Method and apparatus for preventing theft of service in a communication system
First Claim
1. A method of preventing theft of service by a compromised access point and detecting unauthorized identifiers in a communication system comprising (i) a first communication system comprising a core network and a licensed radio access network, and (ii) a wireless second communication system comprising a particular access point that operates using licensed wireless frequencies covering a short-range distance and a network controller communicatively coupling the particular access point to the core network, the network controller maintaining a list of UE identities recognized by the core network to use the particular access point, the method comprising:
- creating a session comprising a session identity for a first user equipment (UE), said session for communicatively coupling the first UE with the core network through the particular access point, the first UE comprising an identity included in the list of UE identities recognized by the core network to use the particular access point;
associating the identity of the first UE with the session as an identity of a UE authorized to use the session; and
rejecting a message routed from the particular access point to the network controller when said message comprises (i) the session identity of the session for the first UE and (ii) an identity of a second UE, the second UE comprising an identity different than the identity of the first UE associated with the session, wherein the message is an attempt by the particular access point to steal service based on the identity of the second UE by reusing the session of the first UE and replacing the identity of the first UE with the identity of the second UE.
11 Assignments
0 Petitions
Accused Products
Abstract
A method of preventing theft of service in a communication system that includes a first wireless communication system and a second wireless communication system that includes a Femtocell access point (FAP) and a network controller that can communicatively couple the FAP to the first wireless communication system. The method creates an authorized session that includes a session identify for a first user equipment (UE). The UE is recognized by the first communication as an authorized UE to use the FAP. The method rejects a request by the FAP to register a second UE when the identity of the second UE does not match any identity in the set of first UE identities. The rejected request includes the session identity of the authorized session and the identity of the second UE. The second UE is not recognized by the first communication system as an authorized UE to use the FAP.
470 Citations
34 Claims
-
1. A method of preventing theft of service by a compromised access point and detecting unauthorized identifiers in a communication system comprising (i) a first communication system comprising a core network and a licensed radio access network, and (ii) a wireless second communication system comprising a particular access point that operates using licensed wireless frequencies covering a short-range distance and a network controller communicatively coupling the particular access point to the core network, the network controller maintaining a list of UE identities recognized by the core network to use the particular access point, the method comprising:
-
creating a session comprising a session identity for a first user equipment (UE), said session for communicatively coupling the first UE with the core network through the particular access point, the first UE comprising an identity included in the list of UE identities recognized by the core network to use the particular access point; associating the identity of the first UE with the session as an identity of a UE authorized to use the session; and rejecting a message routed from the particular access point to the network controller when said message comprises (i) the session identity of the session for the first UE and (ii) an identity of a second UE, the second UE comprising an identity different than the identity of the first UE associated with the session, wherein the message is an attempt by the particular access point to steal service based on the identity of the second UE by reusing the session of the first UE and replacing the identity of the first UE with the identity of the second UE. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable storage medium storing a computer program for execution by a network controller, the computer program for preventing theft of service and for detecting unauthorized identifiers in a communication system comprising (i) a first communication system comprising a core network and a licensed radio access network, and (ii) a wireless second communication system comprising a particular access point that operates using licensed wireless frequencies covering a short-range distance and the network controller, the network controller communicatively coupling the particular access point to the core network, the network controller maintaining a list of UE identities recognized by the core network to use the particular access point, the computer program comprising:
-
a set of instructions for creating a session comprising a session identity for a first user equipment (UE) when the first UE comprises an identity included in the list of UE identities recognized by the core network to use the particular access point, said session for communicatively coupling the first UE with the core network through the particular access point; a set of instructions for associating the identity of the first UE with the session as an identity of a UE authorized to use the session; and a set of instructions for rejecting a message routed from the particular access point to the network controller when (i) said message comprises the session identity of the session for the first UE and an identity of a second UE and (ii) the second UE comprises an identity different than the identity of the first UE associated with the session, wherein the message is an attempt by the particular access point to steal service based on the identity of the second UE by reusing the session of the first UE and replacing the identity of the first UE with the identity of the second UE. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A network controller operable in a communication system comprising (i) a first communication system comprising a core network and a licensed radio access network, and (ii) a wireless second communication system comprising a particular access point that operates using licensed wireless frequencies covering a short-range distance and the network controller, the network controller for communicatively coupling the particular access point to the core network, the network controller for maintaining a list of UE identities recognized by the core network to use the particular access point, the network controller comprising:
-
an interface established between the particular access point and the network controller for communicatively coupling the particular access point and a plurality of user equipments (UEs) coupled to the core network; and a processor; to create a session comprising a session identity for a first UE, said session for communicatively coupling the first UE with the core network through the particular access point when the first UE comprises an identity included in the list of UE identities recognized by the core network to use the particular access point, to associate the identity of the first UE with the session as an identity of a UE authorized to use the session, and to reject a message routed from the particular access point to the network controller when (i) said message comprises the session identity of the session for the first UE and an identity of a second UE and (ii) the second UE comprises an identity different than the identity of the first UE associated with the session, wherein the message is an attempt by the particular access point to reuse the session of the first UE and to replace the identity of the first UE with the identity of the second UE to steal service based on the identity of the second UE. - View Dependent Claims (30, 31, 32, 33, 34)
-
Specification