WO2018109256A1 - User identification in mobile communications system - Google Patents

User identification in mobile communications system Download PDF

Info

Publication number
WO2018109256A1
WO2018109256A1 PCT/FI2016/050880 FI2016050880W WO2018109256A1 WO 2018109256 A1 WO2018109256 A1 WO 2018109256A1 FI 2016050880 W FI2016050880 W FI 2016050880W WO 2018109256 A1 WO2018109256 A1 WO 2018109256A1
Authority
WO
WIPO (PCT)
Prior art keywords
identifier
user
personal
mobile terminal
request
Prior art date
Application number
PCT/FI2016/050880
Other languages
French (fr)
Inventor
Kari Veikko Horneman
Hannu Petri Hietalahti
Vinh Van Phan
Original Assignee
Nokia Technologies Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Technologies Oy filed Critical Nokia Technologies Oy
Priority to PCT/FI2016/050880 priority Critical patent/WO2018109256A1/en
Publication of WO2018109256A1 publication Critical patent/WO2018109256A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/50Connection management for emergency connections
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity

Definitions

  • the present invention relates to user identification in mobile communications systems, and in particular facilitation of identification of the user in emergency situations.
  • a method comprising: - sending, by a mobile terminal to mobile network entity, an association request for associating a personal identifier of the user of the mobile terminal to at least one device identifier in the mobile network,
  • an apparatus comprising at least one processing core, at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processing core, cause the apparatus at least to:
  • the request for the user's personal identifier is detected on the basis of an incoming service call to an emergency identification service or an emergency data enquiry.
  • the request for the user's personal identifier is a personal identifier enquiry message of a user identification feature associated with a user privacy attribute defining if the user of the mobile terminal has enabled provision of the user's personal identifier to the mobile terminal, and the privacy attribute is checked before causing the transmission of the personal identifier.
  • a type of the device identifier in the request is detected, and the enquiry for the personal identifier is sent to an identifier register determined on the basis of the type of the identifier.
  • FIGURE 1 illustrates a simplified system in accordance with at least some embodiments of the present invention
  • FIGURES 2 and 3 are flow graph of methods in accordance with at least some embodiments of the present invention.
  • FIGURE 4 illustrates a mobile communications system in accordance with at least some embodiments of the present invention
  • FIGURE 5 illustrates signalling in accordance with at least some embodiments of the present invention
  • FIGURE 6 is a flow graph of a method in accordance with at least some embodiments of the present invention.
  • FIGURE 7 illustrates an example apparatus capable of supporting at least some embodiments of the present invention.
  • a new user identification feature is now provided, for arranging provision of a mobile terminal user's personal identifier from the network in particular situations, at least in case of an accident.
  • a new feature for a mobile terminal and a mobile network entity enables a user of the terminal to enable or disable setting of mapping between the user's personal identifier, such as a social security number, and a device identifier, such as an already applied equipment or subscriber identity associated with certain mobile hardware used by the user.
  • the user's personal identifier may be obtained on the basis of the established mapping on the basis of a device identifier provided from the mobile terminal.
  • Mobile terminals typically inform the mobile network their equipment identifier (ID), such as international mobile equipment identity (IMEI) in Third Generation Partnership Project (3 GPP) mobile communications systems, or a medium access control identifier of a wireless local area network.
  • ID equipment identifier
  • IMEI international mobile equipment identity
  • 3 GPP Third Generation Partnership Project
  • MMSI international mobile subscriber identity
  • SIM subscriber identification module
  • the mobile terminal user's personal identifier is associated to one or more such device identifiers regularly stored in the mobile network. Such association established inside the mobile network may be disclosed outside of the mobile communication system, at the mobile terminal.
  • the presently disclosed features enabling the capability to identify the user based on the mobile terminal enquiry to the mobile network have many applications available where users need to prove their identity, and can also be used in case of pre-paid subscriptions.
  • a pre-paid subscriber who has high requirements on privacy may configure his personal ID to trusted operator to be revealed for emergency situations.
  • the device identities can be used to identify the user of also a pre-paid subscription.
  • Various further security mechanisms may be applied to ensure confidentiality and reduce risk for misuse of the information.
  • FIGURE 1 illustrates an example of a simplified mobile communication system, in which a mobile terminal 10 may connect to a mobile network entity 20 via a radio network entity 30, such as a cellular radio access network or a wireless local area network.
  • the network entity 20 serves the mobile terminal at least for user identification related services, but may be providing also other services, such as mobility management.
  • the network entity 20 may be an already existing or a new element or function for circuit-switched or packet-switched services, equipped with at least some of the presently disclosed functionality related to association and provision of mobile terminal user's personal identifier.
  • the serving network entity 20 may be a mobility management entity (MME), a server managing identification handling and/or register(s), or a node serving or providing an emergency (identification) service or data enquiries.
  • MME mobility management entity
  • the mobile terminal 10 may be a mobile phone, a laptop, a pad, a wearable, or implant device, for example.
  • the system further comprises a data storage, a database, or a register entity 40 comprising mobile terminal user identification information, and further associations 42 between device identifiers (DID) and user's personal identifiers (UPID).
  • the data storage holding the association between the technical device identity and the user identity may be a standalone data storage or co-located with a network entity, such as a home location register HLR, a home subscriber server HSS, an equipment identifier register, or some other entity that is aware of the device identifier and the associated personal identifier.
  • a network entity 20 and data storage 40 is illustrated herewith, it is to be appreciated that multiple network entities and data storages may be involved for storing and accessing the associations.
  • the network entity 20 may be a new application server, or there may be additionally such new server storing and accessing the association information in the data storage 40.
  • FIGURE 2 illustrates a method in accordance with at least some embodiments.
  • the method may be implemented by a serving mobile network entity 20, such as the MME of a 3GPP system.
  • a request for a personal identifier of the user of a mobile terminal is received 200 from a mobile terminal, such as the mobile terminal 10.
  • the request for the user's personal identifier is detected 200 on the basis of an incoming service call to an emergency identification service or an emergency data enquiry.
  • At least one device identifier associated with the request is detected 210.
  • the associated device identifier may be included in a message or signalling comprising the request, or it may be requested separately.
  • An enquiry or request for a personal identifier associated with the at least one device identifier is transmitted 220.
  • the enquiry may be transmitted directly or indirectly via one or more further network entities or servers to the database or register 40.
  • the term "device identifier" is to be construed broadly, and may also be referred to as a technical (mobile) system-specific (private) identifier.
  • personal identifier is to be understood in a broad meaning of the term, comprising any kind of user identity information ranging from just plain social security ID to high resolution photos, fingerprints, medical data records including DNA and any kind of biometric or other identification that can be safely assumed to uniquely identify human beings.
  • the associated personal identifier Upon receiving a response with the personal identifier associated with the at least one device identifier, the associated personal identifier is transmitted 230.
  • the personal identifier may be transmitted 230 to the mobile terminal and/or one or more preconfigured entities in or outside the mobile network, such as an emergency center system, mobile terminal of a healthcare practitioner, etc.
  • the personal identifier may be transmitted to the terminal by means of a conventional message, such as a text message, to the terminal, but it will be appreciated that other means of delivery are as well possible.
  • the user of the device only needs to see the personal information that is obtained via the network response.
