Subscriber authentication for unlicensed mobile access signaling
First Claim
1. An unlicensed mobile access network for ensuring that a first subscriber in a unlicensed mobile access system is prevented from unauthorized use of a second subscriber'"'"'s identity when the first subscriber requests services from a mobile station to a core network, the network comprising:
- authenticating means for authenticating a mobile station to the unlicensed mobile access network before higher-layer messages are sent from the mobile station to a core network; and
connecting means for connecting the mobile station to the core network and for relaying signals between the mobile station and the core network;
checking means for ensuring that higher-layer messages passing through the unlicensed mobile access network from the mobile station to the core network are from the mobile station that is authenticated with the unlicensed mobile access network;
wherein during authentication between the mobile station and the unlicensed mobile access network, the unlicensed mobile access network stores an identifying means that is associated with the mobile station and after authentication between the mobile station and the core network, the unlicensed mobile access network uses the checking means to examine the higher-layer messages that are sent from the mobile station to the core network and to ensure that the identifying means associated with mobile station is stored in the higher-layer message.
2 Assignments
0 Petitions
Accused Products
Abstract
A system for ensuring that a first subscriber in a unlicensed mobile access system is prevented from unauthorized use of a second subscriber'"'"'s identity when the first subscriber requests services from a mobile station to a core network. The system comprises authenticating means for authenticating a mobile station to an unlicensed mobile access network before higher-layer messages are sent from the mobile station, and thereafter, for authenticating the mobile station to a core network. The system also includes a mobile station with a subscriber identity module that includes an identifying means for identifying the mobile station. The system further includes a unlicensed mobile access network for connecting the mobile station to the core network and for relaying signals between the mobile station and the core network. The unlicensed mobile access network comprises checking means for ensuring that higher-layer messages passing through the unlicensed mobile access network to the core network are from the mobile station that authenticated with the unlicensed mobile access network. The system also includes the core network for implementing transaction control and user services. During authentication between the mobile station and the unlicensed mobile access network, the unlicensed mobile access network stores the identifying means that is associated with the mobile station and after authentication between the mobile station and the core network, the unlicensed mobile access network uses the checking means to examine higher-layer messages that are sent from the mobile station to the core network and to ensure that the identifying means associated with mobile station is stored in the higher-layer message.
-
Citations
32 Claims
-
1. An unlicensed mobile access network for ensuring that a first subscriber in a unlicensed mobile access system is prevented from unauthorized use of a second subscriber'"'"'s identity when the first subscriber requests services from a mobile station to a core network, the network comprising:
-
authenticating means for authenticating a mobile station to the unlicensed mobile access network before higher-layer messages are sent from the mobile station to a core network; and
connecting means for connecting the mobile station to the core network and for relaying signals between the mobile station and the core network;
checking means for ensuring that higher-layer messages passing through the unlicensed mobile access network from the mobile station to the core network are from the mobile station that is authenticated with the unlicensed mobile access network;
wherein during authentication between the mobile station and the unlicensed mobile access network, the unlicensed mobile access network stores an identifying means that is associated with the mobile station and after authentication between the mobile station and the core network, the unlicensed mobile access network uses the checking means to examine the higher-layer messages that are sent from the mobile station to the core network and to ensure that the identifying means associated with mobile station is stored in the higher-layer message.
-
-
2. A unlicensed mobile access network for ensuring that a first subscriber in a unlicensed mobile access system is prevented from unauthorized use of a second subscriber'"'"'s identity when the first subscriber requests services from a mobile station to a core network, the network comprising:
-
authenticating means for authenticating a mobile station to the unlicensed mobile access network before higher-layer messages are sent from the mobile station to a core network;
connecting means for connecting the mobile station to the core network and for relaying signals between the mobile station and the core network; and
wherein during authentication between the mobile station and the core network, the unlicensed mobile access network includes authentication information in a command message from the core network to the mobile station and in response to the command message, the mobile station includes a code that is encrypted with the authentication information and a key that is calculated in the mobile station.
-
-
3. An unlicensed mobile access network for ensuring that a first subscriber in a unlicensed mobile access system is prevented from unauthorized use of a second subscriber'"'"'s identity when the first subscriber requests services from a mobile station to a core network, the network comprising:
-
authenticating means for authenticating a mobile station to the unlicensed mobile access network before higher-layer messages are sent from the mobile station to a core network, wherein the mobile station comprises a subscriber identity module that includes an identifying means for identifying the mobile station and a key;
connecting means for connecting the mobile station to the core network; and
relaying means for relaying signals between the mobile station and the core network;
wherein during authentication between the mobile station and the core network, the mobile station passes the key to a IPsec or TLS layer to the unlicensed mobile access network, thereby ensuring that all further messages sent from the mobile station are protected with the key or keys derived from key.
