Title of Invention

"A MOBILE DEVICE AND A METHOD OF DATA SERVICE DISCOVERY"

Abstract A method and apparatus for packet data service discovery are described. A current blacklist comprising entries for wireless networks not providing packet data services (i.e. either not supporting the services or not having a packet data services roaming agreement) is kept in memory of the mobile device based on previous attempts to connect to such networks. Current preferred roaming lists identify whether a given wireless network can be acquired, but do not identify whether a data services roaming agreement exists. At least one of the following advantages is provided: no advance knowledge of data services roaming agreements is required; no mobile device software change is required when the data services roaming agreement changes; mobile device car notify a server of a wireless network status change; significant power savings at the mobile device; and avoid unnecessary network access, which in turn saves network resources and capacity.
Full Text FIELD OF THE INVENTION
The present invention relates to a mobile device and a method of data service discovery in a wireless network without any a priori knowledge. The invention relates particularly to a discovery of packet data services provided for mobile devices.
BACKGROUND OF THE INVENTION
[0003] In a CDMA (Code DivisionMultiple Access) network, a system identifier
(SID) identifies a service provider as well as given geographical area. Networks within a system are given a network identifier or NID. A network is uniquely identified by the pair (SID, NID). Fig. 1 illusrates a network cloud 100 showing the relationship between various system identifiers and network identifiers.
[0004] A CDMA inobile device is typically pre-programmed by operators with an
entity called a Preferred Roaming list (PRL). A PRL can also be downloaded to the mobile device using known over the air prqyisioning methods. Fig. 2 illustrates a simplified representation of a conventional preferred roaming list 102. The PRL, which comprises of a number records, indicates which systems the mobile device is allowed to acquire. In this example, each record identifies a system by its (SID, KID) pair and provides the frequencies that the mobile device is to use when attempting to acquire the system. For each record, there can be an idicator of whether the system is preferred, the roaming status, the relative priority of the system, and its geographic region. As part of system acquisition, the mobile device searches for a CDMA Pilot Channel on a set of frequencies based on the PRL. The (SIDNID) information of the acqmred system is conveyed to the mobile device on a Sync Channel once the mobile device has acquired the Pilot Channel. The PRL only contains the information about which systems the mobile device is allowed to acquire. It docs not have any information about the type of services that are allowed on a given network. Typically, it only indicates that a certain degree of voice service is available on a network.
UE. On receiving the message A, the access network stores the encryption algorithm information supported by the UE.
2) CN initiates establishment of security mode.
When initiating establishment of security mode, the CN determines the available encryption algorithms according to the presetting and sends to the access network a message B carrying the encryption algorithm information supported by the network.
3) The access network determines the encryption algorithm used in security
communication.
After receiving the message B, the access network determines an encryption algorithm supported by both the UE and the access network for the security communication according to the received UEAs supported by the CN and the pre-stored UEAs supported by the UE. Then the access network sends to UE a message C carrying the determined UEA, notifying CN the finally determined encryption algorithm.
4) UE sets local security algorithm.
After receiving the message C, firstly the UE sets the encryption algorithm designated in the received message C as the local terminal security encryption algorithm; then the UE sends to the access network a message D indicating the successful setting of security mode.
5) The access network notifies CN of the successful security mode setting.
After receiving the message D, the access network sends to CN a message E
which carries the selected encryption algorithm parameters and indicates the successful setting of security mode.
6) CN completes the security mode setting procedure.
After receiving the message D indicating the successful setting of security mode, the CN completes the self-setting of security mode procedure and then waits until the predetemined time is due. When the predetermined time is due, the UE and the access network begins security communication in which the encryption algorithm conesponding to the selected UEA is employed to encrypt or decrypt data.
During the above-mentioned procedure, the encryption algorithms used for encryption and decryption at air interface are placed in the terminal and access network respectively. Those encryption algorithms supported by CN must be
supported by the access network. Generally speaking, encryption algorithm isn't unique. Many different kinds of encryption algorithms can be defined and each one coiTesponds to a single UEA. Service providers can support selection of different encryption algorithms. However, because air interface encryption is equally implemented in both access network and terminal, access networks and terminal equipments of different service providers must have intercommunication in consideration of the intercommunication among different access networks and terminal equipments. So, all the prior encryption algorithms are required to be standard encryption algorithms regulated by the protocol.
If the regulation comprises more than one standard encryption algorithm, in order to support global roam, the system must include all the standard encryption algorithms. Accordingly, all the standard encryption algorithms will be supported by CN. If it is found after comparison that the terminal and access network have more than one identical standard encryption algorithm available, because the method for selecting encryption algorithms and the priority about selection is not defined in the regulation, the access network can select any one of the standard encryption algorithms available for security communication, if only the terminal and access network adopt the same algorithm. If no identical encryption algorithm is available in the terminals and the access networks but encryption is required in CN, normal security communication cannot be provided to the terminal.
