[go: up one dir, main page]

WO2000044130A1 - Procede, systeme et agencement pour fournir des services sur l'internet - Google Patents

Procede, systeme et agencement pour fournir des services sur l'internet Download PDF

Info

Publication number
WO2000044130A1
WO2000044130A1 PCT/SE2000/000048 SE0000048W WO0044130A1 WO 2000044130 A1 WO2000044130 A1 WO 2000044130A1 SE 0000048 W SE0000048 W SE 0000048W WO 0044130 A1 WO0044130 A1 WO 0044130A1
Authority
WO
WIPO (PCT)
Prior art keywords
gateway node
verification
network
subscription
mobile station
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/SE2000/000048
Other languages
English (en)
Inventor
Ulf Berggren
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NETCOM AB
Original Assignee
NETCOM AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NETCOM AB filed Critical NETCOM AB
Priority to AU23359/00A priority Critical patent/AU2335900A/en
Publication of WO2000044130A1 publication Critical patent/WO2000044130A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • H04L12/1453Methods or systems for payment or settlement of the charges for data transmission involving significant interaction with the data transmission network
    • H04L12/1482Methods or systems for payment or settlement of the charges for data transmission involving significant interaction with the data transmission network involving use of telephony infrastructure for billing for the transport of data, e.g. call detail record [CDR] or intelligent network infrastructure
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels

