HK1074959B - Apparatus and method of using a ciphering key in a hybrid communications network - Google Patents
Apparatus and method of using a ciphering key in a hybrid communications network Download PDFInfo
- Publication number
- HK1074959B HK1074959B HK05107176.6A HK05107176A HK1074959B HK 1074959 B HK1074959 B HK 1074959B HK 05107176 A HK05107176 A HK 05107176A HK 1074959 B HK1074959 B HK 1074959B
- Authority
- HK
- Hong Kong
- Prior art keywords
- mobile station
- communication system
- cellular communication
- station
- mobile
- Prior art date
Links
Description
RELATED APPLICATIONS
This application has priority to U.S. provisional patent application serial No. 60/340755 entitled "method and apparatus for Effecting Handoff Between transfer cellular communications Systems", filed on 11/7/2001; and this application also has priority to U.S. patent application Ser. No. 10/077502 entitled "Method and Apparatus for influencing Handoff Between differential Cellular Communications Systems", filed on.2.14.2002; this application also has priority to U.S. provisional patent application serial No. 60/350401 entitled "GSM Authentication, Encryption and Other feature service in a CDMA 1x Network Using a GSM-1x MSC", filed on date 1, month 17, 2002.
Background
Technical Field
The present invention relates generally to methods and apparatus for using encryption keys.
Description of the Related Art
The so-called Code Division Multiple Access (CDMA) modulation technique is one of several techniques that facilitate communications with a large number of system users. While other techniques such as Time Division Multiple Access (TDMA), Frequency Division Multiple Access (FDMA), and AM modulation schemes such as amplitude companding a single sideband are available, CDMA has important advantages over other such modulation techniques. The use of CDMA technology in Multiple Access Communication systems is disclosed in U.S. patent No. 4901307, entitled "Spread Spectrum Multiple Access Communication System Using satellite or Terrestrial applications," assigned to the assignee of the present invention and incorporated herein by reference.
In us patent No. 4901307, a multiple access technique is described in which a large number of mobile telephone system users, each having a transceiver, communicate via satellite repeaters or terrestrial base stations (also known as cell sites or cell sites) using Code Division Multiple Access (CDMA) spread spectrum communication signals. With CDMA communications, the spectrum can be reused multiple times, thereby increasing system user capacity. Higher spectral efficiency can be achieved using CDMA techniques than other multiple access techniques.
In conventional cellular telephone systems, the available frequency band is divided into channels, typically 30KHz in bandwidth, and analog FM modulation techniques are used. The system service area is geographically divided into cells of different sizes. The available frequency channels are divided into sets, each set typically comprising an equal number of channels. The frequency sets are allocated to the cells in a manner to minimize the possibility of co-channel interference. For example, consider a system in which there are seven frequency sets and the cells are hexagons of equal size. The set of frequencies for a cell cannot be used in the six nearest or surrounding neighborhoods of the cell. Further, the set of frequencies used in a cell cannot be used in the twelve nearest neighbors of the cell.
In conventional cellular systems, a handoff scheme is implemented to enable calls or other types of connections (e.g., data links) to remain continuous as the mobile station crosses the boundary of two cells. Handover from one cell to another begins when the receiver within the cell base station processes a call or the connection notices that the received signal strength from the mobile station falls below a predetermined threshold. A lower signal strength indication means that the mobile station must be close to the cell border. When the signal level falls below a predetermined threshold, the base station asks the system controller to determine whether the neighboring base station receives the mobile station signal with a better signal strength than the current base station.
The system controller responding to the current base station query sends a message with a handover request to the neighboring base station. Base stations adjacent to the current base station use specific scanning receivers that look for signals from the mobile station on a specific channel. If one of the neighboring base stations reports a sufficient signal level to the system controller, a handover is attempted.
The handover then starts when a free channel of the channel set for the new base station is selected. A control message is sent to the mobile station instructing it to switch from the current channel to the new channel. At the same time, the system controller hands off the call from the first base station to the second base station.
In conventional systems, the call may be dropped if the handover to the new base station is unsuccessful. There are many reasons for the occurrence of a handover failure. If there are no free channels available in the neighboring cell for the call communication, the handover may fail. If another base station reports obtaining information from the mobile station, and in fact the base station hears a different mobile station using the same channel in a completely different cell, the handover may fail. The reporting error may cause the call to be handed off to the wrong cell, typically one with insufficient signal strength to maintain communication. In addition, if the mobile station cannot hear the instruction to switch channels, the switch may fail. Practical operational experience has shown that frequent occurrences of handover failures can lead to unreliable systems.
