The Third Generation Partnership Project (3GPP) has standardized the Generic Access Network (GAN)-concept starting from 3GPP Release-6. The more precise name utilized by 3GPP is “Generic Access to A/Gb Interfaces” and this standardization was based on the Unlicensed Mobile Access (UMA) de-facto specifications. Two examples of existing solutions for enabling a Mobile Station (MS) to access a GSM Core Network (CN) are: a GAN solution and a GSM-Femto solution.
FIG. 1 is a functional block diagram from 3GPP TS 43.318 illustrating an architecture of the GAN 10. GAN is specified in the 3GPP TS 43.318 and TS 44.318. A mobile station (MS) 11 connects through a WiFi access point (AP) in a generic IP access network 12. GAN provides a new Radio Access Network (RAN), and the node corresponding to the GERAN Base Station Controller is called the Generic Access Network Controller (GANC) 13. The GANC 13 includes a Security Gateway (SEGW) 14 and connects to a GSM Core Network (CN) 15. The MS is a dual-mode, dual-radio handset including for example both WiFi and 3GPP-macro radio support (e.g. GSM, WCDMA or both). The MS connects to the WiFi AP utilizing the WiFi Radio. The GAN standard defines for example how the MS can function in GAN mode and access the services provided by the GSM CN using the Up-interface 16 between the MS and the GANC.
The Up-interface 16 may traverse unsafe IP networks and is therefore protected by a secure IP tunnel between the MS 11 and the GANC 13 handled by the SEGW 14.
The current GAN standard may be referred to as “2G-GAN” or “GSM-GAN” because the standard GSM A-interface and Gb-interface are utilized between the GANC and the CN. Work is ongoing to standardize a “3G-GAN” or “WCDMA-GAN” solution. In this case, the GANC will utilize standard WCDMA interfaces such as the lu-cs and the lu-ps interfaces to connect to the CN. The resulting standard can be also called “Generic Access to lu Interfaces” or “GAN-lu”.
FIG. 2 is a protocol diagram illustrating a circuit-switched (CS) Domain Control Plane Architecture 20 related to the GAN solution and the Up-interface 16. The GANC 13 uses normal A-interface signaling towards the Mobile Switching Center (MSC) 21. The GANC interworks the related protocols, like the Base Station System Application Part (BSSAP) 22, towards the relevant GAN-protocols, such as Generic Access—Circuit Switched Resources (GA-CSR) 23, in both directions.
FIG. 3 is a signaling diagram illustrating the existing GAN registration procedure between the MS 11 and the GANC 13. This procedure is well defined, for example, in the 3GPP Technical Specifications for GAN, therefore the procedure will not be described in detail here, although several steps are relevant to the present invention.
At step 3, an IPsec tunnel is established between the MS and the SEGW 14 using IKEv2 signaling. The MS holds a (U)SIM card and the tunnel establishment is authenticated using EAP-SIM or EAP-AKA signaling between the MS and the Authentication, Authorization and Accounting (AAA) server 25 as requested by the SEGW. The authentication procedure is really performed towards the (U)SIM card in the MS. The AAA contacts an HLR/AuC 26 to retrieve required security keys to be used as part of the EAP-SIM or EAP-AKA signaling.
At step 6, the MS 11 sends a GA-RC REGISTER REQUEST message to the GANC 13 and may indicate some information about the MS capabilities in the GAN Classmark Information Element (IE).
At step 7, the GAN registration attempt is accepted by the GANC 13 and a GA-RC REGISTER ACCEPT message is returned to the MS 11. The reject and redirect cases as shown in alternative steps 8 and 9 are not relevant to the present invention and are shown only for completeness.
FIG. 4 is a signaling diagram illustrating the existing GAN signaling sequence when a periodic Location Update is performed in GAN-mode. The most relevant parts of this sequence are steps 11-12 in which the GANC 13 receives a (BSSAP) CIPHER MODE COMMAND and is supposed to trigger signaling towards the MS 11. These particular steps are used here as an example of how the GANC should act towards the different types of terminals and access points accessing the system.
FIG. 5 is a functional block diagram of an architecture of a GSM-Femto access network. The GSM-Femto solution provides small femto cells for the end users by having small GSM radio base stations in, for example, the user's home premises. The small radio base station is called a Femto Cell Customer Premises Equipment (CPE) 31. The Femto Cell CPE connects to the network using the proprietary Fp and Abis-over-IP interfaces. The node corresponding to the GERAN BSC is called a Femto BSC 32. No specific 3GPP standard exists for the GSM-Femto solution. One of the main differences from the GAN solution described above is that MSs do not require any changes because the standard GSM Um-interface is used between the MS and the Femto Cell CPE. The MS connects to the Femto Cell CPE as normally in GERAN. The Femto Cell CPE is then connected to the Femto BSC using the proprietary Fp and Abis-over-IP interfaces.
FIG. 6 is a protocol diagram illustrating a CS Domain Control Plane Architecture 40 related to the GSM-Femto solution of FIG. 6. The Femto BSC 32 uses normal A-interface signaling towards the MSC 21. The Femto BSC interworks the related protocols, like BSSAP 22, towards the relevant GSM-protocols such as GSM Radio Resources (GSM RR) 41 in both directions.
The security solution applied for the GSM Femto solution is very similar to the solution used in GAN (and as described in FIG. 3). The Femto Cell CPE 31 establishes an IPsec tunnel to the SEGW 14 using the same mechanisms as in GAN. The main difference is that the Femto Cell CPE contains the (U)SIM card that is authenticated towards the AAA server 25.