As a consequence of the decreasing costs of wireless telecommunications apparatus, tighter safety and climate regulation and vigorous market competition, an ever increasing number of devices (“machines”) are being provided with wireless telecommunications apparatus to facilitate additional information services. A particular driving factor in this trend has been the provision of wireless services to so-called machine to machine (M2M) solutions.
The term “M2M” has been used to describe applications in such diverse fields as: tracking and tracing; payment; remote maintenance; automotive and electronic toll; metering; and consumer devices. The augmentation of M2M to allow wireless communications between devices (often referred to as mobile M2M) makes new services possible in some cases (within the automotive industry, for instance) and in others extends existing M2M services (within the field of smart metering).
With mobile M2M, machines numbering in the order of millions and located anywhere within mobile network coverage, can be simultaneously monitored to provide real-time information that an individual or enterprise can analyze and act upon.
It is predicted that large numbers of “machines” will require access to wide-area mobile networks (such as the GSM, GPRS and/or 3G cellular networks). Each of these machines may only require authentication very occasionally but may have all the basic equipment to allow connection to at least one access network when that is required. However, just requiring that each device be allowed to authenticate itself to the network from time to time, may undermine the benefits of certain mobile M2M services (particularly those services that are predicated on a low cost machine/service).
Consider the implications of providing all such devices with a separate, provisioned SIM card. For each SIM card, the network operator must create a corresponding subscription and “provision” the SIM with a valid MSISDN corresponding to that subscription (i.e. a telephone number), both for the reservation of the MSISDN (regulators such as the ITU assign ranges of MSISDN numbers to operating companies) and overheads in registering the selected number for use with a given access network.
Where that SIM appears no longer (or never to have been) used for a predetermined period, the network operators typically note this fact and initiate a “quarantine” process for returning the telephone number to the set of available numbers. Of course, this quarantining process has an associated cost: so too does reassigning that MSISDN number as ultimately will happen when it is confirmed unused after the quarantine period expires.
As the reader will readily appreciate, the provisioning of SIMs that are infrequently or never used represents a distinct inconvenience to the network operator. While this inconvenience is significant when considering the conventional provision of mobile telephones and data card/modems with SIMs, SIM-enablement of “machines” present additional problems simply by virtue of the number of these devices and their typical (low and sporadic) frequency of use. M2M applications are expected to increase significantly the number of unused or infrequently used SIMs and to cause a consequently greater level of disruption to the network operator who wishes to enable such devices. All the additional costs in terms of provisioning, quarantining (or keeping minimally active) etc of such machines can be relatively expensive and when compared with the potential market for the mobile M2M service may be found incompatible with low cost services.
Alternatively devices could have a “soft SIM” (a SIM module in software or firmware) instead, but this has major security issues, and there is still significant cost to the network operator (requiring heavy usage of the core network components in particular the home location register (HLR) and the authentication centre (AuC)) and arranging provisioning/creating subscriptions.
In a further alternative, it would be possible for devices to have some other form of authentication technology. However such a solution would require major network re-design, and could potentially prevents connection onto existing 3G and GSM networks.
It is therefore an object of the invention to obviate or at least mitigate the aforementioned problems.
In accordance with one aspect of the present invention, there is provided a system for facilitating authentication over a wireless access network, the system comprising:
a hub device having an authentication storage means, which is operable to provide authentication information during an authentication process;
at least one machine device being operable to connect to the wireless access network and having a communication interface with the hub device, through which a request for authentication information is made; and
a core network, which is operable to authenticate each machine device and provide said machine devices with parallel access to one or more access networks in accordance with authentication information obtained from the hub device.
It is preferred that a plurality of machine devices are provided with parallel access and the authentication information obtained from the hub device for each machine device includes a corresponding temporary identifier (such as the TMSI for UTRAN or GUTI for LTE) and a distinct key association (e.g. in LTE, K_ASME), each corresponding temporary identifier being related to a permanent identifier (e.g. an IMSI) associated with the hub device.