Definitions

  • the present invention relates to a method, a system and a node for providing services on an Internet Protocol based network.
  • IP-telephony Internet Protocol telephony
  • E-commerce electronic commerce
  • One way of billing a customer is to bill his credit account number.
  • many customers are not willing to transfer their credit account numbers over the Internet, as there is a risk it might fall into wrong hands and be misused. It may not even be allowed to use certain credit cards over the Internet.
  • Someone may be eaves- dropping on the Internet or may succeed in manipulating a server on which a company has stored the credit card numbers of its customers. This fear of potential misuse of credit card numbers is probably the major reason why the electronic commerce on the Internet has not increased even further.
  • Another way for a customer to pay for his purchase is, for example, to transfer the payment from one account to another account within the same bank.
  • both parties i.e. the E-commerce company and its customer
  • the accounts of the customer and the E-commerce company are at separate banks.
  • Such systems can also include the transferring of a credit card number in an encrypted form from the customer to one of the banks.
  • An example of such a system is the SET- system (Secure Electronic Transactions) .
  • SET- system Secure Electronic Transactions
  • the security will be reflected by the administration routines used for handling payment transaction.
  • Such routines involve the actual payment, but also the identification of the customer.
  • a high security will often require more complicated administrative routines and, thus, a more expensive system to implement and for a company to participate in.
  • IP-telephony allows a user to make cheap outbound calls in a more or less convenient manner.
  • a major disadvantage is that incoming calls can only be received under certain restricted conditions. For example, the user has to be connected to the Internet via a particular Internet Service Provider, or Voice-over- Internet Provider, with which he has a subscription. Also, the user is dependent upon having access to his normal equipment that has the appropriate software being preconfigured in accordance with his subscription. More important, a user is not free to change his physical location, i.e. his Internet Protocol address, if he wishes to be able to receive incoming calls over the Internet. The reason for this is that the calling party, or rather the telecommunications network, does not know to which voice-over-Internet server the call should be routed.
  • An object of the present invention is to provide a service on an Internet Protocol based network which in a simple and reliable way verifies an end user accessing said network.
  • Another object of the invention is to provide a con- tent provider on an Internet Protocol based network with a service offering the provider a large potential customer base in which each customer can be verified in a simple and reliable way using said service.
  • a method for providing services on an Internet Protocol based network to which an end user and a server are connected comprising the steps of: reading an IC card storing subscription information relating to a subscription with an operator of a digital cellular radio communications network, for example a GSM network, at a terminal operated by said end user; requesting a gateway node to verify said end user by means of transmitting from said server to said gateway node a message containing a verification request, said gateway node being connected to said Internet Protocol based network and to either said digital cellular radio communications network or to a network of the same kind as said digital cellular radio communications network; and responding to said verification request with a message from said gateway node to said server, said message being based on a veri- fication of said subscription stored on said IC card, which card for example is a Subscription Identity Module (SIM) card, in accordance with a verification scheme, for example a GSM authentication scheme, applied by said digital cellular
  • SIM Subscription Identity Module
  • a system for providing services on an Internet Protocol based network to which an end user and a server are connected said system including: an IC card storing subscriber information relating to a subscription with an operator of a digital cellular radio communications net- work, for example a GSM network; a terminal operated by said end user and arranged to read said subscriber information from said IC card; and a gateway node interconnecting said Internet Protocol based network with either said digital cellular radio communications network or with a network of the same kind as said digital cellular radio communications network, said node including: receiving means for receiving a verification request from said server to verify said end user; and verification means for performing a verification of said subscription stored on said IC card, which card for example is a
  • SIM Subscriber Identity Module
  • a gateway node for providing services on an Internet Protocol based network, to which network a terminal of an end user and a server of a content provider are connec- ted, said terminal being arranged to read an IC card storing subscriber information relating to a subscription with an operator of a digital cellular radio communications network, for example a GSM network, wherein said gateway node interconnects said Internet Protocol based network with either said digital cellular radio communications network or with a network of the same kind as said digital cellular radio communications network, said gateway node having the features as defined above in connection with the second aspect of the invention.
  • the present invention is based on the idea of providing services on the Internet that are based on pre- existing and reliable functionality, in particular an existing user authentication functionality, applied in a digital cellular radio communications network.
  • Such services are to be utilized by servers on the Internet, in particular servers of content providers, that for some reason want to verify the identity of a user, or a customer, accessing the server.
  • said terminal operated by said end user is a computer, for example a personal computer, arranged to read a SIM card via a SIM card reader connected to the computer.
  • the com- puter is also used by the user for accessing the Internet.
  • the computer and the gateway node are arranged to communicate over the Internet using standard GSM signalling mechanisms. This communication includes exchanging GSM authentication parameters in the process of verifying the subscriber of the SIM card. This verification is performed in accordance with the verification, or authentication, normally applied in a GSM network.
