PCT
`
`WORLD INTELLECTUAL PROPERTY ORGANIZATION
`International Bureau
`
`
`
`INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT)
`(51) International Patent Classification © :
`(11) International Publication Number:
`WO 98/28929
`H04Q 7/20
`.
`«gs
`(43) International Publication Date:
`
`2 July 1998 (02.07.98)
`
`
`
`(22) International Filing Date:
`
`2 December 1997 (02.12.97)
`
`station finds that the response and a value earlier stored in memory are identical, a subscriber connection will be formed.
`
`(21) International Application Number: PCT/FI97/00746|(81) Designated States: AL, AM, AT, AU, AZ, BA, BB, BG, BR,
`BY, CA, CH, CN, CU, CZ, DE, DK, EE, ES, FI, GB, GE,
`GH, HU,ID, IL, IS, JP, KE, KG, KP, KR, KZ, LC, LK,
`LR, LS, LT, LU, LV, MD, MG, MK, MN, MW, Mx, NO,
`NZ, PL, PT, RO, RU, SD, SE, SG,SI, SK, SL, TJ, TM, TR,
`TT, UA, UG, US, UZ, VN, YU, ZW, ARIPO patent (GH,
`KE, LS, MW,SD, SZ, UG, ZW), Eurasian patent (AM, AZ,
`BY, KG, KZ, MD, RU, TJ, TM), European patent (AT, BE,
`CH, DE, DK, ES, FI, FR, GB, GR, IE, IT, LU, MC, NL,
`PT, SE), OAPI patent (BF, BJ, CF, CG, CI, CM, GA, GN,
`ML, MR, NE, SN, TD, TG).
`
`(30) Priority Data:
`964876
`
`5 December 1996 (05.12.96)
`
`FI
`
`(71) Applicant (for all designated States except US): NOKIA
`TELECOMMUNICATIONS OY [FIV/FI]; Keilalahdentie 4,
`FIN-02150 Espoo (FI).
`
`(72) Inventor; and
`(75) Inventor/Applicant (for US only): HOKKANEN,Petri [FI/FI];
`Koivumutka 21, FIN—40270 Palokka (FI).
`
`(74) Agent: PATENT AGENCY COMPATENT LTD.; Teollisu-
`uskatu 33, P.O. Box 156, FIN-00511 Helsinki (FI).
`
`Published
`With international search report.
`Before the expiration of the time limit for amending the
`claims and to be republished in the event of the receipt of
`amendments.
`In English translation(filed in Finnish).
`
`(54) Title: USE OF A MOBILE STATION AS A CORDLESS TELEPHONE
`
`MS
`\
`
`algorithm X
`algorithm Y
`
`SUBSCRIBER
`LINE
`
`STORING
`- SRES
`-Ke
`- IMSI/TMS!
`- RAND
`
`(57) Abstract
`
`Turning of a cellular network phone (MS) into a cordless phone begins by placing the phone in a charging device located in a home
`base station (HBS) and containing special communication pins through which the phone andthe base station may exchange authentication
`information while the phone is in the charger. When there is a wireline connection between the home base station and the phone, any
`party may generate the authentication and ciphering information provided that the information is agreed upon in advance. According to a
`preferable embodiment, the parameters (RAND, SRES, Kc) used for authentication are generated by the mobile station and the parameters
`are transmitted through a fixed connection to the home base station which stores them. When the phone is removed from the home base
`station and a call is formed, the base station sends an inquiry (RAND)to which the mobile station gives a response (SRES)andif the home
`
`Page | of 24
`
`SAMSUNG EXHIBIT 1005
`
`SAMSUNG EXHIBIT 1005
`
`Page 1 of 24
`
`

