The present invention relates to a method of setting encryption for a connection in a radio system that comprises a plurality of mobile terminals, at least one switching centre and at least one radio network unit communicating with the switching centre, the radio network unit further comprising at least one control unit and at least one base station under its control. In the radio system, the handling of the encryption settings of the switching centre and the base station is performed at different protocol layers than the handling of the encryption settings of the mobile terminals.
The present-day requirement of public radio systems is mutual compatibility. At times, it is further required that units of different systems can be combined into a workable entity, for example the use of a base station system in core networks of different radio systems. FIG. 1 shows such a combination of a plurality of radio systems, in which a Radio Access Network (RAN) is connected to core networks of different systems, in the figure to the core networks of a Global System for Mobile Communications (GSM), International Mobile Telecommunication (IMT-2000), General Packet Radio Service (GPRS) and Integrated Services Digital Network (ISDN). Such a radio access network RAN is planned to be implemented in the IMT-2000 system of the future. By means of the RAN network, a radio connection is established to subscribers of several core networks. Consequently, it is also referred to as a Generic Radio Access Network (GRAN). Each core network provides services to its own subscribers. The mobile terminal (MT) is thus connected to a base station BTS of the radio access network RAN via the radio path over the radio interface. Via the BTS, the connection is transferred from the radio access network RAN to the home core network of the mobile terminal MT over the interface Iu. The Iu interface refers to an open interface that can be used to interconnect the RAN of different systems and a Core Network (CN). A core network refers to a Mobile Services Switching Centre (MSC) and the other units in the network, such as the Visitor Location Register (VLR), the Home Location Register (HLR), etc. depending on the system. The Iu is illustrated as comprising the BN protocol (Bearer Negotiation) of layer 3 and the lower physical transmission layers. A core network can also be made up of separate packet service nodes such as General Packet Radio Service (GPRS), Serving GPRS Support Node (SGSN) and Gateway GPRS Support Node (GGSN) of the GSM.
FIG. 2 shows the connection of the GSM core network to the radio access network RAN in closer detail. The RAN consists of at least one base station controller (BSC) and base stations BTS under its control. Unlike with operation of the GSM system, the signaling between the RAN network and the mobile terminal in the IMT-2000 system is often transparent to the base station BTS. Thus, the structure of the BTS functioning as a repeater in the signaling between the BSC and the MT is simpler than in traditional mobile communications systems. The base station controller BSC routes the messages from the mobile terminal MT, received via the base station BTS, to the mobile services switching centre MSC of the GSM system, and vice versa.
The problem with connecting the IMT-2000 system radio access network RAN and, e.g., the GSM system core network to one another is arranging encryption for the connections. In the IMT-2000 system, encryption is implemented between the mobile terminal MT and the core network MSC, which makes traffic transparent from the point of view of the radio access network RAN. In the GSM system, encryption is implemented at the air interface between a mobile station MS and a base station BTS. The next examines in closer detail the problem caused by a combined system in the light of FIGS. 3-6.
FIG. 3 illustrates a theoretical layer description for a connection in the GSM system entity, in which identically-named protocols of units connected to each other communicate with each other. For reasons of clarity, physical transmission layers 1 and 2 that do not take part in the encryption are marked with dotted lines. Boxes circled with solid lines in the figures belong to layer 3. Of the protocols shown in the figure, CC (Call control) carries out call control and MM (Mobility Management) location management of the mobile station MS. In the GSM system, these protocols do not take part in implementing encryption for the connection.