Due to the particularity of password application and in consideration of the information safeness and security of one's country or network, different countries or service providers prefer to use their individual encryption algorithms respectively in order to prevent uncertain loss which results from the ease of decrypting the password. Thus, two problems appear when the user is roaming:
1) In respect of the terminal and the access network, if one side supports a self-developed encryption algorithm which isn't supported by the other side, the two communication sides fail to select an encryption algorithm supported by both sides, which results in the failure of normal security communication.
2) For some countries or service providers who have to adopt self-developed encryption algorithms for air interface security communication, the prior mobile communication system reserves some UEAs to go with the self- developed encryption
algorithms. However, since there is no unified prescription concerning use of the reserved UEAs, every country or service provider can choose any one of the reserved UEAs. So, the problem of encryption algorithm conflict may occur during the roam of mobile subscribers. For example, two different countries adopt different self-developed encryption algorithms, but these two countries choose the same UEA for their encryption algorithms. In terms of the prior setting procedure of security mode, when a subscriber of one country roams to another country and the encryption algorithms are consulted, a normal connection will be established between both parts because of their equal UEA value, but normal communication cannot be realized because of different encryption algorithms.
Accordingly, a solving scheme has been provided in another patent application, which is-as follows: a CI is added, and judgment for CI and judgment for encryption algorithms supported by the cunent subscriber and the network is also added. If a subscriber is a foreign subscriber and both the UE and network support the standard encryption algorithm, or if the subscriber is a domestic subscriber and both the UE and network support a self-developed encryption algorithm other than the standard encryption algorithm, normal security communication can be implemented; otherwise, security communication is unavailable. However, since a step of defining bits and a judge step are added, the whole message structure, message delivery procedure, parameter setting and control flow need to be added or changed accordingly. Thus the present processing flow is partly affected and the implementation is inconvenient.
Summary of the Invention
Therefore, a main object of the present invention is to provide a method for determining encryption algorithm used in security communication based on MCC. which enables the subscriber to perform security communication utilizing effective encryption algorithm anywhere. This method not only allows the coexistence of standard encryption algorithms and self-developed encryption algorithm, but also simplifies the process of encryption algorithm selection. Accordingly, the subscriber interest and service quality is guaranteed.
To achieve the above-mentioned object, the specific technical scheme of this invention is as follows.
A method for determining encryption algorithm used in security communication based on MCC, comprising:
a. setting a MCC number list in a CN, and storing all the MCC numbers of those
countries or service providers adopting the same self-developed encryption algorithms
as those adopted by the homeland in this MCC number list;
b. when a UE is calling or being called, the UE sending an International Mobile
Subscriber Identifier (IMSI) information of the current subscriber to the CN, the CN
parsing the IMSI information and extracting the MCC number after receiving the
IMSI information;
c. if the MCC number list in the CN is null, which means the current subscriber
supports all of the available standard encryption algorithms, the CN directly selecting
an available standard encryption algorithm for the security communication; otherwise,
the CN comparing the extracted MCC number of the current subscriber with elements
of the MCC number list one by one, if the MCC number of the current subscriber is
identical with a certain MCC number in the MCC number list, the CN selecting the
domestic self-developed encryption algorithm for the security communication; if the
MCC number of the current subscriber is not identical with any MCC number in the
MCC list, the CN selecting an available standard encryption algorithm for the security
communication.
The method may further comprise: after determining the encryption algorithm, the CN sending the UEA of the selected encryption algorithm to an access network; then the access network setting its own security mode and sending the UEA of the selected encryption algorithm to the UE, the UE setting its own security mode after receiving the UEA.
Step b may further comprise the step of the CN storing the extracted MCC number in a register after extracting the MCC number of the current subscriber.
From the technical scheme described above, it can be seen that the key point of this invention lies in: setting a MCC number list in CN and directly detennining the encryption algorithm for security communication in CN according to MCC number.
Accordingly, this method for determining encryption algorithm used in security communication based on MCC has the following advantages and characteristics:
1) The method according to the present invention just needs to empower the CN to determine the final selection of encryption algorithms. No need to change any of the prior security execution flow. And the whole processing procedure will not be affected. Furthermore, the procedure of selecting the encryption algorithm is simplified.
2) The process of extracting MCC number from the IMSI information is added in the present invention. Since the IMSI used for extracting MCC number of the cuirent subscriber is provided by the existing messages in the processing flow, there is no need to add any bit or message. The process is easy and convenient to realize.

