With increasing demand of broadband and wireless broadband traffic (e.g. multimedia, video) over Internet, home and office users are fast be-coming important target customers for wireless operators and solution providers. The devices typically are installed to the customers' premises by the customers themselves. The customers' existing broadband internet connections (such as DSL or cable) may be used as backhaul connections to the service provider's network and the devices are powered from the customers' electricity sockets.
As the femtocells are installed indoors they will allow service providers to extend service coverage indoors, especially where access would otherwise be limited or unavailable. People living in rural areas can use them in to gain better coverage. Femtocells will also give some additional network capacity due to the small cell size and reduce the load of the macrocells. On the other hand they will also use the same radio resources as macrocells and interfere the macro layer as any other base stations. There are also numerous other challenges in implementing an efficient solution.
The femtocell incorporates the functionality of a typical base station but extends it to allow a simpler, self contained deployment. An example is the 3rd Generation Partnership Project (3GPP) Femto system but the concept is applicable to all standards.
The home base station installation is done by the customers most of whom are non-technical people. The installation process must be straightforward and automatic. Even then the operator needs to have some means of technical support just to tell which wires are plugged where. There might be different device types connecting either to Ethernet or with an integrated DSL or cable modem (this connection may be referred to as a backhaul connection). When plugged into the customer's electric outlet and internet connection, the home base station needs to first determine the correct settings for the backhaul connection. Preferably DHCP or some other means of automatic negotiation is used to get the IP and DNS settings. When these settings are set and a secure backhaul connection is working between a secure gateway and the home base station, the home base station needs to be authenticated by a secure network gateway and/or some specific authentication entity on the network side.
An authentication of a home base station may be based on an identity received from the home base station. However, there may be alternative identities that the home base station may use for authentication, e.g. depending on the authentication performed. For example, the home base station may be primarily authenticated by a Device Authentication wherein a device identity (ID) of the home base station is used. It is a mutual authentication between the home base station device and the operator's network. Each home base station is provided with a unique device identity.
Alternatively or following to the device authentication, the home base station may be authenticated by a user authentication wherein a user identity (ID), such as IMSI (International Mobile Subscriber Identity) is used. An example of a user authentication is a Hosting Party Authentication. The Hosting Party of the home base station means the party who is hosting the home base station and has a contractual relationship with the PLMN operator. The hosting party of the home base station will typically be the “lead” user in a household, but could be e.g. the corporate IT manager in an enterprise context. For this purpose, the home base station may support identification and authentication of the hosting party by means of a Subscriber Identity Module (SIM) or a Universal SIM (USIM). The USIM/SIM card may be used in a home base station device similar to a mobile phone. In both the device authentication and the user/hosting party authentication a secure connection or tunnel is established between the home base station and the security gateway in case of a successful authentication.
When the home base station is functioning as a part of the network, a home base station management system is used to remotely change configurations, perform software updates and manage the general Operations, Administration and Management (OAM) tasks, such as monitoring for faults and performance. After a successful authentication, the home base station management system sends the configuration data to the home base station and manages the base station over a secured management connection. In the case the management system is inside the network operator's core network, the secure management connection may be using the secure connection between the security gateway and the home base station. In that case no mutual OAM authentication may be performed between the home base station and the management system but the management system relies on the authentication performed by the security gateway. In other words, if the identity of the home base station is sent to the management system via the security gateway, then the management system may trust that a device authentication and/or hosting party authentication were successful and that the received identity can be accepted and the configuration data can be sent. The received identity can be e.g. the device ID, the IMSI, both or another unique ID. However, the management system may not be able to unambiguously derive which identity for the home base station is used for OAM after performing successful authentication. Moreover, part of the configuration data is subscriber/user related when a USIM/SIM card is used, and this USIM/SIM card can be used in any home base station device. Here the problem is, no matter which identity is used, from the OAM point of view how to obtain the correct configuration data for one home base station. Furthermore, the configuration data which are related to user and USIM/SIM card maybe stored on the device and not on the SIM/USIM card and HP Authentication process doesn't check whether the USIM/SIM card is plugged into the same device or a physically different device.