The present invention relates to a personal station authentication system and method in a radio communication exchange system provided with personal or mobile stations (or subscriber stations), cell or base stations for communicating with the personal stations by a radio line, and an exchange connected to the personal stations, and more particularly to such an authentication system and method in the case where the personal station is a subscriber station of a plurality of radio communication exchange systems.
In general, two kinds including a portable telephone and a personal handyphone system (hereinafter referred to as PHS) are known as the personal station. Either kind of portable station can enjoy a telephone service while moving in a public mobile communication network for which that portable station has a subscription.
Recently, there is a proposal in which in a closed area controlled or managed by a radio communication exchange system (for example, private branch exchange) other than the public mobile communication network, a special communication service other than the telephone service by the public mobile communication network is presented for the portable stations. Such a proposal is particularly effective to PHS for which the control or service area of one cell station is narrow.
The PHS employs "Personal Handy Phone System Standard" of the foundation Research & Development Center for Radio Systems (hereinafter referred to as RCRSTD-28) as a radio protocol between a cell station and a personal station and is developed setting a goal with which the same station can be used as a portable telephone in the open and as a cordless telephone at a home or a place of business.
Some approaches have been proposed under such a background. JP-A-6-121370 entitled "Telephone System Provided With Cordless Personal Station" has disclosed a system in which the same personal station can be used in a service area of a plurality of domestic base stations (or cell stations) or a plurality of private branch exchanges. Also, each of JP-A-7-177562 entitled "Cordless Telephone Exchange System" and JP-A-7-212826 entitled "Portable Station Accommodating Method" has disclosed a method in which with an object made for the case where a personal station having a subscription for a public mobile communication network (hereinafter referred to as public subscriber station) is used in a service area of a private branch exchange, not only a telephone service as a mere extension telephone but also a public mobile communication service (that is, location registration, outgoing call, incoming call and so forth for the public mobile communication network) are enabled.
In the system disclosed by the JP-A-6-121370 entitled "Telephone System Provided With Cordless Personal Station", the judgement of a personal station as being a subscriber station for a domestic cell station or a private branch exchange is made in the case where a system ID registered in the domestic cell station or the private branch exchange beforehand and a system ID registered in the personal station coincide with each other. Under such a judgement, a communication in a service area under control of the domestic cell station or the private branch exchange is permitted. Also, the JP-A-6-121370 has disclosed a method in which a system ID is registered into a personal station the system ID of which has not yet been registered in the domestic cell station or the private branch exchange. A system identification code shown by the above-mentioned RCRSTD-28 is used for the system ID herein referred to.
The JP-A-7-177562 entitled "Cordless Telephone Exchange System" has disclosed a method in which the public subscriber station moving to the service area of the private branch exchange informs the private branch exchange of station identification information necessary for a call control from the public mobile communication network or the private branch exchange so that the public communication service through the private branch exchange is presented to the public subscriber station in the service area under control of the private branch exchange.
The JP-A-7-212826 entitled "Portable Station Accommodating Method" has disclosed a first method which makes it possible for the public subscriber station to enjoy the public communication service in the service area of the private branch exchange even if the public subscriber station does not make a preliminary registration of subscription for the private branch exchange. According to the disclosed first method, a public subscriber station makes the registration of station identification information into a private branch exchange when it first makes a request for location registration in a service area of a private branch exchange. Further, an authentication algorithm and an authentication key settled beforehand between the public communication network and the public subscriber station are used to make authentication under relay by the private branch exchange. Thereafter, the location of the public subscriber station in the service area of the private branch exchange is registered as location information into a database of the public communication network. Even if the public subscriber station thus subjected to registration makes a request for location registration again as it moves over cell stations in the area of the private branch exchange, only the location information in the service area controlled by the private branch exchange is updated but no location registration for the public communication network is made. The updating of the location information in the service area of the private branch exchange and the station authentication at the time of outgoing call to the public communication network are effected in accordance with whether or not station identification information transmitted from the public subscriber station to the private branch exchange has already been registered in the private branch exchange.
