Communication devices such as mobile terminals are enabled to communicate wirelessly in a cellular communications network or wireless communication system, sometimes also referred to as a cellular radio system or cellular networks. The communication may be performed e.g. between two mobile terminals, between a mobile terminal and a regular telephone and/or between a mobile terminal and a server via a Radio Access Network (RAN) and possibly one or more core networks, comprised within the cellular communications network.
Mobile terminals may further be referred to as User Equipment (UE), wireless communication devices, wireless devices, wireless terminals, mobile stations, mobile telephones, cellular telephones, laptops, tablet computers or surf plates with wireless capability, just to mention some further examples. The mobile terminals in the present context may be, for example, portable, pocket-storable, hand-held, computer-comprised, or vehicle-mounted mobile devices, enabled to communicate voice and/or data, via the RAN, with another entity, such as another wireless terminal or a server.
The cellular communications network covers a geographical area which is divided into cell areas, wherein each cell area being served by a radio network node, which typically is referred to as a base station. A cell is the geographical area where radio coverage is provided by the radio network node. The cellular communications network may be an LTE, E-UTRAN, WCDMA, GSM network, any 3GPP cellular network, WiMax, or any wireless network or system. In some embodiments the non-limiting term radio network node is more commonly used and it refers to any type of network node serving mobile terminal and/or connected to other network node or network element or any radio node from where mobile terminal receives signal. Examples of radio network nodes are Node B, Base Station (BS), Multi-Standard Radio (MSR) radio node such as MSR BS, eNode B, network controller, Radio Network Controller (RNC), base station controller, relay, donor node controlling relay, Base Transceiver Station (BTS), Access Point (AP), transmission points, transmission nodes, RRU, RRH, nodes in distributed antenna system (DAS) etc.
The radio network node may further control several transmission points, e.g. having Radio Units (RRUs). A cell may thus comprise one or more radio network nodes each controlling one or more transmission/reception points. A transmission point, also referred to as a transmission/reception point, is an entity that transmits and/or receives radio signals. The entity has a position in space, e.g. an antenna. A network node is an entity that controls one or more transmission points. The network node may e.g. be a base station such as a Radio Base Station (RBS), eNB, eNodeB, NodeB, B node, or Base Transceiver Station (BTS), depending on the technology and terminology used. The base stations may be of different classes such as e.g. macro eNodeB, home eNodeB or pico base station, based on transmission power and thereby also cell size.
In some embodiments a more general term “network node” is used and it may correspond to any type of radio network node or any network node, which communicates with at least a radio network node. Examples of network nodes are any radio network node stated above; a core network node, such as e.g. a Mobile Switching Centre (MSC), a Mobility Management Entity (MME), an Operations & Management (O&M) node, an Operation, Administration and Maintenance (OAM) node, an Operations Support Systems (OSS) node, a Self-Organizing Network (SON) node, a positioning node, such as e.g. an Enhanced Serving Mobile Location Centre (E-SMLC), or a function related Minimization of Drive Tests (MDT) etc.
In some embodiments the non-limiting term network device is used and it refers to any type of wireless device communicating with a network node in a cellular or mobile communication system and being able to perform measurements on other network nodes in a surrounding or tracking area of the network device. Examples of a network device are UE, mobile terminal, target device, device to device UE, machine type UE or UE capable of machine to machine communication, PDA, iPAD, Tablet, mobile terminals, smart phone, Laptop Embedded Equipment (LEE), Laptop Mounted Equipment (LME), USB dongles, radio network node, radio access node etc.
Further, each network node may support one or several communication technologies. The network nodes communicate over the air interface operating on radio frequencies with the mobile terminals within range of the network node. In the context of this disclosure, the expression Downlink (DL) is used for the transmission path from the base station to the mobile station. The expression Uplink (UL) is used for the transmission path in the opposite direction i.e. from the mobile terminal to the base station.
In 3rd Generation Partnership Project (3GPP) Long Term Evolution (LTE), network nodes, which may be referred to as eNodeBs or even eNBs, may be directly connected to one or more core networks. In LTE the cellular communication network is also referred to as Evolved Universal Terrestrial Radio Access Network (E-UTRAN).