-
-
4. A mobile station in communications with an unlicensed mobile access network for ensuring that a first subscriber in a unlicensed mobile access system is prevented from unauthorized use of a second subscriber'"'"'s identity when the first subscriber requests services from a mobile station to a core network, the mobile station comprising:
-
authenticating means for authenticating the mobile station to the unlicensed mobile access network before higher-layer messages are sent from the mobile station to a core network, a subscriber identity module that includes an identifying means for identifying the mobile station and a key;
connecting means for connecting the mobile station to the core network; and
relaying signals between the mobile station and the core network;
wherein during authentication between the mobile station and the core network, the mobile station passes the key to a IPsec or TLS layer, thereby ensuring that all further messages sent from the mobile station are protected with the key or keys derived from key.
-
-
5. A system for ensuring that a first subscriber in a unlicensed mobile access system is prevented from unauthorized use of a second subscriber'"'"'s identity when the first subscriber requests services from a mobile station to a core network, the system comprising:
-
authenticating means for authenticating a mobile station to an unlicensed mobile access network before higher-layer messages are sent from the mobile station, and thereafter, for authenticating the mobile station to a core network;
a mobile station including a subscriber identity module that includes an identifying means for identifying the mobile station;
a unlicensed mobile access network for connecting the mobile station to the core network and for relaying signals between the mobile station and the core network, the unlicensed mobile access network comprising checking means for ensuring that higher-layer messages passing through the unlicensed mobile access network to the core network are from the mobile station that authenticated with the unlicensed mobile access network; and
the core network for implementing transaction control and user services, wherein during authentication between the mobile station and the unlicensed mobile access network, the unlicensed mobile access network stores the identifying means that is associated with the mobile station and after authentication between the mobile station and the core network, the unlicensed mobile access network uses the checking means to examine higher-layer messages that are sent from the mobile station to the core network and to ensure that the identifying means associated with mobile station is stored in the higher-layer message. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for ensuring that a first subscriber in a unlicensed mobile access system is prevented from unauthorized use of a second subscriber'"'"'s identity when the first subscriber requests services from a mobile station to a core network, the system comprising:
-
authenticating means for authenticating a mobile station to an unlicensed mobile access network before higher-layer messages are sent from the mobile station, and thereafter, for authenticating the mobile station to a core network;
a mobile station including a subscriber identity module that includes an identifying means for identifying the mobile station and a key;
a unlicensed mobile access network for connecting the mobile station to the core network and for relaying signals between the mobile station and the core network; and
the core network for implementing transaction control and user services, wherein during authentication between the mobile station and the core network, the unlicensed mobile access network includes authentication information in a command message from the core network to the mobile station and in response to the command message, the mobile station includes a code that is encrypted with the authentication information and the key. - View Dependent Claims (18, 19, 20)
-
-
21. A system for ensuring that a first subscriber in a unlicensed mobile access system is prevented from unauthorized use of a second subscriber'"'"'s identity when the first subscriber requests services from a mobile station to a core network, the system comprising:
-
authenticating means for authenticating a mobile station to an unlicensed mobile access network before higher-layer messages are sent from the mobile station, and thereafter, for authenticating the mobile station to a core network;
a mobile station including a subscriber identity module that includes an identifying means for identifying the mobile station and a key;
a unlicensed mobile access network for connecting the mobile station to the core network and for relaying signals between the mobile station and the core network; and
the core network for implementing transaction control and user services, wherein during authentication between the mobile station and the core network, the mobile station passes the key to a IPsec or TLS layer, thereby ensuring that all further messages sent from the mobile station are protected with the key or keys derived from key Kc.
-
-
22. A method in an unlicensed mobile access network for ensuring that a first subscriber in a unlicensed mobile access system is prevented from unauthorized use of a second subscriber'"'"'s identity when the first subscriber requests services from a mobile station to a core network, the method comprising the steps of:
-
authenticating, in an unlicensed mobile access network, a mobile station before higher-layer messages are sent from the mobile station to a core network;
forwarding, in the unlicensed mobile access network, a service request from the mobile station to the core network, wherein a IMSI for the mobile station is included in the service request;
transmitting, in the unlicensed mobile access network, an authentication request from the core network to the mobile station;
forwarding, in the unlicensed mobile access network, an authentication response in response to the authentication request; and
examining, by the unlicensed mobile access network, higher-layer messages from the mobile station to the core network to ensure that identifying means associated with mobile station is stored in the higher-layer message.
-
-
23. A method in an unlicensed mobile access network for ensuring that a first subscriber in a unlicensed mobile access system is prevented from unauthorized use of a second subscriber'"'"'s identity when the first subscriber requests services from a mobile station to a core network, the method comprising the steps of:
-
authenticating, in an unlicensed mobile access network, a mobile station before higher-layer messages are sent from the mobile station to a core network;
forwarding, in the unlicensed mobile access network, a service request from the mobile station to the core network, wherein a IMSI for the mobile station is included in the service request;
transmitting, in the unlicensed mobile access network, an authentication request from the core network to the mobile station;
forwarding, in the unlicensed mobile access network, an authentication response in response to the authentication request, wherein the mobile station creates a key in response to the authentication request;
forwarding, in the unlicensed mobile access network, a Cipher Mode Command message created by the core network to the mobile station;
including, by the unlicensed mobile access network, authentication information in the Cipher Mode Command message from the core network to the mobile station and forwarding the modified Cipher Mode Command message to the mobile station; and
receiving, by the unlicensed mobile access network from the mobile station, a code that is encrypted with the authentication information and the key.