Another frequent problem in conventional telephone systems is when a mobile station is near the border of two cells. In this case, the signal level fluctuates at both base stations. This signal level fluctuation results in a "ping-pong" situation, i.e., a repeated request to handoff a call back and forth between two base stations. This additional unwanted handoff request increases the probability that the mobile station will incorrectly hear the channel switch command or will not hear the command at all. In addition, the ping-pong situation increases the probability that the call will be dropped if unfortunately turned into a cell where all channels are used and there are no available channels to accept the handover.
In U.S. patent No. 5101501, entitled "Method and System For Providing a software handover In Communications In a CDMA Cellular Telephone System," assigned to the assignee of the present invention and incorporated herein by reference, a Method and System For Providing Communications to a mobile station that passes through more than one cell base station during a handover is disclosed. In this environment, communication within the cellular system is interrupted for the final handover from a first base station, corresponding to the cell the mobile station is going to exit, to a second base station, corresponding to the cell the mobile station is going to enter. This type of handoff may be considered a "soft" handoff of communication between a cell base station and a mobile station, where two or more base stations or sectors of a base station transmit concurrently to the mobile station. The use of such "soft" handoff techniques can greatly reduce the probability of the occurrence of ping-pong situations, which refer to repeated handoff requests between a pair of base stations.
An improved Soft Handoff technique is disclosed In U.S. patent No. 5267261, entitled "Mobile static Handoff In a CDMA Cellular Communications System," assigned to the assignee of the present invention and incorporated herein by reference. Soft handoff techniques are improved by measuring, at the mobile station, the strength of the "pilot" signal transmitted by each base station in the system. Soft handoff procedures are facilitated by measurements of these pilot strengths to facilitate identification of candidate stations for viable base station handoff.
Improved soft handoff techniques require the mobile station to monitor the signal strength of pilots from neighboring base stations. When the measured signal strength exceeds a given threshold, the mobile station sends a signal strength message to the system controller through the base station through which the mobile station is communicating. Command messages from the system controller to the new base station and to the mobile station establish temporary communications between the new and current base stations. When the mobile station detects that the signal strength of the pilot corresponding to at least one base station through which the mobile station is communicating falls below a predetermined level, the mobile station reports the measured signal strength indicative of the corresponding base station through the base station to the system controller through which it is communicating. Command messages from the system controller to the identified base stations and mobile stations discontinue communication through the corresponding base station while communication through other base stations continues.
While the above techniques are suitable for call transfer between cells within the same cellular system, there are more difficult problems to deal with when a mobile station enters a cell served by a base station from another cellular system. A complicating factor in such "intersystem" handovers is that neighboring cellular systems often have different characteristics. For example, adjacent cellular systems often operate at different frequencies and may maintain different levels of base station output power or pilot strength. These differences effectively prevent the mobile station from performing pilot strength comparisons and the like that are considered by existing mobile-assisted soft handoff techniques.
When there are no resources available for performing soft inter-system handovers, the timing of the handover of a call or connection from one system to another is critical if service is to be maintained uninterrupted. I.e., the intersystem handover must be performed at a time that best results in a successful transfer of the intersystem call or connection. In such a handoff, referred to herein as a hard handoff, communication between the mobile station and one system must be terminated before communication between the mobile station and the other system can begin. Handover is only attempted when, for example:
(i) having available idle channels in the new cell
(ii) But before the mobile station loses contact with the current base station, the mobile station is actually within range of the new cell base station, and
(iii) the position of the mobile station ensures that it receives the instruction to switch channels
Ideally, each such hard inter-system handoff would be performed in a manner to minimize potential "ping-pong" handoff requests between base stations of different systems. However, existing handover procedures make this more difficult when the identification of when and through which base station the mobile station should be provided with new frequency and channel information and instructed to transfer existing calls and connections fails.
These and other drawbacks of existing inter-system handoff techniques compromise the quality of cellular communications and may degrade performance as cellular systems are further expanded. Accordingly, there is a need for an inter-system handover technique that reliably directs the handover of a call or connection between base stations of different cellular communication systems.
U.S. patent No. 5697055 describes a method and System for implementing an intersystem handover of Mobile Station Communications between base stations of first and second Cellular systems, entitled "Mobile Station Assisted software In a CDMA Cellular Communications System," assigned to the assignee of the present invention. At the mobile station, quantifiable parameters of a signal transmitted by a second base station of the second system are measured. The mobile station communicates a signal quality message to the first mobile handover control station via the first base station of the first system when the measured quantifiable parameter value exceeds a first predetermined level.