  • the personal ID and the device identifier(s) When the association between the personal ID and the device identifier(s) exists, it becomes possible to use the victim's mobile terminal to obtain the patient's identity and medical records for the emergency services at an accident scene. This could be done via a service call or a data enquiry to a specific identification service, such as a service identified on the basis of an emergency number.
  • An access control or authentication procedure associated with the request may be performed before transmission of the personal identifier to the mobile terminal.
  • the service call or the data enquiry to request 200 the personal identifier may or may not require authentication procedure, applying password check, biometric authentication, or some other authentication mechanism to ensure that the user of the mobile terminal is the registered owner.
  • an authenticated personal ID query to the subscriber database established above should involve a sufficient authentication mechanism to prevent unauthorized party to use a mobile terminal to fraudulent identification.
  • FIGURE 3 which illustrates how the presently disclosed user personal identification feature may be set-up in the network.
  • the network entity receives 300 an association request for associating the personal identifier of the user of the mobile terminal 10 to the at least one device identifier in the mobile network. After activation of the feature within the terminal or based on a request from the network, and if allowed by the user, the mobile terminal 10 can be prompted to send the request 300.
  • the presently disclosed user personal identification feature may include a confirmation procedure.
  • the serving network entity requests 310 confirmation for the association.
  • the requesting confirmation may involve one or more of: requesting confirmation from the user of the mobile terminal for association of the personal user identifier to the device identifier received from a network database and performing a security procedure involving a third party for confirming identity or authorization of the user of the mobile terminal.
  • the personal ID may be obtained from the user as a response to a further request by the network entity to the mobile terminal or another network entity, which may store the personal identifier for charging purposes.
  • the personal identifier may be obtained during the confirmation procedure 310 by the network.
  • the confirmation request to the mobile terminal may be used to confirm that the personal ID is correct.
  • the request may also include also the subscriber phone number related to the IMSI.
  • the confirmation may include performing an identification procedure with an online bank access identification system or another identification service, for example.
  • the network entity In response to receiving confirmation for the requested association, the network entity causes 320 establishment of the association of the at least one device identifier to the personal user identifier in the mobile network.
  • the association or mapping may then be later used as illustrated above in Figure 2 in connection with emergency situations, for example.
  • the user confirmation 310 procedure may be performed when the mobile terminal 10 is taken into use or if the confirmation feature is enabled, or it may be done in any time the user of the mobile terminal decide that it beneficial to link the device identifier to the personal ID.
  • the association between the user's personal ID and his device identifier(s) only need to be established once.
  • the presently disclosed user personal identification feature may include a new privacy category attribute.
  • the privacy category attribute may define whether the user confirmation 310 for the association is required.
  • the request 200 for the user's personal identifier may be a personal identifier enquiry message of a user identification feature.
  • Such feature may be associated with a user privacy attribute defining if the user of the mobile terminal has enabled provision of the user's personal identifier to the mobile terminal.
  • the privacy attribute may be stored in the network database 40 and is checked before causing 230 the transmission of the personal identifier.
  • the privacy attribute may define two or more access levels or rules, comprising one or more of: restricting the provision of the personal identifier only to emergency situations, restricting the provision of the personal identifier only to services or service providers authorized by the user, restricting the provision of the personal identifier only to a service class authorized by the user, restricting the provision of the personal identifier to officials, and allowing provision of the personal identifier for commercial identification purposes.
  • the serving network entity 20 or the identity registry 40 entity Prior to responding 230 with the corresponding user's personal identifier, evaluates the stored privacy attribute defining if the user of the mobile terminal has enabled provision of the user's personal identifier to the mobile terminal.
  • the above-illustrated features are radio agnostic, and can be arranged on various radio access and core network technologies, such as 3 GPP 2G, 3G, 4G, 5G or other cellular and/or non-cellular network architecture. Some further embodiments are illustrated below for the 3 GPP system. However, it is to be appreciated that at least some of the below-illustrated features may be applied also outside 3GPP systems, such as the selection of target for the personal identifier enquiry based on the type of the device identifier.
  • FIGURE 4 illustrates a 3 GPP system in which at least some of the presently disclosed features related to association and provision of mobile terminal's user personal identifier may be applied.
  • User equipment UE
  • the MME may communicate with the HSS, which is the master database for a given user. It is the entity containing the subscription-related information to support the network entities actually handling calls/sessions.
  • the HLR can be considered as the sub-set of the HSS.
  • the S6a interface enables transfer of subscription and authentication data for authenticating/authorizing user access to the evolved system (AAA interface) between MME and HSS.
  • AAA interface evolved system
  • the association between the user's personal identifier and the identifier is stored in the HSS or HLR, or a database co-located or accessed by the HSS or HLR.
  • the IMSI associated with the personal identifier request is used as the key to access the association in the HSS/HLR.
  • the association stored in the HSS/HLR may be accessed by a serving network entity in the CS domain, PS domain, or the IM CN subsystem, such as the MME, the serving gateway or a serving call session control function (S-CSCF), respectively.
  • the HSS is the master of the IMSIs, but the service for resolving the association may be deployed by another entity or server with access to the HSS IMSI data.
  • At least one of the following device identifiers is associated with the user personal identifier: an IMSI associated with a subscriber identity module (SIM) in the UE, an internet protocol multimedia service (IMS) private identifier, and an IMEI associated with the mobile terminal UE.
  • SIM subscriber identity module
  • IMS internet protocol multimedia service
  • IMEI IMEI
  • the association may be stored in the Equipment Identity Register (EIR), and accessed by the MME over an S13 interface.
  • EIR Equipment Identity Register
  • An advantage in the binding between the IMEI and the personal identifier is that emergency calls can be arranged without IMSI, using IMEI as the mobile identity. Such emergency call may be applied to request the personal identifier. This makes it more likely that identification of user for emergency purposes can take place even when other reasons could prevent a normal call or data connection.
  • FIGURE 5 illustrates signalling examples for 3GPP system according to some example embodiments.
  • the UE enquires 500 the user personal ID with a device identity (e.g. IMEI, IMSI, or IMS private user identity).
  • the MME detects the specific Personal ID Enquiry message, and checks 502 one or more identifiers within it.
  • the type of the device identifier in or otherwise associated with the request is detected in step 210, 502.
  • the enquiry or request for the personal identifier is sent 220, 504a, 504b to an identifier register determined on the basis of the identifier type.
  • the device identity to Personal ID association may thus reside in different network entity depending on which device identity is used.
  • IMSI is always bound to its Home PLMN identified by mobile country code (MCC) + mobile network code (MNC) as subset of IMSI.
  • MCC mobile country code
  • MNC mobile network code
  • IMEI is not correlated with any Home PLMN, so enquiries using IMEI may need to be routed towards a different network entity than enquiries with device identity that identifies HPLMN.
  • the MME determines 502 the appropriate destination for the enquiry.
  • the HPLMN related (IMSI, IMS private identifier) enquiries are destined for the HSS 504a and IMEI based enquiries are addressed 504b to the IMEI register EIR.
  • Messages 504a and 504b are typically mutually exclusive, so only one of them is sent, depending on which device identity is used as the key in the UE request 500.
  • Whichever network entity received the request 504a, 504b it resolves the user's personal identifier that corresponds with the device identity that is received in the request 504a, 504b. This resolution may take the form of a database query to a customer database.
  • the response is returned 506a, 506b to the MME, which responds 508 to the
  • the response comprises the user's Personal identifier information corresponding to the device identity that was received in the request 500.
