1. Field of Invention
This invention relates to systems and method for automating the process of allowing external devices having dynamic IP addresses access to a home base station controller (HBSC) that is protected by a firewall. More specifically, this invention relates to automatically updating dynamic IP addresses in the firewall.
2. Description of Related Art
In GSM networks, home base stations (HBS) communicate with home base station controllers (HBSC) using a public IP network. This broadband connection is used to route voice and data traffic between the device and the HBSC. The HBSC is the device within the GSM architecture that is responsible for Radio Resource allocation to a mobile station, frequency administration and handover between an HBS controlled by the HBSC. This configuration causes numerous security risks for the controller in that outside sources can masquerade as a legitimate HBS and generate traffic from the HBSC.
In the HBSC, three different IP interfaces are exposed to the public IP network. Each is protected in different ways. Traditional IP security mechanisms, used to protect private networks from unauthorized use or intrusion, employ an IP filtering method in a firewall that restricts unknown IP addresses from passing through the firewall.
Traditional methods require the HBS to use a static IP address. However, many broadband services for consumers include dynamic IP addresses that are subject to change without notice. Therefore, a dynamic IP address will not work with traditional IP security mechanisms used to protect the HBSC. This approach significantly limits the operation of the HBSC because either the IP addresses have to be manually entered into the IP firewall filter list each time a valid IP address changes or the HBSC is forced to “learn” the new IP address. Until the “learning” is complete, the traffic flow between the HBS and the HBSC may be interrupted.