Title of Invention	METHOD OF OPTIMIZING AUTHENTICATION PROCEDURE DURING INTER ACCESS SYSTEM HANDOVERS USING TEMPORARY IDENTITY
Abstract	The nvention relates to the field of mobility in 'heterogeneous networks. In articular, the invention describes a method of using temporary identities for ptimizing authentication procedure during backward handovers. Depending on ertain criteria, the User Equipment (UE) or the serving network decides that the IE needs a handover from the serving network to a target network. The UE litiates the backward handover by sending handover request message to the Irget network through the serving network. The target network generates a !mporary identity (10) and provides the UE with the temporary 10 during andover preparation phase. During handover, the target network identifies the IE on the basis of the temporary 10. The method helps in secured identification of Ie UE by the target network. Further, the method helps in optimizing the uthentication procedure by skipping full authentication procedure.

Title of Invention

METHOD OF OPTIMIZING AUTHENTICATION PROCEDURE DURING INTER ACCESS SYSTEM HANDOVERS USING TEMPORARY IDENTITY

Abstract

The nvention relates to the field of mobility in 'heterogeneous networks. In articular, the invention describes a method of using temporary identities for ptimizing authentication procedure during backward handovers. Depending on ertain criteria, the User Equipment (UE) or the serving network decides that the IE needs a handover from the serving network to a target network. The UE litiates the backward handover by sending handover request message to the Irget network through the serving network. The target network generates a !mporary identity (10) and provides the UE with the temporary 10 during andover preparation phase. During handover, the target network identifies the IE on the basis of the temporary 10. The method helps in secured identification of Ie UE by the target network. Further, the method helps in optimizing the uthentication procedure by skipping full authentication procedure.

Full Text	FfeLD OF INVENTION The present invention, in general, relates to the field of mobile communication technologies. Further this invention relates to the field of mobility in Heterogeneous access systems. Further more, this invention is related to the use of temporary identities in optimizing the authentication procedure for backward handovers, i.e., this invention related to method of issuing the temporary identities by the target system to the UE through the serving access system, so that during handover, the authentication procedure can be optimized. Specifically, this invention provides a method of preparing the UE for a seamless handover by the target access system. More particularly, the present invention relates to a system and method of optimizing authentication procedure during inter access system handovers using target access system specific identities. DESCRIPTION OF RELATED ART Operation of Related Art - The radio access network (RAN), system architecture (SA) and the core terminal (CT) working groups of the third generation partnership project (3GPP) aim to develop an enhanced UTRAN (E-UTRAN) architecture for next generation wireless systems. The E-UTRAN system is required to co-exist with the current second (2G) and third generation (3G) wireless systems, and in particular, support handovers between the existing systems and the newly evolved E-UTRAN system, specified in the 3GPP TR 23.882 , 3GPP TS 23.401 ark3 3GPP TS 23.402.. The E-UTRAN system is an evolution of the 3GPP UTRAN system, in which the main entities are the user equipment (UE), the enhanced Node B (ENB), Mobility Management Entity (MME), User Plane Entity (UPE) and Inter Access System Anchor (IASA) as shown in the Figure 1. The ENB of the EUTRAN system is expected to have the features of the Node B and the radio network controller (RNC) of the legacy UTRAN system. MME of the System Architecture Evolution (SAE) manages and stores UE context (for idle state: UE/user identities, UE mobility state, user security parameters). It generates temporary identities and allocates them to UEs. It checks the authorization whether the UE may camp on the TA or on the PLMN. It also authenticates the user. UPE of SAE terminates for idle state UEs the downlink data path and triggers/initiates paging when downlink data arrive for the UE. It manages and stores UE contexts, e.g. parameters of the IP bearer service or network internal routing information. It performs replication of the user traffic in case of interception. Inter AS Anchor is the user plane anchor for mobility between different access systems. It performs or supports handover between different access systems. The GERAN consists of the Base Transceiver Station (BTS) and the Base Station Controller (BSC). The UTRAN consists of the Node B and the Radio Network Controller (RNC). The GPRS Core Network consists of the Serving GPRS Support Node (SGSN) and the Gateway GPRS Support Node (GGSN) as shown in Figure 1. The integrated WLAN (l-WLAN) system specified in the 3GPP TS 23.234 specifications provides a system and method to integrate legacy UTRAN systems with WLAN systems, as shown in the Figure 2. The l-WI_AN system allows WLAN users to access 3GPP packet switched services. LIMITATION Currently there is no efficient mechanism specified to provide temporary identities of the target system to the UE through serving access network during handover preparation phase for seamless handover in the heterogeneous access systems, namely between SAE, WiMAX, l-WLAN and UMTS. SUMMARY OF THE INVENTION The primary object of the invention is to optimize the network access authentication procedure during handover in a heterogeneous wireless network environment. Another object of the invention is to provide the mechanism to issue the protected temp identity(s) to the UE through the serving system by the target system. It is another object of the invention to use the temp ID, obtained during handover preparation phase, for fast re-authentication by the UE with the target system. It is another objection of the invention to generate the temp identities by the target system during the HO preparation phase; so that the UE can use these identities for fast re-authentication during handover or the target system can securely verify the UE identity during handover. It is another object of the invention to illustrate the above invention. The present invention is related to the scenario where a UE handover between heterogeneous access systems. The method of the invention comprises of a mechanism that provides the UE with protected temporary identities during handover preparation phase, so the UE can be securely identified by the target system during handover and also the temporary identities can be used for fast re- authentication procedures and skipping full authentication procedure. Accordingly the invention explains a method of optimizing authentication procedure during inter-access system handovers using target access system specific identities comprising the steps of: deciding that the UE needs a handover from the serving network to a target network by the User Equipment (UE) or serving network ; initiating the backward handover by sending handover request message to the target network through the serving network by the UE; generating a temporary identity (ID) and providing the UE with the temporary ID during handover preparation phase by the target network; and identifying the UE on the basis of the temporary ID during handover by the target network; VWierein the said method helps in secured identification of the UE by the target network and optimizes the authentication procedure by skipping full authentication procedure. Accordingly this invention explains a system for optimizing authentication procedure during inter-access system handovers using target access system specific identities comprising: the User Equipment (UE) or serving network deciding that the UE needs a handover from the serving network to a target network; the UE initiating the backward handover by sending handover request message to the target network through the serving network; the target network generating a temporary identity (ID) and providing the UE with the temporary ID during handover preparation phase; and the target network identifying the UE on the basis of the temporary ID during handover; Wherein the said system helps in secured identification of the UE by the target network and optimizes the authentication procedure by skipping full authentication procedure. These and other objects, features and advantages of the present invention will become more apparent from the ensuing detailed description of the invention taken in conjunction with the accompanying drawings. BRIEF DESCRIPTION OF ACCOMPANYING DRAWINGS Figure 1 depicts the Logical high level architecture for the evolved system; Figure 2 depicts the sequence of the message flow for Authentication Optimization during backward handover in heterogeneous wireless access systems (Alternative 1). In this alternative, the UE initiates the backward handover procedure. Figure 3 depicts the sequence of the message flow for Authentication Optimization during backward handover in heterogeneous wireless access systems (Alternative 2). In this alternative, the serving network initiates the backward handover procedure. Figure 4 depicts the sequence of the message flow for backward Handover from the SAE to the l-WLAN access system. Figure 5 depicts authentication Optimization during backward Handover from the WiMAX to the LTE/SAE access system DETAILED DESCRIPTION OF THE INVENTION The preferred embodiments of the present invention will now be explained with reference to the accompanying drawings. It should be understood however that the disclosed embodiments are merely exemplary of the invention, which may be embodied in various forms. The following description and drawings are not to be construed as limiting the invention and numerous specific details are described to provide a thorough understanding of the present invention, as the basis for the claims and as a basis for teaching one skilled in the art how to make and/or use the invention. However in certain instances, well-known or conventional details are not described in order not to unnecessarily obscure the present invention in detail. The present invention provides a system and method for providing optimized authentication procedure during handover between the heterogeneous networks. The invention is operated as detailed below- Authentication Optimization during backward handover in heterogeneous wireless access systems (Alternative 1) The generalized authentication optimization procedure during backward handover in heterogeneous wireless access systems (Alternative 1) is shown in figure 2. In this alternative, the UE initiates the backward handover procedure. The functionality of the interworking function (IWF) or interworking unit (IWU) is to convert the RAN and the CN containers/protocol/parameters of one access system to another. IWF interface with different network entities, with the entity specific interface protocol. The IWF can be co-located with any other network entity in tne serving networK or in ine target neiworK or alternatively can De a separate entity in the serving network or in the target network. The operation of the UE assisted backward handover is detailed below: 1) UE sends periodic or event based measurements to the serving access network. 2) If the serving access system finds that UE measurement is below the threshold or serving access system decides by any other mean that serving RAT cannot be continued, then the serving access system can request the UE to start scanning other RATs or alternatively by L2 or by some other means, the UE decides that the serving RAN cannot be continued and starts scanning the other RATs. 3) UE decided the target system based on the measurement report compared with the RAT specific handover criteria and ranking orders configured in the UE. 4) The UE initiates the backward handover procedure by sending handover request message to the target network through the serving network. 5) The serving network checks for the capabilities and authorizes the UE requested handover. The serving network includes the unused AVs, the security context of the UE, etc., along with the HO request message. 6) Then the serving network forwards the HO request to the interworking function (IWF). 7) The IWF converts the serving access network specific parameters to the target specific parameters and forwards the request to the target network. 8) The IWF lookup the target system parameters in the HO request message and forwards the HO request to the appropriate target access system entity. 9) The target system then prepares for the UE handover using the HO request parameters. The target network selects the first AV from the ordered AVs received in the HO request message and derives access system specific keys from the Keys (CK and IK or KaSme) of the selected AV or alternatively, the target system can use the latest keys (for example CK and IK) passed by the serving network to derive the keys. The target system generate the access system specific temporary identity or identities either for NAS or RAN or both for the UE, so that the UE can use these identities either for fast authentication procedure or the target system can securely verify the UE during handover or for both. 10) After successful HO preparation the target system sends HO response message to the IWF. The target system includes the target system related parameters like entity ID and/or IP address, selected security configuration along with the HO response. The target system also includes the generated temp identities. The temp identities are protected using the keys generated by the target system. If the target system derives key from the AVs, then RAND and AUTN of the selected AV are also included in the HO response. 11) The IWF then converts the parameters according to the serving system specific parameters and forwards the HO response to the serving network. Then the UE initiate L2 connectivity to the target system. 12) The UE generates the target access system specific keys using parameters included in the HO response. The UE then decrypts the temp IDs issued by the target system. 13) The UE optionally a. Passes the temp ID in the L2 attachment request message, if the UE got RAN specific temp identity. b. The target network verifies the temp identity of the UE. If they match, then the target system considers the UE as a genuine. c. Then the target system sends the L2 attachment response. 2. Or alternatively to the step 13, a. The UE does the L2 attachment procedure b. Then during the initial L3 or NAS message, the UE passes the temp identity, if the UE got NAS identity, along with the initial L3 or NAS request message. c. The target network verifies the temp identity of the UE. If they match, then the target system considers the UE as a genuine. d. Then the target system sends the initial L3 or NAS response message. Authentication Optimization during backward handover in heterogeneous wireless access systems (Alternative 2) The generalized authentication optimization procedure during backward handover in heterogeneous wireless access systems (Alternative 2) is shown in figure 3. In this alternative, the serving network initiates the backward handover procedure. The functionality of the interworking function (IWF) or interworking unit (IWU) is to convert the RAN and the CN containers/protocol/parameters of one access system to another. IWF interface with different network entities, with the entity specific interface protocol. The operation of the UE assisted backward handover is detailed below: 1. UE sends periodic or event based measurements to the serving access network. 2. If the serving access system finds that UE measurement is below the threshold or serving access system decides by any other mean that serving RAT cannot be continued, then the serving access system can request the UE to start scanning other RATs or alternatively by L2 or by some other means, the UE decides that the serving RAN cannot be continued and starts scanning the other RATs. 3. The send the measurement report of the other RAT to the serving access network. 4. The serving access network decided the target system based on the measurement report compared with the RAT specific handover criteria and ranking orders configured in the serving network. 5. The serving network checks for the capabilities and authorizes the UE requested handover. The serving network initiates the backward handover procedure by sending handover request message to the target network through the IWF. The serving network includes the unused AVs, the security context of the UE, etc., along with the HO request message. 6. The IWF converts the serving access network specific parameters to the target specific parameters and forwards the request to the target network. 7. The IWF lookup the target system parameters in the HO request message and forwards the HO request to the appropriate target access system entity. 8. The target system then prepares for the UE handover using the HO request parameters. The target network selects the first AV from the ordered AVs received in the HO request message and derives access system specific keys from the keys (CK and IK or alternatively KASME) of the selected AV or alternatively, the target system can use the latest keys (for example CK and IK) passed by the serving network to derive the keys. The target system generate the access system specific temporary identity or identities either for NAS or RAN or both for the UE, so that the UE can use these identities either for fast authentication procedure or the target system can securely verify the UE during handover or for both. If the target system derives key from the AVs, then RAND and AUTN of the selected AV are also included in the HO response. 9. After successful HO preparation the target system sends HO response message to the IWF. The target system includes the target system related parameters like entity ID and/or IP address, selected security configuration along with the HO response. The target system also includes the generated temp identities. The temp identities are protected using the keys generated by the target system. 10. The IWF then converts the parameters according to the serving system specific parameters and forwards the HO response to the serving network. 11. The serving network sends the HO command to the UE to perform the handover to the target access system. Then the UE initiate L2 connectivity to the target system. 12. The UE generates target access system specific keys using parameters included in the HO response. The UE then decrypts the temp IDs issued by the target system. 13. The UE optionally a. Passes the temp ID in the L2 attachment request message, if the UE got RAN specific temp identity. b. The target network verifies the temp identity of the UE. If they match, then the target system considers the UE as a genuine. c. Then the target system sends the L2 attachment response. 14. Or alternatively to the step 13, a. The UE does the L2 attachment procedure b. Then during the initial L3 or NAS message, the UE passes the temp identity, if the UE got NAS identity, along with the initial L3 or NAS request message. c. The target network verifies the temp identity of the UE. If they match, then the target system considers the UE as a genuine. d. Then the target system sends the initial L3 or NAS response message. Illustrated example for Backward Handover from the SAE to the l-WLAN access system as shown in Figure 4 1. UE sends periodic or event based measurements to the EUTRAN network. 2. If ENB/MME finds that UE measurement is below the threshold or MME decides by any other mean that EUTRAN cannot be continued, then ENB/MME can request the UE to start scanning other RATs or alternatively by L2 or by some other means, the UE decides that the EUTRAN cannot be continued and starts scanning the other RATs. 3. UE sends the l-WLAN measurement report containing the l-WLAN ID and NAI with other parameters to the SAE system. Then the ENB/MME decides to handover the UE to the l-WLAN network. 4. Using NAI, the MME resolves the l-WLAN AAA server IP address and contacts the AAA server through the logical interworking unit. This logical interworking unit can be located within the MME or within the AAA server or alternatively co-located within any network entity in the SAE system or in the l-WLAN system. The functionality of the interworking unit is to convert the RAN and the CN containers/protocol/parameters of one access system to another. 5. The MME send the HO request to the AAA server through the interworking unit. The HO request contains the NAI, l-WLAN ID, Unused AVs, latest or derived CK and IK and other parameters. 6. AAA generates/derive the keys (MSK, TEK and EMSK) using NAI, CK and IK. The AAA server also generated the Temp IDs (pseudonym ID and the fast re-authentication ID). The AAA server protect (encrypt) the Temp IDs using derived TEK and then send it to the UE. 7. The AAA server sends the HO accept to the MME through the interworking unit. The HO accept message contains the protected temp IDs (pseudonym ID and fast re-authentication ID). 8. The MME forwards the received parameters in the HO accept message in the HO command message to the UE. 9. After receiving the HO command from the SAE system to handover to the l-WLAN network, the UE generated the keys (MSK, TEK and EMSK) using the latest or derived CK and IK and decrypts the protected Temp IDs (pseudonym ID and the fast re-authentication ID). 10. The UE starts the L2 attachment with the l-WLAN AS. 11. The UE initiate the fast re-authentication procedure for scenario 3 authentication procedure using the temp identity received from the target system. Illustrated example for Backward Handover from the WiMAX to the LTE/SAE access system as shown in Figure 5 1. UE sends periodic or event based measurements to the WiMAX network. 2. If the UE or the WiMAX network finds that UE measurement is below the threshold or the WiMAX network decides by any other mean that WiMAX RAN cannot be continued, then the WiMAX network can request the UE to start scanning other RATs or alternatively by L2 or by some other means, the UE decides that the serving RAN cannot be continued and starts scanning the other RATs. 3. The UE or the WiMAX decides that the target system as LTE/SAE based on the LTE/SAE measurement report compared with the RAT specific handover criteria and ranking orders configured in the UE or in the WiMAX network. 4. The UE or the WiMAX initiates the backward handover procedure by sending handover request message to the LTE/SAE network through the WiMAX network. The UE includes the UE security capabilities, TAI , cell ID, Indiation of Inter RAT HO, serving and target RATs, etc.,. The AAA server includes the unused AVs, latest m. or derived CK and IK or alternatively the Master Key (MK), along with the HO request message. The IWF function then forwards the HO Request to the MME through the interface specific protocol. The IWF obtains the IP address of the MME by resolving TAI or alternatively the IWF have the mapping of TAI to the MME. 5. The MME decides the target ENB and derives the LTE/SAE specific keys and prepares for the UE HO. 6. The MME passes the security context to the target ENB and setup the RAB for the UE. The ENB generates the RAN specific temp ID CRNTI and pass it to the MME. The MME encrypts the temp identity CRNTI. 7. After successful HO preparation the MME sends HO response message to the IWF. The MME includes the target system related parameters like ENB ID(s), selected security configuration parameters and the encrypted temp ID CRNTI along with the HO response. 8. The IWF then converts the parameters according to the serving system specific parameters and forwards the HO response to the UE through AAA, ASN GW and BS. 9. The BS or the ASN GW sends the HO command to the UE. The HO commend includes target system related parameters like ENB ID(s), selected security configuration parameters and the encrypted temp ID CRNTI. 10. Then the UE generates the keys specific to the LTE/SAE system and decrypts the assigned CRNTI. 11. The UE initiates the L2 attachment procedure with the target BS. The UE includes the assigned CRNTI, security capabilities and the MAC-I of NAS and the AS message part. 12. The BS verifies the MAC-I on the AS part and also verify the CRNTI assigned to the UE. 13. The BS then sends the Relocation detect message to the MME. The Relocation detect message includes the security capability and security related parameters and also the UE calculated MAC-I NAS. 14. The MME verifies the MAC-I on the NAS part and establish the UP path. 15. Then the MME sends Relocation ACK message to the ENB. The MME includes the MAC-I on the NAS part along with the Relocation ACK message part. 16. The ENB sends the L2 attachment response message to the UE. The ENB includes the MAC-I on the NAS part and calculates and includes the MAC-I on the AS part along with the L2 attachment response message. 17. The UE verifies the MAC-I NAS and MAC-I AS. It will also be obvious to those skilled in the art that other control methods and apparatuses can be derived from the combinations of the various methods and apparatuses of the present invention as taught by the description and the accompanying drawings and these shall also be considered within the scope of the present invention. Further, description of such combinations and variations is therefore omitted above. It should also be noted that the host for storing the applications include but not limited to a microchip, microprocessor, handheld communication device, computer, rendering device or a multi function device. Although the present invention has been fully described in connection with the preferred embodiments thereof with reference to the accompanying drawings, it is to be noted that various changes and modifications are possible and are apparent to those skilled in the art. Such changes and modifications are to be understood as included within the scope of the present invention as defined by the appended claims unless they depart there from. GLOSSARY OF TERMS AND DEFINITIONS THEREOF 3GPP: 3rd Generation Partnership Project 3GPP2: 3rd Generation Partnership Project 2 AAA: Authentication, Authorization and Accounting APN: Access Point Name AS: Access System AV: Authentication Vector AuC: Authentication Center Backward handover: The source RAN node initiates the handover, and resources are prepared in the target RAN Nodes. Examples of backward handover concept are reported in TR 25.931. BTS: Base Transceiver Station BSC: Base Station Controller CK: Cipher Key ENB: Evolving Node B Forward handover: The UE changes to the target RAN node without any preparation in the network. Examples of this concept are reported in TR 25.931 GERAN: GSN EDGE Radio Access Network consisting of the BTS and BSC GGSN: Gateway GPRS Support Node GPRS: Generalized Packet Radio Services HA: Home Agent, a router on a mobile node's home network that tunnels packets to the mobile node while it is away from home. HLR: Home Location Register HO: Handover HSS; Home Subscription Server IMS: IP Multimedia Service IK: Integrity Key IP: Internet Protocol IP Sec: Internet Protocol Security Inter AS MM: Inter Access System Mobility Manager, an entity assisting in mobility across apcess systems L2: Layer 2 L3: Layer 3 LTE: Long, Term Evolution MIP: Mobile Internet Protocol includes version 4 and version 6 MME: Mobility Management Entity MSC: Mobile Switching Center NAI: Network Address Identifier; Node B: The base station in a UMTS network PCF: Packet Control Function PCRF: Policy and Charging Rules Function PDP: Packet Data Protocol PDSN: Packet Data Serving Node prf: pseudo-random function QoS: Quality of Service RAT: Radio Access Technology RfiC: Radio Network Controller RO: Route Optimization (in MIP) RRC: Radio Resource Control SAE: System Architecture Evolution SGSN: Serving GPRS Support Node UE: User Equipment UMTS: Universal Mobile Telecommunication System UPE: User Plane Entity User terminal: the end user equipment e.g., the Mobile Station (MS) or User Equipment (UE). UTRAN: UMTS Terrestrial Radio Access Network consisting of the Node B and the RNC. W6 Claim: 1. A method of optimizing authentication procedure during inter-access system handovers using target access system specific identities comprising the steps of: deciding that the UE needs a handover from the serving network to a target network by the User Equipment (UE) or serving network ; initiating the backward handover by sending handover request message to the target network through the serving network by the UE; generating a temporary identity (ID) and providing the UE with the temporary ID during handover preparation phase by the target network; and identifying the UE and doing fast authentication procedure on the basis of the temporary ID during handover by the target network; Wherein the said method helps in secured identification of the UE by the target network and optimizes the authentication procedure by skipping full authentication procedure. 2. A method as claimed in claim 1 wherein the UE initiates the backward handover procedure. 3. A method as claimed in claim 2 wherein the UE sends periodic or event based measurements to the serving access network. 4. A method as claimed in claim 2 wherein if the serving access system finds that UE measurement is below the threshold or serving access system decides by any other mean that serving RAT cannot be continued, then the serving access system can request the UE to start scanning other RATs or alternatively by L2 or by some other means, the UE decides that the serving RAN cannot be continued and starts scanning the other RATs. 5. A method as claimed in claim 2 wherein UE decides the target system based on the measurement report compared with the RAT specific handover criteria and ranking orders configured in the UE. 6. A method as claimed in claim 2 wherein the UE initiates the backward handover procedure by sending handover request message to the target network through the serving network. 7. A method as claimed in claim 2 wherein the serving network checks for the capabilities and authorizes the UE requested handover where the serving network forwards the HO request to the interworking function (IWF). » 8. A method as claimed in claim 7 wherein the IWF converts the serving access network specific parameters to the target specific parameters and forwards the request to the target network. 9. A method as claimed in claim 2 wherein the IWF lookup the target system parameters in the HO request message and forwards the HO request to the appropriate target access system entity. 10. A method as claimed in claim 2 wherein the target system prepares for the UE handover using the HO request parameters and the target network selects the first AV from the ordered AVs received in the HO request message and derives access system specific keys from the key (CK and IK or KASME) of the selected AV or alternatively, the target system can use the latest/derived CK and IK passed by the serving network to derive the keys. 11. A method as claimed in claim 2 wherein the target system generates the access system specific temporary identity or identities either for NAS or RAN or both for the UE. 12. A method as claimed in claim 2 wherein after successful HO preparation the target system sends HO response message to the IWF where the target system includes the target system related parameters, entity ID and/or IP address, selected security configuration along with the HO response. 13. A method as claimed in claim 2 wherein the target system includes the generated temp identities where the temp identities are protected using the keys generated by the target system. 14. A method as claimed in claim 2 wherein the IWF then converts the parameters according to the serving system specific parameters and forwards the HO response to the serving network and the UE initiate L2 connectivity to the target system. 15. A method as claimed in claim 2 wherein the UE generates the target access system specific keys using parameters included in the HO response and the UE then decrypts the temp IDs issued by the target system . 16. A method as claimed in claim 2 wherein the UE optionally a. passes the temp ID in the L2 attachment request message, if the UE got RAN specific temp identity; b. the target network verifies the temp identity of the UE and if they match, then the target system considers the UE as genuine; and c. the target system sends the L2 attachment response. 17. A method as claimed in claim 2 wherein the said method involves: a. the UE doing the L2 attachment procedure; b. during the initial L3 or NAS message, the UE passing the temp identity, if the UE got NAS identity, along with the initial L3 or NAS request message; c. the target network verifying the temp identity of the UE and if matches, the target system considers the UE as a genuine; and d. the target system sending the initial L3 or NAS response message. 18. A method as claimed in claim 1 wherein the serving network initiates the backward handover procedure. 19. A method as claimed in claim 18 wherein UE sends periodic or event based measurements to the serving access network. 20. A method as claimed in claim 18 wherein if the serving access system finds that UE measurement is below the threshold or serving access system decides by any other means that serving RAT cannot be continued, then the serving access system can request the UE to start scanning other RATs or alternatively by L2 or by some other means, the UE decides that the serving RAN cannot be continued and starts scanning the other RATs. 21. A method as claimed in claim 18 wherein the said method involves sending the measurement report of the other RAT to the serving access network. 22. A method as claimed in claim 18 wherein the serving access network decides the target system based on the measurement report compared with the RAT specific handover criteria and ranking orders configured in the serving network. 23. A method as claimed in claim 18 wherein the serving network checks for the capabilities and authorizes the UE requested handover and the serving network initiates the backward handover procedure by sending handover request message to the target network through the IWF. 24. A method as claimed in claim 18 wherein the IWF converts the serving access network specific parameters to the target specific parameters and forwards the request to the target network. 25. A method as claimed in claim 18 wherein the IWF lookup the target system parameters in the HO request message and forwards the HO request to the appropriate target access system entity. 26. A method as claimed in claim 18 wherein the target system then prepares for the UE handover using the HO request parameters whereby the target network selects the first AV from the ordered AVs received in the HO request message and derives access system specific keys from the key (CK and IK or KASME) of the selected AV or alternatively, the target system can use the latest/derived CK and IK passed by the serving network to derive the keys. 27. A method as claimed in claim 18 wherein the target system generate the access system specific temporary identity or identities either for NAS or RAN or both for the UE, whereby the UE can use these identities either for fast authentication procedure or the target system securely verifying the UE during handover or for both. 28. A method as claimed in claim 18 wherein after successful HO preparation the target system sends HO response message to the IWF where the target system includes the target system related parameters like entity ID and/or IP address, selected security configuration along with the HO response. 29. A method as claimed in claim 18 wherein the target system includes the generated temp identities where the temp identities are protected using the keys generated by the target system. 30. A method as claimed in claim 18 wherein the IWF converts the parameters according to the serving system specific parameters and forwards the HO response to the serving network. 31. A method as claimed in claim 18 wherein the serving network sends the HO command to the UE to perform the handover to the target access system and the UE initiates L2 connectivity to the target system. 32. A method as claimed in claim 18 wherein the UE generates target access system specific keys and the UE decrypts the temp IDs issued by the target system. 33. A method as claimed in claim 18 wherein the UE optionally a. passes the temp ID in the L2 attachment request message, if the UE got RAN specific temp identity; b. the target network verifying the temp identity of the UE and if they match, then the target system considers the UE as genuine; and c. the target system sending the L2 attachment response. 34. A method as claimed in claim 18 wherein the said method involves: a. the UE doing the L2 attachment procedure; b. then during the initial L3 or NAS message, the UE passing the temp identity, if the UE got NAS identity, along with the initial L3 or NAS request message; c. the target network verifying the temp identity of the UE and if they match, then the target system considers the UE as a genuine; and d. the target system sending the initial L3 or NAS response message. 35. A system for optimizing authentication procedure during inter-access system handovers using target access system specific identities comprising: the User Equipment (UE) or serving network deciding that the UE needs a handover from the serving network to a target network; the UE initiating the backward handover by sending handover request message to the target network through the serving network; the target network generating a temporary identity (ID) and providing the UE with the temporary ID during handover preparation phase; and the target network identifying the UE on the basis of the temporary ID during handover; Wherein the said system helps in secured identification of the UE by the target network and optimizes the authentication procedure by skipping full authentication procedure. 36. A method of optimizing authentication procedure during inter-access system handovers using target access system specific identities substantially described particularly with reference to the accompanying drawings. 37. A system for optimizing authentication procedure during .inter-access system handovers using target access system specific identities substantially described particularly with reference to the accompanying drawings.

Full Text

FfeLD OF INVENTION
The present invention, in general, relates to the field of mobile communication technologies. Further this invention relates to the field of mobility in Heterogeneous access systems. Further more, this invention is related to the use of temporary identities in optimizing the authentication procedure for backward handovers, i.e., this invention related to method of issuing the temporary identities by the target system to the UE through the serving access system, so that during handover, the authentication procedure can be optimized. Specifically, this invention provides a method of preparing the UE for a seamless handover by the target access system. More particularly, the present invention relates to a system and method of optimizing authentication procedure during inter access system handovers using target access system specific identities.
DESCRIPTION OF RELATED ART
Operation of Related Art - The radio access network (RAN), system architecture (SA) and the core terminal (CT) working groups of the third generation partnership project (3GPP) aim to develop an enhanced UTRAN (E-UTRAN) architecture for next generation wireless systems. The E-UTRAN system is required to co-exist with the current second (2G) and third generation (3G) wireless systems, and in particular, support handovers between the existing systems and the newly evolved E-UTRAN system, specified in the 3GPP TR 23.882 , 3GPP TS 23.401 ark3 3GPP TS 23.402..
The E-UTRAN system is an evolution of the 3GPP UTRAN system, in which the main entities are the user equipment (UE), the enhanced Node B (ENB), Mobility Management Entity (MME), User Plane Entity (UPE) and Inter Access System Anchor (IASA) as shown in the Figure 1. The ENB of the EUTRAN system is expected to have the features of the Node B and the radio network controller (RNC) of the legacy UTRAN system. MME of the System Architecture Evolution (SAE) manages and stores UE context (for idle state: UE/user identities, UE mobility state, user security parameters). It generates temporary identities and allocates them to UEs. It checks the authorization whether the UE may camp on the TA or on the PLMN. It also authenticates the user. UPE of SAE terminates for idle state UEs the downlink data path and triggers/initiates paging when downlink data arrive for the UE. It manages and stores UE contexts, e.g. parameters of the IP bearer service or network internal routing information. It performs replication of the user traffic in case of interception. Inter AS Anchor is the user plane anchor for mobility between different access systems. It performs or supports handover between different access systems.
The GERAN consists of the Base Transceiver Station (BTS) and the Base Station Controller (BSC). The UTRAN consists of the Node B and the Radio Network Controller (RNC). The GPRS Core Network consists of the Serving GPRS Support Node (SGSN) and the Gateway GPRS Support Node (GGSN) as shown in Figure 1.
The integrated WLAN (l-WLAN) system specified in the 3GPP TS 23.234 specifications provides a system and method to integrate legacy UTRAN systems with WLAN systems, as shown in the Figure 2. The l-WI_AN system allows WLAN users to access 3GPP packet switched services.
LIMITATION
Currently there is no efficient mechanism specified to provide temporary identities of the target system to the UE through serving access network during handover preparation phase for seamless handover in the heterogeneous access systems, namely between SAE, WiMAX, l-WLAN and UMTS.
SUMMARY OF THE INVENTION
The primary object of the invention is to optimize the network access authentication procedure during handover in a heterogeneous wireless network environment. Another object of the invention is to provide the mechanism to issue the protected temp identity(s) to the UE through the serving system by the target system. It is another object of the invention to use the temp ID, obtained during handover preparation phase, for fast re-authentication by the UE with the target system. It is another objection of the invention to generate the temp identities by the target system during the HO preparation phase; so that the UE can use these identities for fast re-authentication during handover or the target system can securely verify the UE identity during handover. It is another object of the invention to illustrate the above invention.
The present invention is related to the scenario where a UE handover between heterogeneous access systems. The method of the invention comprises of a mechanism that provides the UE with protected temporary identities during handover preparation phase, so the UE can be securely identified by the target system during handover and also the temporary identities can be used for fast re- authentication procedures and skipping full authentication procedure.
Accordingly the invention explains a method of optimizing authentication procedure during inter-access system handovers using target access system specific identities comprising the steps of:
deciding that the UE needs a handover from the serving network to a target
network by the User Equipment (UE) or serving network ;
initiating the backward handover by sending handover request message to
the target network through the serving network by the UE;
generating a temporary identity (ID) and providing the UE with the temporary
ID during handover preparation phase by the target network; and
identifying the UE on the basis of the temporary ID during handover by the
target network;
VWierein the said method helps in secured identification of the UE by the target network and optimizes the authentication procedure by skipping full authentication procedure.
Accordingly this invention explains a system for optimizing authentication procedure during inter-access system handovers using target access system specific identities comprising:
the User Equipment (UE) or serving network deciding that the UE needs a
handover from the serving network to a target network;
the UE initiating the backward handover by sending handover request
message to the target network through the serving network;
the target network generating a temporary identity (ID) and providing the UE
with the temporary ID during handover preparation phase; and
the target network identifying the UE on the basis of the temporary ID during
handover;
Wherein the said system helps in secured identification of the UE by the target network and optimizes the authentication procedure by skipping full authentication procedure.
These and other objects, features and advantages of the present invention will become more apparent from the ensuing detailed description of the invention taken in conjunction with the accompanying drawings.
BRIEF DESCRIPTION OF ACCOMPANYING DRAWINGS
Figure 1 depicts the Logical high level architecture for the evolved system;
Figure 2 depicts the sequence of the message flow for Authentication Optimization during backward handover in heterogeneous wireless access systems (Alternative 1). In this alternative, the UE initiates the backward handover procedure.
Figure 3 depicts the sequence of the message flow for Authentication Optimization during backward handover in heterogeneous wireless access systems (Alternative 2). In this alternative, the serving network initiates the backward handover procedure.
Figure 4 depicts the sequence of the message flow for backward Handover from the SAE to the l-WLAN access system.
Figure 5 depicts authentication Optimization during backward Handover from the WiMAX to the LTE/SAE access system
DETAILED DESCRIPTION OF THE INVENTION
The preferred embodiments of the present invention will now be explained with reference to the accompanying drawings. It should be understood however that the disclosed embodiments are merely exemplary of the invention, which may be embodied in various forms. The following description and drawings are not to be construed as limiting the invention and numerous specific details are described to provide a thorough understanding of the present invention, as the basis for the claims and as a basis for teaching one skilled in the art how to make and/or use the invention. However in certain instances, well-known or conventional details are not described in order not to unnecessarily obscure the present invention in detail.
The present invention provides a system and method for providing optimized authentication procedure during handover between the heterogeneous networks. The invention is operated as detailed below-
Authentication Optimization during backward handover in heterogeneous wireless access systems (Alternative 1)
The generalized authentication optimization procedure during backward handover in heterogeneous wireless access systems (Alternative 1) is shown in figure 2. In this alternative, the UE initiates the backward handover procedure. The functionality of the interworking function (IWF) or interworking unit (IWU) is to convert the RAN and the CN containers/protocol/parameters of one access system to another. IWF interface with different network entities, with the entity specific interface protocol. The IWF can be co-located with any other network entity in tne serving networK or in ine target neiworK or alternatively can De a separate entity in the serving network or in the target network. The operation of the UE assisted backward handover is detailed below:
1) UE sends periodic or event based measurements to the serving access network.
2) If the serving access system finds that UE measurement is below the threshold or serving access system decides by any other mean that serving RAT cannot be continued, then the serving access system can request the UE to start scanning other RATs or alternatively by L2 or by some other means, the UE decides that the serving RAN cannot be continued and starts scanning the other RATs.
3) UE decided the target system based on the measurement report compared with the RAT specific handover criteria and ranking orders configured in the UE.
4) The UE initiates the backward handover procedure by sending handover request message to the target network through the serving network.
5) The serving network checks for the capabilities and authorizes the UE requested handover. The serving network includes the unused AVs, the security context of the UE, etc., along with the HO request message.
6) Then the serving network forwards the HO request to the interworking function (IWF).
7) The IWF converts the serving access network specific parameters to the target specific parameters and forwards the request to the target network.
8) The IWF lookup the target system parameters in the HO request message
and forwards the HO request to the appropriate target access system entity.
9) The target system then prepares for the UE handover using the HO request parameters. The target network selects the first AV from the ordered AVs received in the HO request message and derives access system specific keys from the Keys (CK and IK or KaSme) of the selected AV or alternatively, the target system can use the latest keys (for example CK and IK) passed by the serving network to derive the keys. The target system generate the access system specific temporary identity or identities either for NAS or RAN or both for the UE, so that the UE can use these identities either for fast authentication procedure or the target system can securely verify the UE during handover or for both.
10) After successful HO preparation the target system sends HO response message to the IWF. The target system includes the target system related parameters like entity ID and/or IP address, selected security configuration along with the HO response. The target system also includes the generated temp identities. The temp identities are protected using the keys generated by the target system. If the target system derives key from the AVs, then RAND and AUTN of the selected AV are also included in the HO response.
11) The IWF then converts the parameters according to the serving system specific parameters and forwards the HO response to the serving network. Then the UE initiate L2 connectivity to the target system.
12) The UE generates the target access system specific keys using parameters
included in the HO response. The UE then decrypts the temp IDs issued by the target system.
13) The UE optionally
a. Passes the temp ID in the L2 attachment request message, if the UE got RAN specific temp identity.
b. The target network verifies the temp identity of the UE. If they match, then the target system considers the UE as a genuine.
c. Then the target system sends the L2 attachment response.
2. Or alternatively to the step 13,
a. The UE does the L2 attachment procedure
b. Then during the initial L3 or NAS message, the UE passes the temp identity, if the UE got NAS identity, along with the initial L3 or NAS request message.
c. The target network verifies the temp identity of the UE. If they match, then the target system considers the UE as a genuine.
d. Then the target system sends the initial L3 or NAS response message.
Authentication Optimization during backward handover in heterogeneous wireless access systems (Alternative 2)
The generalized authentication optimization procedure during backward handover in heterogeneous wireless access systems (Alternative 2) is shown in figure 3. In this alternative, the serving network initiates the backward handover procedure. The functionality of the interworking function (IWF) or interworking unit (IWU) is to convert the RAN and the CN containers/protocol/parameters of one access system to another. IWF interface with different network entities, with the entity specific interface protocol. The operation of the UE assisted backward handover is detailed below:
1. UE sends periodic or event based measurements to the serving access network.
2. If the serving access system finds that UE measurement is below the threshold or serving access system decides by any other mean that serving RAT cannot be continued, then the serving access system can request the UE to start scanning other RATs or alternatively by L2 or by some other means, the UE decides that the serving RAN cannot be continued and starts scanning the other RATs.
3. The send the measurement report of the other RAT to the serving access network.
4. The serving access network decided the target system based on the measurement report compared with the RAT specific handover criteria and ranking orders configured in the serving network.
5. The serving network checks for the capabilities and authorizes the UE requested handover. The serving network initiates the backward handover procedure by sending handover request message to the target network through the IWF. The serving network includes the unused AVs, the security context of the UE, etc., along with the HO request message.
6. The IWF converts the serving access network specific parameters to the target specific parameters and forwards the request to the target network.
7. The IWF lookup the target system parameters in the HO request message and forwards the HO request to the appropriate target access system entity.
8. The target system then prepares for the UE handover using the HO request parameters. The target network selects the first AV from the ordered AVs received in the HO request message and derives access system specific keys from the keys (CK and IK or alternatively KASME) of the selected AV or alternatively, the target system can use the latest keys (for example CK and IK) passed by the serving network to derive the keys. The target system generate the access system specific temporary identity or identities either for
NAS or RAN or both for the UE, so that the UE can use these identities either for fast authentication procedure or the target system can securely verify the UE during handover or for both. If the target system derives key from the AVs, then RAND and AUTN of the selected AV are also included in the HO response.
9. After successful HO preparation the target system sends HO response message to the IWF. The target system includes the target system related parameters like entity ID and/or IP address, selected security configuration along with the HO response. The target system also includes the generated temp identities. The temp identities are protected using the keys generated by the target system.
10. The IWF then converts the parameters according to the serving system specific parameters and forwards the HO response to the serving network.
11. The serving network sends the HO command to the UE to perform the handover to the target access system. Then the UE initiate L2 connectivity to the target system.
12. The UE generates target access system specific keys using parameters included in the HO response. The UE then decrypts the
temp IDs issued by the target system.
13. The UE optionally
a. Passes the temp ID in the L2 attachment request message, if the UE got RAN specific temp identity.
b. The target network verifies the temp identity of the UE. If they match, then the target system considers the UE as a genuine.
c. Then the target system sends the L2 attachment response.
14. Or alternatively to the step 13,
a. The UE does the L2 attachment procedure
b. Then during the initial L3 or NAS message, the UE passes the temp identity, if the UE got NAS identity, along with the initial L3 or NAS request message.
c. The target network verifies the temp identity of the UE. If they match, then the target system considers the UE as a genuine.
d. Then the target system sends the initial L3 or NAS response message.
Illustrated example for Backward Handover from the SAE to the l-WLAN access system as shown in Figure 4
1. UE sends periodic or event based measurements to the EUTRAN
network.
2. If ENB/MME finds that UE measurement is below the threshold or MME decides by any other mean that EUTRAN cannot be continued, then ENB/MME can request the UE to start scanning other RATs or alternatively by L2 or by some other means, the UE decides that the EUTRAN cannot be continued and starts scanning the other RATs.
3. UE sends the l-WLAN measurement report containing the l-WLAN ID and NAI with other parameters to the SAE system. Then the ENB/MME decides to handover the UE to the l-WLAN network.
4. Using NAI, the MME resolves the l-WLAN AAA server IP address and contacts the AAA server through the logical interworking unit. This logical interworking unit can be located within the MME or within the AAA server or alternatively co-located within any network entity in the SAE system or in the l-WLAN system. The functionality of the interworking unit is to convert the RAN and the CN containers/protocol/parameters of one access system to another.
5. The MME send the HO request to the AAA server through the interworking unit. The HO request contains the NAI, l-WLAN ID, Unused AVs, latest or derived CK and IK and other parameters.
6. AAA generates/derive the keys (MSK, TEK and EMSK) using NAI, CK and IK. The AAA server also generated the Temp IDs (pseudonym ID and the fast re-authentication ID). The AAA server protect (encrypt) the Temp IDs using derived TEK and then send it to the UE.
7. The AAA server sends the HO accept to the MME through the interworking unit. The HO accept message contains the protected temp IDs (pseudonym ID and fast re-authentication ID).
8. The MME forwards the received parameters in the HO accept message in the HO command message to the UE.
9. After receiving the HO command from the SAE system to handover to the l-WLAN network, the UE generated the keys (MSK, TEK and EMSK) using the latest or derived CK and IK and decrypts the protected Temp IDs (pseudonym ID and the fast re-authentication ID).
10. The UE starts the L2 attachment with the l-WLAN AS.
11. The UE initiate the fast re-authentication procedure for scenario 3 authentication procedure using the temp identity received from the target system.
Illustrated example for Backward Handover from the WiMAX to the LTE/SAE access system as shown in Figure 5
1. UE sends periodic or event based measurements to the WiMAX network.
2. If the UE or the WiMAX network finds that UE measurement is below the threshold or the WiMAX network decides by any other mean that WiMAX RAN cannot be continued, then the WiMAX network can request the UE to start scanning other RATs or alternatively by L2 or by some other means, the UE decides that the serving RAN cannot be continued and starts scanning the other RATs.
3. The UE or the WiMAX decides that the target system as LTE/SAE based on the LTE/SAE measurement report compared with the RAT specific handover criteria and ranking orders configured in the UE or in the WiMAX network.
4. The UE or the WiMAX initiates the backward handover procedure by sending handover request message to the LTE/SAE network through the WiMAX network. The UE includes the UE security capabilities, TAI , cell ID, Indiation of Inter RAT HO, serving and target RATs, etc.,. The AAA server includes the unused AVs, latest
m.
or derived CK and IK or alternatively the Master Key (MK), along with the HO request message. The IWF function then forwards the HO Request to the MME through the interface specific protocol. The IWF obtains the IP address of the MME by resolving TAI or alternatively the IWF have the mapping of TAI to the MME.
5. The MME decides the target ENB and derives the LTE/SAE specific keys and prepares for the UE HO.
6. The MME passes the security context to the target ENB and setup the RAB for the UE. The ENB generates the RAN specific temp ID CRNTI and pass it to the MME. The MME encrypts the temp identity CRNTI.
7. After successful HO preparation the MME sends HO response message to the IWF. The MME includes the target system related parameters like ENB ID(s), selected security configuration parameters and the encrypted temp ID CRNTI along with the HO response.
8. The IWF then converts the parameters according to the serving system specific parameters and forwards the HO response to the UE through AAA, ASN GW and BS.
9. The BS or the ASN GW sends the HO command to the UE. The HO commend includes target system related parameters like ENB ID(s), selected security configuration parameters and the encrypted temp ID CRNTI.
10. Then the UE generates the keys specific to the LTE/SAE system and decrypts the assigned CRNTI.
11. The UE initiates the L2 attachment procedure with the target BS. The UE includes the assigned CRNTI, security capabilities and the MAC-I of NAS and the AS message part.
12. The BS verifies the MAC-I on the AS part and also verify the CRNTI assigned to the UE.
13. The BS then sends the Relocation detect message to the MME. The Relocation detect message includes the security capability and security related parameters and also the UE calculated MAC-I NAS.
14. The MME verifies the MAC-I on the NAS part and establish the UP path.
15. Then the MME sends Relocation ACK message to the ENB. The MME includes the MAC-I on the NAS part along with the Relocation
ACK message part.
16. The ENB sends the L2 attachment response message to the UE. The ENB includes the MAC-I on the NAS part and calculates and includes the MAC-I on the AS part along with the L2 attachment response message.
17. The UE verifies the MAC-I NAS and MAC-I AS.
It will also be obvious to those skilled in the art that other control methods and apparatuses can be derived from the combinations of the various methods and apparatuses of the present invention as taught by the description and the accompanying drawings and these shall also be considered within the scope of the present invention. Further, description of such combinations and variations is therefore omitted above. It should also be noted that the host for storing the applications include but not limited to a microchip, microprocessor, handheld communication device, computer, rendering device or a multi function device.
Although the present invention has been fully described in connection with the preferred embodiments thereof with reference to the accompanying drawings, it is to be noted that various changes and modifications are possible and are apparent to those skilled in the art. Such changes and modifications are to be understood as included within the scope of the present invention as defined by the appended claims unless they depart there from.
GLOSSARY OF TERMS AND DEFINITIONS THEREOF
3GPP: 3rd Generation Partnership Project
3GPP2: 3rd Generation Partnership Project 2
AAA: Authentication, Authorization and Accounting
APN: Access Point Name
AS: Access System
AV: Authentication Vector
AuC: Authentication Center
Backward handover: The source RAN node initiates the handover, and
resources are prepared in the target RAN Nodes. Examples of backward
handover concept are reported in TR 25.931.
BTS: Base Transceiver Station
BSC: Base Station Controller
CK: Cipher Key
ENB: Evolving Node B
Forward handover: The UE changes to the target RAN node without any preparation in the network. Examples of this concept are reported in TR 25.931 GERAN: GSN EDGE Radio Access Network consisting of the BTS and BSC GGSN: Gateway GPRS Support Node GPRS: Generalized Packet Radio Services
HA: Home Agent, a router on a mobile node's home network that tunnels packets to the mobile node while it is away from home.
HLR: Home Location Register HO: Handover
HSS; Home Subscription Server
IMS: IP Multimedia Service
IK: Integrity Key
IP: Internet Protocol
IP Sec: Internet Protocol Security
Inter AS MM: Inter Access System Mobility Manager, an entity assisting in mobility across apcess systems L2: Layer 2 L3: Layer 3
LTE: Long, Term Evolution
MIP: Mobile Internet Protocol includes version 4 and version 6
MME: Mobility Management Entity
MSC: Mobile Switching Center
NAI: Network Address Identifier;
Node B: The base station in a UMTS network
PCF: Packet Control Function
PCRF: Policy and Charging Rules Function
PDP: Packet Data Protocol
PDSN: Packet Data Serving Node
prf: pseudo-random function
QoS: Quality of Service
RAT: Radio Access Technology
RfiC: Radio Network Controller RO: Route Optimization (in MIP) RRC: Radio Resource Control SAE: System Architecture Evolution SGSN: Serving GPRS Support Node UE: User Equipment
UMTS: Universal Mobile Telecommunication System UPE: User Plane Entity
User terminal: the end user equipment e.g., the Mobile Station (MS) or User Equipment (UE).
UTRAN: UMTS Terrestrial Radio Access Network consisting of the Node B and the RNC.

W6 Claim:
1. A method of optimizing authentication procedure during inter-access system handovers using target access system specific identities comprising the steps of:
deciding that the UE needs a handover from the serving network to a target network by the User Equipment (UE) or serving network ; initiating the backward handover by sending handover request message to the target network through the serving network by the UE; generating a temporary identity (ID) and providing the UE with the temporary ID during handover preparation phase by the target network; and identifying the UE and doing fast authentication procedure on the basis of the temporary ID during handover by the target network; Wherein the said method helps in secured identification of the UE by the target network and optimizes the authentication procedure by skipping full authentication procedure.
2. A method as claimed in claim 1 wherein the UE initiates the backward handover procedure.
3. A method as claimed in claim 2 wherein the UE sends periodic or event based measurements to the serving access network.
4. A method as claimed in claim 2 wherein if the serving access system finds that UE measurement is below the threshold or serving access system decides by any other mean that serving RAT cannot be continued, then the serving access system can request the UE to start scanning other RATs or alternatively by L2 or by some other means, the UE decides that the serving RAN cannot be continued and starts scanning the other RATs.
5. A method as claimed in claim 2 wherein UE decides the target system based on the measurement report compared with the RAT specific handover criteria and ranking orders configured in the UE.
6. A method as claimed in claim 2 wherein the UE initiates the backward handover procedure by sending handover request message to the target network through the serving network.
7. A method as claimed in claim 2 wherein the serving network checks for the capabilities and authorizes the UE requested handover where the serving network forwards the HO request to the interworking function (IWF).
»
8. A method as claimed in claim 7 wherein the IWF converts the serving access network specific parameters to the target specific parameters and forwards the request to the target network.
9. A method as claimed in claim 2 wherein the IWF lookup the target system parameters in the HO request message and forwards the HO request to the appropriate target access system entity.
10. A method as claimed in claim 2 wherein the target system prepares for the UE handover using the HO request parameters and the target network selects the first AV from the ordered AVs received in the HO request message and derives access system specific keys from the key (CK and IK or KASME) of the selected AV or alternatively, the target system can use the latest/derived CK and IK passed by the serving network to derive the keys.
11. A method as claimed in claim 2 wherein the target system generates the access system specific temporary identity or identities either for NAS or RAN or both for the UE.
12. A method as claimed in claim 2 wherein after successful HO preparation the target system sends HO response message to the IWF where the target system includes the target system related parameters, entity ID and/or IP address, selected security configuration along with the HO response.
13. A method as claimed in claim 2 wherein the target system includes the generated temp identities where the temp identities are protected using the keys generated by the target system.
14. A method as claimed in claim 2 wherein the IWF then converts the parameters according to the serving system specific parameters and forwards the HO response to the serving network and the UE initiate L2 connectivity to the target system.
15. A method as claimed in claim 2 wherein the UE generates the target access system specific keys using parameters included in the HO response and the UE then decrypts the temp IDs issued by the target system .
16. A method as claimed in claim 2 wherein the UE optionally
a. passes the temp ID in the L2 attachment request message, if the UE got RAN specific temp identity;
b. the target network verifies the temp identity of the UE and if they match, then the target system considers the UE as genuine; and
c. the target system sends the L2 attachment response.
17. A method as claimed in claim 2 wherein the said method involves:
a. the UE doing the L2 attachment procedure;
b. during the initial L3 or NAS message, the UE passing the temp identity, if the UE got NAS identity, along with the initial L3 or NAS request message;
c. the target network verifying the temp identity of the UE and if matches, the target system considers the UE as a genuine; and
d. the target system sending the initial L3 or NAS response message.
18. A method as claimed in claim 1 wherein the serving network initiates the backward handover procedure.
19. A method as claimed in claim 18 wherein UE sends periodic or event based measurements to the serving access network.
20. A method as claimed in claim 18 wherein if the serving access system finds that UE measurement is below the threshold or serving access system decides by any other means that serving RAT cannot be continued, then the serving access system can request the UE to start scanning other RATs or alternatively by L2 or by some other means, the UE decides that the serving RAN cannot be continued and starts scanning the other RATs.
21. A method as claimed in claim 18 wherein the said method involves sending the measurement report of the other RAT to the serving access network.
22. A method as claimed in claim 18 wherein the serving access network decides the target system based on the measurement report compared with the RAT specific handover criteria and ranking orders configured in the serving network.
23. A method as claimed in claim 18 wherein the serving network checks for the capabilities and authorizes the UE requested handover and the serving network initiates the backward handover procedure by sending handover request message to the target network through the IWF.
24. A method as claimed in claim 18 wherein the IWF converts the serving access network specific parameters to the target specific parameters and forwards the request to the target network.
25. A method as claimed in claim 18 wherein the IWF lookup the target system parameters in the HO request message and forwards the HO request to the appropriate target access system entity.
26. A method as claimed in claim 18 wherein the target system then prepares for the UE handover using the HO request parameters whereby the target network selects the first AV from the ordered AVs received in the HO request message and derives access system specific keys from the key (CK and IK or KASME) of the selected AV or alternatively, the target system can use the latest/derived CK and IK passed by the serving network to derive the keys.
27. A method as claimed in claim 18 wherein the target system generate the access system specific temporary identity or identities either for NAS or RAN or both for the UE, whereby the UE can use these identities either for fast authentication procedure or the target system securely verifying the UE during handover or for both.
28. A method as claimed in claim 18 wherein after successful HO preparation the target system sends HO response message to the IWF where the target system includes the target system related parameters like entity ID and/or IP address, selected security configuration along with the HO response.
29. A method as claimed in claim 18 wherein the target system includes the generated temp identities where the temp identities are protected using the keys generated by the target system.
30. A method as claimed in claim 18 wherein the IWF converts the parameters according to the serving system specific parameters and forwards the HO response to the serving network.
31. A method as claimed in claim 18 wherein the serving network sends the HO command to the UE to perform the handover to the target access system and the UE initiates L2 connectivity to the target system.
32. A method as claimed in claim 18 wherein the UE generates target access system specific keys and the UE decrypts the temp IDs issued by the target system.
33. A method as claimed in claim 18 wherein the UE optionally
a. passes the temp ID in the L2 attachment request message, if the UE got RAN specific temp identity;
b. the target network verifying the temp identity of the UE and if they match, then the target system considers the UE as genuine; and
c. the target system sending the L2 attachment response.
34. A method as claimed in claim 18 wherein the said method involves:
a. the UE doing the L2 attachment procedure;
b. then during the initial L3 or NAS message, the UE passing the temp identity, if the UE got NAS identity, along with the initial L3 or NAS request message;
c. the target network verifying the temp identity of the UE and if they match, then the target system considers the UE as a genuine; and
d. the target system sending the initial L3 or NAS response
message.
35. A system for optimizing authentication procedure during inter-access system handovers using target access system specific identities comprising:
the User Equipment (UE) or serving network deciding that the UE needs a
handover from the serving network to a target network;
the UE initiating the backward handover by sending handover request
message to the target network through the serving network;
the target network generating a temporary identity (ID) and providing the UE
with the temporary ID during handover preparation phase; and
the target network identifying the UE on the basis of the temporary ID during
handover;
Wherein the said system helps in secured identification of the UE by the target network and optimizes the authentication procedure by skipping full authentication procedure.
36. A method of optimizing authentication procedure during inter-access system handovers using target access system specific identities substantially described particularly with reference to the accompanying drawings.
37. A system for optimizing authentication procedure during .inter-access system handovers using target access system specific identities substantially described particularly with reference to the accompanying drawings.

