Telecommunications – Radiotelephone system – Security or fraud prevention
BACKGROUND OF THE INVENTION
The invention generally relates to a wireless communication network, and more particularly, relates to an improved authentication center (AC) component in a wireless communication network.
Wireless communication is one of the fastest growing segments of the telecommunication industry. With the mobility of the wireless devices, such as cellular phones and pagers, a subscriber to a wireless service can make or receive a call, or receive a message without being restricted to any particular locations. Because of the convenience provided by wireless devices, they have been widely used by average consumers.
Airtime fraud is a costly problem for wireless communications providers (also called “operators”). Callers (also called “subscribers”) can gain unauthorized access to cellular networks by “cloning” legitimate cellular phones (also called “handsets,” “Mobile Stations,” or “MSs”). The cloning process duplicates the memory contents of a legitimate cellular phone so that the clone cellular phone appears to be legitimate to the rest of the system. In certain high crime areas, large numbers of cellular phone calls are estimated to be placed from cloned handsets. The challenge to cellular telephone companies lies in determining whether a handset communicating with the system is a legitimate handset or a clone.
In the past, operators could only detect fraudulent access after the fact. The detection process involved labor-intensive post-call analysis and did not stop cloned handsets from fraudulently obtaining service. Currently, many conventional cellular systems include one or more Authentication Center (AC) portions. When a calling person activates a handset, the AC checks the profile of the person who is registered for the handset. The AC then initiates a challenge to the handset. If the handset's response matches the AC's challenge, network access is granted. Otherwise, access is denied. The authentication process greatly reduces airtime losses and serves as a deterrent to the crime of cloning.
In many cellular phone systems, the AC performs authentication in connection with the following events: registration (when a phone roams into a new area); origination of a call; flashing (which involves, e.g., three-way calling, call waiting, or paging); and call termination. In general, the MSC (Mobile Switching Center) associated with the area of the handset being authenticated sends an authentication request (AUTHRQST) message to the AC for each of these events.
To further authenticate handsets, conventional ACs periodically send “Shared Secret Data (SSD) update” messages and “unique challenge” messages to MSC/VLRs in the system. These messages (also called “authentication messages”) are defined in the ANSI IS-41 standard produced by TIA/EIA for cellular telephones, which is herein incorporated by reference.
Most systems include MSC/VLRs from various vendors and not all the MSC/VLRs in a system operate in the same way. For example, the MSC/VLRs of some vendors perform SSD updates and unique challenge operations via a radio control channel in an connected base station, which communicates with the handset. The MSC/VLRs of other vendors use a voice channel already in use by the system. To preserve precious resources, systems using a voice channel will perform SSD updates and unique challenges only when a call is in progress and a voice channel is currently assigned to the mobile handset. Thus, for example, in conventional systems, the AC sends an order to perform an operation such as an SSD update or a unique challenge in response to an AUTHRQST message during registration of a handset. If base stations assigned to an MSC/VLR in whose region the handset is located use a voice channel, the MSC/VLR will not perform the operation because no voice channel is yet assigned. The MSC/VLR will, however, send a message notifying the AC that the operation was not attempted. Similarly, when a voice call is in progress, if the AC sends an order to perform one of these operations to an MSC/VLR whose base stations use the control channel for responses, the MSC/VLR will not perform the operations. The MSC/VLR will, however, send a message notifying the AC that the operation was not attempted. In both cases, the notification sent by the MSC/VLR creates additional traffic in the system and misappropriates precious network resources.
Although ACs of conventional systems order SSD update and unique challenge operations any time the need for them is detected, such conventional systems do not take into consideration that the MSC/VLRs are not always in a position to perform these operations. What is needed is a way to reduce traffic caused by these extra messages.
SUMMARY OF THE INVENTION
The present invention provides a method and apparatus for allowing an Authentication Center (AC) to order SSD update and unique challenge operations only if the receiving MSC/VLR is receptive to performing them. The AC has access to an MPCM file that indicates the circumstances under which each MSC/VLR in the system will perform SSD updates and unique challenges. Thus, whenever the AC determines that it is desirable to send either an SSD update or a unique challenge, the AC fast checks the MPCM file to determine whether the message should be sent. If the database indicates that the MSC/VLR will not attempt the operation, the AC does not request the operation.
The MPCM file holds configuration information for each MSC/VLR in the system. If, for example, an MSC/VLR performs SSD updates and challenges via a voice channel, entries in the MPCM file will indicate that no SSD updates or unique challenges should be sent during registration (since no voice channel is available). Similarly, if an MSC/VLR performs to SSD updates and challenges via a control channel, entries in the MPCM file will indicate that no SSD updates or unique challenges should be sent during a call (since the control channel is controlling the call in progress).
The fact that the AC only issues these orders when the MSC/VLRs are receptive to performing them, saves system resources, potentially reducing the amount of network traffic by tens of thousands of messages per day. In addition to the reduction of network traffic, both the AC and the MSC/VLRs are made more efficient by not having to process these messages. The AC also gains efficiency because it does not have to perform housekeeping functions for the messages that it does not send.
In accordance with the above discussion, the present invention includes a method for sending an authentication messages in a cellular telephone system, comprising the steps, performed by a processor of an Authentication Center (AC) portion of the system, of: determining that an authentication message needs to be sent to a subscriber; accessing a database for an MSC/VLR associated with the subscriber to determine whether the MSC/VLR will act in accordance with an authentication message if one is sent; sending the authentication message to the MSC/VLR if the determination of the accessing step is positive; and refraining from sending the authentication message to the MSC/VLR if the determination of the accessing step is negative.
A fuiller understanding of the invention will become apparent and appreciated by referring to the following description and claims taken in conjunction with the accompanying drawings.
patent: 4799061 (1989-01-01), Abraham et al.
patent: 4930150 (1990-05-01), Katz
patent: 5014298 (1991-05-01), Katz
patent: 5048075 (1991-09-01), Katz
patent: 5077790 (1991-12-01), D'Amico et al.
patent: 5091942 (1992-02-01), Dent
patent: 5128984 (1992-07-01), Katz
patent: 5204902 (1993-04-01), Reeds, III et al.
patent: 5237612 (1993-08-01), Raith
patent: 5282250 (1994-01-01), Dent et al.
patent: 5309501 (1994-05-01), Kozik et al.
patent: 5406619 (1995-04-01), Akhteruzzaman et al.
patent: 5455863 (1995-10-01), Brown et al.
patent: 5497412 (1996-03-01), Lannen et al.
patent: 5504804 (1996-04-01), Widmark et al.
patent: 5513245 (1996-04-01), Mazikovsky et al.
Jacobs Pamela J.
Lamb James A.
Campaq Computer Corporation
Fenwick & West LLP
Method and apparatus for configuration of authentication... does not yet have a rating. At this time, there are no reviews or comments for this patent.If you have personal experience with Method and apparatus for configuration of authentication..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for configuration of authentication... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2527699