+

WO2003001818A2 - Telecommunications systems - Google Patents

Telecommunications systems Download PDF

Info

Publication number
WO2003001818A2
WO2003001818A2 PCT/GB2002/002624 GB0202624W WO03001818A2 WO 2003001818 A2 WO2003001818 A2 WO 2003001818A2 GB 0202624 W GB0202624 W GB 0202624W WO 03001818 A2 WO03001818 A2 WO 03001818A2
Authority
WO
WIPO (PCT)
Prior art keywords
les
location
request
mtl
network
Prior art date
Application number
PCT/GB2002/002624
Other languages
French (fr)
Other versions
WO2003001818A3 (en
Inventor
Leanne Beavis
Paul Strickland
Adrian Razey
Patrick Slaats
Original Assignee
Vodafone Group Plc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vodafone Group Plc filed Critical Vodafone Group Plc
Priority to AU2002345152A priority Critical patent/AU2002345152A1/en
Publication of WO2003001818A2 publication Critical patent/WO2003001818A2/en
Publication of WO2003001818A3 publication Critical patent/WO2003001818A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/02Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
    • H04W8/08Mobility data transfer
    • H04W8/10Mobility data transfer between location register and external networks

Definitions

  • the invention relates to a telecommunication system having a plurality of mobile terminals.
  • the invention also relates to a mobile telecommunications system, comprising a plurality of mobile telephone networks and a plurality of mobile terminals, each mobile terminal being registered with one of the networks ("home network”) and being able to roam to another of the networks (“visited network”).
  • a telecommunication system embodying the invention enables access to or by a user of the system to be controlled and the privacy of the user within the system to be protected.
  • the system may be a mobile telecommunications or telephone system, particularly a system comprising networks operated by different network operators and between which a user may roam.
  • the system as first set forth above is characterised by including authenticating means responsive to a request ("location request") coming from a third party outside the system and relating to the location of a specified one of the mobile te ⁇ ninals for authenticating the allowability of the location request against a plurality of pretermined criteria, and location determining means responsive to receipt of the location request after authentication by the authentication means ("authenticated location request") for initiating determination of the location of the specified mobile terminal, the authentication means and the location determining means being functionally separate within the system.
  • authenticating means responsive to a request (“location request") coming from a third party outside the system and relating to the location of a specified one of the mobile te ⁇ ninals for authenticating the allowability of the location request against a plurality of pretermined criteria
  • location determining means responsive to receipt of the location request after authentication by the authentication means ("authenticated location request") for initiating determination of the location of the specified mobile terminal, the authentication means and the location determining means being functionally separate within the system.
  • the system as second set forth above is characterised by a respective authentication means in each network responsive to a request ("location request") coming from a third party outside the system and relating to the location of a specified one of the mobile terminals registered with that network for authenticating that location request according to predetermined criteria, and location determining means in each network responsive to receipt of an authenticated location request for at least initiating determination of the location of the specified mobile terminal, in which a location request in respect of a specified one of the mobile terminals roaming in a visited network (“visiting mobile terminal”) is sent to the authentication means of the home network of the visiting mobile terminal for authentication there in accordance with the predetermined criteria, and the location determining means in the visited network is responsive to the authenticated location request.
  • location request a request coming from a third party outside the system and relating to the location of a specified one of the mobile terminals registered with that network for authenticating that location request according to predetermined criteria
  • location determining means in each network responsive to receipt of an authenticated location request for at least initiating determination of the location of
  • the system as second set forth above is characterised by a respective authentication means in each network responsive to an authentication request coming from a third party outside the system and relating to a specified one of the mobile terminals registered with that network for authenticating that request according to predetermined criteria, in which an authentication request received by the authentication means of one of the networks with which the mobile terminal is not registered is passed to the authentication means of the network with which the mobile terminal is registered for authentication in accordance with the predetermined criteria, and including means associated with each authentication means for registering the identity or identities of the other authentication means in the system, and in which each authentication means is only responsive to an authentication request received from another authentication means if that other authentication means is registered with it.
  • Figure 1 is a schematic diagram of one of the systems; and Figure 2 is a schematic diagram of another of the systems.
  • the system to be described with reference to Figure 1 comprises a mobile telephone system enabling services to be provided to or in respect of a user in the system in dependence on the physical location of the user.
  • the term "user” normally involves an individual in physical possession of a mobile terminal (a mobile telephone handset) but includes a mobile terminal apparatus mounted in a moving vehicle. Examples of the types of service which could be provided to such a user are as follows:-
  • services specifically requested by the user such as information advising the user of the nearest restaurant, or the nearest restaurant of a particular type, to their present location, the nearest retail outlet of a particular type or belonging to a particular chain of retail outlets, or the nearest cinema showing a particular film;
  • ASP application service provider
  • the user will have registered with a particular ASP for provision of the particular service.
  • a user may have registered with a particular ASP in order to be provided with information informing them of the nearest restaurant of a particular type.
  • the user may activate the service by a specific request to the ASP.
  • the ASP could automatically provide the information to the user each time the user was in the region of a particular restaurant or of a restaurant of a particular type or within a particular group.
  • the user would register with an ASP providing such a service and would provide the ASP with a list of their particular friends, and could then at any time make an active request for the location of the friends on the list.
  • the user would have registered with a particular ASP, asking to be provided with information on discount offers provided by particular types of retail outlet.
