Telecommunications – Radiotelephone system – Security or fraud prevention
Reexamination Certificate
1999-04-30
2002-05-28
Chin, Vivian (Department: 2682)
Telecommunications
Radiotelephone system
Security or fraud prevention
C455S433000, C455S510000
Reexamination Certificate
active
06397056
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Technical Field of the Invention
This invention relates to telecommunication systems and, more particularly, to a system and method for reducing the network signaling load in a radio telecommunications network after a mobile subscriber has failed authentication pursuant to accessing a network while roaming in a visited service area.
2. Description of Related Art
Continuous improvement in subscriber services has been a much sought-after goal in the radio telecommunications industry since its beginnings. Generally, providing improved subscriber services is predicated upon efficient utilization of network resources associated with a radio telecommunications network. One of the key aspects in this regard is the availability of resources, for example, the bandwidth of communication links comprising the network, for legitimate users or subscribers. Another related aspect is the reduction or minimization of unwanted network traffic attributable to fraudulent users or to subscribers who fail certain security measures associated with the network.
In order to reduce fraud in radio telecommunications networks, existing networks include an authentication center (AC) which is normally co-located with a home location register (HLR). The AC is utilized to perform a verification of the identity of a mobile station each time the mobile station accesses the network. Each subscriber has an authentication key (A-key) stored in the AC and in the mobile station. For security reasons, the A-key is typically never sent out in it's unencrypted (or “plaintext”) form to other nodes in the network. Instead, the AC constructs what is known as Shared Secret Data (SSD). SSD is authentication data which may be shared between the AC, the HLR, the mobile station, and the mobile switching center (MSC) serving the mobile station. The SSD is normally calculated utilizing a random number, the subscriber's A-key, and other factors such as the mobile identification number (MIN) and electronic serial number (ESN) of the subscriber's mobile station. Typically, the SSD may be sent from the AC to any MSC where the subscriber roams.
Each time a mobile station accesses the radio telecommunications network, the access is challenged by the network which determines whether the information stored in the mobile station matches the information stored in the network's authentication center (AC). An example of such an authentication technique is what is known as a “global challenge” (GC) on the common signaling channel (for example, a random access channel or a pilot channel) and utilizes the SSD, typically for an authentication and a voice privacy function.
One of the problems in conventional global challenge authentication systems is that a fraudulent user may gain access to the network by rapidly sending (that is, “hammering”) a large number of registration requests, system accesses or both, which, hereinafter may be referred to as “accesses” collectively. These accesses may include, for example, autonomous registration, power down registration, call origination, page response, or Short Message Service (SMS) page response, and the like. The serving MSC typically sends an Authentication Request message to the AC corresponding to each of these registration/system accesses if it does not have a Visitor Location Record (VLR) or the SSD of the accessing mobile station. In some instances, on the other hand, the serving MSC may have a VLR record where the SSD is already shared. Under such circumstances, the serving system typically sends an Authentication Failure Report message to the AC to report any failed accesses encountered pursuant to its authentication and/or validation procedures . Accordingly, it should be appreciated that in either scenario (that is, where the SSD is not shared and Authentication Request messages are rapidly sent, or where the SSD is already shared and Authentication Failure Report messages are rapidly sent), the HLR/AC and/or the MSC may become overloaded because of the rapid transmission of repeated messages and may enter a failed state which could allow access to the fraudulent user.
Yet another problem relating to the global challenge authentication system exists in conventional implementations. When a roaming subscriber fails authentication upon initial access to the network and yet continues to attempt to periodically register therewith or to send system accesses thereto, unnecessary and undesirable signaling load is caused by the control message flow between a home network and a visited network due to the periodic attempts. Clearly, such network signaling load negatively impacts the available bandwidth of the communication link therebetween.
Moreover, as can be easily realized, undesirable signaling load may also be encountered when a VLR record pertaining to a previously authenticated mobile station is “hijacked” by a fraudulent user who uses a “clone” mobile station to gain access to the network but repeatedly fails authentication by the serving MSCNVLR which already has the SSD. The repeated Authentication Failure Report messages transmitted from the VLR to the HLR/AC because of the repeated failed attempts at access, therefore, also negatively impact the available network bandwidth.
Accordingly, based upon the foregoing discussion, it should be readily appreciated that in order to overcome the deficiencies, shortcomings and problems set forth above, it would be advantageous to have a method and system for reducing unnecessary and/or undesirable network signaling load that is generated when a failed user, fraudulent or otherwise, repeatedly attempts to access the network. The present invention provides such a method and system.
SUMMARY OF THE INVENTION
In one aspect, the present invention is directed to a radio telecommunications network system which includes a home network for controlling cellular communication of a subscriber over a home service area, the home network including a Home Location Register (HLR) and an authentication center (AC). A visited network of the radio telecommunications network system is included for controlling cellular transmission over a visited service area. The visited network (or the serving system) comprises a serving mobile switching center (MSC) and an associated Visitor Location Register (VLR). There are means in the network for sending a return message from the home network to the MSC upon determining, in the HLR/AC, that a threshold value associated with one or more network access attempts by the subscriber is reached or exceeded, when it is located in the visited service area as a roaming subscriber and repeatedly attempts to access the radio telecommunications network system. The return message includes an authentication code portion. In addition, there are means in the serving MSC for locally authenticating the roaming subscriber based upon the authentication code portion received from the home network, when the roaming subscriber attempts to re-access the radio telecommunications network system after it is initially denied access by the AC in the home network.
In another aspect, the present invention is directed to a method of reducing control message signaling load in a radio telecommunications network system. The network system is preferably of the type which includes a home network, comprising an HLR and an associated AC, and a visited network comprising a serving MSC and an associated VLR. When a visiting subscriber roams into a visited service area serviced by the visited network and periodically attempts to access the network, the method of the present invention forwards one or more corresponding authentication requests from the visited network to the home network. Upon detecting authentication failure, the home network determines if a threshold value associated with the periodic attempts to the network is triggered. Responsive to the determination step in the home network, a return message is sent from the home network to the serving MSC which includes an authentication code portion required for auth
Bugnon Jacques
Nguyen Binh
Beauchesne Sandra
Chin Vivian
Moore James
Smith ,Danamraj & Youst, P.C.
Telefonaktiebolaget L M Ericsson (publ)
LandOfFree
System and method for reducing network signaling load in a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for reducing network signaling load in a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for reducing network signaling load in a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2871520