Field
Various features disclosed herein pertain generally to wireless communication systems, and at least some features pertain to devices and methods for facilitating the authentication of access terminal identities and usage relationships between access terminal identities and user identities.
Background
Access terminals, such as mobile phones, pagers, wireless modems, personal digital assistants, personal information managers (PIMs), personal media players, palmtop computers, laptop computers, or any other device with a processor that communicates with other devices through wireless signals are becoming increasingly popular and are used more frequently. Subscribers using such access terminals in a wireless communication network are typically authenticated by the wireless communication network before being granted access to initiate and/or receive calls and transmit and/or receive data. Traditionally, wireless communication networks authenticate a subscriber by verifying a user identity comprising cryptographic information contained in and provided by, for example, an access terminal's Subscriber Identification Module (SIM) for GSM networks, Universal Subscriber Identification Module (USIM) for UMTS/LTE networks and Removable User Identification Module (RUIM) for CDMA networks. These SIMs, USIMs and RUIMs are typically chip and pin based cards that contain information about the subscriber/user of the access terminal and are removable from the access terminal. Users of access terminals equipped with such removable user identity modules are typically able to remove the SIM, USIM or RUIM card from one access terminal and place the card in another access terminal, thereby transferring their subscriber information easily from one access terminal to another.
While conventional wireless communication networks are adapted to authenticate the subscriber card (e.g., SIM, USIM, RUIM) being used in an access terminal, it may also be desirable for the wireless communication networks to authenticate the access terminal itself, and deny or allow network access to the access terminal based on the outcome of the access terminal authentication. There are a number of reasons why a network operator would want to authenticate the access terminal in addition to the subscriber card. One common reason includes, for example, authentication of access terminals in order to deter unauthorized manufacturers from producing or refurbishing access terminals that are not approved for use within a wireless communication network (e.g., grey market access terminals). By utilizing an authentication system that authenticates access terminals, the network operator may deny service to those access terminals produced or refurbished by unauthorized manufacturers that fail to authenticate with valid access terminal identification. Another common reason involves the risks of terrorist attacks carried out in part with the use of unauthorized access terminals. Government entities have recently expressed a strong desire that network operators be able to trace, track, authenticate, and disable all access terminals operating within a network operator's wireless communication network. Having the ability to authenticate an access terminal and deny service accordingly would prove advantageous in stopping criminal activities.
There currently exist mechanisms which enable wireless communication networks to query an access terminal's identity (ID). For example, a wireless communication network (e.g., GSM network, WCDMA network, TD-SCDMA network) may query and check an international mobile equipment identity (IMEI) number for 3GPP-compliant access terminals, or a wireless communication network (e.g., CDMA) may query and check a mobile equipment identifier (MEID) for 3GPP2-compliant access terminals. However, these existing mechanisms for obtaining an access terminal's ID fail to provide any assurance that the ID received from an access terminal actually belongs to that access terminal. For example, an unauthorized access terminal can illegally copy or otherwise obtain the ID of an authorized access terminal, and then provide that pirated ID to the requesting wireless communication network. In such a situation, the conventional wireless communication network is unable to distinguish between an authorized access terminal and an unauthorized access terminal employing a faked ID.
Therefore, there is a need for methods, apparatus, and/or systems that are adapted to both discover and validate the identity of an access terminal.