The invention relates to the wireless radio telecommunications, and, more particularly, to the authentication of mobile stations.
The use of mobile telecommunications systems, including cellular telephones and personal communications services (PCS), has seen explosive growth, particularly in the past decade. The use of mobile, or cellular, telephones, which was once a relative novelty, has become so commonplace that it is not unusual to see people conversing on the telephone, as they walk along the sidewalk, as they drive, even as they attend a concert or a play. There are many reasons for this explosive growth, but it would not have been possible without the security and confidentiality provided by modem mobile systems.
Security and confidentiality are typically provided in a mobile telecommunications system through a combination of devices, including; the assignment of a temporary mobile subscriber identity to a mobile unit, encryption of information being transmitted along the radio path, the authentication of each mobile unit, and the validation of the mobile unit equipment. A temporary mobile subscriber identity is sent by a visiting location register to the home or visited mobile switching center, and is, in effect, an xe2x80x9caliasxe2x80x9d which prevents observers from detecting a mobile user""s calling patterns. The registration process requires a mobile user to indicate to a base station that he is active in the system. This permits a mobile switching center to locate a mobile subscriber""s location and determine the mobile""s activity status. Encryption typically involves the use of algorithms that rearrange the component bits of a message, using an algorithm known to only the network and the mobile subscriber. The network and subscriber employ the same algorithm and the same key to xe2x80x9cscramblexe2x80x9d, or re-arrange, the data. The key and the algorithm are updated frequently, even during the course of a single telephone call. Equipment validation is a process whereby the mobile network checks the mobile equipment against lists of valid, suspect, and fraudulent mobile units contained within an equipment identity register. Validation may take place during the authentication process. The authentication process typically involves the transmission of a random number xe2x80x9cseedxe2x80x9d from a base station to the mobile device. Both the mobile device and the base station operate on the seed with an authentication algorithm to produce an authentication number. The mobile device transmits its authentication number to the base station which passes the number to the mobile switching center, where the two authentication numbers are compared. If they are identical, the mobile switching center grants the system access requested by the mobile device.
Conventional mobile telecommunications services employ a mobile identification number (MIN) for authentication, for termination, and for many other operations. However, the mobile identification number has proven inadequate for worldwide applications. Consequently, systems are being developed which employ an international mobile subscriber identity (IMSI) that will allow mobile telecommunications devices to operate seamlessly throughout the world. At some point, when IMSI devices are introduced there will be a mix of devices operating in the field; some mobile devices will employ a mobile identification number, some will employ an international mobile subscriber identity that is based on a more conventional mobile identification number, and some will employ xe2x80x9cpurexe2x80x9d IMSI numbers. With mobile units of all three types and systems of both types deployed, mobile devices of all types should, ideally, work with network systems of either type. In particular, a telecommunications system that permits the use of either a mobile identification number, or an international mobile subscriber identity number, would be highly desirable.
In particular, some EIA/TIA 41 D authentication processes employ a mobile identification number and, although the mobile identification number may be available at the subscriber""s home location register, each time the mobile identification number is retrieved from the database, time and processing power are consumed. Additionally, time and processing power are consumed by the encoding, transmitting, and decoding of the number whenever it is transmitted, between a home location register and a visiting location register, for example. Furthermore, the message packet employed to communicate between devices such as a home location register and a visiting location register is already crowded and the inclusion of more information in the packet adds to the congestion. A telecommunications system that limits the number of times a mobile identification number is retrieved from a database and transmitted would therefore be highly desirable.
A mobile telecommunications system in accordance with the principles of the present invention includes a home location register (HLR) that is responsive to EIA/TIA 41D messages, such as AUTHREQ, ASREPORT, and AFREPORT with, respectively, authreq, asreport, and afreport, messages. Even if shared secret data is shared at a visiting location register (VLR), the mobile identification number is employed in the authentication process, and the mobile identification number is not employed as the mobile subscriber identification (MSID) in the above invoke messages, the mobile subscriber""s home location register does not return the mobile identification number in the authreq, asreport, and afreport return messages. That is, in accordance with the principles of the present invention, the invocation response messages authreq, asreport, and afreport are MIN-free if shared secret data is shared with the serving system and the mobile station has a true international mobile subscriber identity and a mobile identification number-based international mobile subscriber identity. This is true even if the mobile identification number is required to compute an authentication response and the mobile subscriber identification in the invoking message did not include the mobile identification number. By eliminating the mobile identification number from the returned message, the home location register reduces the time and processing power devoted to retrieving, transmitting, and encoding and decoding such information.