The channel request message is then communicated from the first mobile switching control station to a second mobile switching control station within the second system. At the second base station, the quantifiable parameters of the signals received from the mobile station are also measured. The second base station establishes communication with the mobile station when the measured value of the quantifiable parameter exceeds a predetermined level. Alternatively, the signal strength of a first pilot signal transmitted by a first base station is measured at the mobile station. When the measured signal strength of the first pilot signal is less than a second predetermined level, a handoff request message is then sent to the second base station, thereby establishing mobile station communication. Providing a voice link between mobile handover control stations enables forwarding of existing connections between the first and second cellular systems and enables soft inter-system handovers.
Although this approach works well for situations where both systems are CDMA based and thus capable of soft handoff, there remains a problem of how to deal with the problem of one or more systems not being able to achieve such soft handoff. For example, the GSM standard has no soft handover mechanism. Thus, there is a problem in handling a handover of a call from using the air interface of a CDMA network to a GSM network. In addition, GSM authentication cannot be done because the CDMA2000 mechanism cannot pass the data needed for GSM authentication. The encryption in GSM is also different from the encryption in CDMA 2000.
One way to deal with this problem is to modify GSM so that it can effect a handover to a non-GSM system, such as a CDMA system. However, GSM has been in existence for a long time, and operators are relatively reluctant to expend significant capital to modify existing equipment to accommodate adjacent incompatible systems. If new messages are added to the air interface supporting a dual mode mobile station, modifications must be made to support these new messages. Clearly, this is undesirable from an operator's perspective.
Another problem with handover between CDMA systems and GSM systems is that CDMA and GSM authentication use two different methods and keys. The authentication methods in GSM and CDMA 1X are basically the same, but the keys are different in size. CDMA 1X has additional procedures such as unique challenge responses and counting methods, which accordingly prevent channel hijacking and replay attacks.
Summary of the invention
The present invention solves the above problems.
According to an aspect of the present invention there is provided a method of using an encryption key in a mobile station controlled by a first base station in a first cellular communication system controlled via a first mobile switching control station in a system to a second base station in a second, different cellular communication system controlled via a second mobile switching control station, the method comprising: generating an encryption key for the mobile station for use by the mobile station during communications within the second cellular communication system, the encryption key being generated by the mobile station from a private key assigned to the mobile station of the second cellular communication system and a random number generated by the second cellular communication system; passing the encryption key to the first mobile system; and generating a private long code for the mobile station for use by the mobile station during communication within the first cellular communication system.
According to another aspect of the present invention, there is provided a mobile station comprising: a transceiver chain for communicating with a receiving and transmitting signal within a cellular communication system; and a controller for: receiving a random number generated by the second cellular communication system; and generating an encryption key for the mobile station for use by the mobile station during communications within the cellular communication system, the encryption key being generated from a private key assigned to the mobile station of the cellular communication system and the received random number.
Thus, one aspect of the present invention is to establish a CDMA physical layer for use within a GSM system without requiring significant modifications to the GSM mobile services switching center (MSC) to reuse the GSM authentication method at the CDMA physical layer. This provides the advantage that the system need not support two different types of authentication centers, two different types of SIM cards, etc.
The above features of the present invention are set forth in the appended claims and their advantages will become apparent from the following detailed description of exemplary embodiments of the invention with reference to the accompanying drawings.
Brief description of the drawings
In the drawings:
FIG. 1 is a schematic diagram of a cellular system;
FIG. 2 is a schematic representation of a boundary between two cellular systems;
FIG. 3 is a schematic diagram of a dual-mode mobile station;
figure 4 is a schematic representation of data exchange within a GSM system; and
fig. 5 is a schematic representation of a single mode mobile station.
Detailed description of embodiments of the invention
Fig. 1 is a schematic illustration of an example cellular telephone system. The illustrated system may use any of a number of multiple access modulation techniques to facilitate communication between a large number of system mobile stations or mobile telephones and base stations. The multiple access communication system technique includes: time Division Multiple Access (TDMA), Frequency Division Multiple Access (FDMA), Code Division Multiple Access (CDMA), and AM modulation schemes such as amplitude compression expansion of single-sided frequency bands. The spread spectrum modulation technique of CDMA is disclosed in the aforementioned U.S. patent No. 4901307, which has many advantages over other modulation techniques for multiple access communication systems and is therefore optimal.
In a typical CDMA system, each base station transmits a unique pilot signal, which includes transmitting a "pilot carrier" on a corresponding pilot channel. The pilot signal is an unmodulated, direct-sequence, spread-spectrum signal transmitted by each base station at all times using a common Pseudorandom Noise (PN) spreading code. In addition to providing a phase reference for coherent demodulation and a reference for signal strength measurements for handoff determination, the pilot signal enables the mobile station to obtain initial system synchronization, i.e., timing synchronization. The pilot signal transmitted by each base station is typically the same PN spreading code but with a different code phase offset.
