1) Field of the Invention
The field of the present invention relates to a method and system for providing communication services, and more particularly to techniques for authentication and security in a wireless communication system.
2) Background
Localized telephone switching systems such as private branch exchanges (PBXs) and key type systems have for many years been available to business offices and other establishments as an alternative or adjunct to public telephone service. A PBX or key system allows users connected to the system to place intra-system telephone calls without accessing the public telephone service. Such a system can provide significant economic benefits, particularly if intra-system telephone traffic is heavy.
On the other hand, when callers using a PBX or key system need to place a call to a party not connected to the system, such outside calls must typically be routed through the PBX or key system controller over landlines to the public telephone company. To accommodate such dual functionality (i.e., intra-system call support and outside call support), special-purpose telephones have been developed for connection to a PBX or key system to allow manual routing of telephone calls. For example, deskset telephones can be provided with buttons corresponding to different telephone lines. By depressing the appropriate button, the user selects between certain designated lines for calls within the system, or different designated lines for calls over the public telephone network.
In other PBX and key systems call routing over the selected lines may be automatic. For example, the user may select an intra-system call or a call over the public telephone network according to the first digit dialed, and the PBX or key system then analyzes the first digit and routes the call to the proper destination using the appropriate vehicle.
While PBX and key systems are useful for providing economical coverage within a private local telephone system, for long distance the PBX users or key system users may still be required to rely on a local exchange carrier (LEC) whose landlines are connected to the PBX. The local exchange carrier then routes the call to along distance carrier. Because the user must pay both the local exchange carrier and long distance carrier for each long distance telephone call, long distance telephone service can be quite costly, particularly if the volume of long distance calls is large.
Besides high costs for long distance service, another potential disadvantage of existing PBX or key telephone systems is that deployment can be difficult or expensive in remote areas. For example, if long distance service or other public network services are required, then deployment of a PBX or key system is generally limited to where landlines have been laid, so that the PBX or key system can have a connection to al local exchange carrier which connects to the long distance provider. If no landlines are present in the desired deployment location, then it can be expensive to connect landlines to provide long distance access for the PBX or key system. Also conventional PBX or key systems are generally not very mobile where they require an interface with landlines for long distance access or other types of public network services.
There is a need for a communication system having the ability of a PBX or key telephone system to manage local area calls, yet also which can provide access to lower cost, reliable long distance or other network services. There is also a need for a versatile mechanism for allowing PBX or key type systems to achieve relatively inexpensive access to network resources and long distance coverage. There is also a need for a communication system that employs a robust, flexible protocol for providing long distance coverage or other network services to local users of a PBX, key system or other type of local area network.
The invention provides in one aspect a communication system having a wireless trunk for connecting multiple phone lines over wireless communication links to a cellular network. In one embodiment of the invention, a central telephone switch or custom premises equipment (CPE), such as private branch exchange or key system, is connected through one or more trunks to a wireless access communication unit. The wireless access-communication unit provides the CPE with one or more wireless communication channels to a cellular network. Calls may be selectively routed by the CPE over landlines to a network or, instead, to the wireless access communication unit, thereby bypassing landlines. Multiple wireless access communication units in a geographical region can communicate with a single base station of the cellular network, so long as the base station capacity and current traffic load permit.
In another aspect of the invention, a wireless access communication unit is provided which has multiple trunk interfaces for connection to a CPE, and a radio transceiver for establishing one or more wireless communication links to a cellular network. Each trunk interface is connected to a line card comprising a vocoder and a subscriber interface. A controller interfaces the line cards with the radio transceiver, and assists in the conversion of data from a format suitable for wireless transmission to a format suitable for transmission over the CPE trunk, and vice versa. Data communicated between the wireless access communication unit and the network may be encrypted at the wireless access communication unit and decrypted at the mobile switching center or else at a separate transcoding unit interposed between the mobile switching center and the base station subsystem.
In another aspect of the invention, each trunk interface of a wireless access communication unit is individually authenticated and derives an individual and unique ciphering key for encryption and decryption of data. A user key is stored at each trunk interface and at a central register of the network. During an authentication procedure, an authentication parameter (e.g., a random number) is transferred to the trunk interface, which generates a signed response and a ciphering key based upon the stored user key. The network generates a matching signed response and ciphering key at its end. The wireless access communication unit transmits the signed response back to the network, where it is verified before further communication is allowed to proceed.
In a preferred embodiment of the invention, the wireless access communication unit operates according to a protocol utilizing aspects of frequency division multiple access (FDMA), time division multiple access (TDMA) an/or code division multiple access (CDMA), whereby communication channels are assigned to the wireless communication unit on a demand basis. In a preferred embodiment, communication between the wireless access communication unit and a base station of the cellular network is carried out over a plurality of wireless duplex communication channels, one channel for each CPE trunk, with base transmissions in time slots on one frequency band and user transmissions (including those from the wireless access communication unit) in time slots on a different frequency band. In such an embodiment, the user time slots may be offset in time from the base time slots, and radio transmission may be carried out using spread spectrum techniques.
In another aspect of the invention, the wireless access communication unit registers each CPE trunk to which it is connected such that each CPE trunk appears as a subscriber to the network. Each CPE trunk may therefore be addressed by a unique subscriber identifier. The wireless access communication unit preferably utilizes aspects of GSM signaling to communicate information to the network, such that communication with a GSM-based network is carried out transparently by the wireless access communication unit.
In yet another aspect of the invention, the wireless access communication unit periodically re-registers each of its CPE trunks. The base station receives and monitors the re-registration signals from the wireless access communication unit and, if the re-registration signals are absent for a predefined period of time, issues an alarm message to the network. The wireless access communication unit may be provided with a unique equipment indentifier so that the base station can correlate the different wireless links to a single wireless access communication unit.
Further embodiments, modifications, variations and enhancements of the invention are also disclosed herein.