`

`Zimbabwe
`
`Albania
`Armenia
`Austria
`Australia
`Azerbaijan
`Bosnia and Herzegovina
`Barbados
`Belgium
`Burkina Faso
`Bulgaria
`Benin
`Brazil
`Belarus
`Canada
`Central African Republic
`Congo
`Switzerland
`Céte d'Ivoire
`Cameroon
`China
`Cuba
`Czech Republic
`Germany
`Denmark
`Estonia
`
`SI
`SK
`SN
`SZ
`TD
`TG
`TJ
`
`™T
`
`R
`TT
`UA
`UG
`US
`UZ
`VN
`YU
`Zw
`
`FOR THE PURPOSES OF INFORMATION ONLY
`
`Codes used to identify States party to the PCT on the front pages of pamphlets publishing international applications under the PCT.
`
`Slovenia
`Slovakia
`Senegal
`Swaziland
`Chad
`Togo
`Tajikistan
`Turkmenistan
`Turkey
`Trinidad and Tobago
`Ukraine
`Uganda
`United States of America
`Uzbekistan
`Viet Nam
`Yugoslavia
`
`ES
`FI
`FR
`GA
`GB
`GE
`GH
`GN
`GR
`HU
`TE
`IL
`IS
`IT
`JP
`KE
`KG
`KP
`
`KR
`KZ
`LC
`LI
`LK
`LR
`
`Spain
`Finland
`France
`Gabon
`United Kingdom
`Georgia
`Ghana
`Guinea
`Greece
`Hungary
`Treland
`Tsrael
`Iceland
`Italy
`Japan
`Kenya
`Kyrgyzstan
`Democratic People’s
`Republic of Korea
`Republic of Korea
`Kazakstan
`Saint Lucia
`Liechtenstein
`Sri Lanka
`Liberia
`
`LS
`LT
`LU
`LV
`MC
`MD
`MG
`MK
`
`ML
`MN
`MR
`MW
`MX
`NE
`NL
`NO
`NZ
`PL
`PT
`RO
`RU
`SD
`SE
`SG
`
`Lesotho
`Lithuania
`Luxembourg
`Latvia
`Monaco
`Republic of Moldova
`Madagascar
`The former Yugoslav
`Republic of Macedonia
`Mali
`Mongolia
`Mauritania
`Malawi
`Mexico
`Niger
`Netherlands
`Norway
`New Zealand
`Poland
`Portugal
`Romania
`Russian Federation
`Sudan
`Sweden
`Singapore
`
`Page 2 of 24
`
`Page 2 of 24
`
`

`

`WO 98/28929
`
`PCT/FI97/00746
`
`USE OF A MOBILE STATION AS A CORDLESS
`
`TELEPHONE
`
`Field of the invention
`This invention concernsa cellular system comprising base stations
`and mobile stations with an interface in between whichis a radio interface.
`
`Backgroundof the invention
`In a fixed wireline network the calling subscriber knows the
`groundsfor charging of the call even whendialling the numberof subscriber
`B, because debiting will depend on whetherthe call
`is a local call, a long
`distance call, a mobile call or a call to a foreign country. The terminal equip-
`ment used by subscriber A also affects debiting, since mobile originated calls
`are more expensive thancalls originated from a fixed network, irrespectively
`of the target terminal equipment. This can be seen as the price which the
`subscriberwill have to pay for his great freedom of movement.
`The ordinary home user has long been offered cordless phones
`providing a limited mobility. The arrangement comprises a basestation at the
`subscriber line end which converts the audio signal arriving from the fixed
`networkinto a radio signal and transmits it further to the cordless phone. The
`most usual modulation used so far is FM modulation. The major drawback of
`this kind of modulation is thattraffic in the radio path belistenedto illegally
`by any FM receiver tuned to a suitable frequency. An essential improvement
`on this is to use digital modulation and transfer of speech ciphered over the
`radio path. A suitable and already standardized digital system is the DECT
`system (Digital European Cordless Telecommunications), and cordless
`phones complying with the specification of this system and intended for
`homeusersarein fact already available.
`A great disadvantage of the cordless phoneis the limitation of the
`allowed mobility to a radius of 50-100 m from the base station , but an ad-
`vantage is the cheaperprices of the fixed network compared with e.g. the
`mobile network. Another great disadvantage is low security especially when
`using the traditional analog system.
`The grounds for charging of the call used in a fixed network may
`not be used as such in mobile networks allowing great mobility due to the
`network structure and mannerof operation. In the following the structure and
`operation of the mobile network will be explained using the known GSM
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`Page 3 of 24
`
`Page 3 of 24
`
`