In the system illustrated in fig. 1, the system controller and switch 10, also referred to as a Mobile Switching Center (MSC), typically includes interface and processing circuitry (not shown) for providing system control to a plurality of base stations 12, 14 and 16. The controller 10 also controls the routing of telephone calls from the Public Switched Telephone Network (PSTN) to the appropriate base stations for transmission to the appropriate mobile stations. The controller 10 also controls the routing of calls from the mobile stations to the PSTN through at least one base station. The controller 10 also directs calls between mobile users through the appropriate base stations because such mobile stations typically do not communicate directly with each other.
The controller 10 is also coupled to the base stations by various means such as dedicated telephone lines, optical fiber links, or by microwave communication links. In fig. 1, three such exemplary base stations 12, 14 and 16 are illustrated, as well as an exemplary mobile station 18, which includes a cellular telephone. Arrows 20a and 20b define possible communication links between base station 12 and mobile stations 18. Arrows 22a and 22b define possible communication links between base station 12 and mobile station 18. Similarly, arrows 24a and 24b define possible communication links between base station 16 and possible stations 18.
The geographical shape of the base station service area or cell is designed so that a mobile station is generally closest to a base station. When the mobile station is idle, i.e., not engaged in a call, the mobile station is constantly monitoring the pilot signal transmissions from each neighboring base station. As illustrated in fig. 1, pilot signals are transmitted by the base stations 12, 14, and 16 to the mobile stations over respective communication links 20b, 22b, and 24 b. The mobile station then determines which cell it is in by comparing the strength of the pilot signals transmitted from these particular base stations.
In the example illustrated in fig. 1, the mobile station 18 may be considered closest to the base station 16. When the mobile station 18 initiates a call, a control message is sent to the nearest base station, here base station 16. The base station 1, upon receiving the call request message, sends a signal to the system controller 10 and transmits a call number. The system controller 10 then connects the call to the target recipient via the PSTN.
If a call is initiated in the PSTN, the controller 10 transmits call information to all base stations in the area. The base station then sends a paging message to the targeted receiving mobile station. When the mobile station hears the paging message, it responds with a control message sent to the nearest base station. The control message signals the system controller that the particular base station is communicating with the mobile station. The controller 10 then routes the call to the mobile station through the nearest base station.
If the mobile station 18 moves out of the coverage area of the original base station, base station 16, an attempt is made to continue the call by routing the call through another base station. During handover there are different methods of initiating a call handover or routing through another base station.
In the base station initial handoff method, the initial base station, i.e., base station 16, notices that the signal transmitted by mobile station 18 has fallen below a certain threshold. The base station 16 then sends a handover request to the system controller 10, which relays the request to all base stations 16' neighboring base stations 12, 14. The request sent by the controller includes information related to the channel, including the PN code sequence used by the mobile station 18. The base stations 12 and 14 tune the receiver to the channel used by the mobile station and measure the signal strength, typically using digital techniques. If one of the base station 12 and 14 receivers reports a stronger signal than the signal strength reported by the original base station, the base station is handed off.
Alternatively, the mobile station itself may initiate a so-called mobile assisted handover. The base stations each transmit pilot signals that, among other things, identify the base station. The mobile station is equipped with a searcher receiver that, among other functions, is used to scan the pilot signal transmissions of the neighboring base stations 12 and 14. If it is perceived that the pilot signal of one of the neighboring base stations 12 and 14 is stronger than the given threshold, the mobile station 18 sends an associated message to the current base station 16.
The interaction process between the mobile station and the base stations allows the mobile station to communicate through one or more of the base stations 12, 14 and 16. In this process, the mobile station identifies and measures the signal strength of the pilot signals it receives. This information is communicated to the MSC by a base station that is in communication with the mobile station. The MSC, upon receiving this information, initiates or terminates the connection between the mobile station and the base station to effectuate a mobile-assisted handoff.
The above procedure may also be considered a "soft" handover because the mobile station communicates simultaneously through more than one base station. During soft handoff, the MSC combines or selects between the signals received from each of the base stations with which the mobile unit communicates as it moves between different cells. The MSC can thus relay signals from the PSTN to the base station with which each mobile unit is in communication. Mobile assisted handoff is further complicated if the mobile station happens to be located within the coverage area of two or more base stations rather than within the same cellular system, i.e., not controlled by the same MSC.
