Method, system and apparatus for providing security in an unlicensed mobile access network or a generic access network

US 7,280,826 B2
Filed: 02/01/2005
Issued: 10/09/2007
Est. Priority Date: 02/01/2005
Status: Active Grant

First Claim

Patent Images

1. A method for providing security in an unlicensed mobile access network, the method comprising the steps of:

receiving a message containing a mobile identity of a mobile station at a secure gateway in the unlicensed mobile access network;

the secure gateway holding the received message until a success message is received from an unlicensed network controller, associated with the unlicensed mobile access network, the success message indicating successful receipt and storage of the mobile identity information; and

the secure gateway dropping or rejecting the message whenever the received mobile identity does not match a stored mobile identity associated with the mobile station, wherein dropping the received message further comprises;

deregistering the mobile stationblacklisting an Internet Protocol (IP) address associated with the mobile station for a period of time;

notifying a system operator of the dropped message and deregistration of the mobile station;

orlogging information about the dropped message and deregistration of the mobile station.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a method, system and apparatus for providing security in an unlicensed mobile access network or a generic access network by receiving a message containing a mobile identity of a mobile station (MS) and dropping or rejecting the message whenever the received mobile identity does not match a stored mobile identity associated with the MS. The message is processed whenever the received mobile identity matches the stored mobile identity associated with the MS. The stored mobile identity is provided by a secure gateway. The mobile identity can be an International Mobile Subscriber Identity, Temporary Mobile Subscriber Identity, Packet Temporary Mobile Subscriber Identity, private Internet Protocol (IP) address or public IP address. The message can be a registration request, uplink message or a downlink message, such as a Mobility Management message, a General Packet Radio Service Mobility Management message, or a UMA or Unlicensed Radio Resources message.

36 Citations

View as Search Results

16 Claims

1. A method for providing security in an unlicensed mobile access network, the method comprising the steps of:
- receiving a message containing a mobile identity of a mobile station at a secure gateway in the unlicensed mobile access network;
  
  the secure gateway holding the received message until a success message is received from an unlicensed network controller, associated with the unlicensed mobile access network, the success message indicating successful receipt and storage of the mobile identity information; and
  
  the secure gateway dropping or rejecting the message whenever the received mobile identity does not match a stored mobile identity associated with the mobile station, wherein dropping the received message further comprises;
  
  deregistering the mobile stationblacklisting an Internet Protocol (IP) address associated with the mobile station for a period of time;
  
  notifying a system operator of the dropped message and deregistration of the mobile station;
  
  orlogging information about the dropped message and deregistration of the mobile station.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as claimed in claim 1, further comprising the step of processing the received message whenever the received mobile identity matches the stored mobile identity associated with the mobile station.
  - 3. The method as claimed in claim 1, wherein the mobile identity comprises an International Mobile Subscriber Identity (IMSI), a Temporary Mobile Subscriber Identity (TMSI), a Packet Temporary Mobile Subscriber Identity (P-TMSI), private Internet Protocol (IP) address or a public IP address.
  - 4. The method as claimed in claim 1, wherein the received message comprises a registration request, an uplink message or a downlink message.
  - 5. The method as claimed in claim 4, wherein the uplink message is received from a mobile switching center (MSC) or a General Packet Radio Service (GPRS) support node (SGSN).
  - 6. The method as claimed in claim 1, further comprising the step of storing the received mobile identity whenever the received message is from the secure gateway.
  - 7. The method as claimed in claim 1, further comprising the step of storing the received mobile identity and processing the received message whenever the received message is a down link message and the received mobile identity will assign or change the mobile identity of the mobile station.
  - 8. The method as claimed in claim 7, wherein the received mobile identity is not stored until an uplink message is received that accepts, acknowledges or completes the downlink message.
  - 9. The method as claimed in claim 1, wherein the received message is Mobility Management (MM) message, a General Packet Radio Service (GPRS) Mobility Management (GMM) message, or a UMA or Unlicensed Radio Resources (URR) message.
  - 10. The method as claimed in claim 1, wherein the message is received at the unlicensed network controller (UNC) within the unlicensed mobile access network (UMAN) or a generic access network controller (GANC) within a generic access network (GAN).
  - 11. The method as recited in claim 1, further comprising the step of using the stored mobile identity to provide one or more services to the mobile station.

12. An apparatus in an unlicensed mobile access network, the apparatus comprising:
- an unlicensed network controller;
  
  a data storage device that stores associations of mobile identities to mobile stations;
  
  a secure gateway for receiving a message containing a mobile identity of a mobile station, wherein the secure gateway includes means for holding the registration request until a success message is received from the network controller indicating successful receipt and storage of the mobility identity information; and
  
  a processor communicably coupled to the data storage device that receives the mobile identity of a mobile station and drops or rejects the message whenever the received mobile identity does not match a stored mobile identity associated with the mobile station, wherein the dropping or rejecting the message further comprises;
  
  deregistering the mobile station;
  
  blacklisting an Internet Protocol (IP) address associated with the mobile station for a period of time;
  
  notifying a system operator of the dropped message and deregistration of the mobile station;
  
  orlogging information about the dropped message and deregistration of the mobile station.

13. A system in an unlicensed mobile access network, the system comprising:
- a mobile station;
  
  a secure gateway communicably coupled to the mobile station that receives a message containing mobile identity information from the mobile station and holds the message until a success message is received from an unlicensed controller indicating successful receipt and storage of the mobile identity information wherein the secure gateway sends the mobile identity information to an unlicensed network controller;
  
  andthe network controller being communicably coupled to the mobile station and the secure gateway, wherein the network controller stores the received mobile identity information and registers the mobile station whenever the mobile identity information within a registration request received from the mobile station matches the stored mobile identity information, wherein the network controller drops a message received from the mobile station whenever the message contains a mobile identity that does not match the stored mobile identity information.
- View Dependent Claims (14, 15, 16)
- - 14. The system as recited in claim 13, wherein the mobile identity information comprises an International Mobile Subscriber Identity (IMSI), a private Internet Protocol (IP) address, or a public IP address.
  - 15. The system as recited in claim 13, wherein the secure gateway is configured with one or more defined Transmission Control Protocol (TCP) ports used by the network controller to register the mobile station, and the network controller listens for an incoming TCP connection on the one or more defined TCP ports.
  - 16. The system as recited in claim 13, wherein the network controller uses the mobile identity information to provide one or more services to the mobile station.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Vikberg, Jari Tapio, Nylander, Tomas
Primary Examiner(s)
D AGOSTA, STEPHEN M

Application Number

US11/047,880
Publication Number

US 20060172732A1
Time in Patent Office

980 Days
Field of Search

455/410, 455/411, 4554351-4353, 455/433, 455/41.2, 455436-444, 370/331, 370/338
US Class Current

455/433
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/126   the source of the received ...

H04L 63/164   at the network layer

H04W 12/10   Integrity

H04W 12/72   Subscriber identity

H04W 12/75   Temporary identity

Method, system and apparatus for providing security in an unlicensed mobile access network or a generic access network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method, system and apparatus for providing security in an unlicensed mobile access network or a generic access network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links