The invention generally relates to a wireless communication network, and more particularly, relates to an improved authentication center (AC) component in a wireless communication network.
Wireless communication is one of the fastest growing segments of the telecommunication industry. With the mobility of the wireless devices, such as cellular phones and pagers, a subscriber to a wireless service can make or receive a call, or receive a message without being restricted to any particular locations. Because of the convenience provided by wireless devices, they have been widely used by average consumers.
Airtime fraud is a costly problem for wireless communications providers (also called "operators"). Callers (also called "subscribers") can gain unauthorized access to cellular networks by "cloning" legitimate cellular phones (also called "handsets," "Mobile Stations," or "MSs"). The cloning process duplicates the memory contents of a legitimate cellular phone so that the clone cellular phone appears to be legitimate to the rest of the system. In certain high-crime areas, large numbers of cellular phone calls are estimated to be placed from cloned handsets. The challenge to cellular telephone companies lies in determining whether a handset communicating with the system is a legitimate handset or a clone.
In the past, operators could only detect fraudulent access after the fact. The detection process involved labor-intensive post-call analysis and did not stop cloned handsets from fraudulently obtaining service. Currently, many conventional cellular systems include one or more Authentication Center (AC) portions. When a calling person activates a handset, the AC checks the profile of the person who is registered for the handset. The AC then initiates a challenge to the handset. If the handset's response matches the AC's challenge, network access is granted. Otherwise, access is denied. The authentication process greatly reduces airtime losses and serves as a deterrent to the crime of cloning.
In many cellular phone systems, the AC performs authentication in connection with the following events: registration (when a phone roams into a new area); origination of a call; flashing (which involves, e.g., three way calling, call waiting, or paging); and call termination. In general, the MSC (Mobile Switching Center) associated with the area of the handset being authenticated sends an authentication request (AUTHRQST) message to the AC for each of these events.
To further authenticate handsets, conventional ACs periodically send "SSD update" messages and "unique challenge" messages to MSCNLRs in the system. These messages (also called "authentication messages") are defined in the ANSI IS-41 standard produced by TIA/EIA for cellular telephones, which is herein incorporated by reference.
One cause of authentication failures occurs when a subscriber installs a new A-key in his cellular telephone handset. In order for the Authentication Center to authenticate handsets that use a unique (rather than a default) A-key,, a method to enter the A-key into the handset and into the AC is needed. Default A-keys are common to every handset and widely known authentication using only default A-keys is limited in its ability to detect clones and refuse service to them, thereby preventing cellular fraud. The value of the unique A-key must be entered into a subscriber's handset and into the subscriber's record in the AC. When the unique A-key is entered into the AC, it is marked as the "alternate Akey" because it is not known at what point in time the new A-key will be programmed into the handset. Because the authentication process will only authenticate an operation if the A-key in the handset matches the A-key in the AC, it is important to be able to detect the point in time when the new (unique) A-key is programmed into the handset.
When a new A-key is programmed into a handset, any SSD that previously existed in the handset is reset to the default SSD value. Therefore, the entry of a new A-Key into a handset may be detected by the AC when the AC recognizes that the SSD in the handset does not match the SSD maintained by the AC.
In conventional systems, the SSD in the handset was assumed to be bad if either of two situations occur: 1) an AUTHR mismatch or 2) a unique challenge failure. Both of these situations generally arise when the SSD in the handset does not match that in the AC and conventional systems assume that this is the case. In such a situation, conventional systems may attempt an SSD update using the new, unique (or alternate) A-key. If the SSD update works, then authentication succeeds and the new, unique (or alternate) A-key is assumed to be the A-key currently in use by the handset. The problem with conventional systems is that they do not provide the ability to automatically update the A-key when an SSD Update failed. They also did not allow an AC system operator to choose whether or not the automated A-key updating should be performed.