Access control in a mobile communication system
First Claim
1. A method of controlling access in a cellular telecommunication system having a radio access network (RAN) in communication with a core network (CN), said method comprising:
- implementing access logic within the RAN for determining whether a given mobile user equipment (UE) is authorized to access the CN through a given radio base station (RBS);
implementing an access control database within the RAN, said database associating RBS identifiers with International Mobile Subscriber Identities (IMSIs) of UEs authorized to access the CN through associated RBSs;
receiving by the RAN, a Location Update Request message from the given UE, said Location Update Request message including a Temporary Mobile Subscriber Identity (TMSI) assigned to the UE;
in response to receiving the Location Update Request message, triggering an Identification procedure in which the RAN requests the given UE to send the given UE'"'"'s International Mobile Subscriber Identity (IMSI);
receiving by the RAN, the given UE'"'"'s IMSI, wherein the given UE sends the IMSI to the RAN without the knowledge of the CN, thus causing the given UE to advance its uplink sequence number while the CN is expecting an uplink sequence number that has not been advanced;
determining by the access logic in the RAN, whether the given UE is associated with the given RBS in the access control database;
alternatively granting or denying the given UE access to the CN based on a determination by the access logic in the RAN; and
when the UE is granted access to the CN, correcting by the RAN, uplink message sequence numbers between the given UE and the CN to provide uplink sequence numbers expected by the CN.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and radio network controller (RNC) in a radio access network (RAN) for controlling access to a cellular telecommunication system. Upon receiving an access request from a given user equipment (UE) through a given radio base station (RBS), the RNC retrieves authorization information from an access control database within the RAN. The authorization information indicates whether the given UE is authorized to access the system through the given RBS. The RNC alternatively grants access or denies access to the UE based on the retrieved authorization information. The RBS is particularly useful for controlling access through small cells with limited capacity.
84 Citations
22 Claims
-
1. A method of controlling access in a cellular telecommunication system having a radio access network (RAN) in communication with a core network (CN), said method comprising:
-
implementing access logic within the RAN for determining whether a given mobile user equipment (UE) is authorized to access the CN through a given radio base station (RBS); implementing an access control database within the RAN, said database associating RBS identifiers with International Mobile Subscriber Identities (IMSIs) of UEs authorized to access the CN through associated RBSs; receiving by the RAN, a Location Update Request message from the given UE, said Location Update Request message including a Temporary Mobile Subscriber Identity (TMSI) assigned to the UE; in response to receiving the Location Update Request message, triggering an Identification procedure in which the RAN requests the given UE to send the given UE'"'"'s International Mobile Subscriber Identity (IMSI); receiving by the RAN, the given UE'"'"'s IMSI, wherein the given UE sends the IMSI to the RAN without the knowledge of the CN, thus causing the given UE to advance its uplink sequence number while the CN is expecting an uplink sequence number that has not been advanced; determining by the access logic in the RAN, whether the given UE is associated with the given RBS in the access control database; alternatively granting or denying the given UE access to the CN based on a determination by the access logic in the RAN; and when the UE is granted access to the CN, correcting by the RAN, uplink message sequence numbers between the given UE and the CN to provide uplink sequence numbers expected by the CN. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus for controlling access in a cellular telecommunication system having a radio access network (RAN) in communication with a core network (CN), said apparatus comprising:
-
access logic within the RAN for determining whether a given mobile user equipment (UE) is authorized to access the CN through a given radio base station (RBS); an access control database within the RAN for associating RBS identifiers with International Mobile Subscriber Identities (IMSIs) of UEs authorized to access the CN through associated RBSs; communication means within the RAN for receiving a Location Update Request message from the given UE, said Location Update Request message including a Temporary Mobile Subscriber Identity (TMSI) assigned to the UE; means responsive to receiving the Location Update Request message for triggering an Identification procedure in which the RAN requests the given UE to send the given UE'"'"'s International Mobile Subscriber Identity (IMSI), and for receiving the given UE'"'"'s IMSI, wherein the given UE sends the IMSI to the RAN without the knowledge of the CN, thus causing the given UE to advance its uplink sequence number while the CN is expecting an uplink sequence number that has not been advanced; wherein the access logic in the RAN determines whether the given UE is associated with the given RBS in the access control database, and alternatively grants or denies the given UE access to the CN based on a determination by the access logic in the RAN; and wherein when the access logic grants the given UE access to the CN, the communication means is adapted to correct uplink message sequence numbers between the given UE and the CN to provide uplink sequence numbers expected by the CN. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. In a radio access network (RAN), a RAN-based access control node for controlling access to a core network (CN) in communication with the RAN, said RAN-based access control node comprising:
-
first communication means for receiving an access request to access the CN from a given mobile user equipment (UE) through a given radio base station (RBS), said access request including a Temporary Mobile Subscriber Identity (TMSI) assigned to the UE; means responsive to receiving the access request for triggering an Identification procedure in which the RAN requests the given UE to send the given UE'"'"'s International Mobile Subscriber Identity (IMSI), and for receiving the given UE'"'"'s IMSI, wherein the given UE sends the IMSI to the RAN-based access control node without the knowledge of the CN, thus causing the given UE to advance its uplink sequence number while the CN is expecting an uplink sequence number that has not been advanced; means responsive to receiving the given UE'"'"'s IMSI, for retrieving authorization information from an access control database within the RAN, said database associating RBS identifiers with IMSIs of UEs authorized to access the CN through associated RBSs; means for alternatively granting or denying the given UE access to the CN based on the retrieved authorization information; and second communication means for forwarding the access request to the CN, responsive to authorization information that indicates the given UE is authorized to access the system through the given RBS, wherein the second communication means decreases the sequence numbers of subsequent uplink messages from the given UE to the CN in order to synchronize the sequence numbers with sequence numbers expected by the CN. - View Dependent Claims (17, 18)
-
-
19. In a radio access network (RAN) in a cellular telecommunication system, a RAN-based access control node for controlling access to a core network (CN) in communication with the RAN, wherein the cellular telecommunication system includes macrocells and smaller femtocells, said RAN-based access control node comprising:
-
means for controlling access to the CN through the macrocells, wherein access requests are forwarded to the CN for access decisions; and means for controlling access to the CN through the femtocells, wherein access decisions are made in the RAN-based access control node, said means for controlling access to the CN through the femtocells comprising; first communication means for receiving an access request to access the CN from a given mobile user equipment (UE) through a given radio base station (RBS), said access request including a Temporary Mobile Subscriber Identity (TMSI) assigned to the given UE; means responsive to receiving the access request for triggering an Identification procedure in which the RAN requests the given UE to send the given UE'"'"'s International Mobile Subscriber Identity (IMSI), and for receiving the given UE'"'"'s IMSI, wherein the given UE sends the IMSI to the RAN-based control node without the knowledge of the CN, thus causing the given UE to advance its uplink sequence number while the CN is expecting an uplink sequence number that has not been advanced; means responsive to receiving the given UE'"'"'s IMSI, for retrieving authorization information from an access control database within the RAN, said database associating RBS identifiers with International Mobile Subscriber Identities (IMSIs) of UEs authorized to access the CN through associated RBSs; means for alternatively granting or denying the given UE access to the CN based on the retrieved authorization information; and second communication means for forwarding the access request to the CN, responsive to authorization information that indicates the given UE is authorized to access the system through the given RBS, wherein the second communication means decreases the sequence numbers of subsequent uplink messages from the given UE to the CN in order to synchronize the sequence numbers with sequence numbers expected by the CN. - View Dependent Claims (20, 21, 22)
-
Specification