Traditionally separate networks have been used for transferring data and voice. Data is nowadays transferred mainly in packet based networks, especially in Internet Protocol (IP) networks. These networks can, for example, be simple local area networks (LANs) or complex interconnected corporate networks. Voice calls have traditionally been transmitted in circuit switched networks. In the recent years, however, there has been an explosive growth in real-time data applications that use packet based networks like the Internet as transport medium. These real-time applications can support voice and videocalls, and, for example, the IP-calls are expected to be less expensive than calls in traditional fixed or mobile networks.
The H.323 specification has been created by the International Telecommunications Union (ITU) for the purpose of defining a standard framework for audio, video and data communications over networks that do not provide a guaranteed quality of service (QoS). Packet based networks, for example, can be such networks. The aim of the H.323 specification is to allow multimedia products and applications from different manufacturers to interoperate. The H.323 specification defines functionality for call control, multimedia management, and bandwidth management as well as interfacing between networks. The H.323 specification defines four major components for a network-based communications system: terminals, gateways, gatekeepers, and multipoint control units. H.323 terminals, gateways and gate-keepers will be shortly described in the following. The multipoint control unit is needed for conference calls, where there are at least three participants.
A terminal is a client device in the network. It typically provides real-time, two-way communication for the user. All H.323 terminals must support voice communications, and they may also support video and data communications. A terminal can be realized using a personal computer, or the terminal may be a stand alone unit such as a conventional telephone. Further examples of terminals are Internet telephones, audio conferencing terminals, and video conferencing terminals. A gateway is used to connect a H.323 network to other types of networks and/or terminal types. A gateway may, for example, translate information transmission formats or protocols between the networks. A H.323 gateway, which may be distributed, can also participate in call setup and other procedures between the networks.
A gatekeeper functions as a controlling unit for a given section of an H.323 network, i.e. an H.323 zone. A gatekeeper provides call control services to registered endpoints, e.g., H.323 terminals or gateways. Further, a gatekeeper performs address translation between local area network aliases for terminals and gateways to IP or other network addresses. A gatekeeper may also perform bandwidth management, i.e., transmission resource control. Registration, address translation and bandwidth management employ Registration, Admission and Status (RAS) signaling.
The gatekeeper can also be used to route H.323 calls, in which case the calls are under control of the gatekeeper. This allows a simple way of providing many different kinds of services and traffic management features. While the concept of a gatekeeper is logically separate from the concept of a gateway or a multipoint control unit, the gatekeeper can be realized in the same physical device as a gateway or a multipoint control unit.
Usually calls that involve a mobile station are transferred at some point of the connection over fixed lines that are either part of the cellular network or part of the traditional Public Switched Telephone Network (PSTN). Systems that use other fixed networks, especially packet based networks, for transferring at least some of the mobile-originated or mobile-terminated calls have been recently developed. These systems are here called hybrid cellular telecommunication systems, and an example of them is the Rich Call Platform.
An example of a hybrid cellular communication system is illustrated in FIG. 1. The system 100 comprises cellular subsystems 101-104 which employ cellular techniques that support communications with a mobile station 140. Each of the cellular subsystem contains at least one base station or a corresponding network element, and as an example, FIG. 1 shows the base station 105 in the cellular subsystem 102. The rest of the system 100 may be implemented using other network techniques, for example IP networks and H.323 standard. The non-cellular part 110 of the hybrid cellular telecommunication system includes two local non-cellular subsystems 111 and 112, and a common non-cellular part 113 to which the non-cellular subsystems are connected via, for example, the Internet.
The local non-cellular subsystems 111 and 112 may be in two different premises of a company, and they are used to transmit calls and connections to the mobile stations via the cellular subsystems. The local non-cellular subsystems need to have an entity that routes the calls (corresponding to the H.323 gatekeeper) and a database where to store information about the terminals that are reachable via the cellular subsystems. In FIG. 1 these elements have been presented with local gatekeepers 115 and 117 and local databases 114 and 116. The cellular gateways 121-124 connect a cellular subsystem to a local non-cellular subsystem, and they are responsible for making, for example, necessary protocol transformations. The gateways are called here cellular gateways just to differentiate them from the other gateways possibly involved in hybrid cellular telecommunication systems.
When the cellular subsystems of a hybrid cellular telecommunication system cover, for example, all offices and buildings of a company, mobile calls from one office to another can be made using the non-cellular part of the system as fixed transmission media. The calls need not go through public cellular or fixed telephony networks, i.e. not through the public gateway 125. Especially if the company has offices around the world, this can result in considerable savings in telephony charges.
The hybrid cellular telecommunication system 100 is connected to the public cellular network 130 via the public gateway 125. The public cellular network 130 is typically owned, managed and maintained by a cellular network operator, whereas the cellular subsystems (in FIG. 1, for example, the cellular subsystems 101-104) may be operated, for example, by a cellular network operator or by the company in whose premises the cellular subsystems are.