FIG. 4 is a signaling diagram for setting of encryption in the GSM system. FIG. 4 also shows the taking part of the protocol boxes of FIG. 3 in the setting of the encryption. With a BSSAP protocol, the mobile services switching center MSC transmits an encryption start command 41 CIPHERING_MODE_COMMAND to the BSSAP protocol of the base station controller BSC. The BSSAP (BSS Application Part) protocol corresponds to the BN protocol. BSC-internally, the start command is transferred in message 42 from the BSSAP protocol to the BTSM protocol (BTS Management) that is able to communicate with the corresponding protocol of the base station BTS. The BTSM protocol of the base station controller BSC thus transfers the encryption command to the BTSM protocol of the BTS in message 44 ENCRYPTION_COMMAND, which includes a CIPHERING_MODE_COMMAND message of an RR protocol (Radio Resource Management), meant to be transmitted to the mobile station MS. BTS-internally, the encryption command is transferred, in message 45, from the BTSM protocol to an RRxe2x80x2 protocol which is part of the RR protocol and thus capable of communicating with the RR protocol of the mobile station MS. The RRxe2x80x2 protocol of the base station BTS transfers the CIPHERING_MODE_COMMAND message, delivered within message 44, to the RR protocol of the MS (message 46). The RR protocol of the mobile station MS acknowledges the encryption setting by transmitting an acknowledgement message 47 CIPHERING_MODE_COMPLETE to the RR protocol of the base station controller BSC. BSC-internally, this acknowledgement is transferred from the RR protocol to the BSSAP protocol (message 48) that sends the acknowledgement message further to the BSSAP protocol of the mobile services switching centre in message 49 CIPHERING_MODE_COMPLETE. The RR protocol of the mobile station MS and the RRxe2x80x2 protocol of the base station BTS transfer the encryption parameters and the encryption start command unit-internally to lower layers of the physical connection, which at the transmitting end carry out encryption and, at the receiving end, decryption for signals of the higher protocols.
FIG. 5 shows a theoretical layer description corresponding to FIG. 3 in the case of IMT-2000 system entity. Again, the physical transmission layers 1 and 2 not taking part in the encryption are marked with dotted lines. Layers 1 and 2 may be implemented with the ATM protocol, for example. The CC protocol of the IMT-2000 system carries out call control, and the MM protocol in addition to location management of the mobile terminal MT initializes the connection encryption. A TAC protocol (Terminal Association Control) establishes a connection between the network and the mobile terminal MT.
FIG. 6 shows a signaling chart for initialization of the IMT-2000 system encryption. The encryption initialization is performed with an MM-T protocol (Mobility Management-Terminal) in a transparent way from the point of view of the radio access network RAN. The MSC transmits, by means of the MM-T protocol, an encryption initialization message 61 MOBILITY_FACILITY_(START_CIPHERING: INVOKE) to the mobile terminal MT. The radio access network RAN transfers the message directly to the MT, which acknowledges the encryption initialization with message 62 MOBILITY_FACILITY (START_CIPHERING: RETURN_RESULT). Message 62 is also transferred to the MSC transparently from the RAN""s point of view. The base station BTS and the base station controller BSC of the RAN, through which the messages pass, thus do not take part in the encryption and are not aware of the encryption. After the initialization, the encryption of the connection is performed between the mobile services switching centre MSC and the mobile terminal MT.
Hence, the problem with the system configuration of FIG. 2 is that the mobile services switching centre does not support direct transfer of encryption settings to the mobile terminal transparently over the radio access network RAN. A further problem is that the base station BTS of the RAN does not have a protocol to process the encryption settings, which could communicate with the corresponding protocol of the mobile terminal. This means that encryption initialization cannot be carried out between the base station and the mobile terminal. In a system configuration according to FIG. 2, it is therefore not possible with prior art methods to arrange encryption for the connection.
It is an object of the present invention to implement encryption in a radio system configuration where the protocol processing the encryption settings of the base station is not able to communicate with the corresponding protocol of the mobile terminal.
This new type of encryption setting is obtained with the inventive method, which is characterized by that which is set forth in the independent claim 1. Particular embodiments of the invention are disclosed in the dependent claims.
The invention is based on the idea that the control unit in the radio network transfers the encryption initialization settings needed by the mobile terminal to the mobile terminal, transparently from the point of view of the base station. According to one of the embodiments of the invention, the control unit in the radio network transfers the encryption initialization settings independently to the base station and the mobile terminal.
Such an encryption setting provides the advantage that encryption can be arranged between units communication over the radio interface even in case the units are not able to exchange encryption initialization settings, as is the case with a combination of a GSM core network and an IMT-2000 system radio network.