This invention relates to an improvement of the data security of data access in a telephone system. Quite especially, the invention relates to an improvement of the data security of direct data accesses connected to mobile communications systems.
As the data transmission capacity of telephone systems is increasing, as the services provided by data networks are improving and as the use of data networks, such as the Internet, is becoming more general, the need for connecting the telephone system directly to data networks has grown. To meet this demand, Direct Data Accesses DDA have been developed, wherein the exchange of the telephone network is connected directly to the data network.
FIG. 1 shows such an arrangement by way of example, wherein there is a direct data access from a Mobile Switching Centre MSC to an Asynchronous Transfer Mode or ATM network, to a Public Switched Packet Data Network PSPDN, to a Private Network PN, to a Local Area Network LAN and to a data network in accordance with the X.25 protocol. Through the exchange, data services may be used by mobile stations directly subordinated to the exchange, such as Mobile Stations MSa, by mobile stations MSb subordinated to other mobile services switching centres, such as MSC2, which are connected to the exchange through the network, and by subscriber equipment, such as Fixed telephone network Subscribers FS, of other systems which are connected to the exchange through an Integrated Services Digital Network ISDN.
MSC is connected to an ATM network with an IWF matching unit. The matching unit collects data transmitted by the subscriber in the form of a circuit switched data signal and from this it forms packets or cells of a fixed length suitable for transmission to the ATM network. The circuit switched data signal may be e.g. in accordance with the CCITT V.24/V.28, CCITT V.110 or CCITT V.120 standards (CCITT=Comitxc3xa9 Consultatif International de Txc3xa9lxc3xa9graphique et Txc3xa9lxc3xa9phonique). Correspondingly, the matching unit sends information contained in the cells which it receives from the ATM network and which is to be sent to the user and transmits it to the user in a circuit switched form. To make possible several connections in parallel, several matching units in parallel may be used.
The exchange is connected to the public switched packet data network by a Packet Handler PH, which converts the circuit switched data signal into a data packet flow in accordance with a protocol, such as the Transport Control Protocol/Internet Protocol TCP/IP, which is used in the public data network. The packet handler functions as the access point to the data network in relation to the telephone system. Several packet handlers may be connected to the exchange, whereby several simultaneous connections may be set up with the data network.
To a private network PN, such as the in-house network of a company, the exchange is connected by an IWF (InterWorking Function) matching unit, which converts the circuit switched data signal in accordance with the protocol used in the private network. The matching unit is connected to the private data network by a fixedly allocated subscriber line, which functions as the access point to the data network. Several matching units may be connected to the exchange, whereby several simultaneous connections may be set up with the data network.
The exchange is connected to a LAN local area network by an IWF matching unit and by a LAN ROUTER connected to the former. The exchange may be connected to the router with several subscriber lines, whereby several simultaneous connections can be set up with the LAN network. The router functions as both access point to the data network and a concentrator collecting in a buffer the data packets received in parallel from the different subscriber lines and supplying them to the data network in series form.
In a fifth connection method, the packet network, which in the figure is a data network in accordance with the X.25 protocol, is connected to the exchange with the aid of an IWF matching unit and a Packet Assembler/Disassembler PAD. The matching unit sends to the packet assembler/disassembler functioning as the access point to the data network a circuit switched data signal, which may be e.g. in accordance with the CCITT V.24/V.28 or CCITT V.110 standards. Of the circuit switched signals the packet assembler/disassembler forms packets, buffers the packets and supplies them to the data network in series form.
Furthermore, the mobile switching centre may be connected to a PDN packet data network with the aid of an IWF matching unit and an Access Router AR. The AR is connected to a (Pulse Code Modulation) PCM matching unit by a conductor on which a protocol in accordance with the CCITT V.110 or CCITT V.120 standard is used. The access router converts the circuit switched data signal going to the packet network so that it is in accordance with the packet data protocol used in the packet network, and sends it to the packet data network. The packet switched data which it receives from the packet data network the access router converts into a circuit switched data signal to be sent to the exchange. The exchange is connected to the access router by exchange signalling, such as e.g. signalling in accordance with the 30B+D standard, the DPNSS (Digital Private Network Signalling System) or the QSIG international signalling standard for corporate networks. Differing from the other data accesses shown in FIG. 1, the mobile switching centre may set up signalling connections with the access router outside the traffic channel.