A method of effecting handoff between base stations in different systems IS described with reference to fig. 2, which schematically illustrates a cellular communications network 30 comprising a CDMA cellular system (e.g., IS-951X) under the control of a CDMA mobile switching center MSC and a GSM cellular system under the control of a GSM mobile switching center MSCg. In fig. 2, five such example base stations B1A through B5A are illustratively shown, located respectively in cells C1A through C5A of the CDMA system, and five base stations B1B through B5B located respectively in cells C1B through C5B of the GSM system. Although cells C1A through C5A and C1B through C5B are shown as circles for ease of illustration, it will be appreciated that cells are generally designed in other shapes and, in fact, the shape will depend on the topography and topology of the area in which it is located. In the following description, cells C1A through C3A and C1B through C3B may be referred to as "border" cells because these cells are near the border of the first and second cellular systems. This nomenclature allows the remaining cells within each system to be conveniently referred to as "interior" cells.
The following description will be given with respect to a mobile station that is capable of receiving and reacting to signals from base stations in CDMA and GSM cellular systems. However, any type of communication system is contemplated, such as CDMA one, CDMA2000, CDMA 20001 x, CDMA 20003 x, high data rate principles (HDR), CDMA 1xEV, CDMA 1xEVDO, TDMA, TDSCDMA, W-CDMA, GPRS, and others. For this purpose, the mobile station is configured with a dual-band transceiver with a receive chain that is tuned to different operating frequencies of the two cellular systems. A schematic diagram of such a mobile station is given in the drawing of fig. 3. As shown therein, the mobile station 40 includes an antenna 42 connected through a duplexer 44 to a CDMA transmit and receive chain 46 and a GSM transmit and receive chain 48. The transmit/receive chains 46, 48 are conventional for the respective CDMA and GSM systems. The chain output is suitably demodulated and the data converted to conventional baseband circuitry 50. The transmit/receive chains 46, 48 are controlled by a controller 52 which also switches between the two chains in response to command signals from the CDMA and GSM systems. Thus, in this embodiment, the two chains are not active simultaneously. In another embodiment, both chains may be active at the same time.
In another embodiment, the mobile station is configured with a single transceiver having a receive chain that can be tuned to one of the cellular systems of the two cellular systems. The drawing of fig. 5 gives a schematic diagram of such a mobile station. As shown therein, the mobile station 53 includes an antenna 54. The duplexer 55 is connected to a CDMA transmit and receive chain 56 (if it is a CDMA handset). Otherwise, the mobile station 53 is connected to the GSM transmit and receive chain 57. The transmit/receive chains 56, 57 are conventional for the respective CDMA and GSM systems. The chain output is suitably demodulated and converts the data to conventional baseband circuitry 58 and receives the transmit data from the baseband circuitry 58. The transmit/receive chain or chains 56 or 57 are controlled by a controller 59.
Returning to fig. 2, a CDMA mobile switching center (MSCc) controls the routing of telephone calls from the Public Switched Telephone Network (PSTN) to the appropriate base stations B1A to B5A for transmission to designated mobile stations. The CDMA mobile switching center MSCc also controls the routing of calls from mobile stations within the coverage area of the first cellular system to the PSTN through at least one base station. The GSM mobile switching center MSCg operates in a similar manner to manage the operation of the base stations B1B through B5B and to route calls between the PSTN and the GSM cellular system. Control messages and the like are communicated between MSCc and MSCg over the intersystem data link 34.
When a mobile station is located in an interior cell of a CDMA system, the mobile station is typically programmed to monitor pilot signal transmissions from nearby (i.e., interior and/or border) base stations. The mobile station then determines which interior cell it is in by comparing the strength of the pilot signals transmitted from the surrounding base stations. When the mobile station approaches the border of an interior cell, a mobile-assisted handover may be initiated in the manner described, for example, in U.S. patent No. 5267261.
A different situation exists when the movement is within one of the border cells C1A to C3A or C1B to C3B. As an example, consider a case where a mobile station is located within cell C2A but is approaching cell C2B. In this case, the mobile station may begin receiving available signal levels from base station B2B, which may then be reported to base station B2B as well as any other base stations with which the mobile station is currently communicating. The time at which the available signal level is received by the mobile station or base station may be determined by measuring one or more quantifiable parameters of the received signal, such as signal strength, signal-to-noise ratio, frame erasure rate, bit error rate, and/or relative time delay. The mechanism is similar to that described in the above-identified U.S. patent No. 5697055.
If both systems are CDMA systems, the handover mechanism described in U.S. Pat. No. 5697055 may be used to effect a handover between cells C2A and C2B. There is a problem, however, because there is currently no mechanism for handing off calls using the air interface from the CDMA network to the GSM network. GSM authentication cannot be done because the CDMA mechanism cannot transmit the data needed to perform GSM authentication. Encryption in GSM differs from encryption in CDMA. If new messages are added to the air interface in order to support a dual mode mobile station, modifications must be made to support these new messages. This is not desirable.