  • the MME may request the IMEI code, and then proceed with check 502.
  • a 5G network function such as a network function carrying out access control and/or mobility management, which may be referred to as an access control and mobility management function AMF, a connection and mobility management function CMF or an access control function ACF, may carry out at least some of the features illustrated above for the network entity 20.
  • a unified data management (UDM) may support authentication related functions and store subscription data and also the association to personal user identifier.
  • the association information may be stored in a common user data repository (UDR), which may be present in the UDM, or in some other element accessed by a 5G function serving the 5G UE for the personal identifier feature.
  • UDR common user data repository
  • a reference is made to 3GPP TR 23.799 (version 2.0.0 2016-11) for more information on 5G network architecture.
  • FIGURE 6 illustrates a method in accordance with at least some embodiments.
  • the method may be implemented by a mobile terminal 10, such as the UE of the 3GPP system, which may communicate with a network entity 20, such as the MME, operating according to at least some of the embodiments illustrated above in connection with Figures 3 to 5.
  • a mobile terminal sends 600, to a mobile network entity, an association request for associating a personal identifier of the user of the mobile terminal to at least one device identifier in the mobile network.
  • the mobile terminal detects 610 an input for requesting the personal identifier.
  • the mobile terminal sends 620, to the mobile network entity, a request for the personal identifier of the user of the mobile terminal, the request being associated with at least one device identifier.
  • the mobile terminal receives 630 from the mobile network entity the personal identifier associated in the network with the at least one device identifier.
  • the received personal identifier may then be further applied in the mobile terminal. This typically involves display of the identifier, but may also or instead include provision of the identifier to an application run in the terminal or in a network resource connected by the terminal.
  • the terminal may receive from the network a confirmation request (310) for the association to be obtained from a user of the mobile terminal.
  • the terminal may prompt the user for confirmation of the personal ID.
  • the terminal may send to the network entity the confirmation for the association for causing establishment of the association of the at least one device identifier to the personal user identifier in the mobile network.
  • the mobile terminal may be used as a personal identification module or card.
  • disabling or otherwise modifying the association in the network may be arranged similarly as illustrated above e.g. in connection with Figured 3 and 6.
  • steps similar as in Figure 3 and step 600 in Figure 6 may be carried out to disable or modify the association by the network entity 20, MME and the mobile terminal 10, UE.
  • Figure 7 illustrates an example apparatus capable of supporting at least some embodiments of the present invention. Illustrated is a device 700, which may comprise an electronic communication device applying at least some of the above embodiments illustrated in connection with Figures 1 to 6 for arranging the personal identification feature. The device may be arranged to operate as the mobile terminal 10 or the network entity 20.
  • a processor 702 which may comprise, for example, a single- or multi-core processor wherein a single-core processor comprises one processing core and a multi-core processor comprises more than one processing core.
  • the processor 702 may comprise more than one processor.
  • the processor may comprise at least one application- specific integrated circuit, ASIC.
  • the processor may comprise at least one field-programmable gate array, FPGA.
  • the processor may be means for performing method steps in the device.
  • the processor may be configured, at least in part by computer instructions, to perform actions to cause at least some of the above-illustrate features facilitating the personal identification.
  • the device 700 may comprise memory 704.
  • the memory may comprise random-access memory and/or permanent memory.
  • the memory may comprise at least one RAM chip.
  • the memory may comprise solid-state, magnetic, optical and/or holographic memory, for example.
  • the memory may be at least in part accessible to the processor 702.
  • the memory may be at least in part comprised in the processor 702.
  • the memory 704 may be means for storing information.
  • the memory may comprise computer instructions that the processor is configured to execute. When computer instructions configured to cause the processor to perform certain actions are stored in the memory, and the device in overall is configured to run under the direction of the processor using computer instructions from the memory, the processor and/or its at least one processing core may be considered to be configured to perform said certain actions, such as the actions illustrated in connection with any one of Figures 2 to 6.
  • the memory may be at least in part comprised in the processor.
  • the memory may be at least in part external to the device 700 but accessible to the device.
  • the device 700 may comprise a transmitter 706.
  • the device may comprise a receiver 708.
  • the transmitter and the receiver may be configured to transmit and receive, respectively, information in accordance with at least one cellular or non-cellular standard.
  • the transmitter may comprise more than one transmitter.
  • the receiver may comprise more than one receiver.
  • the transmitter and/or receiver may be configured to operate in accordance with global system for mobile communication, GSM, wideband code division multiple access, WCDMA, long term evolution, LTE, 5G radio, wireless local area network, WLAN, Ethernet and/or worldwide interoperability for microwave access, WiMAX, standards, for example.
  • the device 700 may comprise a near-field communication, NFC, transceiver 710.
  • the NFC transceiver may support at least one NFC technology, such as NFC, Bluetooth, Wibree or similar technologies.
  • the device 700 may comprise user interface, UI, 712.
  • the UI may comprise at least one of a display, a keyboard, a touchscreen, a vibrator arranged to signal to a user by causing the device to vibrate, a speaker and a microphone.
  • a user may be able to operate the device via the UI, for example to accept incoming telephone calls, to originate telephone calls or video calls, to browse the Internet, to manage digital files stored in the memory 704 or on a cloud accessible via the transmitter 706 and the receiver 708, or via the NFC transceiver 710, and/or to play games.
  • the device 700 may comprise, access, or be arranged to accept a user identity module 714.
  • the user identity module may comprise, for example, a subscriber identity module, SIM, card installable in the device 700.
  • the user identity module 714 may comprise information identifying a subscription of a user of device 700, such as the IMSI.
  • the user identity module 714 may comprise cryptographic information usable to verify the identity of a user of device 700 and/or to facilitate encryption of communicated information and billing of the user of the device 700 for communication effected via the device 700.
  • the processor 702 may be furnished with a transmitter arranged to output information from the processor, via electrical leads internal to the device 700, to other devices comprised in the device.
  • Such a transmitter may comprise a serial bus transmitter arranged to, for example, output information via at least one electrical lead to memory 704 for storage therein.
  • the transmitter may comprise a parallel bus transmitter.
  • the processor may comprise a receiver arranged to receive information in the processor, via electrical leads internal to the device 700, from other devices comprised in the device 700.
  • Such a receiver may comprise a serial bus receiver arranged to, for example, receive information via at least one electrical lead from the receiver 708 for processing in the processor.
  • the receiver may comprise a parallel bus receiver.
  • the device 700 may comprise further devices not illustrated in Figure 7.
  • the device in the form of user terminal device may comprise at least one digital camera.
  • Some devices 700 may comprise a back-facing camera and a front-facing camera.
  • the device may comprise a fingerprint sensor arranged to authenticate, at least in part, a user of the device.
  • the device lacks at least one device described above.
  • some devices may lack the NFC transceiver 140 and/or the user identity mo dule 714.
  • the processor 702 the memory 704, the transmitter 706, the receiver 708, the
  • NFC transceiver 710, the UI 712 and/or the user identity module 714 may be interconnected by electrical leads internal to the device 700 in a multitude of different ways.
  • each of the aforementioned devices may be separately connected to a master bus internal to the device, to allow for the devices to exchange information.
  • this is only one example and depending on the embodiment various ways of interconnecting at least two of the aforementioned devices may be selected without departing from the scope of the present invention.
  • At least some embodiments of the present invention find industrial application in communications .
  • HPLMN Home public land mobile network
  • WiMAX Worldwide interoperability for microwave access WLAN Wireless local area network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

