Access control in a mobile communication system

US 7,941,144 B2
Filed: 12/01/2006
Issued: 05/10/2011
Est. Priority Date: 05/19/2006
Status: Active Grant

First Claim

Patent Images

1. A method of controlling access in a cellular telecommunication system having a radio access network (RAN) in communication with a core network (CN), said method comprising:

implementing access logic within the RAN for determining whether a given mobile user equipment (UE) is authorized to access the CN through a given radio base station (RBS);

implementing an access control database within the RAN, said database associating RBS identifiers with International Mobile Subscriber Identities (IMSIs) of UEs authorized to access the CN through associated RBSs;

receiving by the RAN, a Location Update Request message from the given UE, said Location Update Request message including a Temporary Mobile Subscriber Identity (TMSI) assigned to the UE;

in response to receiving the Location Update Request message, triggering an Identification procedure in which the RAN requests the given UE to send the given UE'"'"'s International Mobile Subscriber Identity (IMSI);

receiving by the RAN, the given UE'"'"'s IMSI, wherein the given UE sends the IMSI to the RAN without the knowledge of the CN, thus causing the given UE to advance its uplink sequence number while the CN is expecting an uplink sequence number that has not been advanced;

determining by the access logic in the RAN, whether the given UE is associated with the given RBS in the access control database;

alternatively granting or denying the given UE access to the CN based on a determination by the access logic in the RAN; and

when the UE is granted access to the CN, correcting by the RAN, uplink message sequence numbers between the given UE and the CN to provide uplink sequence numbers expected by the CN.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and radio network controller (RNC) in a radio access network (RAN) for controlling access to a cellular telecommunication system. Upon receiving an access request from a given user equipment (UE) through a given radio base station (RBS), the RNC retrieves authorization information from an access control database within the RAN. The authorization information indicates whether the given UE is authorized to access the system through the given RBS. The RNC alternatively grants access or denies access to the UE based on the retrieved authorization information. The RBS is particularly useful for controlling access through small cells with limited capacity.

84 Citations

View as Search Results

22 Claims

1. A method of controlling access in a cellular telecommunication system having a radio access network (RAN) in communication with a core network (CN), said method comprising:
- implementing access logic within the RAN for determining whether a given mobile user equipment (UE) is authorized to access the CN through a given radio base station (RBS);
  
  implementing an access control database within the RAN, said database associating RBS identifiers with International Mobile Subscriber Identities (IMSIs) of UEs authorized to access the CN through associated RBSs;
  
  receiving by the RAN, a Location Update Request message from the given UE, said Location Update Request message including a Temporary Mobile Subscriber Identity (TMSI) assigned to the UE;
  
  in response to receiving the Location Update Request message, triggering an Identification procedure in which the RAN requests the given UE to send the given UE'"'"'s International Mobile Subscriber Identity (IMSI);
  
  receiving by the RAN, the given UE'"'"'s IMSI, wherein the given UE sends the IMSI to the RAN without the knowledge of the CN, thus causing the given UE to advance its uplink sequence number while the CN is expecting an uplink sequence number that has not been advanced;
  
  determining by the access logic in the RAN, whether the given UE is associated with the given RBS in the access control database;
  
  alternatively granting or denying the given UE access to the CN based on a determination by the access logic in the RAN; and
  
  when the UE is granted access to the CN, correcting by the RAN, uplink message sequence numbers between the given UE and the CN to provide uplink sequence numbers expected by the CN.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, wherein the step of implementing access logic within the RAN includes implementing access logic in a radio network controller (RNC).
  - 3. The method according to claim 1, wherein the step of correcting uplink message sequence numbers between the UE and the CN includes the steps of:
    - forwarding the Location Update Request message to the CN with an original message sequence number; and
      
      altering the sequence numbers of subsequent uplink messages to account for the number of messages that were sent from the given UE to the RAN and that were not forwarded to the CN.
  - 4. The method according to claim 1, wherein the step of alternatively granting or denying the given UE access to the CN includes:
    - rejecting the access request by the access control logic without signaling to the CN when the given UE is not associated with the given RBS in the access control database; and
      
      forwarding the access request by the access control logic to the CN when the given UE is associated with the given RBS in the access control database.
  - 5. The method according to claim 4, wherein the given RBS is a Femto-RBS serving a femtocell smaller than a macrocell, said Femto-RBS having capacity to serve only a small predefined number of UEs identified in the access control database.
  - 6. The method according to claim 5, further comprising controlling access through the macrocell within the CN.
  - 7. The method according to claim 5, further comprising controlling access through the macrocell within a RAN-based access control node adapted to control access through the femtocell and to separately control access through the macrocell.

