Method, system and apparatus for providing security in an unlicensed mobile access network or a generic access network

US 20060172732A1
Filed: 02/01/2005
Published: 08/03/2006
Est. Priority Date: 02/01/2005
Status: Active Grant

First Claim

Patent Images

1. A method for providing security in an unlicensed mobile access network comprising the steps of:

receiving a message containing a mobile identity of a mobile station; and

dropping or rejecting the message whenever the received mobile identity does not match a stored mobile identity associated with the mobile station.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a method, system and apparatus for providing security in an unlicensed mobile access network or a generic access network by receiving a message containing a mobile identity of a mobile station (MS) and dropping or rejecting the message whenever the received mobile identity does not match a stored mobile identity associated with the MS. The message is processed whenever the received mobile identity matches the stored mobile identity associated with the MS. The stored mobile identity is provided by a secure gateway. The mobile identity can be an International Mobile Subscriber Identity, Temporary Mobile Subscriber Identity, Packet Temporary Mobile Subscriber Identity, private Internet Protocol (IP) address or public IP address. The message can be a registration request, uplink message or a downlink message, such as a Mobility Management message, a General Packet Radio Service Mobility Management message, or a UMA or Unlicensed Radio Resources message.

Citations

20 Claims

1. A method for providing security in an unlicensed mobile access network comprising the steps of:
- receiving a message containing a mobile identity of a mobile station; and
  
  dropping or rejecting the message whenever the received mobile identity does not match a stored mobile identity associated with the mobile station.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method as claimed in claim 1, further comprising the step of processing the message whenever the received mobile identity matches the stored mobile identity associated with the mobile station.
  - 3. The method as claimed in claim 1, wherein the mobile identity comprises an International Mobile Subscriber Identity (IMSI), a Temporary Mobile Subscriber Identity (TMSI), a Packet Temporary Mobile Subscriber Identity (P-TMSI), private Internet Protocol (IP) address or a public IP address.
  - 4. The method as claimed in claim 1, wherein the message comprises a registration request, an uplink message or a downlink message.
  - 5. The method as claimed in claim 4, wherein the uplink message is received from a mobile switching center (MSC) or a General Packet Radio Service (GPRS) support node (SGSN).
  - 6. The method as claimed in claim 1, further comprising the step of storing the received mobile identity whenever the received message is from a secure gateway.
  - 7. The method as claimed in claim 1, further comprising the step of storing the received mobile identity and processing the received message whenever the received message is a downlink message and the received mobile identity will assign or change the mobile identity of the mobile station.
  - 8. The method as claimed in claim 7, wherein the received mobile identity is not stored until an uplink message is received that accepts, acknowledges or completes the downlink message.
  - 9. The method as claimed in claim 1, wherein the step of dropping the received message further comprises the steps of:
    - deregistering the mobile station;
      
      black listing an Internet Protocol (IP) address associated with the mobile station for a period of time;
      
      notifying a system operator of the dropped message and deregistration of the mobile station;
      
      or logging information about the dropped message and deregistration of the mobile station.
  - 10. The method as claimed in claim 1, wherein the received message is Mobility Management (MM) message, a General Packet Radio Service (GPRS) Mobility Management (GMM) message, or a UMA or Unlicensed Radio Resources (URR) message.
  - 11. The method as claimed in claim 1, wherein the message is received at an unlicensed network controller (UNC) within an unlicensed mobile access network (UMAN) or a generic access network controller (GANC) within a generic access network (GAN).
  - 12. The method as recited in claim 1, further comprising the step of using the stored mobile identity to provide one or more services to the mobile station.

13. A computer program embodied on a computer readable medium for protecting a core network comprising:
- a code segment for receiving a message containing a mobile identity of a mobile station; and
  
  a code segment for dropping the message whenever the received mobile identity does not match a stored mobile identity associated with the mobile station.

14. An apparatus comprising:
- a data storage device that stores associations of mobile identities to mobile stations; and
  
  a processor communicably coupled to the data storage device that receives a message containing a mobile identity of a mobile station and drops or rejects the message whenever the received mobile identity does not match a stored mobile identity associated with the mobile station.

15. A system comprising:
- a mobile station;
  
  a secure gateway communicably coupled to the mobile station that receives mobile identity information from the mobile station and sends the mobile identity information to an unlicensed network controller; and
  
  the network controller communicably coupled to the mobile station and the secure gateway, wherein the network controller stores the received mobile identity information and registers the mobile station whenever a mobile identity within a registration request received from the mobile station matches the stored mobile identity information.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system as recited in claim 15, wherein the mobile identity information comprises an International Mobile Subscriber Identity (IMSI), a private Internet Protocol (IP) address, or a public IP address.
  - 17. The system as recited in claim 15, wherein the secure gateway is configured with one or more defined Transmission Control Protocol (TCP) ports used by the network controller to register the mobile station, and the network controller listens for an incoming TCP connection on the one or more defined TCP ports.
  - 18. The system as recited in claim 15, wherein the secure gateway ensures that the registration request is not received by the network controller until a message is received from the network controller indicating successful receipt and storage of the mobile identity information.
  - 19. The system as recited in claim 15, wherein the network controller drops a message received from the mobile station whenever the message contains a mobile identity that does not match the stored mobile identity information.
  - 20. The system as recited in claim 15, wherein the network controller uses the mobile identity information to provide one or more services to the mobile station.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Vikberg, Jari Tapio, Nylander, Tomas

Granted Patent

US 7,280,826 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/433
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/126   the source of the received ...

H04L 63/164   at the network layer

H04W 12/10   Integrity

H04W 12/72   Subscriber identity

H04W 12/75   Temporary identity

Method, system and apparatus for providing security in an unlicensed mobile access network or a generic access network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method, system and apparatus for providing security in an unlicensed mobile access network or a generic access network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links