According to an example aspect of the present invention, there is provided a method for user identification in a mobile communications system, comprising: receiving, by a mobile network entity from a mobile terminal, a request for a personal identifier of the user of the mobile terminal, detecting at least one device identifier associated with the request, causing enquiry for a personal identifier associated with the at least one device identifier; and causing transmission of the personal identifier associated with the at least one device identifier.

Description

USER IDENTIFICATION IN MOBILE COMMUNICATIONS SYSTEM
FIELD
[0001] The present invention relates to user identification in mobile communications systems, and in particular facilitation of identification of the user in emergency situations.
BACKGROUND
[0002] Personal mobile communications devices typically have very important role in accident situations. One of the challenges of accidents is to identify victim's identity for emergency health caring purposes, in particular to search personal health care information.
[0003] Typically mobile networks enable a specific emergency call to an emergency number, which does not require any subscriber identification module in the mobile terminal and hence submission of a subscriber identity towards the network.
[0004] There is a need for improvements of obtaining the real identity of users of mobile devices in emergency situations.
SUMMARY
[0005] The invention is defined by the features of the independent claims. Some specific embodiments are defined in the dependent claims.
[0006] According to a first aspect of the present invention, there is provided a method, comprising:
- receiving, by a mobile network entity from a mobile terminal, a request for a personal identifier of the user of the mobile terminal,
- detecting at least one device identifier associated with the request,
- causing an enquiry for a personal identifier associated with the at least one device identifier; and
- causing transmission of the personal identifier associated with the at least one device identifier.
[0007] According to a second aspect of the present invention, there is provided a method, comprising: - sending, by a mobile terminal to mobile network entity, an association request for associating a personal identifier of the user of the mobile terminal to at least one device identifier in the mobile network,
- detecting, by the mobile terminal, an input for requesting the personal identifier, - sending, by the mobile terminal to the mobile network entity, a request for the personal identifier of the user of the mobile terminal, the request being associated with at least one device identifier; and
- receiving, by the mobile terminal from the mobile network entity the personal identifier associated in the network with the at least one device identifier.
According to a second aspect of the present invention, there is provided an apparatus, comprising at least one processing core, at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processing core, cause the apparatus at least to:
- receive, by a mobile network entity from a mobile terminal, a request for a personal identifier of the user of the mobile terminal,
- detect at least one device identifier associated with the request,
- cause an enquiry for a personal identifier associated with the at least one device identifier; and
- cause transmission of the personal identifier associated with the at least one device identifier.
[0008] According to an embodiment, the request for the user's personal identifier is detected on the basis of an incoming service call to an emergency identification service or an emergency data enquiry.
[0009] According to an embodiment, the request for the user's personal identifier is a personal identifier enquiry message of a user identification feature associated with a user privacy attribute defining if the user of the mobile terminal has enabled provision of the user's personal identifier to the mobile terminal, and the privacy attribute is checked before causing the transmission of the personal identifier.
[0010] According to an embodiment, a type of the device identifier in the request is detected, and the enquiry for the personal identifier is sent to an identifier register determined on the basis of the type of the identifier. BRIEF DESCRIPTION OF THE DRAWINGS
[0011] FIGURE 1 illustrates a simplified system in accordance with at least some embodiments of the present invention;
[0012] FIGURES 2 and 3 are flow graph of methods in accordance with at least some embodiments of the present invention;
[0013] FIGURE 4 illustrates a mobile communications system in accordance with at least some embodiments of the present invention;
[0014] FIGURE 5 illustrates signalling in accordance with at least some embodiments of the present invention; [0015] FIGURE 6 is a flow graph of a method in accordance with at least some embodiments of the present invention; and
[0016] FIGURE 7 illustrates an example apparatus capable of supporting at least some embodiments of the present invention.
EMBODIMENTS [0017] A new user identification feature is now provided, for arranging provision of a mobile terminal user's personal identifier from the network in particular situations, at least in case of an accident. A new feature for a mobile terminal and a mobile network entity, enables a user of the terminal to enable or disable setting of mapping between the user's personal identifier, such as a social security number, and a device identifier, such as an already applied equipment or subscriber identity associated with certain mobile hardware used by the user. In case of an emergency, the user's personal identifier may be obtained on the basis of the established mapping on the basis of a device identifier provided from the mobile terminal.
[0018] Mobile terminals typically inform the mobile network their equipment identifier (ID), such as international mobile equipment identity (IMEI) in Third Generation Partnership Project (3 GPP) mobile communications systems, or a medium access control identifier of a wireless local area network. In many systems mobile terminals also inform the network of a subscriber identifier, such as an international mobile subscriber identity (IMSI). Since the subscriber identifier is specific to a subscriber identification module (SIM) currently associated with the terminal, typically an IC card inserted in the mobile terminal, it is considered as a device (specific) identifier in the present context as well. In some embodiments, the mobile terminal user's personal identifier is associated to one or more such device identifiers regularly stored in the mobile network. Such association established inside the mobile network may be disclosed outside of the mobile communication system, at the mobile terminal.
[0019] The presently disclosed features enabling the capability to identify the user based on the mobile terminal enquiry to the mobile network have many applications available where users need to prove their identity, and can also be used in case of pre-paid subscriptions. For example, a pre-paid subscriber who has high requirements on privacy, may configure his personal ID to trusted operator to be revealed for emergency situations. Once the binding between the one or more technical device identities and the human user's personal ID has been established, then the device identities can be used to identify the user of also a pre-paid subscription. Various further security mechanisms may be applied to ensure confidentiality and reduce risk for misuse of the information.
[0020] FIGURE 1 illustrates an example of a simplified mobile communication system, in which a mobile terminal 10 may connect to a mobile network entity 20 via a radio network entity 30, such as a cellular radio access network or a wireless local area network. The network entity 20 serves the mobile terminal at least for user identification related services, but may be providing also other services, such as mobility management.
[0021] The network entity 20 may be an already existing or a new element or function for circuit-switched or packet-switched services, equipped with at least some of the presently disclosed functionality related to association and provision of mobile terminal user's personal identifier. For example, the serving network entity 20 may be a mobility management entity (MME), a server managing identification handling and/or register(s), or a node serving or providing an emergency (identification) service or data enquiries. The mobile terminal 10 may be a mobile phone, a laptop, a pad, a wearable, or implant device, for example.
[0022] The system further comprises a data storage, a database, or a register entity 40 comprising mobile terminal user identification information, and further associations 42 between device identifiers (DID) and user's personal identifiers (UPID). The data storage holding the association between the technical device identity and the user identity may be a standalone data storage or co-located with a network entity, such as a home location register HLR, a home subscriber server HSS, an equipment identifier register, or some other entity that is aware of the device identifier and the associated personal identifier. Although single network entity 20 and data storage 40 is illustrated herewith, it is to be appreciated that multiple network entities and data storages may be involved for storing and accessing the associations. The network entity 20 may be a new application server, or there may be additionally such new server storing and accessing the association information in the data storage 40.
[0023] FIGURE 2 illustrates a method in accordance with at least some embodiments. The method may be implemented by a serving mobile network entity 20, such as the MME of a 3GPP system. A request for a personal identifier of the user of a mobile terminal is received 200 from a mobile terminal, such as the mobile terminal 10. In some embodiments, the request for the user's personal identifier is detected 200 on the basis of an incoming service call to an emergency identification service or an emergency data enquiry.
[0024] At least one device identifier associated with the request is detected 210. The associated device identifier may be included in a message or signalling comprising the request, or it may be requested separately. An enquiry or request for a personal identifier associated with the at least one device identifier is transmitted 220. For example, the enquiry may be transmitted directly or indirectly via one or more further network entities or servers to the database or register 40. The term "device identifier" is to be construed broadly, and may also be referred to as a technical (mobile) system-specific (private) identifier. The term "personal identifier" is to be understood in a broad meaning of the term, comprising any kind of user identity information ranging from just plain social security ID to high resolution photos, fingerprints, medical data records including DNA and any kind of biometric or other identification that can be safely assumed to uniquely identify human beings.
[0025] Upon receiving a response with the personal identifier associated with the at least one device identifier, the associated personal identifier is transmitted 230. The personal identifier may be transmitted 230 to the mobile terminal and/or one or more preconfigured entities in or outside the mobile network, such as an emergency center system, mobile terminal of a healthcare practitioner, etc. The personal identifier may be transmitted to the terminal by means of a conventional message, such as a text message, to the terminal, but it will be appreciated that other means of delivery are as well possible. The user of the device only needs to see the personal information that is obtained via the network response. [0026] When the association between the personal ID and the device identifier(s) exists, it becomes possible to use the victim's mobile terminal to obtain the patient's identity and medical records for the emergency services at an accident scene. This could be done via a service call or a data enquiry to a specific identification service, such as a service identified on the basis of an emergency number. [0027] An access control or authentication procedure associated with the request may be performed before transmission of the personal identifier to the mobile terminal. Depending on the applied use case, the service call or the data enquiry to request 200 the personal identifier may or may not require authentication procedure, applying password check, biometric authentication, or some other authentication mechanism to ensure that the user of the mobile terminal is the registered owner. In emergency case the identification method cannot assume the assistance of the accident victim who might be unconscious or disoriented and thus not able to participate in the authentication. In commercial identification cases, where e.g. a customer needs to prove their identity, an authenticated personal ID query to the subscriber database established above should involve a sufficient authentication mechanism to prevent unauthorized party to use a mobile terminal to fraudulent identification.