  • the ASP might be operated directly by the fleet operator who would be able to initiate requests for the location of the vehicles in the fleet.
  • the ASP In order to perform these services, the ASP requires information concerning the physical location of the relevant user or users. This information is known to and can thus be provided to the ASP by the network operator. However, two important factors, at least, must be taken into account. First, the provision of location information relating to a user involves privacy considerations - the user's location should not be divulged in an uncontrolled manner; and, secondly, the user's location is valuable information and the network operator may wish to levy a charge for its provision. In a manner now to be described, the network incorporates a location enabling server (LES) which controls the provision of user location infonnation.
  • LES location enabling server
  • FIG. 1 shows in diagrammatic form a mobile telephone network 10 in which mobile users MT are located, of which one is shown (MTl).
  • the network is assumed to be of the GSM or 3G type having a home location register HLR, base station controllers (BSCs), of which one is shown by way of example, which are associated with respective cells of the network and transmit information to and receive information from MTs in that cell.
  • BSCs base station controllers
  • the BSCs are arranged in groups each controlled by a respective MSC, the current location of each MTs being stored in the HLR.
  • an application service provider ASP1 can be accessed from the network 10 via the internet through a suitable gateway G/Wl (e.g. a WAP gateway) provided by the network 10.
  • G/Wl e.g. a WAP gateway
  • ASP1 could provide a friends-finding service to which the MTl user has subscribed. If MTl wishes to initiate this service, MTl will access ASP 1 through gateway G/Wl .
  • ASP1 will need to be provided with the physical location of MTl.
  • Network 10 includes a location server LSI which, when activated, accesses the HLR and obtains the necessary information. In a manner now to be described, however, the provision of the location information is controlled by a location enabling server LES1.
  • the ASP In order to be able to request location information of a particular MT, the ASP must clearly be able to identify the MT to the network 10. Such identification could be provided using the telephone number (MSISDN or IMSI) of the MT. However, the network operator 10 may wish to restrict divulgation of the MSISDN to the ASP (because the ASP could use the MSISDN to obtain direct access to the MS). Therefore, if MTl in this example accesses ASP1 via gateway G/Wl, the gateway will convert the user's MSISDN into a "session ID" (SID), which may be an encrypted form of the MSISDN. It will be the SID which will be therefore received by the ASP 1. In this case, the user may be required to log in in a suitable way with ASPl which will thus be able to identify the user - that is, at least sufficiently to identify the user to establish that the user is a subscriber to the friends finding service (in this example).
  • SID session ID
  • the user may access ASPl using the MSISDN.
  • a different gateway such as gateway G/W2 which is not a gateway maintained by the operator of network 10
  • G/W2 will access ASPl using the MSISDN of MTl.
  • ASPl now transmits a request for the location of MTl to network 10. This request is transmitted to LES1.
  • the location request may identify the user by means of the SID (normally if the initial enquiry has been received via G/Wl) or in terms of the user's MSISDN (normally if the initial request has been received by another gateway such as G/W2). In either case, LES1 will be able to identify the user; if the initial request received by ASPl is based on the SID, the user's MSISDN will be known to LES1 because this information will be available within network 10.
  • LES1 now subjects the location request to an analysis and checking process to determine whether to authenticate the request.
  • a location request in principle has a number of key attributes which are used in the processes carried out in LES1, as follows :-
  • the location request in relation to a particular user, the location request is considered to be "active" when it has been initiated by the action of that user - such as when the user requests information on the nearest restaurant or when the user requests the location of the "friends" on their list in a friend-finder service; and is considered to be “passive” when, in relation to that user, the request has been initiated other than by that user - such as by a third party, for example the user is on the "friends" list of the third party who has initiated a friend-finder service, or the request has been initiated as part of a fleet management service.
  • Anonymity the request may be "open” in that it is based on the user's MSISDN (or IMSI) or may be "private” if it is based on a SID.
  • (c) Service the request will be in respect of a particular service provided by a particular ASP and for each such service it may be specified whether for a particular user the request is permitted to be active or passive (or both), and open or private (or both).
  • LESl refers to a table (Table 1, Figure 1) which lists ASPs, which are authorised to make location requests and to receive location information, and the services which they operate. Entries in Table 1 are controlled by the operator of network 10 and subject to commercial agreement between the network operator and each ASP. These agreements will include provisions and safeguards relating to user privacy and confidentiality and also limitations on the use which the ASP may make of the location information. Table 1 not only includes entries in respect of each ASP but may have different entries for different services which may be provided by the ASP, and the entries will identify users for which the ASP may request location information.
  • Table 1 thus carries out an initial level of "filtering" on the location request received from ASPl .
  • LESl responds to the location request from ASPl by checking in Table 1 that ASPl is an authorised ASP and, then, checking that the service in respect of which the location request is made by ASPl is also authorised by means of an entry in Table 1.
  • the entries in Table 1 may indicate whether the service is used in active or passive mode.
  • the second level of filtering is a more detailed privacy check which is carried out on the basis of entries in a privacy table, Table 2.
  • Table 2 has privacy entries (to be explained in more detail below) for each service entry in Table 1.
  • LESl In response to the location request, LESl now checks the appropriate entries in Table 2. Thus, for example, there could be four different sub-sets of entries as follows for each service or ASP for a particular user:
  • the LESl establishes whether, in relation to a particular location request for the location of a particular user in respect of a particular service, the request is to be authenticated and accepted.
  • Authentication of the location request in relation to a particular user by LESl may also be subject to further checks.