8. An apparatus for controlling access in a cellular telecommunication system having a radio access network (RAN) in communication with a core network (CN), said apparatus comprising:
- access logic within the RAN for determining whether a given mobile user equipment (UE) is authorized to access the CN through a given radio base station (RBS);
  
  an access control database within the RAN for associating RBS identifiers with International Mobile Subscriber Identities (IMSIs) of UEs authorized to access the CN through associated RBSs;
  
  communication means within the RAN for receiving a Location Update Request message from the given UE, said Location Update Request message including a Temporary Mobile Subscriber Identity (TMSI) assigned to the UE;
  
  means responsive to receiving the Location Update Request message for triggering an Identification procedure in which the RAN requests the given UE to send the given UE'"'"'s International Mobile Subscriber Identity (IMSI), and for receiving the given UE'"'"'s IMSI, wherein the given UE sends the IMSI to the RAN without the knowledge of the CN, thus causing the given UE to advance its uplink sequence number while the CN is expecting an uplink sequence number that has not been advanced;
  
  wherein the access logic in the RAN determines whether the given UE is associated with the given RBS in the access control database, and alternatively grants or denies the given UE access to the CN based on a determination by the access logic in the RAN; and
  
  wherein when the access logic grants the given UE access to the CN, the communication means is adapted to correct uplink message sequence numbers between the given UE and the CN to provide uplink sequence numbers expected by the CN.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The apparatus according to claim 8, wherein the communication means includes means, responsive to the access logic granting the given UE access to the CN, for forwarding the Location Update Request message to the CN with an original message sequence number, and for altering the sequence numbers of subsequent uplink messages to account for the number of messages that were sent from the given UE to the RAN and that were not forwarded to the CN.
  - 10. The apparatus according to claim 8, wherein the access logic includes:
    - means for rejecting the access request without signaling to the CN, responsive to a determination that the given UE is not associated with the given RBS in the access control database; and
      
      means for forwarding the access request to the CN, responsive to a determination that the given UE is associated with the given RBS in the access control database.
  - 11. The apparatus according to claim 10, wherein the given RBS is a Femto-RBS serving a femtocell smaller than a macrocell, said Femto-RBS having capacity to serve only a small predefined number of UEs identified in the access control database.
  - 12. The apparatus according to claim 11, further comprising means within the CN for controlling access through the macrocell.
  - 13. The apparatus according to claim 11, further comprising a RAN-based access control node for controlling access to the CN through the macrocell.
  - 14. The apparatus according to claim 11, further comprising a RAN-based access control node for controlling access to the CN through the macrocell, wherein the RAN-based access control node is adapted to control access to the CN through the femtocell and to separately control access to the CN through the macrocell.
  - 15. The apparatus according to claim 14, wherein the RAN-based access control node is a radio network controller (RNC).

16. In a radio access network (RAN), a RAN-based access control node for controlling access to a core network (CN) in communication with the RAN, said RAN-based access control node comprising:
- first communication means for receiving an access request to access the CN from a given mobile user equipment (UE) through a given radio base station (RBS), said access request including a Temporary Mobile Subscriber Identity (TMSI) assigned to the UE;
  
  means responsive to receiving the access request for triggering an Identification procedure in which the RAN requests the given UE to send the given UE'"'"'s International Mobile Subscriber Identity (IMSI), and for receiving the given UE'"'"'s IMSI, wherein the given UE sends the IMSI to the RAN-based access control node without the knowledge of the CN, thus causing the given UE to advance its uplink sequence number while the CN is expecting an uplink sequence number that has not been advanced;
  