[0028] Some further embodiments are illustrated below, first with reference to
FIGURE 3, which illustrates how the presently disclosed user personal identification feature may be set-up in the network. These features may be implemented in the serving network entity 20, for example. The network entity receives 300 an association request for associating the personal identifier of the user of the mobile terminal 10 to the at least one device identifier in the mobile network. After activation of the feature within the terminal or based on a request from the network, and if allowed by the user, the mobile terminal 10 can be prompted to send the request 300. [0029] The presently disclosed user personal identification feature may include a confirmation procedure. Thus, the serving network entity requests 310 confirmation for the association. The requesting confirmation may involve one or more of: requesting confirmation from the user of the mobile terminal for association of the personal user identifier to the device identifier received from a network database and performing a security procedure involving a third party for confirming identity or authorization of the user of the mobile terminal. The personal ID may be obtained from the user as a response to a further request by the network entity to the mobile terminal or another network entity, which may store the personal identifier for charging purposes. The personal identifier may be obtained during the confirmation procedure 310 by the network. The confirmation request to the mobile terminal may be used to confirm that the personal ID is correct. The request may also include also the subscriber phone number related to the IMSI. The confirmation may include performing an identification procedure with an online bank access identification system or another identification service, for example.
[0030] In response to receiving confirmation for the requested association, the network entity causes 320 establishment of the association of the at least one device identifier to the personal user identifier in the mobile network. The association or mapping may then be later used as illustrated above in Figure 2 in connection with emergency situations, for example. The user confirmation 310 procedure may be performed when the mobile terminal 10 is taken into use or if the confirmation feature is enabled, or it may be done in any time the user of the mobile terminal decide that it beneficial to link the device identifier to the personal ID. The association between the user's personal ID and his device identifier(s) only need to be established once.
[0031] The presently disclosed user personal identification feature may include a new privacy category attribute. The privacy category attribute may define whether the user confirmation 310 for the association is required.
[0032] The request 200 for the user's personal identifier may be a personal identifier enquiry message of a user identification feature. Such feature may be associated with a user privacy attribute defining if the user of the mobile terminal has enabled provision of the user's personal identifier to the mobile terminal. The privacy attribute may be stored in the network database 40 and is checked before causing 230 the transmission of the personal identifier. The privacy attribute may define two or more access levels or rules, comprising one or more of: restricting the provision of the personal identifier only to emergency situations, restricting the provision of the personal identifier only to services or service providers authorized by the user, restricting the provision of the personal identifier only to a service class authorized by the user, restricting the provision of the personal identifier to officials, and allowing provision of the personal identifier for commercial identification purposes. Prior to responding 230 with the corresponding user's personal identifier, the serving network entity 20 or the identity registry 40 entity evaluates the stored privacy attribute defining if the user of the mobile terminal has enabled provision of the user's personal identifier to the mobile terminal.
[0033] The above-illustrated features are radio agnostic, and can be arranged on various radio access and core network technologies, such as 3 GPP 2G, 3G, 4G, 5G or other cellular and/or non-cellular network architecture. Some further embodiments are illustrated below for the 3 GPP system. However, it is to be appreciated that at least some of the below-illustrated features may be applied also outside 3GPP systems, such as the selection of target for the personal identifier enquiry based on the type of the device identifier.
[0034] FIGURE 4 illustrates a 3 GPP system in which at least some of the presently disclosed features related to association and provision of mobile terminal's user personal identifier may be applied. User equipment (UE) may be arranged to communicate with the MME via a radio access network EUTRAN/UTRAN/GERAN regarding the presently disclosed identifier related feature between the mobile terminal 10 and the serving network entity 20. The MME may communicate with the HSS, which is the master database for a given user. It is the entity containing the subscription-related information to support the network entities actually handling calls/sessions. The HLR can be considered as the sub-set of the HSS. The S6a interface enables transfer of subscription and authentication data for authenticating/authorizing user access to the evolved system (AAA interface) between MME and HSS. For further information on the 3GPP system entities, reference is made to 3 GPP specification 23.002, "Network architecture", version 14.0.0 (2016-09). [0035] In some embodiments, the association between the user's personal identifier and the identifier is stored in the HSS or HLR, or a database co-located or accessed by the HSS or HLR. The IMSI associated with the personal identifier request is used as the key to access the association in the HSS/HLR. The association stored in the HSS/HLR may be accessed by a serving network entity in the CS domain, PS domain, or the IM CN subsystem, such as the MME, the serving gateway or a serving call session control function (S-CSCF), respectively. The HSS is the master of the IMSIs, but the service for resolving the association may be deployed by another entity or server with access to the HSS IMSI data.
[0036] In some embodiments, at least one of the following device identifiers is associated with the user personal identifier: an IMSI associated with a subscriber identity module (SIM) in the UE, an internet protocol multimedia service (IMS) private identifier, and an IMEI associated with the mobile terminal UE. In case of IMEI, the association may be stored in the Equipment Identity Register (EIR), and accessed by the MME over an S13 interface. An advantage in the binding between the IMEI and the personal identifier is that emergency calls can be arranged without IMSI, using IMEI as the mobile identity. Such emergency call may be applied to request the personal identifier. This makes it more likely that identification of user for emergency purposes can take place even when other reasons could prevent a normal call or data connection.
[0037] FIGURE 5 illustrates signalling examples for 3GPP system according to some example embodiments. The UE enquires 500 the user personal ID with a device identity (e.g. IMEI, IMSI, or IMS private user identity). The MME detects the specific Personal ID Enquiry message, and checks 502 one or more identifiers within it.
[0038] In some embodiments, the type of the device identifier in or otherwise associated with the request is detected in step 210, 502. The enquiry or request for the personal identifier is sent 220, 504a, 504b to an identifier register determined on the basis of the identifier type.
[0039] The device identity to Personal ID association may thus reside in different network entity depending on which device identity is used. For example, IMSI is always bound to its Home PLMN identified by mobile country code (MCC) + mobile network code (MNC) as subset of IMSI. IMEI is not correlated with any Home PLMN, so enquiries using IMEI may need to be routed towards a different network entity than enquiries with device identity that identifies HPLMN. Based on the identity type contained in the received Personal ID Enquiry message, the MME determines 502 the appropriate destination for the enquiry. In this example, the HPLMN related (IMSI, IMS private identifier) enquiries are destined for the HSS 504a and IMEI based enquiries are addressed 504b to the IMEI register EIR. Messages 504a and 504b are typically mutually exclusive, so only one of them is sent, depending on which device identity is used as the key in the UE request 500. [0040] Whichever network entity received the request 504a, 504b, it resolves the user's personal identifier that corresponds with the device identity that is received in the request 504a, 504b. This resolution may take the form of a database query to a customer database. [0041] The response is returned 506a, 506b to the MME, which responds 508 to the
UE that initiated the enquiry. The response comprises the user's Personal identifier information corresponding to the device identity that was received in the request 500.
[0042] It is to be noted that there may be further communication between at least some of the illustrated entities. For example, after receiving the request 500 from the UE, the MME may request the IMEI code, and then proceed with check 502.
[0043] In a still further example embodiment, the present features are applied in a
5G (or beyond) system. Thus, a 5G network function, such as a network function carrying out access control and/or mobility management, which may be referred to as an access control and mobility management function AMF, a connection and mobility management function CMF or an access control function ACF, may carry out at least some of the features illustrated above for the network entity 20. A unified data management (UDM) may support authentication related functions and store subscription data and also the association to personal user identifier. The association information may be stored in a common user data repository (UDR), which may be present in the UDM, or in some other element accessed by a 5G function serving the 5G UE for the personal identifier feature. A reference is made to 3GPP TR 23.799 (version 2.0.0 2016-11) for more information on 5G network architecture.
[0044] FIGURE 6 illustrates a method in accordance with at least some embodiments. The method may be implemented by a mobile terminal 10, such as the UE of the 3GPP system, which may communicate with a network entity 20, such as the MME, operating according to at least some of the embodiments illustrated above in connection with Figures 3 to 5. A mobile terminal sends 600, to a mobile network entity, an association request for associating a personal identifier of the user of the mobile terminal to at least one device identifier in the mobile network. [0045] Later, when there is a need to obtain the personal identifier of the user stored in the network, e.g. in an emergency situation, the mobile terminal detects 610 an input for requesting the personal identifier. The mobile terminal sends 620, to the mobile network entity, a request for the personal identifier of the user of the mobile terminal, the request being associated with at least one device identifier. The mobile terminal receives 630 from the mobile network entity the personal identifier associated in the network with the at least one device identifier. The received personal identifier may then be further applied in the mobile terminal. This typically involves display of the identifier, but may also or instead include provision of the identifier to an application run in the terminal or in a network resource connected by the terminal.