3) In the method according to the present invention, since a MCC number list is preset in the CN and all the MCC numbers of those countries or service providers adopting the same self-developed encryption algorithms as the domestic are stored in the MCC number list, when the subscriber is roaming, the CN can determine an encryption algorithm by comparing the MCC number of the cuirent subscriber and elements of the pre-reserved MCC number list. In this way, possible conflict is prevented when the subscriber roams; meanwhile intercommunication among the friendly service providers, who have specific requirements and adopt the same self-developed encryption algorithm, is guaranteed.
4) The method according to the present invention changes the original settled manner of encryption algorithm selection to a manner by comparing and choosing MCC number. Meanwhile the selection course is performed by CN other than the access network. This method is easy and flexible to implement, and applies to various kinds of mobile communication networks with pretty generalization.
5) The pre-reserved MCC number list in the present invention includes all the
friendly countries or service providers adopting the same self-developed encryption
algorithm as the domestic. Thus, when all the countries or service providers adopt
standard encryption algorithms, the MCC number list can be set at null. Accordingly
no matter whether the subscriber is local or roaming, the CN can determine
corresponding encryption algorithm by directly comparing MCC number of the
cuirent subscriber with elements of the pre-reserved MCC number list. So the present
invention not only effectively solves the conflict between the self-developed
encryption algorithm requirement and the standard encryption algorithm selection
when the subscriber is roaming, but also completely answers for the service providers' requirement of adopting only standard encryption algorithms.
Brief Description of the Drawings
Figure I is a signaling flow chart of detennining an encryption algorithm in prior art.
Figure 2 is a flow chart illustrating the method for determining an encryption algorithm according to the present invention.
Detailed Description of the Invention
Now, the present invention will be described in detail with reference to the accompanying drawings.
The precondition to realize the method according to the present invention is that if more than one encryption algorithm is defined in the regulation, in order to support international roam in every country of the world, the system is required to support all the standard encryption algorithms, which is the demand that all the prior 3G mobile communication systems must satisfy.
As to the systems of the countries or service providers requiring special encryption algorithms, the CN must support at least one set of self-developed nonstandard encryption algorithm besides all of the standard encryption algorithms mentioned above. Furthermore, for the system subscribers who have to adopt special nonstandard encryption algorithm, the serving tenninai and access network must possess all of the standard encryption algorithms and this special nonstandard encryption algorithm simultaneously.
Based on the above-mentioned precondition, a scheme for selecting effective encryption algorithm in the CN is provided in the present invention. With reference to figure 2, this method for selecting encryption algorithm at least .comprises the following steps:
I) Firstly, a MCC number list is preset in the CN, and all the MCC numbers of those countries or service providers adopdng the same self-developed encryption algorithms as those adopted by the homeland are pre-stored in this MCC number list.
2) When a certain subscriber is calling or is being called, the subscriber sends his own IMSI information to the CN. After receiving the IMSI information, the CN parses the information and extracts the MCC number therefrom, i.e., extracts the MCC number from the IMSI information. The extracted MCC number can be stored in a register temporarily.
3) The CN compares the extracted MCC number of the current subscriber with elements of the MCC number list one by one. If the MCC number of the current subscriber is identical with a certain MCC number in the MCC number list pre-stored in CN. the CN regards this subscriber as a domestic subscriber or a specially permitted subscriber, and selects the self-developed encryption algorithm for the security communication.