  means responsive to receiving the given UE'"'"'s IMSI, for retrieving authorization information from an access control database within the RAN, said database associating RBS identifiers with IMSIs of UEs authorized to access the CN through associated RBSs;
  
  means for alternatively granting or denying the given UE access to the CN based on the retrieved authorization information; and
  
  second communication means for forwarding the access request to the CN, responsive to authorization information that indicates the given UE is authorized to access the system through the given RBS, wherein the second communication means decreases the sequence numbers of subsequent uplink messages from the given UE to the CN in order to synchronize the sequence numbers with sequence numbers expected by the CN.
- View Dependent Claims (17, 18)
- - 17. The RAN-based access control node according to claim 16, wherein the means for alternatively granting or denying the given UE access to the CN includes means for rejecting the access request without signaling to the CN, responsive to authorization information that indicates the given UE is not authorized to access the system through the given RBS.
  - 18. The RAN-based access control node according to claim 16, wherein the RAN-based access control node is a radio network controller (RNC).

19. In a radio access network (RAN) in a cellular telecommunication system, a RAN-based access control node for controlling access to a core network (CN) in communication with the RAN, wherein the cellular telecommunication system includes macrocells and smaller femtocells, said RAN-based access control node comprising:
- means for controlling access to the CN through the macrocells, wherein access requests are forwarded to the CN for access decisions; and
  
  means for controlling access to the CN through the femtocells, wherein access decisions are made in the RAN-based access control node, said means for controlling access to the CN through the femtocells comprising;
  
  first communication means for receiving an access request to access the CN from a given mobile user equipment (UE) through a given radio base station (RBS), said access request including a Temporary Mobile Subscriber Identity (TMSI) assigned to the given UE;
  
  means responsive to receiving the access request for triggering an Identification procedure in which the RAN requests the given UE to send the given UE'"'"'s International Mobile Subscriber Identity (IMSI), and for receiving the given UE'"'"'s IMSI, wherein the given UE sends the IMSI to the RAN-based control node without the knowledge of the CN, thus causing the given UE to advance its uplink sequence number while the CN is expecting an uplink sequence number that has not been advanced;
  
  means responsive to receiving the given UE'"'"'s IMSI, for retrieving authorization information from an access control database within the RAN, said database associating RBS identifiers with International Mobile Subscriber Identities (IMSIs) of UEs authorized to access the CN through associated RBSs;
  
  means for alternatively granting or denying the given UE access to the CN based on the retrieved authorization information; and
  
  second communication means for forwarding the access request to the CN, responsive to authorization information that indicates the given UE is authorized to access the system through the given RBS, wherein the second communication means decreases the sequence numbers of subsequent uplink messages from the given UE to the CN in order to synchronize the sequence numbers with sequence numbers expected by the CN.
- View Dependent Claims (20, 21, 22)
- - 20. The RAN-based access control node according to claim 19, wherein the means for alternatively granting or denying the given UE access to the CN includes means for rejecting the access request without signaling to the CN, responsive to authorization information that indicates the given UE is not authorized to access the system through the given RBS.
  - 21. The RAN-based access control node according to claim 19, wherein the cellular telecommunication system also includes microcells and picocells larger than the femtocells, and the means for controlling access to the CN through the macrocells also controls access to the CN through the mircocells and picocells, wherein access requests are forwarded to the CN for access decisions.
  - 22. The RAN-based access control node according to claim 19, wherein the RAN-based access control node is a radio network controller (RNC).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Vikberg, Jari Tapio, Nylander, Tomas, Lindqvist, Thomas Lars-Erik
Primary Examiner(s)
Ly; Nghi H
Assistant Examiner(s)
DEAN, JR, JOSEPH E

Application Number

US11/565,827
Publication Number

US 20070270152A1
Time in Patent Office

1,621 Days
Field of Search

455/444, 455/435.1
US Class Current

455/435.1
CPC Class Codes

H04W 12/08   Access security

H04W 48/04   based on user or terminal l...

H04W 60/00   Affiliation to network, e.g...

H04W 8/02   Processing of mobility data...

H04W 84/045   using private Base Stations...

H04W 88/12   Access point controller dev...

Access control in a mobile communication system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

84 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Access control in a mobile communication system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

84 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links