  • the gateway node includes a database implementing GSM VLR functionality as well as other necessary means and software for communicating with the GSM network, to which the subscription is associated, in order to make use of the charging and location update procedures provided in the GSM network.
  • said terminal operated by said end user is a mobile station comprised of a mobile equipment reading a SIM card.
  • a temporary verification code is assigned to the GSM mobile station number by the gateway node as a result of reception of the call and, thus, as a result of the calling subscriber having been authenti- cated by the GSM network.
  • This number and code can be utilized by the user when communicating with a server of a content provider, using the normal computer equipment used for accessing the Internet, in order for the user to finally be verified by the server of the content pro- vider.
  • the mobile station establish a communication with the gateway node by means of transmitting a SMS (Short Message Service) message, in which case a call is made from the gateway node back to the GSM mobile station in order to transfer the temporary verification code.
  • SMS Short Message Service
  • an operator of the gateway node is able to provide services relating to customer authentication and invoicing of customers to any content provider on the Internet. It is also possible to provide a customer locating service to a voice-over-Internet con- tent provider. All the Internet user, or customer, needs is a GSM subscription with which he can roam outside his HPLMN.
  • a terminal such as a personal computer
  • the user is assumed to have the tools necessary for accessing the Internet (such as a PC or the like, a modem and an Internet subscription with an Internet Service Provider) .
  • charging records are produced and fed into the invoicing mechanism of the cellular network.
  • the invention offers a secure and simple way of verifying and charging an end user on the Internet.
  • any server connected to the Internet can use the open interface provided by the gateway node to verify and/or charge the end user that accesses the server.
  • the end user has to have his IC card storing his subscriber information connected to the IC card reader of his terminal, or, in accordance with another embodiment, to his mobile equipment (ME) .
  • ME mobile equipment
  • any content provider on the Internet can arrange for its server to use the services provided by the present invention.
  • a content provider is anyone providing a service on the Internet.
  • Such services include, inter alia, electronic commerce, IP telephony and the actual Internet access itself.
  • a content provider can target all customers having a subscription with an operator of a cellular network, such as a GSM network, since the roaming principles of the cellular network allows for operators to offer services to other operators' customers. In this way a great number of potential customers is opened to an
  • MSISDN GSM Mobile Station Integrated Service Digital Network
  • the gateway node according to the invention is preferably operated by an operator providing verification, charging and mobility services on the Internet, i.e. an Internet Charging and Mobility Provider.
  • the gateway node should be interpreted as a logical node, which can be realised as either one single physical unit or as a number of physical separate units, or sub- nodes, among which the functionality of the logical gateway node is distributed.
  • Fig. 1 shows a system and its operation in accor- dance with an embodiment of the present invention
  • Fig. 2 shows a system and its operation in accordance with another embodiment of the present invention
  • FIG. 3 shows a system and its operation in accordance with yet another embodiment of the present inven- tion
  • Fig. 4 schematically shows a gateway node included in the embodiment described with reference to Fig. 1;
  • Fig. 5 schematically shows a gateway node included in the embodiments described with reference to Fig. 2 and Fig. 3.
  • Fig. 1 shows an exemplified system and its operation in accordance with an embodiment of the present inven- tion.
  • a gateway node 100 is connected to an Internet Protocol based network 110, such as the Internet, and a digital cellular radio communications network 120.
  • a server 130 of a content provider in this case an E-commerce provider selling products or services over the Internet.
  • Another content provider being an Internet Service Provider (ISP)
  • ISP Internet Service Provider
  • An IC card 160 stores subscriber information relating to a subscription with an operator of a digital cellular radio communications network.
  • This cellular network is called a Home Public Land Mobile Network (HPLMN) and corresponds in Fig. 1 to either the cellular network 120, to which the gateway node is connected, or to a cellular network 125, which the gateway node is connected to via intermediate telecommunications facilities.
  • HPLMN Home Public Land Mobile Network
  • the connection between the gateway node 100 and the cellular network 120 may also, alternatively, be over intermediate communications facilities, such as a switched telecommunications network in the form of a Public Switched Telephone Network.
  • one of the cellular networks 120 and 125 is the HPLMN of the subscription stored on the IC card 160.
  • the cellular network 120 constitutes a Visited Public Land Mobile Network (VPLMN) .
  • the IC card 160 is received and read by a terminal 162, which terminal is a mobile station operated by an end user.
  • the end user uses the mobile station 162 to access the gateway node via one of the cellular networks, i.e. 120 or 125.
  • the end user operates a second terminal 164, preferably a Personal Computer (PC) .
  • PC Personal Computer
  • Fig. 1 the digital cellular radio communications networks 120 and 125 are exemplified with GSM mobile communication networks (Global System for Mobile communication) . Since the architecture, and operational aspects, of GSM are well known to persons skilled in the art, only those aspects of GSM which are of direct relevance to the embodiments of the present invention will from hereon be described.
  • GSM Global System for Mobile communication
  • a GSM network typically includes a Home Location Register (HLR) 180, an Authentication Centre (AUC) 181, a Visiting Location Register (VLR) 182, one or more Mobile service Switching Centres (MSC) 184, a number of Base Stations (BS) 185, and means 188 for implementing a Billing Customer Administration (BCA) functionality, as indicated in the GSM network 120.
  • the GSM network 125 has the corresponding elements, i.e. HLR 190, AUC 191, MSC 194, BS 195 and BCA 198.
  • the combination HLR and AUC keeps all information relating to the GSM subscribers of an operator' s GSM network and also knows the last location of any one of these subscribers.
  • the VLR 182 which often is integrated with an MSC 184 and its functions, is a register storing subscriber information received from the HLR 180 and relating to subscriber which have roamed to the area covered by the particular VLR 182, which area is a part of the total area covered by the GSM network 120.