`

`WO 98/28929
`
`PCT/FI97/00746
`
`mobile network shown in Figure 1 as an example. Communication between
`the MS (Mobile Station) in a cell and the network takes place through the
`radio via the base station BTS (Base Transceiver Station). Base stations
`BTS are connected to the BSC (Base Station Controller), with e.g. radio
`channel management and channel exchange functions as its duties. Several
`base station controllers are connected to one MSC (Mobile Switching Cen-
`ter) performing the major switching functions of the mobile network and con-
`necting the mobile network with other mobile switching centers and with
`external networks.
`
`The mobile network also comprises various databases, such as an
`HLR (Home Location Register), where subscriber information is stored per-
`manently. The subscriber's MSISDN number, the IMSI (International Mobile
`Subscriber Identity) used within the network and subscriber service informa-
`tion are stored in the home location register as well as routing information to
`the VLR (Visitor Location Register). The AuC (Authentication Center) is also
`located in connection with the home location register. Subscriber information
`received from HLRis stored in VLRfor the time it takes for the visitor to stay
`in the VLR area.
`
`When doing location updating for the first time, the network will
`check whether the user has right to access to the network. The purposeof
`the security functions of the GSM system is to prevent unauthorized access
`to the network, thus preventing anyone from using the network for somebody
`else's account and to protect the user's privacy. Unauthorized access is
`prevented through authentication, where the useris identified to make sure
`that the subscriberis entitled to use the network. In fact, the MS is formed of
`two parts: the ME (Mobile Equipment) and the SiMcard (Subscriber Identity
`Module), so an operating mobile station MS is formed only by pushing the
`SIM card into the mobile equipment ME. Theidentification by having the user
`push his SIM card into his mobile station MS is intended to prevent unau-
`thorized use of e.g. stolen equipment and to make sure that only those sub-
`scribers use the network whopaytheir bills. From the operator's point of
`view,
`identification is especially important particularly in connection with
`international roaming, since the network does not know the visitor's sub-
`scriber information and is thus unawareof any insolvency.
`Firstly, the user identifier or PIN code (Personal Identity Number)
`given by the user himself and stored on the SIM card is usedin identification.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`Page 4 of 24
`
`Page 4 of 24
`
`

`

`WO 98/28929
`
`PCT/FI97/00746
`
`In the first stage, when electric poweris turned on to the phone, the phone
`will ask the user to push a code of 4-8 digits and will compare the entered
`code with a code stored in the memory.If the code is incorrect after three
`attempts, the card will go into a locked state and it can not be opened with-
`out special measures. This identification is done entirely locally by the SIM
`card, so no PIN codeis transmitted by radio and the code can thus not be
`captured.
`
`Secondly, after the correct PIN code has been entered, the mobile
`station will transmit its IMSI number to the network or,
`if possible, a TMS!
`(Temporary Mobile Subscriber Identity), whereupon authentication between
`network and card will take place, which will be explained by referring to Fig-
`ures 1 and 2.
`The principle is such that the network will put a question to the
`mobile station to which only the right SIM card will know the answer. In the
`fixed part of
`the network,
`identification
`is performed by the AuC
`(Authentication Center) located in connection with the home location register
`HLR while the SIM card performs identification in the terminal equipment.
`Identification is based on identification algorithm A3 and on subscriber-based
`identification key K,. The IMSI (International Mobile Subscriber Identity), the
`subscriber-specific key K; and the identification algorithm A3 mentioned
`above are stored both in the network and in the SIM card.
`Figures 1 and 2 are referred to in the following. In the early part of
`identification, the authentication center AuC will send a question to the mo-
`bile station, which is a random number RAND having a length of 128 bits.
`Thus,its value is in a range of 2'-1, so there is a very small chancethat the
`same random number could be used twice. This stage is represented in
`Figure 1 by circled figure one and in Figure 2 by an arrow passing through
`the radio interface. The mobile station receives RAND, transfersit to the SIM
`card, which performs the A3 algorithm with its aid and with the aid of the
`subscriber-specific key K; located in the card. The resulting answeris a 32-bit
`SRES (Signed Response) which the mobile station sends to the network.
`Authentication center AuC receivesit, the circled figure two in Figure 1, and
`compares the SRES value with the value whichit has calculated itself using
`the same A3 algorithm as well as RAND and key K,.
`If the SRESs are the
`same, the identification is accepted, otherwise the subscriber will not be
`permitted access to the network (the yes/no stage in Figure 2).
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`Page 5 of 24
`
`Page 5 of 24
`
`