  • the user may be able to apply different privacy conditions at different times of day or week.
  • a particular user could ensure that location requests were only accepted during working hours.
  • LESl determines, after carrying out all the necessary checks as outlined above, that the request is authenticated and is to be accepted, it instructs the location server LSI accordingly. LSI then obtains the location information from the network and transmits this information back to ASPl, which can then initiate or provide the requested service.
  • LSI may, however, be subject to overall control by entries, in relation to each of the users, in the HLR. Thus, a particular user could advise the network that no location requests at all were to be accepted (e.g. permanently, or temporarily). Any such settings in the HLR would also be checked by LSI before acceding to the location request.
  • the location enabling server LESl and the location server LSI are functionally separate. In this way, therefore, the location enabling servers can be produced as separate standardised entities and then used within networks having different types of location servers to which the location enabling servers would be inter-connected using appropriate interfaces.
  • FIG. 2 shows the network 10 of Figure in simplified form, which is assumed to be the "home" network of user MTl. As shown in Figure 2, MTl is roaming into a visited network 10A. It will initially be assumed that user MTl wishes to use a service provided by ASPl (which will be assumed to be an ASP registered with network 10, the home network).
  • MTl may access ASPl through the Internet gateway H/G/W of the home network 10 or may set up such access through a different gateway such as gateway V/G/W of the visited network 10A.
  • gateway H/GW the location request received by ASPl will be based on a SID which will be generated by the gateway.
  • the request will be based on the MSISDN.
  • ASPl will know from the SID or MSISDN that the requesting user MTl is registered with network 10, and will therefore generate a location request, for the location of user MTl, which will be passed to the location enabling server H/LES of the home network 10.
  • Table 2 will contain an additional set of entries.
  • the set of entries in Table 2 described above with reference to Figure 1 relates to the case where the ASP (ASPl) is registered with the home network and the user (MTl) is located within the home network.
  • Table 2 would include an additional set of entries relating to the case shown in Figure 2 - where ASPl is registered with the home network 10 and the user MTl is roaming. Therefore, the user could set up particular privacy settings applicable to the case numbering described with reference to Figure 2.
  • H/LES determines, after carrying out all the necessary checks, that the location request can be accepted, the request is passed to the location server LS in the home network. This request will identify the user by their MSISDN. If the location request as issued by ASPl is in terms of a SID, this will be converted into the MSISDN by the H/LES.
  • the location server H/LS will be advised by the network (by the HLR) that the identified user is roaming in a different network, and the response will identify the visitor location register of the network where the user is roaming - this will, of course, be V/VLR in network 10A.
  • the response issued to H/LS may also include the address of the cell where MTl is currently located H/LS will pass this information to H/LES.
  • any user privacy settings held as part of the user's profile in the HLR will also be checked.
  • the settings may indicate that the user has decided to refuse all location requests at that time or has decided to refuse location requests of a type including the current location request. If this is the case, H LS will advise H/LES and H/LES will terminate the location request and inform ASPl accordingly.
  • the H/LES will now pass the location request to the LES (V/LES) in the visited network 10A - that H/LES will be able to identify V/LES as the LES which is to be addressed because the latter' s identity can be derived from the address of the VLR which will be advised to H/LES by H/LS.
  • V/LES LES
  • the location request passed to V LES will include the MSISDN of MTl and the VLR address in network 10A and, where available, the identity of the relevant cell.
  • V/LES in the visited network will not, normally, contain any privacy information relating to user MTl.
  • each LES in the system will store the identities of other LESs which have been pre-approved for location requests.
  • the identities (IP addresses) of "approved" LESs may be stored as part of Table 1 for LES 1, corresponding to Table 1 shown in Figure 1. Therefore, in the present example, V/LES merely has to check that H/LES is included in this list. Because H/LES is on the "approved" list held by V/LES, V/LES can assume that the necessary privacy checks have been carried out.
  • V/LES now passes the location request to the location service V/LS in the visited network 10 A, this request being based on the MSISDN of MTl and will also include the appropriate address in the VLR.
  • the VLR will carry out its own privacy check - to check whether MTl has indicated that no location requests are to be accepted (or that this particular type of location request is not to be accepted). If no such privacy block has been made, the location details are obtained by V/LS and passed back to V/LES and then to H/LES in network 10, via the internet. H/LES associates the response with the original request and the information is then returned to ASPl .
  • the location request is an "active" request - that is, it originated from action by MTl .
  • a "passive" location request is made in respect of user MTl.
  • This location request may originate in a number of ways - for example, it may originate from another MT which wishes to initiate a friend-finding service in respect of its list of friends which includes MTl.
  • ASPl will thus issue a location request in respect of MTl, which will normally be based on a SID for MTl.
  • This request will be sent to the LES in the home network 10 via gateway H/GW.
  • the form of the SID will ensure that the location request is directed to network 10.
  • the SID will be converted into MTl's MSISDN and passed to H/LES
  • the privacy settings for MTl will be checked in H LES in the manner already described. If these settings are such that the location request is prohibited, an appropriate response will be returned to ASPl. If the location request is accepted, however, it will be passed to H/LS. In response to this request, the HLR will advise that MTl is roaming in network 10A and will provide the VLR address of MTl . This information is passed back to the H/LES by H/LS. H/LES now passes on the location request to V/LES in the visited network 10A.
