Mobile Stations (MS), also known as mobile terminals, wireless terminals and/or User Equipment (UE) are enabled to communicate wirelessly in a wireless communication system, sometimes also referred to as a cellular radio system. The communication may be made e.g. between two mobile stations, between a mobile station and a regular telephone and/or between a mobile station and a server via a Radio Access Network (RAN) and possibly one or more core networks.
The mobile stations may further be referred to as mobile telephones, cellular telephones, laptops with wireless capability. The mobile stations in the present context may be, for example, portable, pocket-storable, hand-held, computer-comprised, or vehicle-mounted mobile devices, enabled to communicate voice and/or data, via the radio access network, with another entity, such as another mobile station or a server.
The wireless communication system covers a geographical area which is divided into cell areas, with each cell area being served by a base station, e.g. a Radio Base Station (RBS), which in some networks may be referred to as “eNB”, “eNodeB”, “NodeB” or “B node”, depending on the technology and terminology used. The base stations may be of different classes such as e.g. macro eNodeB, home eNodeB or pico base station, based on transmission power and thereby also cell size. A cell is the geographical area where radio coverage is provided by the base station at a base station site. One base station, situated on the base station site, may serve one or several cells. The base stations communicate over the air interface operating on radio frequencies with the mobile stations within range of the base stations.
In some radio access networks, one or more base stations may be connected, e.g. by landlines or microwave, to a Radio Network Controller (RNC) e.g. in Universal Mobile Telecommunications System (UMTS). The radio network controller, also sometimes termed a Base Station Controller (BSC) e.g. in GSM, may supervise and coordinate various activities of the plural base stations connected thereto. GSM is an abbreviation for Global System for Mobile Communications (originally: Groupe Special Mobile).
When a mobile station desires to access a GSM system, it begins by sending random-access bursts to the nearest/strongest radio base station. Depending on the distance to the radio base station the bursts will arrive at the radio base station more or less out of sync with the TDMA-frame structure of the radio base station. To get the mobile station aligned with the TDMA frames the initial response from the GSM system contains a Timing Advance (TA) value. The timing advance value informs the mobile station of how much earlier the mobile station must transmit its bursts for them to arrive well synchronized to the radio base station.
As the timing advance value reflects the geographical distance between the mobile station and the radio base station, this information may be used for positioning purposes. With several known timing advance values from different radio base stations it is possible to triangulate the mobile station position. That is, provided that the positions of the radio base stations are also known. GSM networks provide positioning features based on timing advance triangulating technology.
In recent years, a new vicious variant of timing advance positioning started to spread. Mobile stations accordingly make fake accesses in the GSM radio cells without intention to establish a session. Instead they just note the timing advance values that are included in the initial responses from the system. They never establish on the signalling channel provided by the system. Hence, the channel is “hanging” until system timeouts and sets it back to idle state.
The timing advance values that have been snatched from the system are used by the mobile station, together with the Cell Global Identities (CGIs) of the radio base stations, to find out its geographical position. To do this the mobile station may use any Internet Protocol (IP) connection to contact a server that has knowledge about the radio base stations locations. The timing advance/cell global identity values are traded for the geographical position and at the same time the server gets valuable information to fine tune its database.
GSM operators have increasing problems with mobile terminals that use the described positioning method based on fake system accesses. The GSM systems cannot distinguish the fake-positioning accesses from real accesses. The reason for this is that they use an establishment-cause value that may be used also for normal traffic cases. Therefore, the system must allocate a signalling channel for every fake random access that is received. The system impact is a waste of radio resources, limiting the amount of real traffic that may be processed by the system.
Also, the system must consider each failure caused by fake accesses as a real establishment failure. This corrupts the performance indicators and therefore the operators have problems to supervise the performance of their networks.
A problem for the operators is that they do not get paid for the cost of the positioning activities. As the mobile stations do not reveal any identity when making the fake accesses, there is no way to charge those activities. Indirectly they might get paid when the mobile station terminals use packet switched signalling to contact the positioning server. However, this contact may be made through other available IP connections like direct Local Area Network (LAN) or Wireless Local Area Network (WLAN) connection, or WiFi. In a case when the mobile station does already know the location of the radio base stations, it does not even need to contact any server to find out the position.