Many communications networks comprise functionality for controlling and granting to subscribers access to the communications network. Typically, such access is granted to subscriber devices subject to a verification of subscriber credentials for authenticating said subscriber device. For example, access to many communications systems, e.g. mobile communications network systems, is limited to subscribers of a communications service that utilises the communications network.
In the context of the GSM/CDMA system and similar mobile communications systems, the mobile switching center (MSC) is the primary service delivery node, responsible for routing voice calls and SMS as well as other services (such as conference calls, FAX and circuit switched data). The MSC sets up and releases the end-to-end connection, handles mobility and hand-over requirements during the call and takes care of charging and real time pre-paid account monitoring.
Other important entities in the GSM system are the Home Location Register (HLR) and the Authentication Centre (AuC) connected to the MSC. In a wireless network, the HLR is the central location where user information is stored, such as account numbers, features, preferences, permissions, etc. The Home Location Register (HLR) was introduced in GSM as an entity that contains the functions needed to administer and check the subscriber of the mobile network. In conjunction with the Visitor Location Register (VLR) and the Mobile Switching Center (MSC), the HLR enables subscribers to send and receive calls within the home network and to travel (“roam”) within other networks while still maintaining access to familiar and desired services.
When the GSM system evolved into the UMTS (3G) system and recently even into the LTE system, the HLR kept this role. Other mobile network systems like AMPS, DAMPS, CDMA, etc have similar network entities.
Another important function of the mobile network is the authentication centre (AuC). The AuC is connected with the HLR and provides a function to authenticate each SIM card through which a mobile phone attempts to connect to the GSM core network (typically when the phone is powered on and/or when making a call). Once the authentication is successful, the HLR is used to manage the SIM and services described above. An encryption key is also generated that is subsequently used to protect (encrypt) wireless communications (voice, SMS, etc.) between the mobile phone and the GSM core network.
The AuC uses subscriber data that resides locally and data that resides in the subscriber's SIM card (in case of UMTS and LTE it is called a USIM card), and provides authentication mechanisms that allow the network to authenticate its subscribers. Furthermore, the AuC and the SIM card share the knowledge of the authentication algorithm and its parameters that will be used during the authentication procedure. For the purpose of the present description the subscriber data (comprising e.g. subscriber identifiers) and the authentication algorithm/parameters are referred to as the credentials of the subscriber.
This setup has over the years proven to give a secure way of enforcing network access control in mobile networks and has even been extended to provide security for services such as IMS. A key component of IMS is the Home Subscriber Server (HSS), which may be regarded as an evolved version of the HLR that provides a much wider range of features and is meant to act as a master repository of all subscriber and service-specific information. It combines the HLR/AuC (Authentication Center) functionality of GSM networks and also provides information specifically required by the IMS network. SIM based authentication can also be used in other access technologies, e.g. Wireless LAN where the AuC functionality is provided by a so called AAA Server (Authentication, Authorization and Accounting).
However, the above setup has certain logistics implications which make it difficult for wholesale solution providers to offer consumer devices for specific services. The main problem is that subscriber credentials must be provisioned both into the AuC and the device. In practice the latter is solved by forcing the subscriber to acquire a SIM card from the operator and to insert this card into the device. When the subscriber wants to change operator he/she gets a SIM card from another operator and removes the first SIM card and replaces it with the new one. This has proven to be a well-functioning system for individual subscribers. However, with the increasing use of mobile network technology for Machine to Machine (M2M) devices like (remote) metering devices, the above setup involves a number of disadvantages, because the provisioning of the SIM cards into the device and due to the way one can support flexible initial selection and change of operator.
Even though a mechanism has been described in U.S. Pat. No. 7,149,516 that allows users to modify their own subscriber profiles by accessing a personal home location register which is modifiable directly by a user, this approach does not address authentication issues towards another operator network and this prior art only allows a user to manage subscriptions that already exist; it does not provide any mechanism that would enable the user to conveniently add remotely an entire subscription (identities and credentials) for a new or existing device.
As explained earlier, the AuC comprises the subscriber credentials and these are mirrored in the SIM card which is inserted into the device. Examples of subscriber credentials comprise an IMSI (International Mobile Subscriber Identity), one or more cryptographic keys, one or more authentication algorithms, one or more session key algorithms, one or more algorithm parameters. The operator will normally request a third party (e.g. SIM card vendor) to produce a set of SIM cards and then populates his AuC with the credentials on those cards. When a device owner wants to use this operator's network he receives or buys (prepaid) one of the operator's SIM cards. This works well for personal devices although for some devices the removable SIM card based on UICC technology is a cost factor and is replaced by fixed mounted SIMs.
However, there are a number of scenarios where the prior art mechanisms have severe limitations. For example, if a utility company wants to deploy metering devices that report data over the mobile network, the problem arises that the manufacturer of the devices cannot know which operator the utility company wants to use. Thus the device manufacturer cannot pre-provision operator specific credentials into the devices and, as with traditional mobile devices, must leave this task to the device user which in this case is the utility company. The utility company must then do something with the devices (insert a SIM card or reprogram them) to make them usable on the chosen operator's network. As soon as the devices can make contact to the operator's network other procedures can then be used to provision the final credentials if so needed (i.e. in case initial contact was based on some preliminary and or group credentials).
Similar problems are found in connected consumer electronics where an end user has a set of personal devices (phones, digital cameras, TV sets. PCs, etc) that use mobile networks to communicate. Even with only a handful of devices, it tends to be very cumbersome for the user to acquire separate SIM cards for each device.
One solution that has been proposed involves the so-called MCIM (Machine Communications Identity Module), or “Soft SIM”, see 3GPP TR33.812. This solution addresses the provisioning problem on the device side, but still has several shortcomings on the user/network side. For example, if a user wants to change operator for his devices, the change-of-operator protocol must be executed once per device. If the user has many devices, e.g. hundreds or even thousands of remote metering devices of a utility company, this is a prohibitive task.