[0046] Before step 600, the terminal may receive from the network a confirmation request (310) for the association to be obtained from a user of the mobile terminal. Thus, the terminal may prompt the user for confirmation of the personal ID. In response to receiving a confirmation input from the user, the terminal may send to the network entity the confirmation for the association for causing establishment of the association of the at least one device identifier to the personal user identifier in the mobile network. [0047] There are various other application areas in which at least some of the presently disclosed features may be applied in addition to or instead of the above- illustrated emergency situation identification embodiment. In one such example, the mobile terminal may be used as a personal identification module or card. For example, when the UE owner needs to identify him/herself to a public authority official or for commercial reasons, one can use this feature instead of the ID cart or passport. That kind of usage needs that the official is making the enquiry using the device with his/her official identifier to be used these kind enquiries.
[0048] It is to be noted that the disabling or otherwise modifying the association in the network may be arranged similarly as illustrated above e.g. in connection with Figured 3 and 6. For example, instead of association, steps similar as in Figure 3 and step 600 in Figure 6 may be carried out to disable or modify the association by the network entity 20, MME and the mobile terminal 10, UE.
[0049] Figure 7 illustrates an example apparatus capable of supporting at least some embodiments of the present invention. Illustrated is a device 700, which may comprise an electronic communication device applying at least some of the above embodiments illustrated in connection with Figures 1 to 6 for arranging the personal identification feature. The device may be arranged to operate as the mobile terminal 10 or the network entity 20.
[0050] Comprised in the device 700 is a processor 702, which may comprise, for example, a single- or multi-core processor wherein a single-core processor comprises one processing core and a multi-core processor comprises more than one processing core. The processor 702 may comprise more than one processor. The processor may comprise at least one application- specific integrated circuit, ASIC. The processor may comprise at least one field-programmable gate array, FPGA. The processor may be means for performing method steps in the device. The processor may be configured, at least in part by computer instructions, to perform actions to cause at least some of the above-illustrate features facilitating the personal identification.
[0051] The device 700 may comprise memory 704. The memory may comprise random-access memory and/or permanent memory. The memory may comprise at least one RAM chip. The memory may comprise solid-state, magnetic, optical and/or holographic memory, for example. The memory may be at least in part accessible to the processor 702. The memory may be at least in part comprised in the processor 702. The memory 704 may be means for storing information. The memory may comprise computer instructions that the processor is configured to execute. When computer instructions configured to cause the processor to perform certain actions are stored in the memory, and the device in overall is configured to run under the direction of the processor using computer instructions from the memory, the processor and/or its at least one processing core may be considered to be configured to perform said certain actions, such as the actions illustrated in connection with any one of Figures 2 to 6. The memory may be at least in part comprised in the processor. The memory may be at least in part external to the device 700 but accessible to the device.
[0052] The device 700 may comprise a transmitter 706. The device may comprise a receiver 708. The transmitter and the receiver may be configured to transmit and receive, respectively, information in accordance with at least one cellular or non-cellular standard. The transmitter may comprise more than one transmitter. The receiver may comprise more than one receiver. The transmitter and/or receiver may be configured to operate in accordance with global system for mobile communication, GSM, wideband code division multiple access, WCDMA, long term evolution, LTE, 5G radio, wireless local area network, WLAN, Ethernet and/or worldwide interoperability for microwave access, WiMAX, standards, for example. The device 700 may comprise a near-field communication, NFC, transceiver 710. The NFC transceiver may support at least one NFC technology, such as NFC, Bluetooth, Wibree or similar technologies. [0053] The device 700 may comprise user interface, UI, 712. The UI may comprise at least one of a display, a keyboard, a touchscreen, a vibrator arranged to signal to a user by causing the device to vibrate, a speaker and a microphone. A user may be able to operate the device via the UI, for example to accept incoming telephone calls, to originate telephone calls or video calls, to browse the Internet, to manage digital files stored in the memory 704 or on a cloud accessible via the transmitter 706 and the receiver 708, or via the NFC transceiver 710, and/or to play games.
[0054] The device 700 may comprise, access, or be arranged to accept a user identity module 714. The user identity module may comprise, for example, a subscriber identity module, SIM, card installable in the device 700. The user identity module 714 may comprise information identifying a subscription of a user of device 700, such as the IMSI. The user identity module 714 may comprise cryptographic information usable to verify the identity of a user of device 700 and/or to facilitate encryption of communicated information and billing of the user of the device 700 for communication effected via the device 700. [0055] The processor 702 may be furnished with a transmitter arranged to output information from the processor, via electrical leads internal to the device 700, to other devices comprised in the device. Such a transmitter may comprise a serial bus transmitter arranged to, for example, output information via at least one electrical lead to memory 704 for storage therein. Alternatively to a serial bus, the transmitter may comprise a parallel bus transmitter. Likewise the processor may comprise a receiver arranged to receive information in the processor, via electrical leads internal to the device 700, from other devices comprised in the device 700. Such a receiver may comprise a serial bus receiver arranged to, for example, receive information via at least one electrical lead from the receiver 708 for processing in the processor. Alternatively to a serial bus, the receiver may comprise a parallel bus receiver.
[0056] The device 700 may comprise further devices not illustrated in Figure 7. For example, the device in the form of user terminal device may comprise at least one digital camera. Some devices 700 may comprise a back-facing camera and a front-facing camera. The device may comprise a fingerprint sensor arranged to authenticate, at least in part, a user of the device. In some embodiments, the device lacks at least one device described above. For example, some devices may lack the NFC transceiver 140 and/or the user identity mo dule 714.
[0057] The processor 702, the memory 704, the transmitter 706, the receiver 708, the
NFC transceiver 710, the UI 712 and/or the user identity module 714 may be interconnected by electrical leads internal to the device 700 in a multitude of different ways. For example, each of the aforementioned devices may be separately connected to a master bus internal to the device, to allow for the devices to exchange information. However, as the skilled person will appreciate, this is only one example and depending on the embodiment various ways of interconnecting at least two of the aforementioned devices may be selected without departing from the scope of the present invention.
[0058] It is to be understood that the embodiments of the invention disclosed are not limited to the particular structures, process steps, or materials disclosed herein, but are extended to equivalents thereof as would be recognized by those ordinarily skilled in the relevant arts. It should also be understood that terminology employed herein is used for the purpose of describing particular embodiments only and is not intended to be limiting.
[0059] Reference throughout this specification to one embodiment or an embodiment means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Where reference is made to a numerical value using a term such as, for example, about or substantially, the exact numerical value is also disclosed.
[0060] As used herein, a plurality of items, structural elements, compositional elements, and/or materials may be presented in a common list for convenience. However, these lists should be construed as though each member of the list is individually identified as a separate and unique member. Thus, no individual member of such list should be construed as a de facto equivalent of any other member of the same list solely based on their presentation in a common group without indications to the contrary. In addition, various embodiments and example of the present invention may be referred to herein along with alternatives for the various components thereof. It is understood that such embodiments, examples, and alternatives are not to be construed as de facto equivalents of one another, but are to be considered as separate and autonomous representations of the present invention. [0061] Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the preceding description, numerous specific details are provided, such as examples of lengths, widths, shapes, etc., to provide a thorough understanding of embodiments of the invention. One skilled in the relevant art will recognize, however, that the invention can be practiced without one or more of the specific details, or with other methods, components, materials, etc. In other instances, well-known structures, materials, or operations are not shown or described in detail to avoid obscuring aspects of the invention.
[0062] While the forgoing examples are illustrative of the principles of the present invention in one or more particular applications, it will be apparent to those of ordinary skill in the art that numerous modifications in form, usage and details of implementation can be made without the exercise of inventive faculty, and without departing from the principles and concepts of the invention. Accordingly, it is not intended that the invention be limited, except as by the claims set forth below.
[0063] The verbs "to comprise" and "to include" are used in this document as open limitations that neither exclude nor require the existence of also un-recited features. The features recited in depending claims are mutually freely combinable unless otherwise explicitly stated. Furthermore, it is to be understood that the use of "a" or "an", that is, a singular form, throughout this document does not exclude a plurality.
INDUSTRIAL APPLICABILITY
At least some embodiments of the present invention find industrial application in communications .
ACRONYMS LIST
3 GPP Third Generation Partnership Project ACF Access control function
AMF Access and mobility management function
ASIC Application-specific integrated circuit
CMF Connection and mobility management function EIR Equipment Identity Register
E-UTRAN Evolved UTRAN
FPGA Field-programmable gate array
GERAN GSM Edge radio access network
GSM Global system for mobile communication HLR Home location register
HPLMN Home public land mobile network
HSS Home subscriber server
ID Identifier
IMEI International Mobile Equipment Identity IMSI International Mobile Subscriber Identity
IMS IP Multimedia Service
LTE Long term evolution
MCC Mobile country code
MNC Mobile network code
ME Mobile Equipment
NFC Near-field communication
PCRF Policy and charging rules function
PDN Packet data network
RAN Radio access network S-CSCF Serving call session control function
SGSN Serving GPRS support node
UDM Unified data management
UDR User data repository
UI User interface
UE User equipment
UTRAN Universal Terrestrial Radio Access Network
WCDMA Wideband code division multiple access,
WiMAX Worldwide interoperability for microwave access WLAN Wireless local area network