Both calls and signaling information may be passed through the public gateway 125 Calls where the other endpoint is not within the hybrid cellular telecommunication system are routed through the public cellular network 130 in the example presented in FIG. 1. The common non-cellular part 113 to which the gateway 125 is connected, may be in the premises of the cellular network operator. Information about the mobile stations and subscribers that are allowed to use the hybrid cellular telecommunication system needs to be stored in the system, for example in a subscriber database 118.
In a sense, the hybrid cellular telecommunication system is an extension to the public cellular network 130. The hybrid cellular telecommunication system may rely on having access to certain service provided by the public cellular network 130. For example, necessary subscriber information may be fetched from the public cellular network. The public cellular network needs to be notified of the mobile stations that are reachable through the hybrid cellular telecommunication system. Otherwise it cannot, for example, route incoming calls correctly.
The Rich Call Platform (RCP), which combines parts and subsystems of a certain cellular system and fixed network techniques, is used here as a more tangible example of a hybrid cellular telecommunication system. FIG. 2 presents a schematic drawing of one RCP system 200, which employs Global System for Mobile Communications (GSM) as the cellular system and the combination of H.323 standard and IP network for transmitting part of the calls over fixed network. Part of the RCP system is within the corporate premises 220a. This part comprises a local area network 209a, where the calls and information related to the calls is presented in H.323 format, and at least one cellular subsystem. The LAN 209a is connected via an IP-based network 230 to another LAN 209b which is operated by the cellular network operator 220b and is usually situated in the premises of the cellular network operator. LANs 209a and 209b do not have to be situated in the same premises as long as both are connected to the same IP network 230.
Each of the cellular subsystems situated in the corporate premises 220a comprises one or more Base Transceiver Stations (BTS) 201 and a subsystem controller (SSC) 202 to which the base transceiver stations are connected. In RCP system, the subsystem controller is usually called IMC (Intranet Mobility Cluster). The SSC provides to the BTS same interfaces as BSC, but the actual fintionalities are typically distributed between different RCP entities. The SSC acts also as a gateway between the cellular subsystem which it controls and the H.323 part of the RCP system. The SSC 202 is connected to the local area network 209a of the office 220a. 
A gatekeeper (WGK) 203 is a H.323 gatekeeper where some GSM features have been added. It is involved in signaling in the RCP system. It acts as a central point for all calls within its zone and provides call control and management services, such as network topology information, update of RCP subscriber information, address translation during call set-up, admission control and bandwidth control. In many ways gatekeeper acts as a virtual switch. Thus gatekeepers are sometimes called also Mobile Telephone Servers (MTS). Each RCP zone can be managed by one gatekeeper.
The cellular subsystem 210 and the non-cellular subsystem 211 of RCP system 200 are presented with dashed lines in FIG. 2. A part 203a of the gatekeeper 203 forms the cellular gateway of the RCP system 200 (corresponding, for example, to the cellular gateway 121 in FIG. 1).
Information about the presence of each mobile station and H.323 compatible terminals 205 in a RCP system is stored in an End Point Database (EPD) 204 which either is connected to the gatekeeper 203 or is a part of the gatekeeper. Using the information stored in the EPD 204 the gatekeeper 203 can determine, if the destination address of the call is within its control zone. This information is needed when setting up calls in the RCP system.
In the second LAN 209b, there are an A-interface Gateway (AGW) 206 and an Intranet Location Register (ILR) 207. The A-interface gateway 206 handles communications between the RCP system 200 and the public cellular network 130 via a A-ter-type interface 241. The A-ter interface is an interface normally found between Transcoder Submultiplexer (TCSM) and Base Station Controller in GSM-networks. Therefore the communications between the RCP system 200 and the public cellular network 130 can be handled like normal communications between Base Stations Subsystem and the public cellular network 130, the RCP-system 200 acting like a normal Base Station Subsystem from the view point of the public cellular network 130. The AGW is responsible for converting speech and data streams and signaling between the public cellular network and the H.323 part of the RCP system. If the RCP systems employs some other cellular network standard than GSM, the functionality of the AGW (or a corresponding gateway with a different name) is defined by the relevant cellular network standards.
The main function of a ILR database 207 is to store mobility management information of the subscribers using the RCP-system 200. For all subscribers that have a right to use the RCP system, there is a permanent entry in the ILR. The ILR contains both RCP-specific information, such as the IP address of the gatekeeper at whose control zone the mobile station currently is, and GSM-specific information, which is practically the same information as stored in the Visitor Location Register (VLR). The gatekeeper 203 is responsible for updating the RCP-specific information in the ILR, and the communications between ILR 207 and public cellular network 130 are handled via a MAP-interface 242. The MAP interface is a standard GSM-interface normally found between Home Location Register (HLR) and Mobile Services Switching Centre (MSC). Therefore the mobility management information from the RCP system 200 is handled from the view point of the cellular system 130 just like mobility management information of a normal GSM subscriber.
When a mobile station 140 is used in an office 220a where the RCP system 200 is present the call is received by a BTS 201, just as in normal cellular networks. The SSC 202 transforms the data which it receives from the mobile station 140 and which is carried by the uplink radio connection to IP packets according to the H.323 standard. It sends the packets further to the local area network 209a. Respectively, when data is transferred from the local area network 209a via the BTS 201 to the mobile station 140, the SSC 202 transforms received H.323 information to the suitable cellular network standard format understood by the BTS 201.