4) If the MCC number of the current subscriber is not identical with any MCC number in the MCC number list pre-stored in CN or if the MCC number list is null, the CN regards this subscriber as a foreign subscriber or a roaming subscriber, and selects an available standard encryption algorithm for the security communication.
5) After the encryption algorithm is determined, the CN sends the UEA of the selected encryption algorithm to the access network through a relevant security control message.
6) After receiving the relevant security control message, the access network sets its own security mode and simultaneously sends the UEA of the selected encryption algorithm to UE through a relevant security control message. The LIE sets its own security mode according to this message and the two sides start security communication with the selected encryption algorithm.
The above-mentioned steps mainly relate to the selection of encryption algorithm used in security communication. Other implementation procedures about security mode are completely similar to those in the prior art.
According to the method described above, if the MCC number extracted from IMSI information is included in MCC number list, it means this subscriber adopts the domestic nonstandard encryption algorithm; if the MCC number extracted from IMSI information is not included in MCC number list, it means this subscriber supports all of the standard encryption algorithms; if the MCC number list is null, it also means this subscriber supports all of the standard encryption algorithms. In other words.
When a domestic subscriber is applying the service inland, the special encryption algorithm will be selected for security communication according to selection of MCC number; if a domestic subscriber is applying the service in a country or in a service provider's system adopting the same nonstandard encryption algorithm as the domestic, this special encryption algorithm will be selected for security communication according to selection of MCC number; if a domestic subscriber is roaming in a country or a service provider's system only supporting the standard encryption algorithms, a certain standard encryption algorithm will be selected for security communication according to selection of MCC number. Similarly, if a subscriber only supporting standard encryption algorithms roams in a country or a service provider's system supporting nonstandard encryption algorithms, a certain standard encryption algorithm will be selected for security communication according to selection of MCC number also; if a subscriber supporting a certain nonstandard encryption algorithm roams in a country or a service provider's system supporting the same nonstandard encryption algorithm, this special encryption algorithm will be selected for security communication according to selection of MCC number.
The method described above not only effectively solves the conflict between requirement for self-developed encryption algorithm and selection of standard encryption algorithm when a subscriber is roaming, but also guarantees security communication among domestic and foreign subscribers by selecting different encryption algorithm according to different zones.




