Cryptography – Cellular telephone cryptographic authentication
Reexamination Certificate
1999-10-14
2002-04-16
Chung, Phung M. (Department: 2767)
Cryptography
Cellular telephone cryptographic authentication
C380S248000, C380S249000, C380S259000, C380S270000, C380S044000, C380S046000, C455S410000, C455S422100, C455S432300, C455S436000, C455S437000
Reexamination Certificate
active
06373949
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to the transfer of subscriber identity in a protected format in a telecommunications network, particularly in mobile communications systems.
BACKGROUND OF THE INVENTION
Protecting subscriber identity means the concealment of the identity of a user of a telecommunications network from outsiders. Protection of identity is of special importance in mobile communications systems, where the subscriber and the network identify themselves to each other before the connection is made. If subscriber identity is transferred unprotected, it is possible to follow the movements of the subscriber by monitoring the radio connections established between the subscriber and the network. In addition, by protecting the subscriber's identity it is possible to considerably complicate the deciphering of data communications. Protection of subscriber identity may be desirable in fixed network systems as well. In circuit-switched systems of a fixed telephone network, the subscriber identity is determined by the subscriber line, and thus subscriber identity is not transferred as a message; instead, it is always determined by the subscriber line used. In packet-switched systems, the subscriber identity is transferred in each data packet sent by the subscriber, and so the subscriber identity can be fully concealed using encryption methods suitable for use in mobile communications systems.
FIG. 1
illustrates a known mobile communications network. The figure shows two mobile services switching centres MSC1, MSC2, base station controllers BSC, base transceiver stations BTS, a mobile station MS, a home location register HLR, and an authentication centre AUC typically located in association with a HLR. The mobile services switching centres are capable of establishing signalling connections with the home location register HLR and the authentication centre AUC.
Each mobile subscriber has a home public land mobile network HPLMN operated by an operator with which the subscriber has concluded an agreement. The user's subscriber data is stored in the home location register HLR of his home public land mobile network and the related authentication centre AUC. The authentication centre has all the data necessary for verifying the authenticity of the identity communicated by the user. In the home location register HLR, the mobile subscriber international ISDN number MSISDN can be linked to the user's international mobile subscriber identity IMSI. In addition, information on the services ordered by the subscriber as well as the user's current location to an accuracy within the visitor location register VLR address is stored in the home location register. No subscriber can be registered with more than one visitor location register VLR at any given time.
The visitor location register VLR located in association with the mobile services switching centre MSC is also used to maintain data on the location of users registered with the applicable visitor location register to an accuracy of a so called location area. In addition to the services offered by the home public land mobile network HPLMN, a subscriber can use the services available in those other visited public land mobile networks VPLMN with which his own operator has signed a roaming agreement.
Through the mobile services switching centres MSC, mobile communications systems are linked to fixed telephone networks, such as a public switched telephone network PSTN or an integrated services digital Network ISDN. Several base transceiver stations BTS are connected to a base station controller BSC. The base transceiver stations are capable of making connections with mobile stations MS consisting of mobile equipment ME and subscriber identity modules SIM using channels of the so called air interface.
In mobile communications systems representing prior art, the objective is to transmit subscriber identity protected across the air interface. For example, the known GMS system uses a temporary mobile subscriber identity TMSI illustrated in
FIG. 2
to conceal the user's international mobile subscriber identity IMSI.
As shown in
FIG. 2
, information about the temporary mobile subscriber identity TMSI is only stored in the user's visited location register VLR and mobile station MS. When the network and the mobile station contact each other, the temporary mobile subscriber identity, if available, is always used for identification instead of the international mobile subscriber identity IMSI. TMSI consists of two components, one being the location area code LAI and the other the temporary subscriber identity code TIC (TMSI Code) that uniquely identifies the user within the location area. The TIC code is unique within one location area LAI. Information about the temporary mobile subscriber identity TMSI is not transmitted to the home location register HLR; instead, the temporary mobile subscriber identity TMSI used across the air interface is always converted in the visited location register VLR into the international mobile subscriber identity IMSI. For communications between the home location register HLR and the visited location register VLR, the permanent identification IMSI is always used for subscriber identification purposes.
FIG. 3
illustrates the generation and maintenance of the temporary mobile subscriber identity TMSI. VLR assigns a mobile station a new temporary identity, for example in connection with each location update. The mobile station sends to the network a non-encrypted LOCATION UPDATE REQUEST
301
to identify itself using the temporary mobile subscriber identity TMSI, if defined, and communicates its previous location area. The request must be transmitted non-encrypted because the network has no previous information on the user's identity or user-specific encryption keys. The request is forwarded to the visited location register VLR. When receiving the request, the visited location register requests the necessary information from the user's previous visited location register on the basis of the previous location area data. At this point, the network directs the mobile station to activate cipher mode (phase
302
, CIPHER MODE COMMAND) and the mobile station acknowledges the command (phase
303
, CIPHER MODE COMPLETE). The network indicates acceptance of the location update (phase
304
, LOCATION UPDATE ACCEPT) and gives the user a new temporary mobile subscriber identity TMSI (
305
, TMSI REALLOCATION COMMAND), in response to which the mobile station acknowledges the new identity (
306
, TMSI REALLOCATION COMPLETE). The new TMSI can also be incorporated in the phase
304
message LOCATION UPDATE ACCEPT, in which case the phase
305
TMSI REALLOCATION COMMAND is not used.
Where possible, the GSM system always uses the temporary mobile subscriber identity TMSI that conceals the subscriber's true identity. To ensure that TMSI can be used, it must be possible to link it to the international mobile subscriber identity IMSI in the visited location register VLR. However, this is not possible when the user contacts the network for the first time. Additional problems are created by situations where VLR, due to loss of data caused by a malfunction, is incapable of linking the temporary mobile subscriber identity TMSI to the international mobile subscriber identity IMSI. For this reason, the network may always ask the mobile station to send the original IMSI, which will then, in response, be transmitted in a non-encrypted format by the mobile station.
Another known method for protecting user identity in transmission is the technique used in the TETRA system. Similarly to the GSM system, the TETRA system may employ an encryption procedure called alias short subscriber identity ASSI, which is based on temporary identity. In addition to, or instead of, ASSI, TETRA may also use encrypted short identity ESI, which is described in greater detail in the ETS 300 392-7 Specification published by ETSI (European Telecommunications Standards Institute).
Generation of the encrypted short i
Altera Law Group
Callahan Paul E.
Chung Phung M.
Nokia Networks Oy
LandOfFree
Method for user identity protection does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for user identity protection, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for user identity protection will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2918233