`

`WO 98/28929
`
`PCT/FI97/00746
`
`Figure 3 illustrates how the mobile station uses received RAND
`and K, values also for the A8 algorithm, which produces a connection-
`specific ciphering key Kc, which is used further as a key for a third algorithm
`AS, whichis used for ciphering speech and data on radiotraffic channels. In
`the network the AuC performs the samealgorithm with the same values and
`thus obtains the sameciphering key as result. Both store the key in memory.
`Since the identification information is always calculated in the
`home network, operators may use different A3 and A8 algorithms and they
`will not know whatalgorithms the other uses. On the other hand, the speech
`ciphering algorithm A5 must be the samein all networks.
`Thus,of all the information contained in the SIM card, the IMSI, K;
`and algorithms A3 and A8 are importantto identification. Algorithms A3 and
`A8 are performed in the SIM card so that key K, need never be transmitted
`betweenthe card and the mobile equipment ME proper.
`As wassaid above, calculation of the identification data always
`takes place in the AuC of the subscriber's home network. This being the
`case, when the subscriber is in another network identification would immod-
`erately load the signal network between VLR and AuC. To avoid this, AuC
`generally sends readytriplets to the visitor location register VLR while the
`visitor is registering into this. The triplet contains the RAND, SRES and Kc.
`Hereby, the visitor location register will check whether the mobile station has
`calculated correct values, so that signalling to the AuC may be reduced.
`It is realized from the above presentation that in terms of security
`the digital cellular system is very advanced as regards unauthorized use and
`speech ciphering. Since all cells are of equal value for the mobile network,
`no other groundsfor calculation of the price of calls can be offered than e.g.
`flexing based on the hours of the day and night and cheaper than normal
`prices between mobile station and home phone. No special charging
`grounds can beoffered for a call originated from or terminated in a certain
`cell. These factors reduce the use of the mobile phone as a home phone.
`It has been suggested in the field to arrange at homeor in any
`other place desired by the subscriber a special HBS (Home Base Station)
`which can be connected to an ordinary telephone connection and which is as
`simple a device as possible serving only oneorjust a few users registered
`with the base station, who use a normal phonein a cellular network. As re-
`gardsits functions the home base station would thus correspond to present
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`Page 6 of 24
`
`Page 6 of 24
`
`

`

`WO 98/28929
`
`PCT/FI97/00746
`
`it performs a conversion between
`base stations for cordless phones, that is,
`the wireline network and the radio interface. Even if the base station would
`be in the nature of a "stripped" base station in a cellular network, it would be
`necessary in one way or another to authenticate a cellular network phone
`desiring access to the network through the base station. The phone doesin
`fact always work in the same mannerin authentication and expects to re-
`ceive a RANDinquiry from the network. At least two ways have beenpro-
`posed.
`
`Firstly, a modem connection could be arranged from the home
`base station to the authentication center AuC of the cellular network,
`whereby parameters to be exchanged in authentication are transferred
`through this connection and authentication proper would take place in a
`normal manner as shown in Figure 2. Since signalling would pass through
`another network than the network of the cellular network operator, an
`agreement on the matter must be made with the operatorin question.
`Secondly, a card reader could be located in the home basestation
`and a special card could be used containing data relating to this base station
`and user. Hereby authentication would be performed between card and base
`station, so the user would activate the base station with his card.
`Drawbacks of these proposed proceduresare difficult modem sig-
`nalling over a fixed network (e.g. PSTN) and acquisition of extra cards and
`readers as well as the making of related software.
`The present invention thus aims at bringing about a cordlesstele-
`phone system whichis based on a cellular network and which does not have
`the presented drawbacks and wherein standard terminal equipment of the
`cellular network may be used at home as cordless phones without any spe-
`cial steps required of the user, which thus allows cheapercalls.
`The objectives are achieved with the attributes presented in the in-
`dependentclaims.
`
`Brief summary ofthe invention
`The proposed homebasestation which is connected to an ordi-
`nary telephone connection contains in the manner of a base station for
`knowncordless phones a charging device where the phone can be charged.
`Besides the pins supplying the charging current,
`it has special communi-
`cation pins through which the phone and the base station can exchange
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`Page 7 of 24
`
`Page 7 of 24
`
`

