Telecommunications – Radiotelephone system – Special service
Reexamination Certificate
2000-04-06
2003-12-09
Trost, William (Department: 2683)
Telecommunications
Radiotelephone system
Special service
C455S416000, C455S418000, C455S422100, C455S426100, C379S219000, C379S220010, C379S249000, C709S201000, C709S201000, C709S202000, C709S204000, C709S238000, C370S396000, C370S400000
Reexamination Certificate
active
06662005
ABSTRACT:
FIELD OF THE INVENTION
This invention relates to an improvement of the data security of data access in a telephone system. Quite especially, the invention relates to an improvement of the data security of direct data accesses connected to mobile communications systems.
BACKGROUND OF THE INVENTION
As the data transmission capacity of telephone systems is increasing, as the services provided by data networks are improving and as the use of data networks, such as the Internet, is becoming more general, the need for connecting the telephone system directly to data networks has grown. To meet this demand, Direct Data Accesses DDA have been developed, wherein the exchange of the telephone network is connected directly to the data network.
FIG. 1
shows such an arrangement by way of example, wherein there is a direct data access from a Mobile Switching Centre MSC to an Asynchronous Transfer Mode or ATM network, to a Public Switched Packet Data Network PSPDN, to a Private Network PN, to a Local Area Network LAN and to a data network in accordance with the X.25 protocol. Through the exchange, data services may be used by mobile stations directly subordinated to the exchange, such as Mobile Stations MSa, by mobile stations MSb subordinated to other mobile services switching centres, such as MSC
2
, which are connected to the exchange through the network, and by subscriber equipment, such as Fixed telephone network Subscribers FS, of other systems which are connected to the exchange through an Integrated Services Digital Network ISDN.
MSC is connected to an ATM network with an IWF matching unit. The matching unit collects data transmitted by the subscriber in the form of a circuit switched data signal and from this it forms packets or cells of a fixed length suitable for transmission to the ATM network. The circuit switched data signal may be e.g. in accordance with the CCITT V.24/V.28, CCITT V.110 or CCITT V.120 standards (CCITT=Comité Consultatif International de Télégraphique et Téléphonique). Correspondingly, the matching unit sends information contained in the cells which it receives from the ATM network and which is to be sent to the user and transmits it to the user in a circuit switched form. To make possible several connections in parallel, several matching units in parallel may be used.
The exchange is connected to the public switched packet data network by a Packet Handler PH, which converts the circuit switched data signal into a data packet flow in accordance with a protocol, such as the Transport Control Protocol/Internet Protocol TCP/IP, which is used in the public data network. The packet handler functions as the access point to the data network in relation to the telephone system. Several packet handlers may be connected to the exchange, whereby several simultaneous connections may be set up with the data network.
To a private network PN, such as the in-house network of a company, the exchange is connected by an IWF (InterWorking Function) matching unit, which converts the circuit switched data signal in accordance with the protocol used in the private network. The matching unit is connected to the private data network by a fixedly allocated subscriber line, which functions as the access point to the data network. Several matching units may be connected to the exchange, whereby several simultaneous connections may be set up with the data network.
The exchange is connected to a LAN local area network by an IWF matching unit and by a LAN ROUTER connected to the former. The exchange may be connected to the router with several subscriber lines, whereby several simultaneous connections can be set up with the LAN network. The router functions as both access point to the data network and a concentrator collecting in a buffer the data packets received in parallel from the different subscriber lines and supplying them to the data network in series form.
In a fifth connection method, the packet network, which in the figure is a data network in accordance with the X.25 protocol, is connected to the exchange with the aid of an IWF matching unit and a Packet Assembler/Disassembler PAD. The matching unit sends to the packet assembler/disassembler functioning as the access point to the data network a circuit switched data signal, which may be e.g. in accordance with the CCITT V.24/V.28 or CCITT V.110 standards. Of the circuit switched signals the packet assembler/disassembler forms packets, buffers the packets and supplies them to the data network in series form.
Furthermore, the mobile switching centre may be connected to a PDN packet data network with the aid of an IWF matching unit and an Access Router AR. The AR is connected to a (Pulse Code Modulation) PCM matching unit by a conductor on which a protocol in accordance with the CCITT V.110 or CCITT V.120 standard is used. The access router converts the circuit switched data signal going to the packet network so that it is in accordance with the packet data protocol used in the packet network, and sends it to the packet data network. The packet switched data which it receives from the packet data network the access router converts into a circuit switched data signal to be sent to the exchange. The exchange is connected to the access router by exchange signalling, such as e.g. signalling in accordance with the 30B+D standard, the DPNSS (Digital Private Network Signalling System) or the QSIG international signalling standard for corporate networks. Differing from the other data accesses shown in
FIG. 1
, the mobile switching centre may set up signalling connections with the access router outside the traffic channel.
Data security is one of the major problems with data accesses. Since data networks very often contain information which must be kept secret from outsiders, access of outsiders to the network must be prevented. In connection with chargeable data services, the network operator to be able to charge needs the identity of the user using the network services. Also in this case, it must be possible to prevent any user assuming a false identity from gaining access to the network services. However, in the system shown in
FIG. 1
, anyone who learns the call number of a data network service will gain access to the network and thus to use services of the network.
FIG. 2
shows a state-of-the-art arrangement in a mobile communications system for preventing switching-on under a false identity to a HOST server located in a data network. Mobile station MS requests connection set-up of that mobile switching centre MSC
2
under which it is located at the moment. On receiving the request for a connection set-up, the MSC
2
authenticates the mobile station (step P
1
) to make sure that the mobile station has given a true subscriber identity. Having ensured the identity of the mobile station, the MSC
2
sets up a connection with that exchange MSC
1
, which by way of the PAD packet assembler/disassembler is directly in connection with the data network. MSC
1
switches on to the packet assembler/disassembler, which sends back to the subscriber a request to perform an authentication procedure based on the use of a password (step P
2
). In response to the request, the subscriber supplies his user identification and his password. The packet assembler/disassembler checks if the password given by the user is the same as the password stored in its own user database. If this is the case, the subscriber is given access to the data network. Otherwise access is barred.
Inside the data network, the network elements trust one another (step P
3
). Hereby all subscribers who have been given access to the network have access to all servers of the network, unless these are separately protected, e.g. by authentication procedures based on the use of a password. After the authentication, the packet assembler/disassembler located in the exchange begins to convert the circuit switched data flow received from the mobile station into packet form and to send it in packet switched form through the data network and further to the HOST server. Corresponding
Le Danh
Nokia Corporation
Squire Sanders & Dempsey L.L.P.
Trost William
LandOfFree
Data access in a telephone system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Data access in a telephone system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Data access in a telephone system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3116375