The solution to this problem is to use a generic message that includes instructions that enable the mobile station to transmit from the CDMA network to the GSM network. This type of generic message must be able to convey the data necessary to implement GSM authentication and encryption. Preferably, the generic message may also support other supplementary features within GSM. In other words, the established GSM protocol must remain unchanged to minimize any changes within the existing GSM system. Part of the handover operation includes establishing the subscriber identity and once the handover is effected, data confidentiality (encryption) of the signalling and physical connections must be maintained. The definition and operational requirements of subscriber identity authentication are given in GSM 02.09.
The authentication process is also used to set the encryption key. Thus, the authentication process is implemented after the network has established the subscriber identity and before the channel is encrypted. Two network functions are necessary to achieve this, namely the authentication process itself and the management of authentication and encryption keys within the system.
In this way, a channel mechanism is used that is available at any time (in the case of handover and in the case of non-handover), and may be unidirectional or bidirectional. One type of tunneling mechanism is the so-called ADDS (application data delivery service) message and short data burst message that are transparently passed within the CDMA system GSM parameters, which are not typically checked by the GSM base station controller BSC, but are required by the dual mode mobile station. The use of ADDS messages with data bursts enables generic payloads (such as SMS, location positioning server, OTASP) to be sent between mobile services switching centers (MSCs) of the network or other elements of the network. The system takes advantage of this point to transfer GSM information end-to-end between the network and the mobile station without requiring any changes to the CDMA BSC or BTS.
In the network arrangement shown in fig. 2, ADDS messages are used to convey GSM handover data, such as timing information and authentication data from the MSC to the mobile station through the BSC. The mobile station then uses a so-called MAP (mobile application protocol) message to convey the handover data to the MSCg within the GSM network. This requires only minor changes to the MSCg so that it can interpret the data in the MAP message and control the mobile station accordingly. Of course other methods of transferring data are possible.
When the mobile station is at the boundary of the CDMA and GSM systems (e.g., within cell C2A and approaching cell C2B), the mobile station begins the handoff process by sending a message back to the MSCc informing the MSCc that the mobile should be handed off to the GSM system.
A cell database (not shown) may be used as part of the handover procedure. The database is used to provide the necessary information to the mobile station over the GSM network so that it can effect a handoff between the CDMA MSC and GSM, as needed.
Within the GSM system, there are two types of handover available, namely synchronous and asynchronous. Asynchronous handover is preferred for simplicity of implementation. The mobile station is thus informed that the handover will be an asynchronous handover to GSM. After the mobile station receives the handover command, the mobile station first sends several access bursts to the GSM base station controller BSCg until it receives back a MAP handover message, which is sent back to the CDMA MSC to enable GSM authentication data to be generated and provided to the mobile station. GSM has an asynchronous handoff process with data bursts to help BSCg acquire the timing of the mobile station. The ADDS message thus includes an 'action time' message indicating the specific time at which the handover is to occur. Only once the data is received will the mobile station begin normal transmission.
Another problem with handover between CDMA and GSM is that CDMA and GSM authentication use two different methods and keys. The authentication methods in GSM and CDMA 1X are basically the same, but the keys are different in size. CDMA 1X has additional procedures such as unique challenge responses and technical methods, which accordingly prevent information hijacking and replay attacks. For the CDMA physical layer to be used in the GSM system, the GSM authentication method response is reused at the CDMA physical layer. This provides the benefit that the system does not have to support two different types of authentication centers, two types of SIM cards.
The authentication process involves a series of exchanges between the system and the mobile station. The system sends an unpredictable number RAND to the mobile station. Next, the mobile station calculates the result SRES, also called signature of the RAND number, using an algorithm called the a3 algorithm. The a3 algorithm uses RAND and a single subscriber authentication key Ki to calculate SRES. The subscriber authentication key Ki is assigned when the user first subscribes to a service and is stored in a SIM (subscriber identity module) card and in a Home Location Register (HLR) of the system. Ki is the private key in encryption and is therefore not sent over the network. Finally, the mobile station sends the signature SRES to the system, where it is validity tested.
It is worth noting that the use of encryption keys and the authentication process are independent of the handover process. Figure 4 of the accompanying drawings illustrates how authentication is implemented in a GSM MSC. The authentication key within GSM is called Ki and is 128 bits long. The network generates a random number (RAND), which is also 128 bits in length. RAND and Ki are input to the a3 algorithm, which computes a 32-bit result (SRES) from the input data. The RAND number is also sent over the air message to the mobile station. In the GSM system, each mobile station comprises a smart card, a so-called SIM (subscriber identity module) card. Standard SIM commands for authentication are specified in GSM 11.11. These instructions are only allowed to be executed if they do not interfere with the correct functioning of the GSM application. If the SIM is removed from the mobile station in a call, the call is immediately terminated, as defined by GSM 11.11.