The gatekeeper 203 is responsible for the signaling involved in setting up a call. If the destination address is within the gatekeeper's control zone and the destination is H.323 terminal 205, then the connection is made directly with the H.323 terminal 205. If the destination is a mobile station 140 within the control zone of the gatekeeper 203, then the call is directed via the SSC 202 to the BTS 201 and further to the mobile station 140. If a call is made from the mobile station 140 to another RCP zone, the call is directed to the gatekeeper controlling the other RCP zone. If the destination is a mobile station, the two SSCs through which the mobile stations are reachable, are informed to establish the call.
When a call is made from the RCP system 200 to a destination that is a mobile phone reachable through the public cellular network 130 (either the mobile station owner being a RCP subscriber outside the RCP system coverage or being not at all a RCP subscriber), the gatekeeper 203 transfers the call via the packet switched network like Internet to the A-interface Gateway 206. As stated above the AGW 206 communicates with the public cellular network 130 through an A-ter interface 241. Therefore the public cellular network 130 handles the call like any normal mobile station call received by a MSC and connects the call using network specific methods and systems known per se.
If the call is made from a H.323 terminal 205 to a PSTN 232 or to a public cellular network 130, then the communication is handled by an ISDN Gateway (IGW) 208. The IGW 208 communicates with the public cellular network 130 via DSS.1 interface 243 thus looking form the point of view of the public cellular network 130 like a PBX (Private Branch exchange). This makes it possible for H.323 terminal 205 to communicate with other mobile stations than those within the RCP system using the public cellular network 130. The IGW also handles the communications between the RCP system 200 and the PSTN network 232, and this enables the H.323 terminals to communicate with the PSTN network 232. The calls made from a mobile station 140 to PSTN network 232 can be handled either via the AGW 206 using the systems in the public cellular network 130 to connect the call to the PSTN network 232 or the call can be connected to the PSTN network 232 using the IGW 208.
In the RCP system 200 calls between mobile stations use GSM speech coding. If a mobile originated call is routed through the public cellular network to a fixed phone, the public cellular network will take care of decoding the speech. If one endpoint of a call is a mobile station in the RCP system 200 and the other is H.323 terminal, there is maybe need for decoding and re-coding the speech between the GSM coding and coding methods defined in H.323 standard.
The encryption of the communications between BTS and mobile station in GSM system is part of the standard Air interface. As the RCP system 200 uses same standard interface for communications between the BTS 201 and the mobile station 140, the encryption is performed using same procedures as in a normal GSM system. The GSM procedures employ conventional secret key cryptography, where the secret key has to be known to both the encrypting party and the decrypting party. The GSM encryption key Kc is stored in the LR for those mobile stations that are within the RCP system. In GSM, the network decides when to authenticate a mobile station or when to generate new encryption keys. Generation and use of new encryption keys is necessary to make sure that the encryption is hard to break, i.e., to prevent eavesdropping. Too much information should not be encrypted with a single encryption key.
When calls are made outside RCP via the GSM network, the GSM network takes care of the necessary key generation and authentication procedures. A problem is that when calls are made within the RCP system the cellular network is not aware of them. Thus it cannot be responsible for the necessary generation procedures.
Authentication, on the other hand, validates the identity of the mobile station, or actually the identity of the SIM card in the mobile station. This enables, for example, the network to generate charging information related to a correct SIM identity. Further, access to certain services can be limited based on the identity of the user or SIM card. A further problem is that in certain situations the RCP system is not aware of the identity of a mobile stations using its resources. For example, if a handover is made from the GSM network to the RCP system, the necessary information about encryption keys is transmitted between the original BSC in the GSM network and the new SSC in the RCP system. Only information about the encryption key is transmitted, no information about the identity of the mobile station is received. Only after the mobile station sends a location update message to inform the system about its present location (to enable incoming calls to be routed to the right cell), the mobile station is authenticated by the cellular network and the identity of the mobile station is known both to the cellular network and to the RCP system.
Consequently, the RCP system or other hybrid cellular telecommunication system has to decide in certain situations itself when to authenticate the mobile station and when to change encryption keys. Without making changes to all mobile stations that are used in the hybrid cellular telecommunication system, the system cannot authenticate a mobile station or generate new encrypting key. The methods which the mobile station supports are in use solely in the cellular systems, and many of the procedures used are proprietary information of the cellular network operators.
It would be possible to design and construct a separate authentication and key management system for the hybrid telecommunication system, for example for the RCP system. The problem here is that such a system would require all the mobile stations to be used in the RCP system to have some special equipment where to store RCP-specific secret information and where to make calculations based on this information. Further, the secret information should be known only to the mobile station and, if conventional symmetric-key cryptography is used, to the RCP system. The SIM card could maybe be used for this, but it solves only half the problem. For each mobile station to be used in the RCP system, there should be a record in ILR, for example, stating either its secret key (conventional cryptography) or public key (public key cryptography). The construction and management of the system would be tedious, and an occational visitor could not use the RCP system.