  • the BCA 188 is used by the operator of the GSM network 120 when billing its subscribers.
  • the operation and functioning of an MSC 184 and a BS 185, as well as other elements and their functions, are well known to a person skilled in the art and not of relevance in the context of the present invention.
  • the IC card 160 will be a SIM (Subscriber Identity Module) card.
  • the SIM card 160 uniquely identifies a GSM subscriber to the network and holds information and algorithms for subscriber authenti- cation and encryption, as is well known to a person skilled in the art.
  • Fig. 1 The following is a description of the operation of the system, when providing services on the Internet, as depicted in Fig. 1.
  • the activities described below have been numbered and each number indicated in Fig. 1 in order to more clearly illustrate which element (s) that is/are involved in a certain activity.
  • the user chooses "GSM" as charging method, possibly among a number of choices of charging methods, and is then asked by the server 130 to enter his mobile station number, or an alias corresponding to this number, and a password.
  • the mobile station number possibly via said alias, uniquely identifies the user's subscription in the Public Switched Telephone Network (PSTN) numbering plan with an operator of a cellular network. Since the cellular network is a GSM network, the mobile station number would be a GSM Mobile Station Integrated Service Digital Network (MSISDN) number.
  • PSTN Public Switched Telephone Network
  • the password is obtained by the user from the gateway node 100 in step 3. This is accomplished by establishing a communication from the GSM mobile station to the gateway node, for example by dialling a public tele- phone number from the mobile station 162, and thereby calling the gateway node 100 via the users HPLMN, or if the user is roaming, via a VPLMN.
  • the gateway node 100 answers the call and prompts the user to enter a special PIN (Personal Identity Number) code, which code was assigned to the user by the operator of the gateway node 100 when the user started to subscribe for the services offered by the gateway node operator.
  • PIN Personal Identity Number
  • the gateway node examines the calling A-subscriber number in order to check that the number is a number of a sub- scriber in a GSM network.
  • the mere fact that the subscriber has been able to call the gateway node 100 using his GSM subscription is a receipt on that the subscriber has been authenticated by the GSM network 120 or 125.
  • the gateway node could also, to add extra security to the verification procedure, disconnect the GSM connection and initiate a new connection with the GSM subscriber.
  • the subscriber sends an SMS (Short Message Service) to the gateway node, which also is a receipt on that the sub- scriber has been authenticated by the GSM network.
  • SMS Short Message Service
  • the verification of the subscriber performed by the gateway node 100 is thus based on the authentication performed by the GSM network 120 or 125, after which authentication a number of additional measures are taken by the gateway node as further described below. If the special PIN code received from the user is correct, i.e. if it matches the user's MSISDN recorded by the gateway node as the user call was received, the gateway node 100, in step 5, assigns another PIN code, being a Temporary PIN code (TPIN), to the user.
  • the TPIN is associated with the MSISDN of the user and stored together with the MSISDN in the gateway node 100 for later use, as well as being transmitted to the user's mobile station.
  • the TPIN is transmitted to the user's mobile station with in a call from the gateway node to the mobile station.
  • the TPIN is temporary in the sense that it only is valid for a short time and can only be used at one occasion by the user after it has been allocated to him.
  • the TPIN received by the user via his mobile station 162 is then in step 6 used in the Internet session with the Internet server 130 being accessed using the second terminal 164, in this case a server of an E-commerce provider.
  • the user enters, using the second terminal 164, his MSISDN as user id and the received TPIN code as password, all in accordance with the prompting of the server 130.
  • the server 130 includes the MSISDN and the TPIN received from the user in a verification request transmitted over the Internet 110 to the gateway node 100.
  • the gateway node 100 extracts the MSISDN from the verification request, finds the corresponding MSISDN and its previously associated TPIN stored within the gateway node, and checks if the previously stored TPIN is equal to the TPIN extracted from the received verification request. If the TPIN codes are found to be matching, the verification of the user at the gateway node is completed and a response is transmitted to the server 130 indicating a confirmation, or possibly a rejection, to the verification request.
  • step 9 following a received notification that the user has been verified by the gateway node 100, the server 130 transmits a charging request including the verified MSISDN to the gateway node requesting the node to charge that particular MSISDN, either by using usage based charging or by charging the subscriber a certain amount.
  • the gateway node 100 charges the subscription having the particular MSISDN by either producing a Call Detail Record (CDR) , referenced in Fig. 1 as step 10a, or a Transfer of Account Procedure Record (TAP), referenced as step 10b.
  • CDR Call Detail Record
  • TAP Transfer of Account Procedure Record
  • this charging step may preferably involve checking an agreed credit level for the particular MSISDN, in which case only amounts lower than said credit level will be accepted by the gateway node when performing the service of charging the subscriber. This credit level is either stored in the gateway node or received, upon request from the node, from the GSM network. If the HPLMN of the subscription having the particular MSISDN is the GSM network 120, a CDR record is generated by the gateway node 100 and transmitted over the GSM network 120 to the Billing Customer Administration system 188 of that network, this is indicated as step 10a.
  • a TAP like record is generated by the gateway node in accordance with the TAP standard and transmitted to a clearing house 123.
  • a clearing house is a unit that receives TAP records from operators and that clears these the operators' internal invoices for roaming customers.
  • the internal invoice of GSM network 120 will be cleared and the BCA of the GSM network 125 receives information from the clearing house based on which it will bill its own subscriber.
  • the gateway node will transmit a rejection or a confirmation back to server 130 as a result to said charging request.
