It is a general principle in telecommunications networks using multiple access that for using services of the network the terminal equipment by using some uplink access method must first inform the network of its desire to gain access to the network. This takes place so that e.g. a special channel is reserved in the network as a common channel for all terminal equipment, which send a request on this channel to obtain a service. Depending on the network, this request may contain just a request to have a channel for two-way data transmission or it may contain information on which particular service is desired and possibly also information on the desired channel capacity. The channel may be a stream type or packet channel. The layer relaying requests is called the Medium Access Control Sublayer (MAC layer) according to the OSI model and it uses services of the physical layer to produce services for the control layer of the logical link.
In time-division cellular multiple access networks a channel is assigned on which all mobile stations when forming mobile originated calls send a request for a traffic channel from the network. The request, which is relayed over the radio path to the base station and from this along a cable to the base station controller, contains the mobile station's identifier IMSI, so that the base station controller will know from whom the request has come. In a GSM system such a channel used by all is called Random Access Channel (RACH). Should collisions between requests occur on the channel, the mobile station will try again after a moment until the request is received. The network sends to the mobile stations acknowledgements of the requests on a channel to which all mobile stations are listening. In a GSM system this channel is called Access Grant Channel (AGCH): the acknowledgement contains the mobile station's identifier, from which the mobile station will know that the message is intended for itself, and the number of the channel allocated by the network as a traffic channel.
Access in accordance with the MAC protocol is also used in interactive cable TV systems, where a desired audiovisual service can be transferred to several recipients through a fixed network. The physical transfer path may be a coaxial cable and/or an optical cable or a radio network or the distribution may take place through a satellite. In the system the name Head End is given to a central place where an incoming dispatch is divided over several physical signal paths, such as several optical fibers, by which the dispatch is taken closer to the consumers. In the systems, transmission may take place both in downlink and uplink directions in time slots which are numbered starting from zero and ending with some max number, after which numbering starts again. The time slots 0, . . . , max form a frame. For terminals to be able to send information upwards, such a channel may be used in the uplink direction where the access form is Aloha, whereby all subscribers may send requests in any time slot. The network acknowledges a successful transmission by echo checking on a downlink channel. In the uplink direction, only a certain time slot may alternatively be used for sending requests. This is a slotted Aloha access type. It is essential also in these systems for the terminal to include its identifiers in its access message, so that the Head End may know who sent the request.
It is characteristic according to FIG. 1 for systems of the described type that when several terminal equipment A wish to communicate with network B, they request a private channel on a common channel U. The request message contains requester A's identifier. The network element may perform authentication of the requester, and if the matter is OK, it will allocate a private channel T for the requestor and will send information about the channel either on the same common channel U or on another common return path channel D. The information contains requester A's identifier. A receives the message and begins communicating on the allocated channel T.
FIG. 2 shows exchange of messages used in network access in a known GSM mobile telephone system. When a mobile station wishes to form a call, it sends on a one-way (uplink direction) Random Access Channel (RACH) to the base station a Channel Request to have a Traffic Channel (TCH) at its disposal, step 211. The request contains a 5-bit random number, which first functions as the mobile station's identifier. The base station receives, step 213, and relays the request to the base station controller, which selects a free channel, activates it on the base station, step 212, and then forms an Immediate Assignment, which the base station sends on a Paging and Access Grant Channel (PAGCH) to the mobile station, step 214. The assignment contains a description of the allocated channel, a preset timing value, the transmission power value to be used and the same 5-bit random number which was sent by the mobile station, and also the time slot number with which the base station had received the channel request. With this information the mobile station is able to distinguish the message intended for itself and will learn the allocated traffic channel, step 215.
The mobile station then signals to the base station on the traffic channel the link layer initial message containing the SABM frame. In this message the mobile station states its identity IMSI (International Mobile Subscriber Identity) or its Temporary Mobile Subscriber Identity (TMSI), step 224. The base station receives the message, step 226, and acknowledges it with a response message, the UA frame of which contains the identity of the mobile station, step 228. The mobile station compares its own identity with the received identity, step 223, and if the identities are similar, it will know that the traffic channel is reserved for itself.
Before starting operation, authentication is also performed on the principle that the network puts a question to the mobile station to which only the right mobile station will know the answer. Authentication is based on an authentication algorithm A3 and on a subscriber-specific authentication key K.sub.i. In the early part of authentication the authentication center AuC sends a question to the mobile station which is a random number RAND. The mobile station receives the RAND, transfers it to the SIM card, which performs the A3 algorithm with its aid and with the aid of the subscriber-specific key K.sub.i in the card. The Signed Result (SRES) is sent by the mobile station to the network. Authentication center AuC compares the SRES value with the value which it has computed itself using the same A3 algorithm, RAND and key K.sub.i. If the SRESs are identical, the authentication is approved, otherwise the subscriber is denied access to the network. The mobile station uses the received RAND and K.sub.i values also for computing a connection-specific encryption key Kc. In the network, authentication center AuC performs the same algorithm with the same values, thus resulting in the same encryption key. Both store the key in memory and in addition the mobile station sends the key to authentication center AuC, which checks to make sure that both are using the same keys.
It is a noteworthy feature in the process shown in FIG. 2 that the mobile station has sent its own identity to the network before it is quite sure that the traffic channel is allocated to itself and to nobody else.
It is taken for granted in known systems of the type shown in FIG. 1 that the party A requesting access knows as a matter of course that network element B is exactly what A assumes it to be and that network element B will not doubt that the terminal equipment using the received symbol is terminal equipment A.
It is a problem in these systems that the network always performs the authentication. It is hereby possible for a third party to come between the identifying party and the one to be identified, to eavesdrop on the first messages and to put himself in the other party's place. This is possible especially if a part of the transmission path between A and B is a radio path, which is the case in mobile telephone networks, but likewise in fixed networks a third party may connect to the line and eavesdrop on the traffic. It is hereby possible for the third party to capture a channel request message sent by terminal equipment A and to interpret from this the request and, above all, A's identifier. It will then in one way or another eliminate terminal equipment A and take its place. It then receives the channel allocation message sent by the network element, connects to the channel pretending to be terminal equipment A and thus gains access to the network. There is no possibility for network element B to know that it is communicating with a third party instead of the genuine terminal equipment A.
It is also possible for network element B to be the impostor. Hereby terminal equipment A when contacting network element B immediately gives it its identity data in the first message. B hereby knows who A is, but A does not know that B is only pretending to be A. Such a situation is possible e.g. in mobile station networks, whereby a "false" base station may take the place of the genuine one and thus eavesdrop on and control the radio traffic.
It is not possible with state-of-the-art systems to prevent situations as those described above. The present invention thus aims at a method by which it is possible to prevent the described situations, and such a case in particular where the terminal equipment never discloses its identity to any third party eavesdropping on the traffic between the terminal equipment and the network element and where the terminal equipment will disclose its identity only when being sure that the network element really is the one it declares itself to be, whereby when the network element is an impostor it will never know the true identity of the terminal equipment.
The method according to the invention is characterized by the features defined in the independent claims.