  • the location of MTl is then obtained from the VLR by the VLS (assuming that the privacy settings for MTl in the VLR are not blocking the request), and the location of MTl is then passed back to ASPl via V/LES and H LES.
  • the location request is an active request generated by MTl in respect of a service provided by ASP2.
  • This request will be passed to ASP2 via gateway V/G/W in the visited network or perhaps by gateway H/G/W in the home network.
  • the request may be passed to ASP2 on the basis of a SID which will be generated by the gateway.
  • ASP2 After carrying out its own check in respect of the location request, ASP2 passes the location request to the visited V/LES - because ASP2 is registered with network 10 A. V/LES will check its Table 1 to ensure that ASP2 is properly registered with network 10 A. If the request is based on a SID generated by V/G/W, then V/LES will be able to translate the SID into the MSISDN of user MTl. If the SID is generated by encryption of the user's MSISDN by means of an algorithm known to both H/G/W and V/G/W, then V/LES will be able to translate the SID into the MSISDN of user MTl if the SID has been generated by V/G/W or if it has been generated by H/G/W.
  • H/G/W will not convert the user's MSISDN into a SID.
  • V/LES will know the MSISDN of MTl .
  • V/LES will be aware, from the MSISDN, that MTl is registered with network 10, and will now pass the location request to H/LES in the home network 10. The request will be passed to H LES with additional information, including information identifying ASP2. From its Table 1, H/LES will be able to check the authenticity of V/LES in the visited network 10A. H/LES, the privacy settings in respect of user MTl will be checked in the manner already described. If the settings are such that the location request is to be rejected, an appropriate response will be sent back to V/LES in the visited network 10 A and thence to ASP2.
  • the location request is to be accepted, it will be passed by H LES to H/LS in the home network 10.
  • the HLR will confirm that MTl is roaming in network 10A and will provide the relevant address in the VLR in the visited network 10 A. This information will be passed back to H/LES by H LS.
  • V/LES On receipt of the location request and the associated information from H/LES, V/LES passes the request to V/LS in the visited network which accesses the appropriate address in the VLR. Again, any privacy settings set in the VLR by MTl are checked. If these do not prohibit the location request, the location details of MTl are obtained by V/LS and passed back to V/LES. These location details are then passed by V/LES to H/LES in the home network 10. H LES in the home network now sends the location request back to V/LES in the visited network where it is associated with the original request. The location details are now passed back to ASP2. At this stage, the MSISDN may be translated back to the original SID.
  • ASP2 will thus issue a location request in respect of MTl, which will normally be based on a SID for MTl .
  • This request will be sent to V LES in the visited network 10 because ASP2 is registered with network 10A.
  • V LES will first check that ASP2 is in fact registered with it. It will then decide from the form of the SID that MTl is registered with the home network 10 and will pass the request to H/LES.
  • Gateway H/G/W will convert the SID into MTl's MSISDN. The privacy settings for MTl will be checked in H/LES in the manner already described.
  • V/LES If these settings are such that the location request is prohibited, an appropriate response will be returned to ASP2 via V/LES. If the location request is accepted, however, it will be passed to H/LS. In response to this request, the HLR will advise that MTl is roaming in network 10A and will provide the VLR address of MTl . This information is passed back to the H/LES. H/LES now returns the location request to V/LES in the visited network 10A together with the associated information identifying the relevant VLR address. In the manner already described, the location of MTl is then obtained from the VLR by V/LS (assuming that the privacy settings for MTl in the VLR are not blocking the request), and the location of MTl is then passed back to V/LES. V/LES now passes this information to H/LES which returns it to V/LES so that it can be associated with the original request and V/LES then passes the authenticated request to ASP2.
  • the receiving LES merely has to confirm that the transmitting LES is already registered with it. It can then trust the received information.
  • the system shown in Figure 2 may also be used for carrying out authentication requests not related to the location of the user MTl but instead relating to some non-location based characteristic.
  • ASPl or ASP2 may request information relating to the credit rating of user MTl.
  • the request will initially be passed by ASPl to H/LES or by ASP2 to V/LES.
  • V/LES will identify MTl as being registered with the home network and will pass the request to H LES.
  • H LES will subject the request to the privacy checks described above with reference to Figure 1 and, for example, Table 2 A, using privacy settings applicable to the user in respect of which the authentication request is made and to the other criteria already described.
  • the receiving LES merely has to confirm that the transmitting LES is already registered with it. It can then trust the received information.

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

An application service provider (ASP1) registered with the home network (10) sends a location request relating to the location of the visiting mobile terminal (MT1) to a location enabling server (H/LES) in the home network (10). Here, the authenticity of the ASP is checked. Then the allowability of the location request is checked by the location enabling server (H/LES) against a plurality of predetermined criteria including privacy setting settable by or in respect of the particular mobile terminal (MT1). If the criteria are satisfied, the authenticated location request is passed to a location server (H/LS) in the home network (10) which determines the network (10A) in which the terminal is roaming and the corresponding address in the VLR in that network (10A). The authenticated location request, with the VRL address, is then passed to the location enabling server (V/LES) in the visited network (10A) and thence to the location server (V/LS) in that network which obtains the location of the terminal. This is then returned to the application service provider (ASP1).

Description

TELECOMMUNICATIONS SYSTEMS
Technical Field
The invention relates to a telecommunication system having a plurality of mobile terminals. The invention also relates to a mobile telecommunications system, comprising a plurality of mobile telephone networks and a plurality of mobile terminals, each mobile terminal being registered with one of the networks ("home network") and being able to roam to another of the networks ("visited network").