Claims

CLAIMS:
1. A method, comprising:
- receiving, by a mobile network entity from a mobile terminal, a request for a personal identifier of the user of the mobile terminal,
- detecting at least one device identifier associated with the request,
- causing an enquiry for a personal identifier associated with the at least one device identifier; and
- causing transmission of the personal identifier associated with the at least one device identifier.
2. The method of claim 1, wherein the request for the user's personal identifier is detected on the basis of an incoming service call to an emergency identification service or an emergency data enquiry.
3. The method of claim 1 or 2, wherein the personal identifier is transmitted to at least one of: the mobile terminal and one or more preconfigured destinations in or outside the mobile network.
4. The method of any preceding claim, wherein the request for the user's personal identifier is a personal identifier enquiry message of a user identification feature associated with a user privacy attribute defining if the user of the mobile terminal has enabled provision of the user's personal identifier to the mobile terminal, and the privacy attribute is checked before causing the transmission of the personal identifier.
5. The method of claim 4, wherein the privacy attribute defines two or more levels, comprising one or more of: restricting the provision of the personal identifier only to emergency situations, restricting the provision of the personal identifier only to services or service providers authorized by the user, restricting the provision of the personal identifier only to a service class authorized by the user, restricting the provision of the personal identifier to officials, and allowing provision of the personal identifier for commercial purposes.
6. The method of any preceding claim, wherein the at least one device identifier comprises one or more of: a mobile subscriber identifier associated with a subscriber identity module, an internet protocol multimedia service private identifier, and a mobile equipment identifier associated with a mobile communications device.
7. The method of any preceding claim, further comprising:
detecting a type of the device identifier in the request, and
sending the enquiry for the personal identifier to an identifier register determined on the basis of the type of the identifier.
8. The method according to claim 6 and 7, wherein the enquiry is sent to a home location register or a home subscriber server in response to detecting the device identifier to be a mobile subscriber identifier or an internet protocol multimedia service private identifier, or the enquiry is sent to an equipment identity register in response to detecting the device identifier to be a mobile equipment identifier.
9. The method according to any preceding claim, wherein an access control or authentication procedure associated with the request is performed before transmission of the personal identifier to the mobile terminal.
10. The method according to any preceding claim, the method further comprising:
- receiving, by the mobile network entity, an association request for associating the personal identifier of the user of the mobile terminal to the at least one device identifier in the mobile network,
- requesting confirmation for the requested association, and
- in response to receiving confirmation for the requested association, causing establishment of the association of the at least one device identifier to the personal user identifier in the mobile network.
11. The method according to claim 10, wherein the step of requesting confirmation comprises at least one of: requesting confirmation from the user of the mobile terminal for association of the personal user identifier to the device identifier received from a network database and performing a security procedure involving a third party for confirming identity or authorization of the user of the mobile terminal.
12. A method, comprising:
- sending, by a mobile terminal to mobile network entity, an association request for associating a personal identifier of the user of the mobile terminal to at least one device identifier in the mobile network,
- detecting, by the mobile terminal, an input for requesting the personal identifier,
- sending, by the mobile terminal to the mobile network entity, a request for the personal identifier of the user of the mobile terminal, the request being associated with at least one device identifier; and
- receiving, by the mobile terminal from the mobile network entity the personal identifier associated in the network with the at least one device identifier.
13. The method of claim 12, further comprising:
- receiving a confirmation request for the association from a user of the mobile terminal,
- prompting the user for confirmation upon the confirmation request, and
- sending a confirmation for the association for causing establishment of the association of the at least one device identifier to the personal user identifier in the mobile network.
14. An apparatus comprising at least one processing core, at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processing core, cause the apparatus at least to:
- receive, by a mobile network entity from a mobile terminal, a request for a personal identifier of the user of the mobile terminal,
- detect at least one device identifier associated with the request,
- cause an enquiry for a personal identifier associated with the at least one device identifier; and
- cause transmission of the personal identifier associated with the at least one device identifier.
15. The apparatus according to claim 14, wherein the apparatus is configured to detect the request for the user's personal identifier on the basis of an incoming service call to an emergency identification service or an emergency data enquiry.
16. The apparatus according to claim 14 or 15, wherein the apparatus is configured to cause transmission of the personal identifier to at least one of: the mobile terminal and one or more preconfigured destinations in or outside the mobile network.
17. The apparatus according to any preceding claim 14 to 16, wherein the request for the user's personal identifier is a personal identifier enquiry message of a user identification feature associated with a user privacy attribute defining if the user of the mobile terminal has enabled provision of the user's personal identifier to the mobile terminal, and the apparatus is configured to check the privacy attribute before causing the transmission of the personal identifier.
18. The apparatus according to claim 17, wherein the privacy attribute defines two or more levels, comprising one or more of: restricting the provision of the personal identifier only to emergency situations, restricting the provision of the personal identifier only to services or service providers authorized by the user, restricting the provision of the personal identifier only to a service class authorized by the user, restricting the provision of the personal identifier to officials, and allowing provision of the personal identifier for commercial purposes.
19. The apparatus according to any preceding claim 14 to 18, wherein the at least one device identifier comprises one or more of a mobile subscriber identifier associated with a subscriber identity module, an internet protocol multimedia service private identifier, and a mobile equipment identifier associated with a mobile communications device.
20. The apparatus according to any preceding claim 14 to 16, wherein the apparatus is further configured to: detect a type of the device identifier in the request, and
send the enquiry for the personal identifier to an identifier register determined on the basis of the type of the identifier.
21. The apparatus according to claims 19 and 20, wherein the apparatus is configured to send the enquiry to a home location register or a home subscriber server in response to detecting the device identifier to be a mobile subscriber identifier or an internet protocol multimedia service private identifier, and the apparatus is configured to send the enquiry to an equipment identity register in response to detecting the device identifier to be a mobile equipment identifier.
22. The apparatus according to any preceding claim 14 to 21, wherein the apparatus is configured to carry out an access control or authentication procedure associated with the request before transmission of the personal identifier to the mobile terminal.
23. The apparatus according to any preceding claim 14 to 22, wherein the apparatus is further configured to:
- receive an association request for associating the personal identifier of the user of the mobile terminal to the at least one device identifier in the mobile network,
- request confirmation for the requested association, and
- in response to receiving confirmation for the requested association, cause establishment of the association of the at least one device identifier to the personal user identifier in the mobile network.
24. The apparatus according to claim 23, wherein the apparatus is configured to perform at least one of: request confirmation from the user of the mobile terminal for association of the personal user identifier to the device identifier received from a network database and perform a security procedure involving a third party for confirming identity or authorization of the user of the mobile terminal.
25. The apparatus according to any preceding claim 14 to 24, wherein the apparatus comprises a mobility management entity connectable to a home subscriber server and an equipment identity register.
26. An apparatus, comprising means for performing the method according to any one of claims 1 to 13.
27. A mobile communications device, comprising at least one processing core, at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processing core, cause the apparatus to carry out the method of claim 12 or 13.
28. A computer program, comprising instructions which, when executed by a computer, configured to cause the computer to carry out the method in accordance with at least one of claims 1 to 13.
PCT/FI2016/050880 2016-12-15 2016-12-15 User identification in mobile communications system WO2018109256A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/FI2016/050880 WO2018109256A1 (en) 2016-12-15 2016-12-15 User identification in mobile communications system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/FI2016/050880 WO2018109256A1 (en) 2016-12-15 2016-12-15 User identification in mobile communications system