The JP-A-7-212826 entitled "Portable Station Accommodating Method" has further disclosed a second method in which a public subscriber station makes a subscription registration for a private branch exchange beforehand to acquire an in-branch telephone number. This second method is different from the first method in that even when the public subscriber station first makes a request for location registration in a service area of the private branch exchange, authentication by the private branch exchange is made in accordance with whether or not station identification information has already been registered in the private branch exchange. The updating of the location information in the service area of the private branch exchange and the station authentication at the time of outgoing call to the public communication network are effected in a manner similar to that in the first method, that is, in accordance with whether or not station identification information transmitted from the public subscriber station to the private branch exchange has already been registered in the private branch exchange.
In the existing public PHS, on the other hand, authentication surely made each time a subscriber station makes an outgoing call, an incoming call, a location registration or the like is performed by a method using a cryptographic algorithm based on the conventional cryptosystem, common key cryptosystem, common key cipher or symmetric cipher (hereinafter referred to as authentication algorithm). This authentication method has an improved security level as compared with an authentication method as disclosed by the JP-A-7-212826 in which authentication is performed in accordance with whether or not identification information of a portable station of interest has already been registered.
In the existing public PHS, there is employed the so-called common key cryptosystem. Namely, a set of station identification information and an authentication key and an authentication algorithm are registered in each of a subscriber station and a public communication network beforehand. Each of the station identification information and the authentication key differs for each subscriber station. In operation, authentication-is made prior to the establishment of a communication connection between a personal station and an exchange. A procedure for authentication is as follows. The public communication network generates a random number and transmits the generated random number to the personal station. The personal station enciphers the received random number by use of the authentication algorithm and the authentication key registered in the personal station itself and transmits the result of encipherment to the public communication network. From station identification information of the personal station to be authenticated, the public communication network determines an authentication key which that personal station should have possessed. Independently or separately from the personal station, the public communication network enciphers the same random number by use of the determined authentication key. The public communication network compares this result of encipherment and the result of encipherment received from the personal station. In the case where both the results of encipherment coincide with each other, the authentication key is judged as being the same, thereby resulting in a success in authentication. In the case where the coincidence is not obtained, there results in a failure in authentication so that the public communication service is not presented to the personal station.
In the conventional method in which a special service for a portable station is made in a service area under control of a certain private branch exchange, the following problem is involved. In establishing a connection inclusive of a radio line portion between a certain personal station and an exchange in order to that the personal station makes a location registration, an outgoing call, an incoming call or the like, it is necessary to perform the authentication of the personal station as a subscriber station, for each radio communication exchange system, by use of an authentication algorithm and an authentication key settled beforehand between that radio communication exchange system and that personal station. In this case, the authentication for a station (such as a public subscriber station, in-branch station or the like) having not yet made the subscription for that radio communication exchange system is impossible since such a station has no authentication algorithm and authentication which are settled beforehand.
As a measure to counter such an inconvenience may be considered a method in which in a radio communication exchange system for which a certain personal station has not yet made the subscription, a possessor of the personal station newly makes a subscription contract and an authentication algorithm and an authentication key of the radio communication exchange system under contract with the personal station are registered into the personal station. In this method, however, when there are a plurality of radio communication exchange systems the use of which is desired by the personal station, the authentication algorithm and the authentication key differ for each radio communication exchange system, so far as the common key cryptosystem is employed. Accordingly, it is required that the authentication algorithm and the authentication key corresponding to each radio communication exchange system be stored in the personal or portable station. Therefore, the portable station needs a memory capacity proportional to the number of radio communication exchange systems with which the contract is concluded.
As another countermeasure may be considered a method in which the same authentication algorithm and the same authentication key are applied to one personal station for a plurality of radio communication exchange system. However, if such a simple common use is made, a manager of a certain radio communication exchange system (for example, PBX) in a position capable of knowing the keys of the individual subscriber stations is made able to enjoy a communication service unfairly by using as an individual the key of a subscriber station of another person to give false evidence as being a subscriber station in another radio communication exchange system the manager of which is not himself or herself.