1. Technical Field of the Invention
The present invention relates to authentication procedures for terminals operating within a wireless communications system and, in particular, to the timing of terminal authentication procedure occurrence when engaging in a data call.
2. Description of Related Art
It is imperative in a wireless (for example, cellular) communications system that the system ensure that its services are being provided only to legitimate subscribers. The main reason for this is that the wireless radio communications media used for transmission to and from subscribers is particularly sensitive to eavesdropping (interception) of communications signals and misuse (stealing) by unauthorized users. It is common for the system to employ security functions to protect the information conveyed over the system and control access to the system. The most commonly utilized security mechanism for the protection of information is encryption, and the most commonly utilized security mechanism for access control is authentication. The term xe2x80x9cauthenticationxe2x80x9d refers to a process or procedure for exchanging information between a subscriber terminal (such as a mobile station) and system equipment (such as a base station) for the purpose of enabling the system to confirm the identity of the subscriber terminal and guarantee that only legitimate identified subscribers have access to system resources. Only when such identity is confirmed will the subscriber terminal be given access to valuable system resources like the air interface.
Generally, a wireless communications system authenticates a subscriber terminal by comparing so-called xe2x80x9cshared secret dataxe2x80x9d (SSD) stored in the terminal with corresponding shared secret data stored in the system. The shared secret data stored in the subscriber terminal is derived from a combination of terminal identifying data, random data supplied by the system, and a private authentication key (A-Key). The subscriber terminal identification data may include an electronic serial number (ESN) which uniquely identifies the terminal to any system, and which includes the identity of the manufacturer of the terminal and the serial number assigned by the manufacturer to that terminal, plus a mobile identification number (MIN) which is derived from the directory telephone number of the subscriber terminal. The private authentication key is a secret number known only by the subscriber terminal and the xe2x80x9chomexe2x80x9d system for that terminal, and is used as an encryption key to encrypt various data. The system periodically generates and broadcasts a random number (RAND) to all served terminals. When a subscriber terminal seeks to utilize the system, it uses the received RAND, its assigned A-Key, its electronic serial number and its mobile identification number, construct a signed response. This signed response is then transmitted to the system (for example, via a base station). At the same time, the system retrieves the values of the ESN, MIN and A-Key for that subscriber terminal from its data base, and generates an expected signed response value to the same random number (RAND) using the retrieved values. Upon receipt of the signed response from the subscriber terminal, the system compares the received response to its generated expected signed response, and if the responses are the same, authentication of the subscriber terminal is confirmed and access is granted to system resources.
In conventional operation, the authentication process is performed based on terminal access to the system, for example, at subscriber terminal registration, at call initiation and at call delivery. Once authenticated in connection with a terminal access, no further authentication in connection with that same access is typically performed. With respect to engaging in a voice call, the subscriber terminal operates in two states: a null state (where it is idle awaiting use); and an active state (where it is used to engage in the call). Because of the limited number of states, and further because voice calls are often limited in length of time, the conventional terminal access related authentication process timing triggers (for example, at call initiation/delivery) provide sufficient security to not only ensure subscriber terminal identity but also ensure against unauthorized access to (i.e., stealing of) the air interface resource.
With respect to a data call, however, the conventional terminal access authentication process timing triggers may not provide a sufficient level of security. One reason for this is that data calls can extend over an extended period of time (often much longer than a typical voice call). These extended periods of time present a greater window of opportunity, following an initial successful authentication at data call set-up (i.e., terminal access), for an unauthorized user to illicitly access the system through the established authenticated connection. Another reason for this is that the subscriber terminal monitors whether it is actively sending or receiving data and, when a data transfer has not occurred within a certain period of time, switch to an operating state where the air interface resource is temporarily disconnected but the non-air interface resources remain connected, supporting the data call. When the subscriber terminal is in this suspended air interface state, an unauthorized user would be presented with an opportunity to illicitly access the system through the established authenticated connection.
It is accordingly recognized that an enhancement to, or replacement for, the conventional subscriber terminal access triggers for engaging in the authentication procedure is needed to account for the noted special concerns over the way data calls are handled.
An authentication procedure with a supporting wireless communications system is initiated by a subscriber terminal in response to either a timer expiration based trigger, a state change based trigger, or a combination timer/state based trigger.
With respect to the timer expiration based trigger, a countdown timer is set by either the subscriber terminal or the supporting system and thereafter monitored for expiration. Responsive thereto, an authentication procedure transaction is performed by the subscriber terminal with its supporting wireless communications system regardless of the current operating state of the terminal.
With respect to the state change based trigger, the subscriber terminal monitors for any transition from an operating state wherein use of an air interface connection with the supporting system has been suspended. Responsive thereto, the subscriber terminal initiates an authentication procedure transaction with its supporting wireless communications system.
With respect to the combination timer/state based trigger, the subscriber terminal sets a countdown timer and monitors for an operating state transition that occurs subsequent to timer expiration. Responsive thereto, an authentication procedure transaction is performed by the subscriber terminal with its supporting wireless communications system.
In a preferred embodiment, the authentication procedure triggers of the present invention are implemented solely with respect to subscriber terminal operation for data calls. It is understood, however, that the timer based trigger and combination timer/state based trigger may be equally well applied to subscriber terminal operation for voice calls.
In another preferred embodiment, the authentication procedure triggers of the present invention are implemented as a supplementary feature to conventional terminal access authentication procedures. It is understood, however, that the authentication procedure triggers of the present invention may alternatively be implemented as a replacement for conventional terminal access authentication procedures.