  • the gateway node 100 will later be further described with reference to Fig. 4. It should be understood that the system operation described above also is suited in a situation where the Internet Service Provider, ISP, wishes to verify and charge its customers for the service of providing Inter- net access using the verification and charging procedures provided by the GSM network, rather than having to administrate its own billing system.
  • the server transmitting requests for verification and charging to the gateway node will be the access server 140 belonging to the ISP rather than the server of the E- commerce provider as described above.
  • FIG. 2 another embodiment of the system and its operation according to the present invention is schematically illustrated.
  • the basic system configuration corre- sponds to that of Fig. 1.
  • All elements in Fig. 2 that have been assigned the same reference numerals as in Fig. 1 are identical to and have the same operation as the corresponding element described with reference to Fig. 1.
  • Only operational aspects that differ from the operations described with reference to Fig. 1, as well as additional aspects that are relevant to the embodiment illustrated by Fig. 2, will be described below.
  • the GSM network 120 is the HPLMN network of the subscription stored on the IC card 160
  • the other GSM network 125 is a VPLMN network.
  • the IC card 160 which again is a SIM card
  • the terminal 262 is a stationary computer, for example a Personal Computer (PC) .
  • the PC executes a software application which communicates with the SIM card via the SIM card reader, with the user via a PC screen and with the gateway node 200 via an Internet Protocol connection over the Internet 110.
  • the gateway node 200 has an operation and an internal structure which differs from that of the gateway node referred to in Fig. 1.
  • the gateway node 200 includes a database in the form of a GSM VLR as well as some parts of the functionality normally found in a GSM MSC/VLR in a GSM system.
  • the operation of the gateway node and its interaction with the GSM networks 120 and 125 is described below.
  • the internal structure of the gateway node itself is more clearly described with reference to Fig. 5.
  • step 1 a user having access to the Internet via its ISP contacts a server 230 of a content provider, for example an E-commerce provider, and decides to make a purchase of some sort, the user chooses "GSM" as charging method.
  • the server 230 then in step 2 transmits a verification request to the gateway node 200. Included in this verification request is an Internet Protocol address associated with the terminal 262 operated by the user.
  • step 3 the gateway node 200 requests the termi- nal 262 at the previously received IP address to perform a registration request.
  • a registration request is then in step 4 transmitted by the terminal 262 over the Internet as an IP message to the gateway node 200.
  • the transmitted registration request is the same kind as the one a mobile station transmits when switched on or when roaming into a new geographical area, and includes subscriber information read from said SIM card 160.
  • step 5 the gateway node accesses the VLR database included in the gateway node in order to retrieve GSM authentication parameters, i.e. verification parameters, associated with the subscription of the SIM card 160, which subscription was derived from said received subscriber information. If the subscriber has been roaming, i.e.
  • the gateway node will initiate a GSM standardised location update routine to be performed, indicated as step 6.
  • This location update involves registering the subscriber in the HLR 180 of the HPLMN GSM network 125 as being present in the area covered by the gateway node 200, or rather by its included VLR.
  • the location update routine further involves the transferring of GSM authentication parameters from the HLR 180/AUC 181 to the gateway node 200 for storage in the included VLR.
  • step 7 involves exchanging authentication parameters between the gateway node 200 and the terminal 262. If this GSM standardised way of exchanging authentication parameters results in that the subscription is authenticated, the verification of the user at the gateway node 200 is completed and a response is transmitted to the server 230, in step 8, indicating a confirmation of said verification request previously received from the server 230.
  • a verification request could, alternatively, result in a rejection transmitted to the server.
  • step 9 the server 230 transmits a charging request to the gateway node 200 for charging the verified subscription for a product or service being purchased.
  • the gateway node charges the subscription in a GSM standardised way by either producing a CDR record or a TAP like record.
  • the generation of these records and the charging procedure is performed in accordance with the GSM standard and in accordance with what has been previously described with reference to Fig. 1.
  • a response to said charging request will be transferred from the gateway node 200 to the server 230.
  • the operation described above is also applicable when it is the access server 240 of the ISP that requests the gateway node to verify and charge a subscription.
  • a verification request for verification of a user, as well as the request to charge a user, at a certain IP address can be requested by the server 230 of a content provider at any time.
  • the server is a server of an ISP, that is if server 230 utilizing the services provided by the gateway node is one and the same server as the Internet access server 240 of the ISP, this one server would transmit the verification request to the gateway node at the start of the Internet access session, which request at a later stage is followed by a charging request to the gateway node from the Internet access server.
  • the subscription of the user is verified using the GSM authentication scheme, and charged for the Internet surfing using the GSM invoicing scheme.
  • a server of an E-commerce provider could transmit the verification request as the customer enters the E-commerce site, or just before purchasing, i.e. before the transmission of the charging request.
  • the time chosen for transmitting a verification request, as well as a charging request, is entirely up to the Internet content provider.
  • Fig. 3 yet another embodiment of the present invention is schematically illustrated. This embodiment differs from the one described with reference to Fig. 2 in that the server using the services provided by the gateway node 200 and the server providing a user access to the Internet 110 is one and the same server, namely a server 330 of a voice-over-Internet provider.
  • the server using the services provided by the gateway node 200 and the server providing a user access to the Internet 110 is one and the same server, namely a server 330 of a voice-over-Internet provider.
  • all elements in Fig. 3 being identical and having the same operation as those described with reference to Figs. 1 and 2 have been assigned the same reference numerals as in Figs. 1 and 2.
  • Fig. 3 shows how a terminal 262, operated by a user and referred to as an A-subscriber, makes an Internet telephone call to a B-subscriber 360.
