and a system for billing in such a network
US8229813B2 (en) * 2000-09-26 2012-07-24 Landala Nat Access point for mobile devices in a packet based network and a method and a system for billing in such a network
CN101400152B (en) * 2007-09-30 2010-09-15 华为技术有限公司 Method, system and apparatus for controlling related information using transmission policy
WO2009152676A1 (en) * 2008-06-17 2009-12-23 中兴通讯股份有限公司 Aaa server, p-gw, pcrf, method and system for obtaining the ue's id

Similar Documents

Publication Publication Date Title
RU2745719C2 (en) Implementation of inter-network connection function using untrusted network
AU2005236981B2 (en) Improved subscriber authentication for unlicensed mobile access signaling
EP2731382B1 (en) Method for setting terminal in mobile communication system
EP1707024B1 (en) Improvements in authentication and authorization in heterogeneous networks
EP1914936B1 (en) An access control method of the user altering the visited network, the unit and the system thereof
EP1770940B1 (en) Method and apparatus for establishing a communication between a mobile device and a network
US20040162998A1 (en) Service authentication in a communication system
KR100755394B1 (en) Method for fast re-authentication in umts for umts-wlan handover
US20080026724A1 (en) Method for wireless local area network user set-up session connection and authentication, authorization and accounting server
US7076799B2 (en) Control of unciphered user traffic
WO2003037023A1 (en) Roaming arrangement
US20080305768A1 (en) Validating User Identity by Cooperation Between Core Network and Access Controller
EP2277298A1 (en) User-type handling in a wireless access network
WO2007071275A1 (en) Subscriber authentication in mobile communication networks using unlicensed access networks
KR100968522B1 (en) Mobile Authentication Method for Strengthening the Mutual Authentication and Handover Security
EP1448000B1 (en) Method and system for authenticating a subscriber
GB2417856A (en) Wireless LAN Cellular Gateways
EP1438869A1 (en) Roaming arrangement

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 05822497

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 05822497

Country of ref document: EP

Kind code of ref document: A1