We claim:
1. A mobile device (104) capable of supporting packet data services offered by
wireless networks, the mobile device comprising:
a transceiver for exchanging packet data service authentication information with the wireless networks;
a memory;
a current blacklist (122) provided in the memory, the current blacklist identifying wireless networks that do not provide packet data services to the mobile device, the current blacklist being based on previous packet data service authentication rejections; and
a processor for updating the current blacklist in response to newly received packet data service authentication information.
2. The mobile device of claim 1 wherein the cuirent blacklist includes an
element selected from the group consisting of a system identifier and network
identifier (132) for.each wireless network not providing packet data services to
the mobile device; a timer (134) value for each wireless network nto providing
packet data services to the mobile device; an age timer for each wireless
network not providing packet data services to the mobile device; and a flag
indicating whether an identification of a blacklisted wireless network has been
passed to a server.
3. The mobile device as claimed in claim 1 wherein the current blacklist includes
a composite current blacklist received from a server.
4. A method of data service discovery for a mobile device having a current
blacklist comprising:
detecting a wireless network
examining the current blacklist stored on the mobile device;
if the detected wireless network is listed in the current blacklist, refraining from making any packet data call attempts for a predetermined period of time; and
otherwise, determining whether the wireless network provides packet data services to the mobile device, and adding the wireless network to the current blacklist If the wireless network does not provide packet data services to the mobile device.
5. The method as claimed in claim 4 comprising, prior to the step of checking, the step of determining whether the wireless network supports data service.
6. The method as claimed in claim 4 wherein the step of determining whether the wireless network provides packet data services to the mobile device comprises the step of authenticating the mobile device on the wireless network.
7. The method as claimed in claim 4 comprising a step selected from the group consisting of: starting an age timer associated with a wireless network that is added to the current 7 blacklist; clearing an age timer associated with a wireless network in response to satisfaction of a reset condition; notifying a server of a newly blacklisted wireless network; and receiving a composite current blacklist from a server.

8. The method as claimed in claim 4 comprising the step of clearing the current blacklist in response to a provisioning reset condition.
9. The method as claimed in claim 4 comprising a step selected from the group consisting of: sending a notification to the server if a mobile device finds a wireless network which has not previously providing packet data services to the mobile device and is now providing packet data services to the mobile device; and sending a notification from the server to other mobile devices to clear the entry of a wireless network which was previously not providing packet data services but currently is providing packet data services.
10. A method of packet data service notification in a wireless network, the
wireless network including a server and a mobile device as claimed in claim
4, the method comprising:
receiving at the server a registration of a newly powered-up mobile device;
retrieving a server-stored current blacklist identifying wireless networks that do not provide packet data services to the newly powered-up mobile device; and
sending the server-stored current blacklist from the server to the newly powered-up mobile device for reception by and storage on the mobile device.

Documents:

1797-delnp-2005-abstract.pdf

1797-delnp-2005-assignment.pdf

1797-delnp-2005-claims.pdf

1797-delnp-2005-complete specification (as,files).pdf

1797-delnp-2005-complete specification (granted).pdf

1797-delnp-2005-correspondence-others.pdf

1797-delnp-2005-correspondence-po.pdf

1797-DELNP-2005-Description (Complete).pdf

1797-DELNP-2005-Drawings.pdf

1797-delnp-2005-form-1.pdf

1797-delnp-2005-form-18.pdf

1797-DELNP-2005-Form-2.pdf

1797-delnp-2005-form-3.pdf

1797-delnp-2005-form-5.pdf

1797-delnp-2005-gpa.pdf

1797-delnp-2005-pct-101.pdf

1797-delnp-2005-pct-210.pdf

1797-delnp-2005-pct-304.pdf

1797-delnp-2005-pct-408.pdf

1797-delnp-2005-pct-409.pdf

1797-delnp-2005-pct-416.pdf


Patent Number 246352
Indian Patent Application Number 1797/DELNP/2005
PG Journal Number 09/2011
Publication Date 04-Mar-2011
Grant Date 24-Feb-2011
Date of Filing 02-May-2005
Name of Patentee RESEARCH IN MOTION LIMITED
Applicant Address 295 PHILLIP STREET, WATERLOO, ONTARIO N2L 3W8, CANADA.
Inventors:
# Inventor's Name Inventor's Address
1 ISLAM KHALEDUL 88 BROUGHTON STREET, KANATA, ONTARIO K2K 3N4, CANADA.
2 HOSSAIN ASIF 163 FLAMBOROUGH WAY, KANATA, ONTARIO K2K 3H9, CANADA.
PCT International Classification Number H04Q 7/38
PCT International Application Number PCT/CA/03000955
PCT International Filing date 2003-06-23
PCT Conventions:
# PCT Application Number Date of Convention Priority Country
1 60/423,355 2002-11-04 U.S.A.