1. Field of the Invention
The present invention generally relates to a mobile station in a mobile network, and in particular to authenticating a mobile station in a mobile network.
2. Brief Description of Related Developments
Known authentication and key agreement protocols are based either on symmetric or public key cryptography and a trusted third party. In a Global System for Mobile Communication (“GSM”), the authentication and encryption key agreement is based on symmetric key and a trusted third party. The method using symmetric key requires the existence of an agreed secret between communicating parties or with a server as the third party. In GSM the mobile station of the subscriber shares a secret subscriber authentication key Ki with a trusted authentication centre AC. The authentication of the mobile station is based on the use of a one-way function A3 and a ciphering key Kc is derived from the shared Ki in the mobile station and the authentication centre.
FIG. 1 shows a prior art authentication arrangement of GSM mobile networks, where there is an Authentication Centre AC 1, a Home Location Register HLR 2, Visitor Location Register VLR 3, Base Transmitter Station BTS 4 and Mobile Equipment ME 5, where number 6 is a Subscriber Identity Module SIM.
The method by the arrangement operates as follows: Authentication Centre 1 forms a Random Number RAND, that is used with subscriber authentication key Ki to form an authentication triplet 7. The authentication triplet 7 comprises random number RAND directly from the RAND above, Signed Response SRES formed with a one-way function A3 1a from the subscriber authentication key Ki and ciphering key Kc formed with one-way function A8 1b from the RAND above. The authentication triplet 7 is sent to Home Location Register HLR 2 and then to Visitor Location Register VLR 3. The RAND of the authentication triplet 7 is sent from the VLR 3 to the Subscriber Identity Module SIM 6 in the Mobile Equipment ME 5 to form a key corresponding to the ciphering key Kc in the same authentication triplet 7. The above key is formed by one-way function A8 6b in SIM 6 and processed more by one-way function A5 8 in ME 5 to exchange with the Kc of the authentication triplet 7 processed by one-way function A5 8 in the Base Transmitter Station 4. Also subscriber authentication key Ki of the SIM 6 is used to form a signed response corresponding to the SRES in the above authentication triplet 7 in the VLR 3. This signed response is directly sent to the VLR 3 to compare it with the SRES to complete the authentication.
Formerly is also known User-to-User Signalling (UUS) that is defined for Integrated Services Digital Network (ISDN) and is being defined for GSM network. The UUS is defined for GSM in ETSI (European Telecommunications Standards Institute) specification Digital cellular telecommunications system (Phase 2+); User-to-User Signalling (UUS); Service description, Stage 1 (GSM 02.87).
The UUS supplementary service allows the served subscriber to send to or receive from another user a limited amount of information. This information is generated by the subscriber and shall be passed transparently through the network. With the word transparently is meant that no modification to the contents is made. Normally the network does not interpret this information.
The served subscriber is able to send and receive User-to-User Information (UUI) in different phases of the call depending on what service subscriber uses. Possible services are:
Service 1: UUI can be sent and received during the origination and termination of a call, with UUI embedded within call control messages. The service 1 can be activated implicit by inserting UUI when set-up a call or explicit with an appropriate procedure.
Service 2: UUI can be sent and received after the served subscriber has received an indication that the remote party is being informed of the call and prior to the establishment of the connection. UUI sent by the served subscriber prior to receiving the acceptance of the call by the remote party, may as a network option be delivered to the remote party after the call has been established. The service 2 shall be activated explicitly.
Service 3: UUI can be sent and received only while the connection is established. The service 3 shall be activated explicitly.
Services 1 to 3 shall allow the transmission of UUI with the maximum length of 128 octets per message. In some networks as ISDN the maximum length is only 32 octets. The USER INFOrmation message between GSM mobile station and Mobile Switching Centre (MSC) can have 128 octets of user data while the messages for call setup and release can have 32 octets of user data. Messages for call setup and release include f.ex. SETUP, PROGRESS, ALERT, CONNECT, DISCONNECT, RELEASE, RELEASE COMPLETE.
A problem in the known arrangements in mobile networks is that only security parameters required in the establishment of confidentiality on the air interface are exchanged. Parameters for other information security features as integrity on air interface are not agreed.
A problem in the shared-key authentication and key agreement procedures is the agreed secret and in some circumstances needed connection to the trusted third party during the execution of the protocol.
The objective of the invention is to avoid disadvantages of the prior art solutions by bringing out a new authentication and key agreement for mobile communications systems to implement an end-to-end secure transmission.
In one aspect, the present is directed to authenticating a mobile station in a mobile network. In one embodiment the method includes authenticating the mobile station with user-to-user data exchange.
In another aspect, the present invention is directed to a cellular communications system including a first mobile station, a second mobile station and at least one mobile switching centre. In one embodiment the first and second mobile stations are wirelessly connected via base stations. The first mobile station constructs and sends a first message and receives and verifies the validity of a second message. When the information is verified as valid, the first mobile station accepts to share a shared encryption key K, and constructs and sends a third message. A second mobile station receives the first message and constructs and sends the second message. The second mobile station receives and verifies the validity of the third message, and when the information is determined to be valid, accepts to share the shared encryption key K with the first mobile station.
In a further aspect the present invention is directed to a mobile station. In one embodiment the mobile station includes a processor, a memory, an output means, an input means, a transmitter/receiver and an antenna. The processor performs operations needed to form and verify messages and implements authentication and key agreement procedures. The procedures and messages, with necessary parameters and variables, are stored in the memory. The commencement of extra secure communications is presented to a user of the mobile station via the output means. The input means is used to enable validation of the extra secure communication and the transmitter/receiver and antenna transform information to radio waves from digital signals and vice versa.