The following description of background art may include insights, discoveries, understandings or disclosures, or associations together with disclosures not known to the relevant prior art to the present invention but provided by the invention. Some such contributions of the invention may be specifically pointed out below, whereas other such contributions of the invention will be apparent from their context.
One of the key features of telecommunications systems, especially in wireless telecommunications systems, is authentication of a user to prevent illegal access. Authentication is a procedure in which one party authenticates the other party according to an agreed procedure which is typically based on passwords and/or keys, and which may be transparent to the user. In mobile networks, the network security access mechanisms includes a mutual authentication of a user, or more specifically a subscriber identity module used by the user with a terminal providing network interfaces, and a network, and the authentication is typically based on challenge-response based mechanism that uses symmetric cryptography. In the mechanism, a secret key is permanently stored to a subscriber identity module and in an authentication centre of the subscriber's home environment (home network), the permanent root key being a root key used by the subscriber identity module and the authentication centre as an input in different algorithms, such as calculating an authentication response, a cipher key, an integrity key and/or an anonymity key, for example, in the authentication phase. The permanent root key is never transmitted but the authentication centre may calculate a certain number of authentication vectors with which the authentication may be performed in a network serving the user's device (and thereby the user), without the involvement of the authentication centre as many times as there are authentication vectors.
It may happen that authentication is impossible because the connection to the authentication centre is lost due to a network failure, and there are no authentication vectors available in the serving network. In the situation, the only service available is a call to an emergency center. However, there are situations in which it would be useful to have a little bit broader service, for example a call between two or more user equipments in the same radio access network.
WO 2008/031926 relates to a professional mobile radio called Terrestrial Trunked Radio (TETRA), in which mobile stations can communicate in a direct mode, i.e. directly with each other, or using trunked infrastructure called Switching and Management Infrastructure (SwMI). WO 2008/031926 discloses a mobile station having, in addition to an actual mobile equipment, at least two separate subscriber identity modules. A detachable subscriber module and the actual mobile equipment may authenticate each other by means of an off-system key stored in the subscriber modules and in the actual mobile equipment for authentication purposes between the subscriber module and the actual mobile equipment when a direct mode (a mode in which the trunked infrastructure is not involved in the communication) is to be used, or the serving trunked infrastructure is not available. If the authentication with the off-system key succeeds, a mobile station comprising the subscriber module and the actual mobile equipment may form a direct connection to another mobile station. However, that solution enables only calls between mobile stations that are close enough to each other so that they can communicate directly to each other without use of network resources.