Advanced telecommunication systems provide geolocation services in addition to the traditional telephony services. Geolocation equipment determines the geographical location of the mobile terminal and provides services such as providing directions or directing the mobile terminal to nearby points of interest. Geolocation equipment may provide other services including the Emergency 911 (E911) service, PLMN operator services, and Lawful Intercept services in which user location may be needed.
Conventional communication systems carry voice, data and multimedia communication on the user plane while conducting signaling which supports the actual communication on the control plane. Control plane-based position location relies ultimately on the exchange of signaling messages between an external location services client (LCS) and the internal network position determination entity (PDE) that is responsible for the actual location calculation. Locating a mobile terminal can be done on the control plane or the use plane. The third Generation Partnership Project (3GPP) provides technical specification and functional description of the provision for location information.
For control plane, as opposed to user plane positioning, signaling messages must be sent across different interfaces and between the many network elements involved in the transaction. In the case of the uplink time-difference of arrival (U-TDOA) positioning, the originating LCS client sends a position location message in the form of a request data frame to a gateway mobile location center (GMLC). The GMLC processes this message, performs the necessary inquiry of the network to determine the current visited Mobile Switching Center (MSC) for the mobile terminal and then directs the position request to the MSC.
The visited MSC in turn processes the request and based on the available information establishes a dedicated connection to the mobile to send a position location request message to the Base Station Controller (BSC). The BSC submits the request to a connected Serving Mobile Location Center (SMLC) which makes a determination on the type of positioning method to be applied and, in the case of U-TDOA selection, sends a perform location request to the Position Determining Entity (PDE)/(GCS) along with the associated radio information needed to locate the mobile.
Once the mobile terminal's location has been calculated, a response message is sent from the PDE to the SMLC. The SMLC will in turn produce a location response for the BSC which includes the mobile terminal's location. The BSC sends a response to the MSC and the MSC will generate a response message for the GMLC. The GMLC then responds to the location information to the originating LCS client. A different protocol exists on each interface of the position location path, including MLP, MAP-G, BSSMAP, BSSMAP-LE and RPP, respectively (protocols familiar to those skilled in art of mobile and location technologies).
Similarly, the position location response messages are interpreted by each of the intervening elements along the return path. Based on the success, failure, radio changes or other mobile status identified in the returned messages, the position location network elements may take appropriate action. The GMLC is responsible for sending the final location information to the requesting LCS client for delivery to originating location service user (location requester).
While GSM and UMTS provide system security and signaling confidentiality for over-the-air communications, no security is provided for communications between network elements. For content and service providers, end-to-end security must be independently supported. In the case of control plane-based location, this security must be implemented recognizing various network elements and potential signaling interface manipulations that occur along the location infrastructure path.
There are a number of limitations in the conventional control plane-based mobile system signaling processes that pose challenges when security applications need to be supported within an existing network infrastructure. A first challenge is the need for confidentiality to prevent requested position location information from being accessible to external entities including various network elements that must communicate by generating and transferring the mobile terminal's location. While this can be achieved by encrypting the information that is exchanged between the LCS client and the PDE, it is made difficult by the different intervening elements and the various signaling protocol interfaces along the communications paths. Another problem is the need to be selective in the security that is applied by the position determination entity when the LCS infrastructure supports multiple services. In particular, where the same PDE supports emergency (and other value added or operator location services) as well as security services, it is important that only responses to the security client be encrypted. Conventional systems do not provide this feature. Finally, there is a need for a security application to be able to dynamically change the applied encryption parameters during the on-going service as a means of providing enhanced forward security.
It is desirable to meet these objectives without the knowledge or impact on intervening network elements or on the standard network signaling protocols. There are no mechanisms in the standard signaling exchange that allows an LCS client to initiate or selectively change the security parameters needed for encryption on a request-by-request basis.