The present invention relates generally to a manner by which to effectuate authentication of communication stations operable in a communication system, such as a Bluetooth-based communication system. More particularly, the present invention relates to apparatus, and an associated method, by which to facilitate authentication of at least a portion of the network infrastructure of the Bluetooth-based, or other, communication system by a mobile terminal. Operation of an embodiment of the present invention provides for effectuation of authentication without compromising the confidentiality of identifiers used in the authentication procedures.
Advancements in communication technologies have permitted the development, and popularization, of new types of communication systems. Multi-user, wireless communication systems are exemplary of communication systems made possible as result of such advancements. A cellular communication system is a multi-user, wireless communication system capable of concurrent use by large numbers of users.
In a cellular communication system, as well as other types of radio communication systems, a communication channel formed between a sending station and a receiving station is formed of a radio channel defined upon a portion of the electromagnetic spectrum. A wireline connection is not required to be formed between the sending and receiving stations. Thereby, a radio communication system is inherently of increased communication mobility, relative to conventional wireline communication systems.
Digital communication techniques have been implemented in radio, as well as other, communication systems. Digital communication techniques generally permit the communication system in which the techniques are implemented to achieve greater communication capacity contrasted to conventional, analog communication techniques.
Information which is to be communicated in a communication system which utilizes digital communication techniques, typically, digitizes the information to form digital bits. The digital bits are typically formatted according to a formatting scheme. Groups of the digital bits, for instance, are positioned to form a packet, and, one or more packets of data are sometimes together defined to form a frame of data.
Because packets, or frames, of data can be communicated at discrete intervals, rather than continuously, a frequency band need not be dedicated solely for the communication of data between one communication pair. Instead, the frequency band can be shared amongst a plurality of different communication pairs. The ability to share the frequency band amongst the more than one communication pair permits a multiple increase in the communication capacity of the system.
Packet-data communications are effectuated, for instance, in conventional LANs (Local Area Networks). Wireless networks, operable in manners analogous to wired LANs, referred to as WLANs (Wireless Local Area Networks) have also been developed and are utilized to communicate data over a radio link. Some of such packet communication systems are able to provide for voice, as well as nonvoice, communications.
A WIO (Wireless Intranet Office) is exemplary of a packet radio communication system which is intended to provide voice, and other real time, communications. Voice communications by way of a WIO provides the advantage of use of a wireless communication system in a cost-effective manner. Voice, as well as other data, can be communicated between mobile terminals operable in such a system. Various aspects of conventional cellular, or microcellular, communication systems are conventionally utilized in a WIO system.
For instance, authentication procedures are carried out to ensure that the mobile station and the network portion of the WIO system are authentic. Subsequent to authentication, communications are permitted between the mobile station and network portion of the system.
At least one proposal has been set forth by which to provide a dual-mode mobile terminal, operable in both a conventional cellular, such as a GSM (Global System for Mobile communications) communication system, and also a WIO network. In particular, one WIO network is proposed to utilize Bluetooth radio technology in which Bluetooth signals form the radio access medium between the mobile terminal and corresponding infrastructure of the WIO network. In order to create a secure radio link, the device is to be operable pursuant to a communication session, i.e., the Bluetooth mobile terminal of the dual-mode mobile terminal and the Bluetooth network infrastructure of the WIO system, must authenticate each other. Once authenticated, encryption keys can be used by the devices to encrypt signals to be communicated therebetween.
The Bluetooth standard, for instance, sets forth an authentication procedure by which Bluetooth devices authenticate each other and provides for execution of a procedure referred to as pairing. In a pairing procedure, a secret, link key is created, based upon secret identifiers, referred to as PIN codes, of a Bluetooth device. Once pairing has been completed, a link key to be used subsequently between the devices is created.
Such a pairing process, however, requires user interaction and therefore is not automated.
An automated procedure by which authentication can be performed would be advantageous.
It is in light of this background information related to radio communication systems that the significant improvements of the present invention have evolved.
The present invention, accordingly, advantageously provides apparatus, and associated methodology, by which to facilitate authentication of at least a portion of the network of a Bluetooth-based, or other, communication system by a mobile terminal. Authentication is performed automatically, without requiring user interaction, and maintains the confidentiality of the identifiers used in the authentication procedure.