An E-UTRAN cell is defined by certain signals which are broadcasted from the eNB. These signals contain information about the cell which may be used by mobile terminals in order to connect to the network through the cell. The signals comprise reference and synchronization signals which the mobile terminal uses to find frame timing and physical cell identification as well as system information which comprises parameters relevant for the whole cell.
The architecture of an LTE system is shown in FIG. 1, including radio access nodes, e.g. base stations, such as e.g. eNBs, Home eNBs—HeNBs or HeNB GateWay (GW), and evolved packet core nodes, such as e.g. Mobility Management Entity (MME) or Serving GateWay (S-GW). As can be seen a S1 interface connects the HeNBs/eNBs to the MME/S-GW and HeNBs to the HeNB GW, while an X2 interface connects peer eNBs/HeNBs.
A management system LTE system of FIG. 1 is shown in FIG. 2. The Node Elements (NE) 200, which may also be referred to as eNodeBs or radio access nodes (base stations), are managed by a Domain Manager (DM) 210, which may also be referred to as an Operation and Support System (OSS). A DM 210 may further be managed by a network manager (NM) 220. Two NEs 200 are interfaced by an X2 interface, whereas the interface between two DMs 210 may be referred to as Itf-P2P. The management system may configure the NEs 200, as well as receive observations associated to features in the NEs 200. For example, a DM 210 observes and configures one or more NEs 200, while a NM 220 observes and configures one or more DM 210, as well as one or more NEs 200 via the one or more DMs 210.
By means of configuration via the DM 210, the NM 220 and their related interfaces, functions over the X2 and S1 interfaces may be carried out in a coordinated way throughout the RAN, eventually involving the Core Network, such as e.g. a MME and/or S-GWs.
FIG. 3 discloses a 3G architecture corresponding to the LTE architecture shown in FIG. 1. Here the Core Network is formed by nodes such as a Serving GPRS Support Node (SGSN) and a Mobile Switching Centre (MSC), which connect to a Radio Network Controller (RNC) and a Home NodeB (HNB) Gate Way (GW) via a Iu interface. The RNC connects to NodeBs (base stations) via a Iub interface while the HNB GW connects to the HNBs via a so called Iuh interface. HNBs may connect to each other via a so called Iurh interface, while RNCs connect to each other and to HNB GWs via a Iur interface.
The 3G OAM system follows the same structure as described for LTE shown in FIG. 2. The NEs 200 in FIG. 2 would correspond to RNCs and NBs in FIG. 3. If the NE is an HNB, the DM 210 would correspond to the HMS.
In LTE the mobile terminal may be in either idle state, which is also referred to as IDLE or RRC_IDLE, or in connected state, which state is also referred to as CONNECTED or RRC_CONNECTED. When the mobile terminal is in RRC_IDLE, it monitors a paging channel, which paging channel is part of a Common Control Channel (CCCH).
The suitable cell is commonly the cell with best quality of signal. Listening for a suitable cell may comprise searching for reference signals transmitted from the network node. When a suitable cell is found the mobile terminal performs random access, according to a system information for the cell. This is done in order to transmit a Radio Resource Control (RRC) connection setup request to the network node. Assuming the random access procedure succeeds and the network node receives the request, the network node will either answer with an RRC connection setup message, which acknowledges the mobile terminals request and tells it to move into RRC connected state, or an RRC connection reject, which tells the mobile terminal that it may not connect to the cell. In RRC connected state the parameters necessary for communication between the network node and the mobile terminal are known to both entities and a data transfer between the two entities is enabled.
When the mobile terminal is in RRC_CONNECTED state the mobile terminal may continue to measure RSRP, in order to be able to report a Channel Quality Indication (CQI) as well as an input to connected mode mobility decisions, such as e.g. performing a handover from one cell to another.
In order to support the mobile terminal in connecting to a cell, which may also be referred to as accessing a cell, System Information Blocks (SIBs) are transmitted in the control channel. A number of different SIBs are defined, which are characterized by the information they are carrying. For example, cell access related parameters, such as information about the operator of the cell, restrictions to what users may access the cell and the allocation of subframes to uplink/downlink may be carried by the SIBs.
However, a so-called “false base station” in a telecommunication system may impersonate a service providers real network nodes in order to lure a UE into connecting to the false base station. The false base station may then monitor and record data and voice traffic, as well as the position of the UE, which may be used to collect information about a user.