  • the B-subscriber is connected to a gateway server 370 on the Internet via a General Switched Telecommunications Network 350, the gateway server 370 converts voice traffic from a circuit switched network 350 to a packet switched network 110.
  • the voice-over-Internet server 330 communicates with the gateway server 370 over an Internet session.
  • the operation for verifying the user and for charging the user are almost identical to the embodiment of Fig. 2. The difference is that as the user operating the terminal 262 connects to the voice-over-Internet server 330, the server will automatically send a verification request to the gateway node 200.
  • the verification of the user i.e. the authentication of the GSM subscription, is performed as described with reference to Fig. 2.
  • the server 330 transmits a charging request whenever it is convenient and charging of the GSM subscription is performed as described in the two previous embodiments.
  • the use of the GSM principles for verification of the GSM subscription and, thus, the registration and GSM location update procedure described in connection with Fig. 2 enables the server 330 to provide its customers with the service of receiving incoming Internet telephony calls, regardless of the location of the user.
  • This is possible since the HLR 180 of the subscribers GSM HPLMN network has registered the visited VLR/MSC address, in this case the gateway node 200, for a particular subscriber.
  • the HLR requests the visited gateway node to return a MSRN (Mobile Station Roaming Number) which is used to route an incoming call to the correct gateway node visited by the subscriber.
  • MSRN Mobile Station Roaming Number
  • the MSRN is then used in setting up a call to the user when the user' s GSM Mobile Station Number is dialled in any international GSTN network connected to the user' s GSM HPLMN network, all in accordance with the recommendations for GSM.
  • the gateway node 200 will establish an Internet session with the IP address of the user's terminal 262, provided that the user is present on a public IP address in the global IP address scheme.
  • Fig. 4 schematically shows an exemplifying gateway node included in the embodiment described with reference to Fig. 1.
  • the node includes a processor 400, receiving means 410, verification means 420 and 425, and charging means 430.
  • the receiving means 410 is implemented as a standardised TCP/IP stack executed by the processor 400 and receives IP messages including verification requests and charging requests from servers on the IP network.
  • the verification means 420 and 425 includes first means for associating a TPIN with a GSM MSISDN number of a mobile station from which a call is received, second means for storing said TPIN together with said MSISDN number and third means for checking the correspondence between a code received with a MSISDN number in a verification request and a TPIN stored together with the same MSISDN number by the second means.
  • the first and second means, indicated with reference numeral 420 are easily implemented as software routines by a person with ordinary skill in programming and the second means, indicated with reference numeral 425, is implemented as any kind of storage means, such as a table in a database.
  • the charging means 430 comprises software routines for generating CDR records and TAP like records communicated to a GSM network and a clearinghouse, respectively.
  • Fig. 5 schematically shows an exemplifying gateway node included in the embodiments described with reference to Fig. 2 and Fig. 3.
  • the node includes a processor 500, receiving means 510, verification means 520, a database 527, charging means 530, first communication means 540, second communication means 550 and registration means 560.
  • the receiving means 510 and charging means 530 correspond to the previously described receiving means and charging means described in Fig. 4.
  • the verifying procedure performed by the gateway node of Fig. 5 involves the first and second communication means, 540 and 550, respectively, the verification means 520, the database 527 and the registration means 560.
  • the first communication means 540 comprises a applicable parts of BSSAP (Base Station System Application Part) implemented on top of the TCP/IP stack and handles the GSM signalling over the Internet towards a user terminal.
  • BSSAP Base Station System Application Part
  • These first means 540 also includes a software routine for requesting a user terminal at a particular IP address to transfer subscriber information read from the SIM card connected to the user terminal.
  • the user terminal interconnects the SIM card and the Internet by means of a SIM card reader, and transmits the read sub- scriber information using corresponding communication means at the terminal, also implemented as BSSAP on top of an TCP/IP stack.
  • the above described first communication means 540 of the gateway node and communication means of the terminal are utilized when exchanging GSM authentication parameters during verification of the SIM card subscription.
  • the database 527 stores GSM authentication parameters associated with different subscribers.
  • the database handles the functionality normally provided by a GSM VLR.
  • the registra- tion means 560 implements the necessary software routine for using said second communication means 550, which means implements the GSM standardised Mobile Application Part (MAP) routines for signalling with the GSM network, to initiate a GSM location update routine using appro- priate signalling towards the GSM HPLMN network.
  • the verification means 520 includes additional software for co-ordinating all the above described means involved in the verification procedure, as well as software for, for example, checking any possible credit levels associated with different subscribers.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Cette invention se rapporte à un procédé, à un système et à un noeud permettant de fournir des services sur un réseau basé sur le protocole Internet. Ces services sont basés sur une fonctionnalité préexistante et fiable, en particulier sur une fonctionnalité d'authentification d'utilisateur existante, appliquée dans un réseau de radiocommunications cellulaires numériques. Ces services sont conçus pour être utilisés par des serveurs sur l'Internet, en particulier par des serveurs de fournisseurs de contenu, qui, pour certaines raisons, souhaitent vérifier l'identité d'un utilisateur ou d'un client, accédant au serveur, par exemple comme condition d'utilisation du service de facturation d'un client, également via les mécanismes d'un réseau cellulaire.
PCT/SE2000/000048 1999-01-20 2000-01-13 Procede, systeme et agencement pour fournir des services sur l'internet Ceased WO2000044130A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU23359/00A AU2335900A (en) 1999-01-20 2000-01-13 A method, system and arrangement for providing services on the internet