In one aspect of the present invention, a manner is provided by which to facilitate authentication by a dual-mode, mobile terminal. In a first of the dual modes, the mobile terminal is operable to communicate in a WIO (Wireless Intranet Office) with a PBU (Personal Base Unit) forming a portion of the network infrastructure of the WIO. The PBU is coupled to be able to access a storage device located, for instance, at an ILR (Intranet Location Register), which also forms a portion of the network infrastructure of the WIO. The storage device located at the ILR stores identifiers identifying mobile terminals permitted to communicate by way of the WIO. In one implementation, the identifiers form PIN codes associated with respective ones of the mobile terminals. During authentication procedures, the PIN code associated with a mobile terminal requesting authentication is retrieved from the storage device of the ILR and utilized during the authentication procedures. By storing the identifier at the storage device of the ILR, the identifier is accessible, such as by way of a wireline connection formed between the ILR and the personal base unit when authentication procedures are to be performed. Once the identifier is retrieved from the storage device of the ILR, the value thereof is utilized in authentication procedures by which the mobile terminal authenticates the personal base unit.
In another aspect of the present invention, the dual-mode, mobile terminal is also operable in a cellular communication system, such as a GSM (Global System for Mobile communications) communication system. In one implementation, indications of the identifier stored at the storage device of the ILR are provided thereto during operation of the mobile terminal to communicate by way of the cellular communication system.
Namely, authentication procedures are first performed pursuant to operation of the mobile terminal in the cellular communication system and, thereafter, communications are effectuated therethrough, utilizing encryption, as appropriate. Pursuant to operation of the mobile terminal with the cellular communication system, indications of the identifier identifying the mobile terminal in the Bluetooth communication system, such as the PIN code, is provided to the network infrastructure of the cellular communication system. Once received at the network infrastructure of the cellular communication system, the indications of the identifier are routed to the storage device at the ILR.
Thereafter, when the mobile terminal is to be operated pursuant to the Bluetooth communication system, the identifier stored at the storage device is retrieved and thereafter used during authentication procedures by which the mobile terminal authenticates the personal base unit of the Bluetooth communication system. In an implementation in which the cellular communication system forms a GSM communication system which provides for SMS (Short Message Service) messaging, the indicator, such as the PIN code, is formatted into a SMS message. And, the SMS message is sent to the network infrastructure of the cellular communication system, routed to a SMS service center, and, thereafter, to the ILR at which the storage device is located.
In one implementation in which SMS messaging is utilized to communicate the indicator to the ILR, a service request is first sent by the mobile terminal to a service number of the wireless Intranet office. The IMSI and IMEI of the mobile terminal, both defined in the GSM communication system, are used as parameters in such service request message. The message is routed to a service center of the WIO. Once detected at the WIO service center, the identity of the requesting device is checked, based upon the values of the IMSI and IMEI contained in the message. If a determination is made that service with the mobile terminal would be permitted, the service center of the WIO returns a message to the mobile terminal, also in the form of a SMS message, with the network identifier of the WIO, as well as other relevant parameters. Thereafter, the mobile terminal generates a SMS message containing the identifier, such as the PIN code, associated with the mobile terminal. The indications of the identifier contained in the SMS message are later utilizable in authentication procedures by which the mobile terminal authenticates one or more personal base units of the WIO.
In another aspect of the present invention, public key authentication and encryption is utilized by which the mobile terminal authenticates the personal base unit of the WIO. A non-secure link is establishable between the mobile terminal and the personal base unit of the Bluetooth communication system. A public key is thereafter provided by the personal base unit of the Bluetooth communication system to the mobile terminal. The public key is used by the mobile terminal to encrypt the identifier of the mobile terminal, such as the PIN code identifying the mobile terminal, and, once encrypted, the identifier is provided to the personal base unit. Once provided to the personal base unit, authentication procedures are carried out between the mobile terminal and the personal base unit, thereby to authenticate the personal base unit to the mobile terminal.
In these and other aspects, therefore, apparatus, and an associated method, is provided for facilitating authentication in a mobile communication system. The mobile communication system has a mobile terminal operable to communicate pursuant to a first radio communication system and to communicate pursuant to a second radio communication system. Authentication of the second radio communication system is facilitated. A storage element is coupled to the second radio communication system. The storage element stores indications of a secured identifier which identifies the mobile terminal in the second radio communication system. The indications of the secured identifier are accessible by the second radio communication system to be used in authentication procedures by the mobile terminal to authenticate the second radio communication system.
A more complete appreciation of the present invention and the scope thereof can be obtained from the accompanying drawings which are briefly summarized below, the following detailed description of the presently-preferred embodiments of the invention, and the appended claims.