Summary of the Invention
A telecommunication system embodying the invention, and to be described in more detail below by way of example only, enables access to or by a user of the system to be controlled and the privacy of the user within the system to be protected. The system may be a mobile telecommunications or telephone system, particularly a system comprising networks operated by different network operators and between which a user may roam.
According to the invention, the system as first set forth above is characterised by including authenticating means responsive to a request ("location request") coming from a third party outside the system and relating to the location of a specified one of the mobile teπninals for authenticating the allowability of the location request against a plurality of pretermined criteria, and location determining means responsive to receipt of the location request after authentication by the authentication means ("authenticated location request") for initiating determination of the location of the specified mobile terminal, the authentication means and the location determining means being functionally separate within the system.
According to another aspect of the invention, the system as second set forth above is characterised by a respective authentication means in each network responsive to a request ("location request") coming from a third party outside the system and relating to the location of a specified one of the mobile terminals registered with that network for authenticating that location request according to predetermined criteria, and location determining means in each network responsive to receipt of an authenticated location request for at least initiating determination of the location of the specified mobile terminal, in which a location request in respect of a specified one of the mobile terminals roaming in a visited network ("visiting mobile terminal") is sent to the authentication means of the home network of the visiting mobile terminal for authentication there in accordance with the predetermined criteria, and the location determining means in the visited network is responsive to the authenticated location request.
According to a further aspect of the invention, the system as second set forth above is characterised by a respective authentication means in each network responsive to an authentication request coming from a third party outside the system and relating to a specified one of the mobile terminals registered with that network for authenticating that request according to predetermined criteria, in which an authentication request received by the authentication means of one of the networks with which the mobile terminal is not registered is passed to the authentication means of the network with which the mobile terminal is registered for authentication in accordance with the predetermined criteria, and including means associated with each authentication means for registering the identity or identities of the other authentication means in the system, and in which each authentication means is only responsive to an authentication request received from another authentication means if that other authentication means is registered with it.
Brief Description of the Drawings
A mobile telecommunications or telephone system embodying the invention, will now be described, by way of example only, with reference to the accompanying diagrammatic drawings, in which:
Figure 1 is a schematic diagram of one of the systems; and Figure 2 is a schematic diagram of another of the systems.
Modes of Carrying Out the Invention
The system to be described with reference to Figure 1 comprises a mobile telephone system enabling services to be provided to or in respect of a user in the system in dependence on the physical location of the user. The term "user" normally involves an individual in physical possession of a mobile terminal (a mobile telephone handset) but includes a mobile terminal apparatus mounted in a moving vehicle. Examples of the types of service which could be provided to such a user are as follows:-
(a) services specifically requested by the user, such as information advising the user of the nearest restaurant, or the nearest restaurant of a particular type, to their present location, the nearest retail outlet of a particular type or belonging to a particular chain of retail outlets, or the nearest cinema showing a particular film;
(b) services again requested specifically by a user but involving other users in the system, such as the provision of information to the user advising whether one or more pre-identified friends is nearby ("friend-finding service" in which the user has identified a group of "friends", the locations of which the user may request by means of this service);
(c) services not actively requested by a user but permitted by them, such as where the user is on the "friends" list of, and their location is being requested by, another user; or where a user has asked to be provided with commercial or marketing information according to their location - such as the provision of discounts on merchandise of a particular type which is available at a retail outlet close to their current location; (d) vehicle fleet management, where the operator of a fleet of vehicles each of which carries a mobile terminal may use the system to find a physical location of each vehicle.
These services will normally be provided by an application service provider (ASP) which may communicate with the mobile telephone system and with the user via the Internet.
In most cases, the user will have registered with a particular ASP for provision of the particular service. For example, a user may have registered with a particular ASP in order to be provided with information informing them of the nearest restaurant of a particular type. In such a case, the user may activate the service by a specific request to the ASP.
Instead, for example, the ASP could automatically provide the information to the user each time the user was in the region of a particular restaurant or of a restaurant of a particular type or within a particular group. Similarly, in the case of a friend-finding service the user would register with an ASP providing such a service and would provide the ASP with a list of their particular friends, and could then at any time make an active request for the location of the friends on the list. In another example, the user would have registered with a particular ASP, asking to be provided with information on discount offers provided by particular types of retail outlet.
In the case of a fleet management service, the ASP might be operated directly by the fleet operator who would be able to initiate requests for the location of the vehicles in the fleet.
In order to perform these services, the ASP requires information concerning the physical location of the relevant user or users. This information is known to and can thus be provided to the ASP by the network operator. However, two important factors, at least, must be taken into account. First, the provision of location information relating to a user involves privacy considerations - the user's location should not be divulged in an uncontrolled manner; and, secondly, the user's location is valuable information and the network operator may wish to levy a charge for its provision. In a manner now to be described, the network incorporates a location enabling server (LES) which controls the provision of user location infonnation.
Figure 1 shows in diagrammatic form a mobile telephone network 10 in which mobile users MT are located, of which one is shown (MTl). The network is assumed to be of the GSM or 3G type having a home location register HLR, base station controllers (BSCs), of which one is shown by way of example, which are associated with respective cells of the network and transmit information to and receive information from MTs in that cell. The BSCs, are arranged in groups each controlled by a respective MSC, the current location of each MTs being stored in the HLR.