Data security is one of the major problems with data accesses. Since data networks very often contain information which must be kept secret from outsiders, access of outsiders to the network must be prevented. In connection with chargeable data services, the network operator to be able to charge needs the identity of the user using the network services. Also in this case, it must be possible to prevent any user assuming a false identity from gaining access to the network services. However, in the system shown in FIG. 1, anyone who learns the call number of a data network service will gain access to the network and thus to use services of the network.
FIG. 2 shows a state-of-the-art arrangement in a mobile communications system for preventing switching-on under a false identity to a HOST server located in a data network. Mobile station MS requests connection set-up of that mobile switching centre MSC2 under which it is located at the moment. On receiving the request for a connection set-up, the MSC2 authenticates the mobile station (step P1) to make sure that the mobile station has given a true subscriber identity. Having ensured the identity of the mobile station, the MSC2 sets up a connection with that exchange MSC1, which by way of the PAD packet assembler/disassembler is directly in connection with the data network. MSC1 switches on to the packet assembler/disassembler, which sends back to the subscriber a request to perform an authentication procedure based on the use of a password (step P2). In response to the request, the subscriber supplies his user identification and his password. The packet assembler/disassembler checks if the password given by the user is the same as the password stored in its own user database. If this is the case, the subscriber is given access to the data network. Otherwise access is barred.
Inside the data network, the network elements trust one another (step P3). Hereby all subscribers who have been given access to the network have access to all servers of the network, unless these are separately protected, e.g. by authentication procedures based on the use of a password. After the authentication, the packet assembler/disassembler located in the exchange begins to convert the circuit switched data flow received from the mobile station into packet form and to send it in packet switched form through the data network and further to the HOST server. Correspondingly, the packet assembler/disassembler receives from the HOST server in the data network packet switched data, which is converted by the packet assembler/disassembler into circuit switched form and which is sent on the circuit switched connection to the MS mobile station.
FIG. 3 shows another state-of-the-art arrangement in a mobile communications system for preventing switching-on under a false identity to a HOST server located in a data network. The connection set-up from the mobile station to the MSC1 exchange, which is connected directly with the data network through a PAD packet assembler/disassembler, is set up exactly in the same manner as in the example shown in FIG. 2. However, the packet assembler/disassembler does not authenticate the subscriber, but it sends in packet form a request for connection set-up to the HOST server. Hereby anybody who knows the call number of the PAD packet assembler/disassembler may set up a connection with the HOST server. To prevent unauthorised use of the server, authentication procedures are used, wherein the user sends his user ID and his password to the server in the data network. The server checks if the password given by the user tallies with the password stored in the server""s user database. If it does, the subscriber is given access to the server. If it does not, access is barred.
However, there are some problems with state-of-the-art authentication methods. Firstly, the data network must include means for performing the authentication procedure-and for maintaining the password database required by the procedure. However, these are not available in all data networks and at their access points, e.g. in the packet assemblers/disassemblers, whereby anybody has access to use the services of the data network by dialling the call number of the packet assembler/disassembler. Nor is it often sensible to implement the password authentication in a server-specific manner, since the number of password databases which must hereby be maintained will often become too high. In addition, the user when setting up the connection must remember his user ID and the corresponding password, the number of which may be considerable with a user using many different systems.
It is an objective of this invention to solve the problems described above. The objective is achieved with the method described in the independent claims.
The inventive idea is to define a closed user group formed by the access point to the data network and by the users of a service. Incoming calls coming from outside the user group to the access point of the data network are barred. Calls inside the user group coming to the access point are given access. Hereby the telephone system in itself prevents users outside the data service""s user group from gaining access to the network.
The user of the data service when taking contact with the data network states the user group formed by users of the data service as the user group of the call to be set up. This information can be established in the user""s subscriber data as the default user group of the basic service in question, whereby the information need not be given manually when the call is set up. The telephone system when setting up the call checks whether the user belongs to the user group mentioned in the call set-up data and whether he is otherwise entitled to the call. If the user is entitled to the call, set-up of the call is continued to that exchange from which there is a direct connection with the data network.
The exchange which has a direct connection with the data network checks if the access point to the data network allows set-up of the call. Set-up of the call is allowed only if the access point belongs to the user group given by the user requesting set-up of the connection.
The telephone system is preferably a mobile communications system, whereby the identity of the user requesting set-up of the connection can be verified through known authentication procedures of the mobile communications system.