The SIM in the mobile station also operates by applying the a3 algorithm to the received RAND number and a locally stored copy of Ki. The result of the calculation should be the same as the SRES calculated by the network. The result SRES is thus sent by the mobile station to the network where it is compared with the SRES value calculated by the network. If the two SRES values are the same, the mobile station is authenticated as authentic. In the system of fig. 2, the RAND number is sent over the air interface using the ADDS message and the result SRES is sent back.
The value of SRES is also used in an algorithm called A8 to calculate a 64-bit encryption or encryption key Kc. The Kc key generated by the SIM within the mobile station using the GSM authentication and encryption algorithm is applied to the CDMA physical layer in place of the private long code mask typically generated using the CDMA CAVE algorithm. The 64-bit Kc key uniquely maps to the 42-bit private long code and thus serves as the basis for the "private long code mask" to provide voice privacy. The private long code mask is passed through the CDMA message and is not interpreted differently than it was generated from the CAVE algorithm. Using a method of securing such speech enables the system to maintain a unique authentication center and a unique SIM type in a hybrid CDMA/GSM network.
GSM implements encryption at the frame level. Each frame is encrypted using the frame number and a 64-bit Kc key, which is derived as discussed with reference to fig. 4. The frame number and Kc mask are applied to each frame, and in CDMA 1X systems, encryption is implemented using a 42-bit private long code. In the hybrid system of fig. 2, the Kc key is used to derive the 42-bit private long code mask, and a mapping algorithm maps between Kc and the private long code. This mapping is implemented within the MSCc, which simply tells the BSC which private long code to use.
ADDS operations enable transparent service transport between land network elements (e.g., MSC, SMS, PDC) and the mobile station. The system uses this operation to transmit authentication information RAND to the MS and SRES back to the MSC. The ADDS message operates from MSCc to BSCc and allows data to be sent back to the mobile station on the paging channel. The ADDS transfer operation goes from BSCc to MSCc and allows data to be sent from the mobile station to the network on the access channel. The ADDS transfer operation goes from MSCc to BSCc, or BSCc to MSCc, and allows data to be sent over the traffic channel between the mobile station and the network. The ADDS parameter has been defined as the "ADDS user part," which includes a 6-bit "data burst type," the 6 bits indicating the format of the application data message. The ADDS operation uses the ADDS user part parameters to contain the service specific data. The authentication operation uses the ADDS user part to carry authentication data. The described system uses a new data burst type, named "GSM-MAP authentication", which is interpreted accordingly by the mobile station.
It is noted that the example embodiments may be implemented when a database storing information pertaining to the authentication process is present at the receiving end or is accessible at the receiving end. The processor of the example embodiment may be used to implement one encryption scheme with one party and another encryption scheme with another party. A basic implementation of the example embodiments may be implemented without a physical connection to an intermediate resource, as communications with the separate parties are sent over a wireless medium.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. The skilled person will know the interchangeability of hardware and software in these cases. By way of example, the various illustrative embodiments disclosed herein may implement or perform the illustrative logical blocks, flowcharts, windows, and steps in hardware or software using the following list to implement the functions described herein, including: an Application Specific Integrated Circuit (ASIC), a programmable logic device, discrete gate or transistor logic, discrete hardware components such as registers within a FIFO, a processor executing a set of firmware instructions, any conventional programmable software and processor, a Field Programmable Gate Array (FPGA) or other programmable logic device, or a combination of any of the above. A general purpose processor is preferably a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, a hard disk, a removable disk, a CD-ROM, a DVD-ROM, registers, or any other magnetic or optical storage medium. Those of skill in the art would understand that information and signals may be represented using any of a variety of different technologies and techniques. For example, data, instructions, commands, information, signals, bits, symbols, and chips that may be referenced throughout the above description may be represented by voltages, circuits, electromagnetic waves, magnetic fields or particles, optical fields or particles, or any combination thereof.
The previous description of the preferred embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without the use of the inventive faculty. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (16)
1. In a system having a mobile station, a first base station in a first cellular communication system controlled by a first mobile switching control station, and a second base station in a second, different cellular communication system controlled by a second mobile switching control station, a method comprising:
generating an encryption key for the mobile station for use by the mobile station during communication within the second cellular communication system, the encryption key being generated by the mobile station from a private key assigned to the mobile station of the second cellular communication system and a random number generated by the second cellular communication system;
passing the encryption key to the first cellular communication system; and
a private long code is generated for the mobile station for use by the mobile station during communication within the first cellular communication system.
