Mobile telecommunications devices typically require a continuous connection to an authentication storage means (for instance a UICC, SIM card or USIM card). Without this connection, the mobile telecommunications device will be capable of establishing only emergency calls. The connection, while typically by virtue of a SIM card installed in a SIM interface, may also be implemented by connecting via another device in Bluetooth range with a suitable SIM access profile.
In particular, such a connection will be required to allow the device to obtain the RES and associated key material (Kc or CK∥IK) necessary for authentication to take place between the device and the network.
Such devices may additionally be able to authenticate to a heterogeneous access network (such as a WiFi Hotspot) using non-SIM means. The authentication subsystem used by a non-cellular telecommunications network may be shared with the conventional authentication subsystem of a cellular subsystem, such as the AAA server.
However, in the absence of a connection to a suitable authentication storage means the device will also be incapable of authenticating the base station in GSM.
There is therefore a requirement for a facility that allows devices to authenticate to a wide area mobile network (or heterogeneous access network) when they temporarily do not have a connection to a SIM card.
There may be a further requirement to authenticate the base station and so protect against false base stations.
As a consequence of the decreasing costs of wireless telecommunications apparatus, tighter safety and climate regulation and vigorous market competition, an ever increasing number of devices (“machines”) are being provided with wireless telecommunications apparatus to facilitate additional information services. A particular driving factor in this trend has been the provision of wireless services to so-called machine to machine (M2M) solutions.
The term “M2M” has been used to describe applications in such diverse fields as: tracking and tracing; payment; remote maintenance; automotive and electronic toll; metering; and consumer devices. The augmentation of M2M to allow wireless communications between devices (often referred to as mobile M2M) makes new services possible in some cases (within the automotive industry, for instance) and in others extends existing M2M services (within the field of smart metering).
With mobile M2M, machines numbering in the order of millions and located anywhere within mobile network coverage, can be simultaneously monitored to provide real-time information that an individual or enterprise can analyze and act upon.
It is predicted that large numbers of “machines” will require access to wide-area mobile networks (such as the GSM, GPRS and/or 3G cellular networks). Each of these machines may only require authentication very occasionally but may have all the basic equipment to allow connection to at least one access network when that is required. However, just requiring that each device be allowed to authenticate itself to the network from time to time, may undermine the benefits of certain mobile M2M services (particularly those services that are predicated on a low cost machine/service).
It has been suggested in, U.S. Pat. No. 9,271,148. that to address this issue multiple devices may use the same, common (U)SIM card for authentication. As a result, there may be many devices/machines having equipment suitable for establishing a connection with one or more wireless access networks but lacking a continuous connection with an authentication storage means necessary for authenticating the device with the selected access network.
It is therefore an object of the invention to obviate or at least mitigate the aforementioned problems.
In accordance with one aspect of the present invention, there is provided a system for facilitating authentication over a wireless access network, the system comprising:
an authentication storage means, which is operable to provide authentication information during an authentication process;
at least one machine device being operable to connect to a wireless access network and having a communication interface with the authentication storage means;
a core network, which is operable to provide a machine device with advance data to be communicated to the authentication storage means to facilitate subsequent authentication of the said machine device with an access network.
In a further aspect of the present invention, there is provided a method for facilitating authentication at least one machine device over one or more wireless access networks, the at least one machine device having an associated authentication storage means, the method comprising: providing the machine device with advance data while the machine device and authentication storage means are in signaling connection with the wireless access network; and subsequently, authenticating said machine device with a core network of the wireless access network in accordance with said advance data while the machine device is in signaling connection with the core network, neither access via the wireless access network nor the connected presence of the authentication storage means being necessary for said authentication.