摘要 |
A method is provided for using a service of a mobile packet core network in a communication system comprising a mobile device, a node, a mobile packet core network and a wireless radio access network. The mobile device accesses the mobile packet core network via the wireless radio access network. During setup of a connection of the mobile device to the wireless radio access network, the mobile device determines whether the wireless radio access network is trustworthy. If it is not trustworthy, the mobile device establishes a secure tunnel connection to the node of the communication system for triggering usage of the service of communication system by an authentication entity. The secure tunnel connection is established by using a token stored within the mobile device and received by the node. The token comprises at least a certificate for authentication to the authentication entity and is generated using general security mechanisms (e.g., TPM and/or MD5). |
主权项 |
1. A method for using a service of a mobile packet core network in a communication system comprising a mobile device (UE), a node (VPN concentrator, ePDG, TTG), a mobile packet core network and a wireless radio access network (Wi-Fi), the method comprising:
accessing the mobile packet core network via the wireless radio access network (Wi-Fi); during a setup of a connection of the mobile device (UE) to the wireless radio access network (Wi-Fi), determining whether the wireless radio access network (Wi-Fi) is a trustworthy wireless radio access network (Wi-Fi); and at least if the wireless radio access network (Wi-Fi) is not trustworthy, establishing a secure tunnel connection to the node (VPN concentrator, ePDG, TTG) of the communication system for triggering a usage of a service of the mobile packet core network by an authentication entity (AAA), wherein the secure tunnel connection is established by using a token stored within the mobile device (UE) and received from the mobile device (UE) by the node (VPN concentrator, ePDG, TTG), whereby the token comprises at least a certificate for authentication to the authentication entity (AAA), a MSISDN (MSISDN: Mobile Subscriber Integrated Services Digital Network) respectively a virtual MSISDN (vMSISDN) and/or an IMSI (IMSI: International Mobile Subscriber Identity) respectively a virtual IMSI (vIMSI) allocated to the user of the mobile device (UE) and whereby the token is generated by the node (VPN concentrator, ePDG, TTG) using general security mechanisms, in particular TPM (TPM: Trusted Platform Module) or MD5 (MD5: Message-Digest Algorithm 5). |