-
-
24. A method in an arrangement implementing an unlicensed mobile access network for ensuring that a first subscriber in a unlicensed mobile access system is prevented from unauthorized use of a second subscriber'"'"'s identity when the first subscriber requests services from a mobile station to a core network, the method comprising the steps of:
-
authenticating a mobile station to the unlicensed mobile access network before higher-layer messages are sent from the mobile station;
requesting service, by the mobile station, from the core network and including a IMSI for the mobile station in the request message;
forwarding, by the unlicensed mobile access network, the request message to the core network without examination of the message by the unlicensed mobile access network;
sending an authentication request from the core network to the mobile station through the unlicensed mobile access network;
creating an authentication response, by the mobile station, in response to the authentication request and forwarding the authentication response to the core network through the unlicensed mobile access network;
verifying the authentication response, by the core network, and sending a Cipher Mode Command message to the unlicensed mobile access network;
forwarding a list of permitted algorithms in the Cipher Mode Command message, by the unlicensed mobile access network, to the mobile station; and
examining higher-layer messages from the mobile station, by the unlicensed mobile access network, to ensure that the identifying means associated with mobile station is stored in the higher-layer message. - View Dependent Claims (25, 26)
-
-
27. A method in an arrangement implementing an unlicensed mobile access network for ensuring that a first subscriber in a unlicensed mobile access system is prevented from unauthorized use of a second subscriber'"'"'s identity when the first subscriber requests services from a mobile station to a core network, the method comprising the steps of:
-
authenticating a mobile station to an unlicensed mobile access network before higher-layer messages are sent from the mobile station;
requesting service, by the mobile station, from the core network and including a IMSI for the mobile station in the request message;
forwarding, by the unlicensed mobile access network, the request message to the core network without examination of the message by the unlicensed mobile access network;
sending an authentication request from the core network to the mobile station through the unlicensed mobile access network;
creating an authentication response, by the mobile station, in response to the authentication request and forwarding the authentication response to the core network through the unlicensed mobile access network;
verifying the authentication response, by the core network, and sending a Cipher Mode Command message to the unlicensed mobile access network;
including authentication information in a Cipher Mode Command message from the core network to the mobile station and forwarding in the Cipher Mode Command message, by the unlicensed mobile access network, to the mobile station; and
in response to the command message, including, by the mobile station, a code that is encrypted with the authentication information and the key and forwarding the response to the unlicensed mobile access network. - View Dependent Claims (28, 29, 30)
-
-
31. A method in an arrangement implementing an unlicensed mobile access network for ensuring that a first subscriber in a unlicensed mobile access system is prevented from unauthorized use of a second subscriber'"'"'s identity when the first subscriber requests services from a mobile station to a core network, the method comprising the steps of:
-
authenticating a mobile station to an unlicensed mobile access network before higher-layer messages are sent from the mobile station;
requesting service, by the mobile station, from the core network and including a IMSI for the mobile station in the request message;
forwarding, by the unlicensed mobile access network, the request message to the core network without examination of the message by the unlicensed mobile access network;
sending an authentication request from the core network to the mobile station through the unlicensed mobile access network;
creating an authentication response, by the mobile station, in response to the authentication request and forwarding the authentication response to the core network through the unlicensed mobile access network;
verifying the authentication response, by the core network, and sending a Cipher Mode Command message to the unlicensed mobile access network;
forwarding, by the unlicensed mobile access network, the Cipher Mode Command Message to the mobile station; and
passing a key to a IPsec or TLS layer, by the mobile station, thereby ensuring that all further messages sent from the mobile station are protected with the key or keys derived from key.
-
-
32. A method in an arrangement implementing an unlicensed mobile access network for ensuring that a first subscriber in a unlicensed mobile access system is prevented from unauthorized use of a second subscriber'"'"'s identity when the first subscriber requests services from a mobile station to a core network, the method comprising the steps of:
-
authenticating a mobile station to an unlicensed mobile access network before higher-layer messages are sent from the mobile station;
requesting service, by the mobile station, from the core network and including a IMSI for the mobile station in the request message;
creating an authentication response, by the mobile station, in response to the authentication request from the core network and forwarding the authentication response to the core network through the unlicensed mobile access network; and
passing a key to a IPsec or TLS layer, by the mobile station, thereby ensuring that all further messages sent from the mobile station are protected with the key or keys derived from key.
-
Specification