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE9900162A SE516066C2 (sv) 1999-01-20 1999-01-20 Metod, system och nätverksnod för tillhandahållande av tjänster på Internet
SE9900162-0 1999-01-20

Publications (1)

Publication Number Publication Date
WO2000044130A1 true WO2000044130A1 (fr) 2000-07-27

Family

ID=20414159

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2000/000048 Ceased WO2000044130A1 (fr) 1999-01-20 2000-01-13 Procede, systeme et agencement pour fournir des services sur l'internet

Country Status (3)

Country Link
AU (1) AU2335900A (fr)
SE (1) SE516066C2 (fr)
WO (1) WO2000044130A1 (fr)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002021767A1 (fr) * 2000-09-04 2002-03-14 Sonera Smarttrust Ltd Carte de paiement virtuelle
WO2002032104A1 (fr) * 2000-10-13 2002-04-18 Telia Ab (Publ) Service de paiement pour transmission d'informations
WO2002019593A3 (fr) * 2000-08-30 2002-09-06 Ericsson Telefon Ab L M Authentification d'un utilisateur final basee sur la boite a outils d'application du module d'identification d'abonne (sat), independante du fournisseur de services
WO2002093967A1 (fr) * 2001-05-14 2002-11-21 Nokia Corporation Authentification en communications de donnees
WO2002095700A1 (fr) * 2001-05-21 2002-11-28 Mint Ab Systeme et procede de paiement
WO2002001516A3 (fr) * 2000-06-26 2003-04-17 Intel Corp Procede et appareil d'utilisation d'un telephone cellulaire comme dispositif d'authentification
WO2003017612A3 (fr) * 2001-08-13 2003-07-10 Orga Kartensysteme Gmbh Systeme informatique et procede de controle d'acces aux donnees
EP1213673A3 (fr) * 2000-11-08 2004-06-30 Sony Corporation Dispositif et procédé de traitement d'informations, support d'enregistrement, et système de rendre des services
EP1533973A2 (fr) 2003-10-27 2005-05-25 Vodafone Holding GmbH Procédé et dispositif de détection de l'autorisation d'un participant dans l'internet
DE102006002892A1 (de) * 2006-01-20 2007-08-02 Siemens Ag Verfahren, System, Computerprogramm, Datenträger und Computerprogramm-Produkt zum Übertragen von Mediendaten eines Multicast-Dienstes
EP1573585A4 (fr) * 2002-12-02 2007-11-14 Nokia Corp Protection de la confidentialite dans un serveur
US7756507B2 (en) 2001-10-24 2010-07-13 Siemens Aktiengesellschaft Method and device for authenticated access of a station to local data networks in particular radio data networks
US10567385B2 (en) 2010-02-25 2020-02-18 Secureauth Corporation System and method for provisioning a security token

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998032301A1 (fr) * 1997-01-17 1998-07-23 Telefonaktiebolaget Lm Ericsson (Publ) Methode d'acces securise, et dispositif associe, permettant l'acces a un reseau informatique prive

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998032301A1 (fr) * 1997-01-17 1998-07-23 Telefonaktiebolaget Lm Ericsson (Publ) Methode d'acces securise, et dispositif associe, permettant l'acces a un reseau informatique prive

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Chuah, C., and Spiller, M. D., Infrastructure for a Secure Interface between Wireless and Data Networks (online), December 14, 1998 (retrieved on 1999-10-27) Retrieved from the Internet : <http://www-cad.eecs.berkeley.edu/mds/ classes/cs261/writeup.htm1> *