As shown in Figure 1, an application service provider ASP1 can be accessed from the network 10 via the internet through a suitable gateway G/Wl (e.g. a WAP gateway) provided by the network 10. For example, ASP1 could provide a friends-finding service to which the MTl user has subscribed. If MTl wishes to initiate this service, MTl will access ASP 1 through gateway G/Wl . In order to provide the service to the MS 1 user, ASP1 will need to be provided with the physical location of MTl. Network 10 includes a location server LSI which, when activated, accesses the HLR and obtains the necessary information. In a manner now to be described, however, the provision of the location information is controlled by a location enabling server LES1.
In order to be able to request location information of a particular MT, the ASP must clearly be able to identify the MT to the network 10. Such identification could be provided using the telephone number (MSISDN or IMSI) of the MT. However, the network operator 10 may wish to restrict divulgation of the MSISDN to the ASP (because the ASP could use the MSISDN to obtain direct access to the MS). Therefore, if MTl in this example accesses ASP1 via gateway G/Wl, the gateway will convert the user's MSISDN into a "session ID" (SID), which may be an encrypted form of the MSISDN. It will be the SID which will be therefore received by the ASP 1. In this case, the user may be required to log in in a suitable way with ASPl which will thus be able to identify the user - that is, at least sufficiently to identify the user to establish that the user is a subscriber to the friends finding service (in this example).
In other cases, though, the user may access ASPl using the MSISDN. For example, if MTl accesses ASPl using a different gateway such as gateway G/W2 which is not a gateway maintained by the operator of network 10, then G/W2 will access ASPl using the MSISDN of MTl.
Therefore, depending on the circumstances, ASPl now transmits a request for the location of MTl to network 10. This request is transmitted to LES1.
The location request may identify the user by means of the SID (normally if the initial enquiry has been received via G/Wl) or in terms of the user's MSISDN (normally if the initial request has been received by another gateway such as G/W2). In either case, LES1 will be able to identify the user; if the initial request received by ASPl is based on the SID, the user's MSISDN will be known to LES1 because this information will be available within network 10.
LES1 now subjects the location request to an analysis and checking process to determine whether to authenticate the request.
A location request in principle has a number of key attributes which are used in the processes carried out in LES1, as follows :-
(a) Active/passive: in relation to a particular user, the location request is considered to be "active" when it has been initiated by the action of that user - such as when the user requests information on the nearest restaurant or when the user requests the location of the "friends" on their list in a friend-finder service; and is considered to be "passive" when, in relation to that user, the request has been initiated other than by that user - such as by a third party, for example the user is on the "friends" list of the third party who has initiated a friend-finder service, or the request has been initiated as part of a fleet management service.
(b) Anonymity: the request may be "open" in that it is based on the user's MSISDN (or IMSI) or may be "private" if it is based on a SID.
(c) Service: the request will be in respect of a particular service provided by a particular ASP and for each such service it may be specified whether for a particular user the request is permitted to be active or passive (or both), and open or private (or both).
First, LESl refers to a table (Table 1, Figure 1) which lists ASPs, which are authorised to make location requests and to receive location information, and the services which they operate. Entries in Table 1 are controlled by the operator of network 10 and subject to commercial agreement between the network operator and each ASP. These agreements will include provisions and safeguards relating to user privacy and confidentiality and also limitations on the use which the ASP may make of the location information. Table 1 not only includes entries in respect of each ASP but may have different entries for different services which may be provided by the ASP, and the entries will identify users for which the ASP may request location information.
Table 1 thus carries out an initial level of "filtering" on the location request received from ASPl . Thus LESl responds to the location request from ASPl by checking in Table 1 that ASPl is an authorised ASP and, then, checking that the service in respect of which the location request is made by ASPl is also authorised by means of an entry in Table 1. The entries in Table 1 may indicate whether the service is used in active or passive mode. The second level of filtering is a more detailed privacy check which is carried out on the basis of entries in a privacy table, Table 2. In principle, Table 2 has privacy entries (to be explained in more detail below) for each service entry in Table 1.
In response to the location request, LESl now checks the appropriate entries in Table 2. Thus, for example, there could be four different sub-sets of entries as follows for each service or ASP for a particular user:
Table 2
Figure imgf000010_0001
For each of the four possible combinations of "private", "open", "passive" and "active", there can be merely an entry indicating for that particular user whether the location request is to be "accepted" or "declined". The entries will in principle be individually settable by the user. For example, a user could decline all location requests which are passive - or, in another example, accept passive requests only when they are "private". It is also possible, however, for a user to set up a "list" for each of the four possible subsets of requests, in which the user sets more detailed conditions which must be satisfied before a particular type of location request is accepted. Thus, for each of the four possible sub-sets in Table 2, there is a "list'V'no list" flag. If this is set to the "list" setting, then LESl must inspect the detailed privacy conditions set in the list before deciding whether or not to authenticate the location request.
In this way, therefore, the LESl establishes whether, in relation to a particular location request for the location of a particular user in respect of a particular service, the request is to be authenticated and accepted.
Authentication of the location request in relation to a particular user by LESl may also be subject to further checks. For example, the user may be able to apply different privacy conditions at different times of day or week. For example, in a fleet management service in which the location of vehicles is identified by the location of the respective MT's carried by the users (drivers) of the individual vehicles, a particular user could ensure that location requests were only accepted during working hours.