`

`WO 98/28929
`
`PCT/FI97/00746
`
`authentication information while the phoneis in the charger. The turning of
`the cellular network phoneinto a cordless phone thus begins by placing the
`phonein the charger.
`In authentication all information transfer takes place only between
`base station and phone while the authentication center AuC of the cellular
`network is entirely outside. Hereby, since there is a wireline connection be-
`tween the homebasestation and the phone,it does not matter whichparty's
`authentication meanswill generate the authentication and ciphering data as
`long as these are agreed upon in advance. Even the algorithms need not be
`such which are usedin the cellular system. It is enough to agree in advance
`that when one party sendsa certain inquiry, the other party will respond with
`a certain answer, whereupon both will use an agreed ciphering key in the
`radio traffic. The authentication is invisible to the user.
`According to an advantageous embodiment, the parameters used
`in authentication are generated by first means located in the mobile station
`and the parameters are transferred through a fixed connection to second
`meanswhichare located in the homebasestation and whichwill store them.
`This makes the basestation simpler.
`In addition,
`it is advantageous to use
`the sameinquiries, responses, algorithms and ciphering keys as in the cel-
`lular system with which the phone in question complies. Hereby any software
`changesto be madein the phonewill be minor changes.
`According to another embodiment, the parameters used in authen-
`tication are generated by second meansin the base station and the pa-
`rameters are transferred through a fixed connection to such first means in
`the mobile station which will store them.
`It is advantageous whenplacing the phonein the charger that de-
`registration of the phone from the cellular network will start at the sametime.
`Hereby anytransfer of a call to the home phonewill work normally, should
`the mobile station not answer. Information from the cellular network time may
`be left in the phone memory, wherebyit may be put into use when the phone
`moves over to the cellular network. Such putting into use may take place
`automatically, when the phone moves outside the range of the home base
`station.
`
`When the mobile station has turned into a cordless phone,
`authentication is performed in the beginning of the call formation using pa-
`rameters which have been calculated in advance and stored in the memory.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`Page 8 of 24
`
`Page 8 of 24
`
`

`

`WO 98/28929
`
`PCT/FI97/00746
`
`List of figures
`The invention will be explained in greater detail referring to the ap-
`pended schematic figures, wherein
`
`showsthe principle of a cellular system;
`Figure 1
`Figure 2 showsauthentication in a knowncellular system;
`Figure 3 showsformation of a ciphering key in a known system;
`Figure 4 showsthe principle of a system according to the invention;
`Figure 5
`illustrates registration in a system according to the invention:
`Figure 6 illustrates authentication in a system according to the invention;
`Figure 7 depicts another embodiment; and
`Figure 8 showsauthentication in the other embodiment.
`
`Detailed description of the invention
`Figure 4 shows basic elements of the system. A subscriberline 1
`comesto the subscriber's home, office or any other such place from the local
`exchange of a fixed PSTN or ISDN network 3. Subscriberline 1 is connected
`to a HBS (HomeBaseStation), which will convert speech and data arriving
`from the subscriber line into the format of the air interface of the cellular
`system and will send it further to radio communication and will correspond-
`ingly convert speech and data arriving in cellular system form from radio
`communication into the form used in the fixed network,
`in the case of a
`PSTN networkinto an audio signal and in the case of an ISDN networkinto a
`PCM signal. The transmission power is low to minimize the interference
`caused by frequencies used in the home basestation, so the cell radius is of
`the same magnitude as with cordless phones, a few hundred meters in free
`
`space.
`
`On the other hand, basic elements comprise a mobile station MS
`whichis a device in accordance with some digital cellular system. The known
`GSM system is used as example.
`When moving within the area of the cellular system, the mobile
`station is in connection with the base station providing the best connection at
`each time and it will traffic in a normal manner in the cellular network. When
`the user movesin the cellular network from place A to his home in place B,
`which move is shown by an arrow, the mobile station MS will still remain
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`Page 9 of 24
`
`Page 9 of 24
`
`