Documents:

1804-CHE-2006 CORRESPONDENCE OTHERS 12-06-2013.pdf

1804-CHE-2006 FORM-1 12-06-2013.pdf

1804-CHE-2006 CORRESPONDENCE OTHERS 14-06-2013.pdf

1804-CHE-2006 EXAMINATION REPORT REPLY RECEIVED. 26-04-2013.pdf

1804-CHE-2006 FORM-1 14-06-2013.pdf

1804-CHE-2006 OTHER PATENT DOCUMENT 26-04-2013.pdf

1804-CHE-2006 POWER OF ATTORNEY 12-06-2013.pdf

1804-CHE-2006 POWER OF ATTORNEY 14-06-2013.pdf

1804-CHE-2006 POWER OF ATTORNEY 26-04-2013.pdf

1804-CHE-2006 AMENDED CLAIMS 26-04-2013.pdf

1804-CHE-2006 AMENDED CLAIMS 31-05-2013.pdf

1804-CHE-2006 AMENDED PAGE OF SPECIFICATION 31-05-2013.pdf

1804-CHE-2006 AMENDED PAGES OF SPECIFICATION 26-04-2013.pdf

1804-CHE-2006 EXAMINATION REPORT REPLY RECEIVED 31-05-2013.pdf

1804-CHE-2006 FORM-1 26-04-2013.pdf

1804-CHE-2006 FORM-13 26-04-2013.pdf

1804-CHE-2006 FORM-5 26-04-2013.pdf

1804-CHE-2006 POWER OF ATTORNEY 31-05-2013.pdf

1804-CHE-2006 ABSTRACT.pdf

1804-CHE-2006 CLAIMS.pdf

1804-CHE-2006 CORRESPONDENCE OTHERS.pdf

1804-CHE-2006 DESCRIPTION (COMPLETE).pdf

1804-CHE-2006 FORM 18.pdf

1804-CHE-2006 FORM 5.pdf

1804-che-2006-correspondnece-others.pdf

1804-che-2006-description(provisional).pdf

1804-che-2006-drawings.pdf

1804-che-2006-form 1.pdf

« Previous Patent

Next Patent »

Patent Number

256453

Indian Patent Application Number

1804/CHE/2006

PG Journal Number

25/2013

Publication Date

21-Jun-2013

Grant Date

18-Jun-2013

Date of Filing

28-Sep-2006

Name of Patentee

SAMSUNG INDIA SOFTWARE OPERATIONS PRIVATE LIMITED

Applicant Address

BAGMANE LAKEVIEW, BLOCK 'B', NO. 66/1, BAGMANE TECH PARK, C V RAMAN NAGAR, BYRASANDRA, BANGALORE - 560 093.

Inventors:

#	Inventor's Name	Inventor's Address
1	RAJAVELSAMY R	EMPLOYED AT SAMSUNG INDIA SOFTWARE OPERATIONS PRIVATE LIMITED., HAVING OFFICE AT, BAGMANE LAKEVIEW, BLOCK 'B', NO. 66/1, BAGMANE TECH PARK C V RAMAN NAGAR, BYRASANDRA, BANGALORE - 560093, KARNATAKA, INDIA.
2	SUNGHO CHOI	EMPLOYED AT SAMSUNG INDIA SOFTWARE OPERATIONS PRIVATE LIMITED., HAVING OFFICE AT, BAGMANE LAKEVIEW, BLOCK 'B', NO. 66/1, BAGMANE TECH PARK C V RAMAN NAGAR, BYRASANDRA, BANGALORE - 560093, KARNATAKA, INDIA.
3	OSOK SONG	EMPLOYED AT SAMSUNG INDIA SOFTWARE OPERATIONS PRIVATE LIMITED., HAVING OFFICE AT, BAGMANE LAKEVIEW, BLOCK 'B', NO. 66/1, BAGMANE TECH PARK C V RAMAN NAGAR, BYRASANDRA, BANGALORE - 560093, KARNATAKA, INDIA.

PCT International Classification Number

H04L9/00

PCT International Application Number

N/A

PCT International Filing date

PCT Conventions:

#	PCT Application Number	Date of Convention	Priority Country
1			NA