2. The method of claim 1, wherein the first cellular communication system includes a channel for communicating data between the first cellular communication system and the mobile station, and wherein the method further comprises transmitting the encryption key to the first cellular communication system using the channel for transmitting data.
3. The method of claim 2, wherein said channel is a paging channel.
4. The method of claim 1, wherein the first cellular communication system includes a first base station controlled by a first mobile switching control station, and the second cellular communication system includes a second base station controlled by a second mobile switching control station, wherein:
measuring, at a mobile station, a parameter of a signal transmitted by the first base station;
measuring, at the mobile station, a parameter of a signal transmitted by the second base station;
communicating a signal quality message from the mobile station to said first mobile switching control station via the first base station when the parameter reaches a predetermined condition;
generating information for the channel request message at the first mobile switching control station for the second mobile switching control station;
communicating information from the first mobile switching control station to the mobile station;
generating a channel request message at the mobile station for the second mobile switching control station from information from the first mobile switching control station; and
the channel request message from the mobile station is communicated to the second mobile switching control station.
5. The method of claim 4, further comprising generating channel information at the second mobile switching control station identifying a channel within the second communication system for the mobile station.
6. The method of claim 5 further comprising establishing communication between said mobile unit and said second base station within the identified channel.
7. The method of claim 6 further comprising terminating communication between said mobile unit and said first base station.
8. The method of claim 4, wherein said parameter corresponds to signal strength.
9. The method of claim 4 wherein said first cellular communication system is a CDMA system.
10. The method of claim 9, wherein said second cellular communication system is a GSM system.
11. A mobile station, comprising:
a transceiver chain for receiving and transmitting signals with a base station in a cellular communication system; and
a controller for:
receiving a random number generated by a cellular communication system; and
an encryption key is generated for the mobile station for use by the mobile station during communications within the cellular communication system, the encryption key being generated from a private key assigned to the mobile station of the second cellular communication system and the received random number.
12. In a system having a mobile station, a first base station in a first cellular communication system controlled by a first mobile switching control station, and a second base station in a second, different cellular communication system controlled by a second mobile switching control station, an apparatus comprising:
means for generating an encryption key for the mobile station, the encryption key being used by the mobile station during communication within the second cellular communication system, the encryption key being generated by the mobile station from a private key assigned to the mobile station of the second cellular communication system and a random number generated by the second cellular communication system;
means for communicating the encryption key to the first cellular communication system; and
means for generating a private long code for the mobile station for use by the mobile station during communication within the first cellular communication system.
13. The apparatus of claim 12 wherein the first cellular communication system includes a channel for transferring data between the first cellular communication system and the mobile station, and wherein the apparatus further comprises means for transmitting the encryption key to the first cellular communication system using the channel for transmitting data.
14. The apparatus of claim 13, wherein the channel is a paging channel.
15. The apparatus of claim 12 wherein said first cellular communication system is a CDMA system.
16. The apparatus of claim 15, wherein said second cellular communication system is a GSM system.
Applications Claiming Priority (9)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US34075501P | 2001-12-07 | 2001-12-07 | |
| US60/340,755 | 2001-12-07 | ||
| US35040102P | 2002-01-17 | 2002-01-17 | |
| US60/350,401 | 2002-01-17 | ||
| US10/077,502 US6594489B2 (en) | 2001-12-07 | 2002-02-14 | Method and apparatus for effecting handoff between different cellular communications systems |
| US10/077,502 | 2002-02-14 | ||
| US35849102P | 2002-02-19 | 2002-02-19 | |
| US60/358,491 | 2002-02-19 | ||
| PCT/US2002/039209 WO2003051072A1 (en) | 2001-12-07 | 2002-12-05 | Apparatus and method of using a ciphering key in a hybrid communications network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| HK1074959A1 HK1074959A1 (en) | 2005-11-25 |
| HK1074959B true HK1074959B (en) | 2007-05-18 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7016326B2 (en) | Method and apparatus for effecting handoff between different cellular communications systems | |
| JP5108054B2 (en) | Handoff in hybrid communication networks | |
| US7346032B2 (en) | Method and apparatus for effecting handoff between different cellular communications systems | |
| US6594489B2 (en) | Method and apparatus for effecting handoff between different cellular communications systems | |
| JP2011229185A (en) | Device and method using deciphering key in hybrid communication network | |
| US7054628B2 (en) | Apparatus and method of using a ciphering key in a hybrid communications network | |
| JP4597520B2 (en) | Authentication in hybrid communication networks | |
| HK1074959B (en) | Apparatus and method of using a ciphering key in a hybrid communications network | |
| HK1074947A (en) | Authentication in a hybrid communications network | |
| HK1075982B (en) | Handoff in a hybrid communication network |