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002001516A3 (fr) * 2000-06-26 2003-04-17 Intel Corp Procede et appareil d'utilisation d'un telephone cellulaire comme dispositif d'authentification
WO2002019593A3 (fr) * 2000-08-30 2002-09-06 Ericsson Telefon Ab L M Authentification d'un utilisateur final basee sur la boite a outils d'application du module d'identification d'abonne (sat), independante du fournisseur de services
WO2002021767A1 (fr) * 2000-09-04 2002-03-14 Sonera Smarttrust Ltd Carte de paiement virtuelle
WO2002032104A1 (fr) * 2000-10-13 2002-04-18 Telia Ab (Publ) Service de paiement pour transmission d'informations
US7047559B2 (en) 2000-11-08 2006-05-16 Sony Corporation Information processing apparatus and method, recording medium, and service providing system
EP1213673A3 (fr) * 2000-11-08 2004-06-30 Sony Corporation Dispositif et procédé de traitement d'informations, support d'enregistrement, et système de rendre des services
WO2002093967A1 (fr) * 2001-05-14 2002-11-21 Nokia Corporation Authentification en communications de donnees
US7444513B2 (en) 2001-05-14 2008-10-28 Nokia Corporiation Authentication in data communication
WO2002095700A1 (fr) * 2001-05-21 2002-11-28 Mint Ab Systeme et procede de paiement
WO2003017612A3 (fr) * 2001-08-13 2003-07-10 Orga Kartensysteme Gmbh Systeme informatique et procede de controle d'acces aux donnees
US7756507B2 (en) 2001-10-24 2010-07-13 Siemens Aktiengesellschaft Method and device for authenticated access of a station to local data networks in particular radio data networks
EP1573585A4 (fr) * 2002-12-02 2007-11-14 Nokia Corp Protection de la confidentialite dans un serveur
US7616949B2 (en) 2002-12-02 2009-11-10 Nokia Corporation Privacy protection in a server
EP1533973A2 (fr) 2003-10-27 2005-05-25 Vodafone Holding GmbH Procédé et dispositif de détection de l'autorisation d'un participant dans l'internet
EP1533973A3 (fr) * 2003-10-27 2009-07-15 Vodafone Holding GmbH Procédé et dispositif de détection de l'autorisation d'un participant dans l'internet
DE102006002892A1 (de) * 2006-01-20 2007-08-02 Siemens Ag Verfahren, System, Computerprogramm, Datenträger und Computerprogramm-Produkt zum Übertragen von Mediendaten eines Multicast-Dienstes
US8745382B2 (en) 2006-01-20 2014-06-03 Siemens Aktiengesellschaft Method, apparatus, computer program, data storage medium and computer program product for preventing reception of media data from a multicast service by an unauthorized apparatus
US10567385B2 (en) 2010-02-25 2020-02-18 Secureauth Corporation System and method for provisioning a security token

Also Published As

Publication number Publication date
SE516066C2 (sv) 2001-11-12
SE9900162L (fr)
AU2335900A (en) 2000-08-07
SE9900162D0 (sv) 1999-01-20

Similar Documents

Publication Publication Date Title
AU755054B2 (en) Method, arrangement and apparatus for authentication through a communications network
US7756507B2 (en) Method and device for authenticated access of a station to local data networks in particular radio data networks
KR100383052B1 (ko) 전기/데이터 통신 지불 방법 및 장치
US7269251B1 (en) Method and system for billing subscribers in a telecommunication network
US20040243490A1 (en) Method and system for performing a financial transaction in a mobile communications system
US20030050042A1 (en) Method for billing short messages in a mobile radio network and device for carrying out the method
GB2372615A (en) Telephone based payment system
WO2000044130A1 (fr) Procede, systeme et agencement pour fournir des services sur l&#39;internet
KR20130100258A (ko) 통신을 라우팅하기 위한 방법 및 시스템
RU2336654C1 (ru) Способ предоставления абонентам сотовой подвижной связи неголосовых услуг и система для его осуществления
US7292840B2 (en) Method for ascertaining a billing tariff for a data transfer
KR101291492B1 (ko) 가입자식별모듈을 구비한 이동통신 단말의 개통 방법
US7310510B2 (en) Method for ascertaining a billing tariff for billing for a data transfer
US20050102519A1 (en) Method for authentication of a user for a service offered via a communication system
RU2171546C1 (ru) Система предоставления платных услуг в телекоммуникационной сети (варианты)
GB2367204A (en) Accessing services and products via the internet
EP1127426B1 (fr) Procede d&#39;identification d&#39;abonne et de facturation d&#39;un service dans un systeme de telecommunications et dispositif correspondant
KR100680662B1 (ko) 해외 로밍 자동 착신전환 시스템 및 해외 로밍 방법
RU66642U1 (ru) Система для предоставления абонентам сотовой подвижной связи неголосовых услуг
KR100263666B1 (ko) 이동통신시스템에서의프리페이드호라우팅방법
US7194250B2 (en) Method of providing credit card calling service based on camel in UMTS
RU15939U1 (ru) Система предоставления платных услуг в телекоммуникационной сети (варианты)
AU2764300A (en) Prepaid billing method for communication systems
EP1084556B1 (fr) Acces a un reseau de donnees
WO2008136704A1 (fr) Procédé pour fournir des services non vocaux aux abonnés de communications cellulaires mobiles et système de sa mise en oeuvre

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ CZ DE DE DK DK DM EE EE ES FI FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase