A communication system is a facility that enables communication between two or more entities such as user terminal equipment and/or network entities and other nodes associated with a communication system. The communication may comprise, for example, communication of voice, electronic mail (email), text messages, data, multimedia and so on.
The communication may be provided by a fixed line and/or wireless communication interfaces. A feature of wireless communication systems is that they provide mobility for the users thereof. An example of a communication system providing wireless communication is a public land mobile network (PLMN) and another example is a wireless local area network (WLAN). An example of the fixed line system is a public switched telephone network (PSTN).
A cellular telecommunications system is a communication system that is based on use of radio access entities and/or wireless service areas. The access entities are typically referred to as cells. Examples of cellular telecommunications systems include standards such as the GSM (Global System for Mobile Communications), GPRS: (General Packet Radio Service), AMPS (American Mobile Phone System), DAMPS (Digital AMPS), WCDMA (Wideband Code Division Multiple Access), UMTS (Universal Mobile Telecommunications System), and CDMA 2000 (Code Division Multiple Access 2000)
A communication system typically operates in accordance with a given standard or specification which sets out what the various elements of a system are permitted to do and how that should be achieved. For example, the standard or specification may define if the user, or more precisely user equipment, is provided with a circuit switched service or a packet switched service or both. Communication protocols and/or parameters which should be used for the connection are also typically defined. For example, the manner in which communication shall be implemented between the user equipment and the elements of the communication networks is typically based on a predefined communication protocol. In other words, a specific set of “rules” on which the communication can be based needs to be defined to enable the user equipment to communicate via the communication system.
The term “service” used above and hereinafter will be understood to broadly cover any service which a user may desire, require or be provided with. The term also will be understood to cover the provision of complimentary services. In particular, but not exclusively, the term “service” will be understood to include Internet protocol multimedia IM services, conferencing, telephony, gaming, rich call, presence, e-commerce and messaging e.g. instant messaging.
The introduction of Third Generation (3G) communication systems has significantly increased the possibilities for accessing services on the Internet via mobile user equipment (UE) as well as other types of UE.
Various user equipment (UE) such as computers (fixed or portable), mobile telephones, personal data assistants or organisers and so on are known to the skilled person and can be used to access the Internet to obtain services. Mobile user equipment is often referred to as a mobile station (MS) and can be defined as a means that is capable of communication via a wireless interface with another device such as a base station of a mobile telecommunication network or any other station. In order to allow a user to operate a range of user equipment terminals, yet retain the same identity user equipment typically can be considered to comprise two elements; the Mobile Equipment terminal (ME) and the Subscriber Identity Module (SIM). An example of the SIM is the UTMS Subscriber Identity Module (USIM). The identity module is a smartcard that holds the subscriber identity and performs authentication steps needed by the ME. The physical separation of the smartcard functionality and the mobile equipment terminal not only allows the user to transfer their identity from terminal to terminal but also improves security. As the security algorithms and encryption keys associated for that user can also be stored on the smart card and isolated from the terminal the terminal carries no data related to the user.
The 3G Partnership Project (3GPP) defines a reference architecture for a core network which provides the users of user equipment UE with access to the services provided via the communication system. This 3G core network is divided into three principal domains. These are the Circuit Switched (CS) domain, the Packet Switched (PS) domain and the Internet Protocol Multimedia (IM) domain.
The latter of these, the IM domain, makes sure that multimedia services are adequately managed. The IM domain supports the Session Initiation Protocol (SIP) as developed by the Internet Engineering Task Force (IETF).
SIP is an application layer signalling protocol for starting, changing and ending user sessions as well as for sending and receiving transactions. A session may, for example, be a two-way telephone call or multi-way conference session or connection between a user and an application server (AS). The establishment of these sessions enables a user to be provided with the above-mentioned services. One of the basic features of SIP is that the protocol enables personal mobility of a user using mobile UE by providing the capability to reach a called party (which can be an application server AS) or another user equipment via a single location independent address.
A user connected to a SIP based communication system may communicate with various entities of the communication system based on standardised SIP messages. SIP is defined in an Internet Engineering Task Force (IETF) protocol specification by G Rosenberg et al titled. “SIP: session initiation protocol” RFC 3261, July 2001. This document is incorporated by reference.
One version of the third generation standard is “Release 5” or “rel5”. This introduces the IP multimedia core network subsystem (IMS) that has been developed to use SIP technology as a basis for all IP services such as voice over IP, amongst others. The SIP standard is a rendezvous protocol which can be used to establish media sessions between a SIP user agent client (UAC) and a SIP user agent server (UAS). To open a session, SIP uses the SDP (session description protocol) protocol and it is thus possible to establish a variety of sessions depending on the used application both for real time services and non real time services. SIP is a flexible protocol that can be used to establish different types of sessions. For example, some sessions may require a certain precondition to be satisfied. Other sessions may require reliable provisional responses. Other sessions may require confirmation of reserved resources. It is also possible to have a variable number of SDP offer/answer exchanges.
The present invention relates, in particular, to modifications to the Removable User Identification Module (R-UIM) used in some 3G access networks. The R-IUM is similar to the Subscriber Identification Module (SIM) inserted, for example, in a Global System for Mobile telecommunications (GSM) user equipment. At present, mobile devices using CDMA technology can use the R-UIM to enable connectivity and security, for example, within a cdma2000 access network.
Currently, the R-UIM, and the limitations imposed by using R-UIM, is an issue for the IP Multimedia Subsystem (IMS) harmonisation between the Third Generation Project Partnership (3GPP) and the Third Generation Project Partnership 2 (3GPP2). One of the major limitations of using the R-UIM is that it is not capable of enabling several applications. The R-UIM is further incapable of enabling several applications to be run in parallel. Network applications could be for example a CDMA2000 access network application and an IMS core network application. Furthermore, the R-UIM does not provide the means for distinguishing between different access networks for multi-access mobile devices, e.g. cdma2000 and WLAN access networks.
It is further not possible to implement the separation of access level and IMS level authentication and security mechanisms in a R-UIM/SIM structure as multiple applications are needed to handle the separation.
There is provided according to the present invention a user identification module for user equipment for use in an access network said module being arranged to enable a plurality of access network applications to run.
The plurality of access network applications may be run in parallel.
The module may be arranged to enable at least one core network application to run, and wherein said module may be arranged to enable said core network application to run in parallel with at least one of said plurality of access network applications.
The user identification module may be arranged to generate authentication data for said core network and said access network, wherein said authentication data for said core network and for said access network may be further arranged to be dependent on a common data set.
The common data set possibly comprises data for use in encryption.
The common data set may be arranged to comprise at least one shared key between the access network and the access network application or the core network application, said shared key being possibly arranged to generate the required session key or keys.
The access network may comprise at least one of; a CDMA2000 network; a UMTS network; a IEE802.11 network; a GSM network; a DAMPS network; a AMPS network, a WCDMA network.
The core network application may be an IP multimedia service (IMS).
The module may comprise a Universal Integrated Circuit Card.
According to a second aspect of the present invention there is provided a communications system comprising: a plurality of access networks; at least one user equipment arranged for use in at least one of said access networks; and a user identification module for use in said at least one user equipment, said module being arranged to enable a plurality of access network applications to run.
The plurality of access network applications may run in parallel.
The module may be arranged to enable at least one core network application to run, and wherein said module may be arranged to enable said core network application to run in parallel with at least one of said plurality of access network applications.
The user identification module may be arranged to generate authentication data for said core network and said access network, wherein said authentication data for said core network and for said access network is possibly further arranged to be dependent on a common data set.
The common data set may comprise data for use in encryption.
The common data set may be arranged to comprise at least one shared key between the access network and the access network application or the core network application, said shared key preferably being arranged to generate the required session key or keys.
The access network may comprise at least one of; a CDMA2000 network; a UMTS network; a IEE802.11 network; a GSM network; a DAMPS network; a AMPS network, a WCDMA network.
The core network application may be an IP multimedia service (IMS).
The module may comprise a Universal Integrated Circuit Card.
According to a third aspect of the present invention there is provided a method for operating a user identification module for user equipment for use in an access network, comprising the step of: enabling a plurality of access network applications to run.
The step of enabling a plurality of access network applications to run may comprise; enabling a first access network application to run, enabling a second access network application to run, wherein said first and second access network applications are enabled to run in parallel.
The method may further comprise the step of enabling at least one core network application to run, wherein said step of enabling a plurality of access network applications and said step of enabling at least one core network to run are arranged to enable said at least one core network application to run in parallel with at least one of said plurality of access network applications.