Owners or supervisors of controlled or secure locations often wish to prevent unauthorised mobile communication devices (such as mobile telephones or tablets) from having network access. Examples of such locations may include prisons, government buildings and banks, including vaults and other secure rooms. Access to the network may therefore be managed in a particular way to deny or control user access as required by the coverage area in question. It is often detrimental for the same network access restrictions to be imposed on all mobile terminals though. In the example of a prison, it may be desirable to prevent unauthorised mobile telephone use by prisoners within the prison, whilst still allowing prison officers to use mobile communication devices in the same location.
Accordingly, monitoring and imposition of access rights should be made on a per-device or per-mobile terminal basis, such that the appropriate parties gain access to appropriate network features. It should also be noted that mobile terminals entering the secure area are likely to be subscribers to several different mobile network operators. Hence, this management, monitoring and imposition of access rights should be made across multiple operators.
There are a range of existing options for managing or preventing network access in specific locations, but all of these have drawbacks. For example, Radio Frequency (RF) jamming technologies deliberately use radio signals to disrupt other radio communications. In a small, well-defined location such as a room or corridor, jamming can prevent reception of other signals. Nonetheless, this technology is crude, because the propagation of the jamming transmissions are difficult to control and it inherently assumes that anyone in the vicinity of the jamming equipment should not be able to send and/or receive desired transmissions. Thus, the jamming process is indiscriminate and will block everything from emergency services users to ordinary users unrelated to the secure location. In addition, there are territorial legal restrictions regarding the operation of jamming equipment in certain places.
Another approach uses network probes, which can monitor data being transmitted between two points in a half-duplex network. These may allow traffic between point A and B to pass through the probe, whilst it makes a copy on a so-called “monitor port”. Access can be blocked or only allowed for one or more mobile terminals or User Equipment (UE) on a predetermined list. Such network probes must be inserted into the network and are therefore operator-specific. Moreover, the predetermined list or lists requires configuration and maintenance, which imposes an additional burden.
In the example of a prison, some users can be permitted access and others blocked, but this requires collating the authorised users and providing these to individual operators. This can cost a large amount of money and can be out-of-date quickly. Such an approach is called a ‘snapshot test’.
It would be desirable to maintain constant oversight of any access to the controlled area over a longer period, such as 24 hours, and allow granular control. For example, a visitor may be allowed access to a specific service for a time-bounded period. There is currently no straightforward or automatic technique for configuring such a system, however.