`

`WO 98/28929
`
`PCT/FI97/00746
`
`registered with the cellular network. Only when the user connects his phone
`with a wireline connection directly to the home base station, arrow A -> C,
`will deregistration of the phone from the cellular network take place. The
`charging station for phone batteries in the home basestation, represented by
`a depression in home base station HBS, may contain, besides charging
`current pins, one or more contact pins, whereby whenthe phoneis placed in
`the charging station the contact pin will be brought into contact with a corre-
`sponding pin in the phone, which will start both deregistration of the phone
`from the cellular network and registration with the homebasestation.
`According to a first embodiment, all calculation relating to authenti-
`cation is performed in mobile station MS. This embodimentwill be explained
`referring to Figure 5.
`Registration with the home basestation takes place so that the
`subscriber equipment ME generates a random number RAND, whichit feeds
`to the SIM card. The SIM card calculates an algorithm X using the random
`number and key K, obtaining SRES as result. Using the same values but
`algorithm Y the SIM card performs algorithm Y obtaining a connection-
`specific ciphering key Ke as result. These algorithms may be the same as
`those used in the cellular system, that is,
`in case of a GSM system algo-
`rithms A3 and A8, but they may as well be any algorithms. The SIM card will
`also give the IMSI (International Mobile Subscriber Identity) or the TMSI
`(Temporary Mobile Subscriber Identity), which may be any accepted value.
`In its main features the function correspondsto the left side of Figures 2 and
`3, except that ME instead of the authentication center AuC will generate the
`random number RAND.
`
`The SIM card will feed the response SRESwhichit has generated,
`the key Ke and the IMSI/TMSI value to subscriber equipment ME, whichwill
`transmit them along a fixed connection through contacts pins 51, which con-
`nect the mobile station and the home base station HBS, to home basesta-
`tion HBS, which will store the data it received. Registration has now taken
`place and the home base station knows the authentication and ciphering
`parameters which are used. The mobile station MS has turned into a cord-
`less phone, it may be removed from the homebasestation HBS and it may
`start or receive a fixed networkcail. Its phone numberis the number given by
`the fixed network operatorto this subscriber connection.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`Page 10 of 24
`
`Page 10 of 24
`
`

`

`WO 98/28929
`
`PCT/FI97/00746
`
`the first step to perform is
`When starting or receiving a call,
`authentication, which is explained referring to Figure 6. First,
`the mobile
`station MS sends to the home basestation HBS byradioits identifier TMSI,
`which the home basestation uses to search from its memory such values
`received earlier from the mobile station which relate to the identifier. There-
`after the home basestation will authenticate the mobile station by sending to
`it the RAND numberwhichit has retrieved from the memory. Upon receiving
`the RAND,the SIM card will perform algorithm X, obtaining the SRES value
`as result, which the mobile station MS will send to the home basestation.
`The value ought to be the same as the one it has generated earlier in con-
`nection with the registration, so the home basestation will perform validation
`by comparing the received SRES value with the one in its memory.If they
`are identical, the call may be started. For ciphering the information it has
`sent to the mobile station the base station uses ciphering key Ke whichit has
`stored, and the mobile station uses the same key, which it has also stored
`earlier, or then it may recalculate the key using algorithm Y, as shownin the
`figure.
`
`It should be noticed that both the RAND and the SRESvalues may
`be sent even several times over the radio interface, whereby a third party
`may capture them. This is possible also in case of a GSM system. However,
`this is not a problem, because the ciphering key is not transmitted at all by
`radio, but only through the fixed connection when the mobile station is at-
`tached to the home basestation.
`
`Figure 7 shows another embodiment, where the home basestation
`is the active party in authentication.
`Registration with the home base station takes place so that the
`mobile station MS transmits its IMSI (International Mobile SubscriberIdentity)
`or its TMSI (Temporary Mobile Subscriber Identity) to the home base station
`HBS.
`In response to this, the home base station will generate a random
`number RAND andcalculate algorithm X using the random number and key
`K, obtaining the answer SRESasresult. Using the sameinitial values but
`algorithm Y it also performs algorithm Y obtaining a connection-specific ci-
`phering key Kc asresult. These algorithms may be the same as those used
`in the cellular system. All values are stored in the memory.
`Hereafter the home base station feeds its generated inquiry
`RAND, its calculated answer SRES and the key Ke through contact pins 51
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`Page 11 of 24
`
`Page 11 of 24
`
`