Publications (1)

Publication Number Publication Date
WO2018109256A1 true WO2018109256A1 (en) 2018-06-21

Family

ID=62558076

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2016/050880 WO2018109256A1 (en) 2016-12-15 2016-12-15 User identification in mobile communications system

Country Status (1)

Country Link
WO (1) WO2018109256A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022261813A1 (en) * 2021-06-15 2022-12-22 Qualcomm Incorporated Enhancement of user equipment location for non-3gpp access

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8000678B1 (en) * 2007-06-18 2011-08-16 Sprint Communications Company L.P. Information provisioning for emergency calls
WO2013126541A1 (en) * 2012-02-21 2013-08-29 Starscriber Corporation Methods and systems for providing efficient telecommunications services
WO2013163326A1 (en) * 2012-04-24 2013-10-31 Qualcomm Incorporated System for delivering relevant user information based on proximity and privacy controls
US20140335814A1 (en) * 2013-05-10 2014-11-13 Verizon Patent And Licensing Inc. Emergency contacts information system
US20150163352A1 (en) * 2011-09-08 2015-06-11 Moritz Ritter Method and devices for identifying the caller of an emergency call
US20150245189A1 (en) * 2012-10-19 2015-08-27 Srikanth Nalluri Personal safety and emergency services
US20150341768A1 (en) * 2009-07-29 2015-11-26 T-Mobile Usa, Inc. System and method for providing emergency service in an ip-based wireless network
US20160057595A1 (en) * 2014-08-22 2016-02-25 Verizon Patent And Licensing Inc. Personalized emergency identification and communication

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8000678B1 (en) * 2007-06-18 2011-08-16 Sprint Communications Company L.P. Information provisioning for emergency calls
US20150341768A1 (en) * 2009-07-29 2015-11-26 T-Mobile Usa, Inc. System and method for providing emergency service in an ip-based wireless network
US20150163352A1 (en) * 2011-09-08 2015-06-11 Moritz Ritter Method and devices for identifying the caller of an emergency call
WO2013126541A1 (en) * 2012-02-21 2013-08-29 Starscriber Corporation Methods and systems for providing efficient telecommunications services
WO2013163326A1 (en) * 2012-04-24 2013-10-31 Qualcomm Incorporated System for delivering relevant user information based on proximity and privacy controls
US20150245189A1 (en) * 2012-10-19 2015-08-27 Srikanth Nalluri Personal safety and emergency services
US20140335814A1 (en) * 2013-05-10 2014-11-13 Verizon Patent And Licensing Inc. Emergency contacts information system
US20160057595A1 (en) * 2014-08-22 2016-02-25 Verizon Patent And Licensing Inc. Personalized emergency identification and communication

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022261813A1 (en) * 2021-06-15 2022-12-22 Qualcomm Incorporated Enhancement of user equipment location for non-3gpp access

Similar Documents

Publication Publication Date Title
US10917790B2 (en) Server trust evaluation based authentication
US20210076204A1 (en) Cellular service account transfer for accessory wireless devices
US10193702B2 (en) Method and apparatus for providing sponsoring service between user equipments
CN105052184B (en) Method, equipment and controller for controlling user equipment to access service
CN108886520B (en) Establishing a session initiation protocol session
JP2016506152A (en) Device authentication by tagging
CN105981345B (en) The Lawful intercept of WI-FI/ packet-based core networks access
EP3930361A1 (en) System and method for operating a user device with personalized identity module profiles
CN113853777B (en) Registering and associating multiple user identifiers for services on a device
EP3886390A1 (en) Token management
US20200187000A1 (en) Systems and methods for using gba for services used by multiple functions on the same device
US9326141B2 (en) Internet protocol multimedia subsystem (IMS) authentication for non-IMS subscribers
EP4295600A1 (en) Roaming in cellular communication networks
JP6155237B2 (en) Network system and terminal registration method
WO2018109256A1 (en) User identification in mobile communications system
CA2970949A1 (en) User equipment and method for dynamic internet protocol multimedia subsystem (ims) registration
US20160165423A1 (en) Application specific congestion control management
CN115396126A (en) Authentication method, equipment and storage medium of NSWO (non-symmetric wo) service
JP5670926B2 (en) Wireless LAN access point terminal access control system and authorization server device
US11991190B2 (en) Counteractions against suspected identity imposture
WO2023185513A1 (en) Communication method, apparatus, and system
US20220264296A1 (en) Enhanced onboarding in cellular communication networks
EP3065369A1 (en) Method and system for automatically authorizing communications based on location
CN117378171A (en) Subscription processing method, device, medium and chip
CN117597962A (en) Authentication method, authentication device, communication apparatus, and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16924099

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16924099

Country of ref document: EP

Kind code of ref document: A1