This invention relates generally to a method and apparatus for secure communication. More specifically, this invention relates to a method and apparatus for secure communication between entities in the same or in different communication networks.
There are many types of public land mobile networks, e.g., a Global System for Mobile Communications (GSM), a Digital Cellular System for Mobile Communications (DCS 1800), a Personal Communication System (PCS), and a Universal Mobile Telecommunication System (UMTS). These networks provide a wide range of services and facilities to mobile subscribers that are roaming around between individual cells of the mobile radio communication networks. An exemplary network architecture for mobile radio communication systems such as those is shown in FIG. 1.
A typical network includes at least one Home Location Register (HLR) 100 for storing information about subscribers to the network, a Visitor Location Register (VLR) 110 for storing information about subscribers to other networks that may be roaming in the network, a Mobile Services Switching Center (MSC) 120 for performing switching functions for the mobile stations, a Gateway MSC (GMSC) 130 for routing incoming calls to the PLMN to the appropriate MSC, and an SMS Gateway MSC (SMSGMSC) 140 which is an interface between the mobile network and a network providing access to the short message service center for delivery of short messages to the mobile stations via a Switching Center (SC) 150. A Base Station Controller (BSC) 160 and a Base Transceiver Station (BTS) 170 are part of the base station system equipment for connecting the network to a mobile station 180. An Equipment Identity Register (EIR) 190 handles management of the equipment identities of the mobile stations.
As shown in FIG. 1, other entities may be connected to the network. For example, a Switching Network 210 may be connected to the network via the GMSC 130, a Packet Network 220 may be connected to the network via a General Packet Radio Service Support Node (GSN) 200, and another PLMN 230 may be connected to another GMSC 130. A Fraud Detection System (FDS) 240 may be connected to several types of entities in the network, e.g., the HLR 100 and another MSC 120, from which it obtains information for specific subscribers. The information collected may include information regarding the charging data records generated, e.g., at the MSCs, the location information of the subscribers, which is generally generated at the HLR, and information regarding the activity generated in real time (such as the number of call forwarding registrations performed in a period of time, the number of parallel calls made in that time, etc.). The FDS 240 discovers possible fraud risk situations. For example, the FDS 240 detects when a subscriber suddenly has a really high charging record that has previously never occurred. As another example, the FDS 240 detects when a subscriber generates several parallel calls to certain countries, which might indicate call selling activities. As a third example, the FDS 240 detects when a subscriber is located in two different distant places within a very short interval of time, which may indicate cloning activities.
The entities of the PLMN communicate via a common signalling system. For example, in the GSM System, the Mobile Application Part (MAP) of the Signaling System No. 7 specified by CCITT is used to communicate between entities in the PLMN. Details of this signalling system are given in Digital Cellular Telecommunications System (Phase 2+), Mobile Application Part (MAP) specification, TS GSM 09.02 v. 5.6.00, which is incorporated herein by reference.
Based on roaming agreements between mobile network operators, the mobile subscribers belonging to a specific PLMN 250, referred to as a Home PLMN (HPLMN), can make use of their services and facilities while roaming in another PLMN network 260, referred as a Visitor PLMN (VPLMN). FIG. 2 shows an exemplary configuration of a network architecture for a roaming scenario. Similar to FIG. 1, a FDS 240 is connected to entities such as the HLR 100 and the MSCs 120.
With the continues growth of network elements, transmission media, etc., more refined fraud methods have been developed. Such methods involve attacks on the signalling system. Using GSM as an example, the security of the global SS7 network as a transport system for sensitive signalling messages is open to major compromise. Messages can be eavesdropped, altered, injected or deleted in an uncontrolled medium confidential information has recently been added in the GSM standards to the signalling protocols which will increase the confidentiality risk due to the lack of confidentiality in the signalling media. Such confidential information includes, e.g., location information based on geographical coordinates, charging information, etc. These risks will further be increased by the possible future use of open signalling protocols for signalling transmission, e.g., Transmission Control Protocol/Internet Protocol (TCP/IP). While the current GSM specification provides for authentication of mobile subscriber identities, there is no authentication of network entities defined in GSM. Some restriction policies exist, but there is no mechanism for assuring that the identity information has not been manipulated.
There is a need for a method for transmitting certain confidential information through mobile communication networks protected from attacks performed by accessing the signalling network. User confidentiality can be attacked by accessing certain information included in signalling messages. This information relates mainly to the origin/destination of the calls and location of the subscriber. Other attacks to the network operation may occur by impersonating a network node or network entity. The main threats faced from subscriber impersonation are the manipulation of answers to authentication procedures and the eavesdropping of authentication information. Such impersonation permits access to confidential information and may even result in a change to specific service behavior (e.g., Customized Applications for Mobile Network Enhanced Logic (CAMEL) charge services, location services, Supplementary Services (SS) procedures, redundancy, etc.), which may result in fraud and/or affect the network behavior.
The service availability can be compromised at the user level, based on manipulation of subscription information or messages granting the service. The service availability can also be compromised at the network level, by deletion of resource liberation related messages, e.g., deletion of a message indicating a subscriber's location, or by overloading the network through message injection.
There is thus a need for authenticating an originating node or network entity in order to initiate confidential communications between entities in one or more networks.