`

`WO 98/28929
`
`PCT/F197/00746
`
`to subscriber equipment ME, which will store the information it receives.
`Registration has now taken place and the authentication and ciphering pa-
`rameters to be used are now knownto the mobile station. The mobile station
`MS hasturned into a cordless phone,
`it may be removed from home base
`station HBS andit mayoriginate or receive a fixed network call.
`Whenoriginating or receiving a call, authentication is first per-
`formed andthis is explained referring to Figure 8. The mobile station MSfirst
`sendsbyradio to home basestation HBSits identifier TMSI, which the home
`base station usesforfinding from its memory any values whichrelate to the
`identifier and which have earlier been received from the mobile station.
`Thereafter the home base station authenticates the mobile station by send-
`ing to it the RAND numberwhichit has searched from the memory. Having
`received the RAND,the SIM card will perform algorithm X obtaining as result
`the SRES value, which the mobile station MS will send to the home base
`station. The value ought to be the same as the one whichit generated earlier
`in connection with the registration, so the home basestation performs vali-
`dation by comparing the SRESvalue whichit has received and the onein its
`memory.
`If these are the same, the call may be started. For ciphering the
`information it has sent to the mobile station, the base station uses the ci-
`phering key Ke which it has stored, and the mobile station uses the same
`key, whichit too has stored earlier, or then it may recalculate the key using
`algorithm Y.
`is also possible to act in such a way that the mobile station
`It
`authenticates the base station. Hereby it sends to the base station both the
`IMSI and the RAND, in responseto which the basestation returns the SRES
`number. The mobile station checks to make sure that the number corre-
`spondswith the already stored or recalculated SRESvalue.
`Arranging functions according to the invention in present cellular
`network phoneswill require minor software additions and new algorithms, if
`required,
`in addition to the existing ones, such as A3A8 algorithms. Any
`additions to be made in the homebasestation are minor ones, if the first
`embodiment is implemented. The great advantage is that any cellular net-
`_ work phoneregistered with the home basestation will work as a cordless
`phone.
`In practice, the phone is a dual-mode phone, whereby the same
`phone will work at home as a cordless phoneat cheapercall tariffs and out-
`side the home as a normalcellular network phone.If registration with the
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`Page 12 of 24
`
`Page 12 of 24
`
`

`

`WO 98/28929
`
`PCT/FI97/00746
`
`11
`
`base station takes place automatically, as proposed above, and if registra-
`tion with the cellular network takes place automatically using earlier pa-
`rameters stored in the phone memory, the user to change the mode need
`only connect the phone for a momentto the home base station when coming
`home, to the office or any other such place.
`Whenthe phone registers with the home basestation, one must of
`course makesure that its transmission powerwill fall considerably below the
`minimum transmission power determined for the mobile station in the cellular
`network system so that the range will be reduced to a few hundred metersin
`free space. This must be done because whenoperating as a cordiess phone
`the mobile station will not cause interference in such connections of the
`cellular system which use the samefrequency.
`It could even be possible to program the phonesothat it would be
`able when registered with the homebase station to receive calls both from
`the fixed network side and from the cellular network side, but outgoing calls
`would be directed to the fixed network.
`The proposed arrangement can be implemented in practice in
`many different ways keeping within the scope of the claims. Programs and
`algorithms can be freely chosen as well as the party whowill generate the
`authentication and ciphering information. Registration may preferably be
`started by pushing the phoneinto the charging station, but the base station
`may alternatively have some other place where the phoneis placed while
`registration takes place. Several phones may be registered with the home
`base station. In-house calls between these phones may be implemented by
`suitable softwarein the basestation.
`
`10
`
`15
`
`20
`
`25
`
`Page 13 of 24
`
`Page 13 of 24
`
`

`

`WO98/28929
`
`PCT/FI97/00746
`
`12
`
`Claims
`
`1. Telephone system comprising terminal equipment and a home
`base station connected with a subscriber line to a telephone exchange,
`whereby a part of the subscriber connection is formed by a radio link be-
`tween the terminal equipment and the base station,
`characterized inthat
`
`the terminal equipment is a mobile station of a cellular mobile tele-
`phone system also containing first means for implementing an authentication
`procedure betweenitself and the home basestation (HBS),
`implementing an
`the base station contains second means for
`authentication procedure betweenitself and the mobile station,
`generation and exchange of authentication parameters between
`the mobile station and the home basestation begin at once when the mobile
`station is put into the home base station so that a wireline connection is
`brought about between them, whereby after transmission of authentication
`parameters the mobile station has turned into a cordless phone registered
`with the home basestation.
`
`15
`
`2. System as defined in claim 1,
`characterized in that
`
`the first means compriseafirst algorithm (algorithm X), an identifi-
`20
`cation key (K,) and a random number (RAND) generator,
`the second means comprise a memory,
`after putting the mobile station in the home base station the first
`meanswill generate a random number (RAND), in response to whichthefirst
`algorithm (algorithm X) produces an answer (SRES) using identification key
`(K;) and the mobile station transmits the random number (RAND), the re-
`sponse (SRES)andits identifier (IMSI/TMSI) to the home base station (