If, in relation to a particular location request, LESl determines, after carrying out all the necessary checks as outlined above, that the request is authenticated and is to be accepted, it instructs the location server LSI accordingly. LSI then obtains the location information from the network and transmits this information back to ASPl, which can then initiate or provide the requested service.
The operation of LSI may, however, be subject to overall control by entries, in relation to each of the users, in the HLR. Thus, a particular user could advise the network that no location requests at all were to be accepted (e.g. permanently, or temporarily). Any such settings in the HLR would also be checked by LSI before acceding to the location request.
From the foregoing, it will be apparent that the location enabling server LESl and the location server LSI are functionally separate. In this way, therefore, the location enabling servers can be produced as separate standardised entities and then used within networks having different types of location servers to which the location enabling servers would be inter-connected using appropriate interfaces.
As so far described, it has been assumed that the user (MTl) is located in their home network and that the ASP (ASPl) is registered with that network. Figure 2 shows the network 10 of Figure in simplified form, which is assumed to be the "home" network of user MTl. As shown in Figure 2, MTl is roaming into a visited network 10A. It will initially be assumed that user MTl wishes to use a service provided by ASPl (which will be assumed to be an ASP registered with network 10, the home network).
MTl may access ASPl through the Internet gateway H/G/W of the home network 10 or may set up such access through a different gateway such as gateway V/G/W of the visited network 10A. If access is via gateway H/GW, the location request received by ASPl will be based on a SID which will be generated by the gateway. In general, if access is via some other gateway, such as gateway V/GW, the request will be based on the MSISDN. In either case, though, ASPl will know from the SID or MSISDN that the requesting user MTl is registered with network 10, and will therefore generate a location request, for the location of user MTl, which will be passed to the location enabling server H/LES of the home network 10. In H/LES, the privacy checks described above with reference to Figure 1 are carried out. However, Table 2 will contain an additional set of entries. Thus, the set of entries in Table 2 described above with reference to Figure 1 relates to the case where the ASP (ASPl) is registered with the home network and the user (MTl) is located within the home network. In the case now being described with reference to Figure 2, Table 2 would include an additional set of entries relating to the case shown in Figure 2 - where ASPl is registered with the home network 10 and the user MTl is roaming. Therefore, the user could set up particular privacy settings applicable to the case numbering described with reference to Figure 2. For example, in the case described with reference to Figure 1, where the user is located in the home network, the user might (for example) be willing to accept "passive" location requests - but would decline such request when roaming. Thus, Table 2 shown above could be replaced by Table 2 A as follows: TABLE 2A
Figure imgf000013_0001
If H/LES determines, after carrying out all the necessary checks, that the location request can be accepted, the request is passed to the location server LS in the home network. This request will identify the user by their MSISDN. If the location request as issued by ASPl is in terms of a SID, this will be converted into the MSISDN by the H/LES.
The location server H/LS will be advised by the network (by the HLR) that the identified user is roaming in a different network, and the response will identify the visitor location register of the network where the user is roaming - this will, of course, be V/VLR in network 10A. The response issued to H/LS may also include the address of the cell where MTl is currently located H/LS will pass this information to H/LES.
When H/LS interrogates the HLR in network 10, any user privacy settings held as part of the user's profile in the HLR will also be checked. For example, the settings may indicate that the user has decided to refuse all location requests at that time or has decided to refuse location requests of a type including the current location request. If this is the case, H LS will advise H/LES and H/LES will terminate the location request and inform ASPl accordingly.
Assuming, however, that it is still determined that the location request can be actioned, the H/LES will now pass the location request to the LES (V/LES) in the visited network 10A - that H/LES will be able to identify V/LES as the LES which is to be addressed because the latter' s identity can be derived from the address of the VLR which will be advised to H/LES by H/LS.
The location request passed to V LES will include the MSISDN of MTl and the VLR address in network 10A and, where available, the identity of the relevant cell.
V/LES in the visited network will not, normally, contain any privacy information relating to user MTl. However each LES in the system will store the identities of other LESs which have been pre-approved for location requests. For example, the identities (IP addresses) of "approved" LESs may be stored as part of Table 1 for LES 1, corresponding to Table 1 shown in Figure 1. Therefore, in the present example, V/LES merely has to check that H/LES is included in this list. Because H/LES is on the "approved" list held by V/LES, V/LES can assume that the necessary privacy checks have been carried out. Therefore, V/LES now passes the location request to the location service V/LS in the visited network 10 A, this request being based on the MSISDN of MTl and will also include the appropriate address in the VLR. The VLR will carry out its own privacy check - to check whether MTl has indicated that no location requests are to be accepted (or that this particular type of location request is not to be accepted). If no such privacy block has been made, the location details are obtained by V/LS and passed back to V/LES and then to H/LES in network 10, via the internet. H/LES associates the response with the original request and the information is then returned to ASPl .
The foregoing description with reference to Figure 2 has assumed that the location request is an "active" request - that is, it originated from action by MTl . It will now be assumed that a "passive" location request is made in respect of user MTl. This location request may originate in a number of ways - for example, it may originate from another MT which wishes to initiate a friend-finding service in respect of its list of friends which includes MTl. ASPl will thus issue a location request in respect of MTl, which will normally be based on a SID for MTl. This request will be sent to the LES in the home network 10 via gateway H/GW. The form of the SID will ensure that the location request is directed to network 10. In gateway H/G/W, the SID will be converted into MTl's MSISDN and passed to H/LES The privacy settings for MTl will be checked in H LES in the manner already described. If these settings are such that the location request is prohibited, an appropriate response will be returned to ASPl. If the location request is accepted, however, it will be passed to H/LS. In response to this request, the HLR will advise that MTl is roaming in network 10A and will provide the VLR address of MTl . This information is passed back to the H/LES by H/LS. H/LES now passes on the location request to V/LES in the visited network 10A. In the manner already described, the location of MTl is then obtained from the VLR by the VLS (assuming that the privacy settings for MTl in the VLR are not blocking the request), and the location of MTl is then passed back to ASPl via V/LES and H LES.
It will now be assumed that the location request, for the location of the roaming user MTl, comes from a different ASP, ASP2 (see Figure 2), where ASP2 is registered with network 10A and not with network 10.
It will initially be assumed that the location request is an active request generated by MTl in respect of a service provided by ASP2. This request will be passed to ASP2 via gateway V/G/W in the visited network or perhaps by gateway H/G/W in the home network. The request may be passed to ASP2 on the basis of a SID which will be generated by the gateway.
After carrying out its own check in respect of the location request, ASP2 passes the location request to the visited V/LES - because ASP2 is registered with network 10 A. V/LES will check its Table 1 to ensure that ASP2 is properly registered with network 10 A. If the request is based on a SID generated by V/G/W, then V/LES will be able to translate the SID into the MSISDN of user MTl. If the SID is generated by encryption of the user's MSISDN by means of an algorithm known to both H/G/W and V/G/W, then V/LES will be able to translate the SID into the MSISDN of user MTl if the SID has been generated by V/G/W or if it has been generated by H/G/W. If the user accesses ASP2 via H/G/W and H/G/W is not able to generate a SID using an algorithm known to V/LES or in some other way known to V/LES, then H/G/W will not convert the user's MSISDN into a SID. In each case, therefore, V/LES will know the MSISDN of MTl . V/LES will be aware, from the MSISDN, that MTl is registered with network 10, and will now pass the location request to H/LES in the home network 10. The request will be passed to H LES with additional information, including information identifying ASP2. From its Table 1, H/LES will be able to check the authenticity of V/LES in the visited network 10A. H/LES, the privacy settings in respect of user MTl will be checked in the manner already described. If the settings are such that the location request is to be rejected, an appropriate response will be sent back to V/LES in the visited network 10 A and thence to ASP2.
If the location request is to be accepted, it will be passed by H LES to H/LS in the home network 10. As before, the HLR will confirm that MTl is roaming in network 10A and will provide the relevant address in the VLR in the visited network 10 A. This information will be passed back to H/LES by H LS.
On receipt of the location request and the associated information from H/LES, V/LES passes the request to V/LS in the visited network which accesses the appropriate address in the VLR. Again, any privacy settings set in the VLR by MTl are checked. If these do not prohibit the location request, the location details of MTl are obtained by V/LS and passed back to V/LES. These location details are then passed by V/LES to H/LES in the home network 10. H LES in the home network now sends the location request back to V/LES in the visited network where it is associated with the original request. The location details are now passed back to ASP2. At this stage, the MSISDN may be translated back to the original SID. It will now be assumed that a "passive" location request is made in respect of user MTl by ASP2. ASP2 will thus issue a location request in respect of MTl, which will normally be based on a SID for MTl . This request will be sent to V LES in the visited network 10 because ASP2 is registered with network 10A. V LES will first check that ASP2 is in fact registered with it. It will then decide from the form of the SID that MTl is registered with the home network 10 and will pass the request to H/LES. Gateway H/G/W will convert the SID into MTl's MSISDN. The privacy settings for MTl will be checked in H/LES in the manner already described. If these settings are such that the location request is prohibited, an appropriate response will be returned to ASP2 via V/LES. If the location request is accepted, however, it will be passed to H/LS. In response to this request, the HLR will advise that MTl is roaming in network 10A and will provide the VLR address of MTl . This information is passed back to the H/LES. H/LES now returns the location request to V/LES in the visited network 10A together with the associated information identifying the relevant VLR address. In the manner already described, the location of MTl is then obtained from the VLR by V/LS (assuming that the privacy settings for MTl in the VLR are not blocking the request), and the location of MTl is then passed back to V/LES. V/LES now passes this information to H/LES which returns it to V/LES so that it can be associated with the original request and V/LES then passes the authenticated request to ASP2.
As before, on each occasion when information is transmitted from one LES to the other, the receiving LES merely has to confirm that the transmitting LES is already registered with it. It can then trust the received information.
The system shown in Figure 2 may also be used for carrying out authentication requests not related to the location of the user MTl but instead relating to some non-location based characteristic. For example, ASPl or ASP2 may request information relating to the credit rating of user MTl. The request will initially be passed by ASPl to H/LES or by ASP2 to V/LES. In the latter case, V/LES will identify MTl as being registered with the home network and will pass the request to H LES. In either case, therefore, H LES will subject the request to the privacy checks described above with reference to Figure 1 and, for example, Table 2 A, using privacy settings applicable to the user in respect of which the authentication request is made and to the other criteria already described.
Again, on each occasion when information is transmitted from one LES to the other, the receiving LES merely has to confirm that the transmitting LES is already registered with it. It can then trust the received information.
In this description of the extension of the system of Figure 2 to handle non-location based requests, it has been assumed that the location enabling servers (LESs) would also be handling location based requests in the manner explained earlier. However, if the system is only handling non-location based requests, the designation "location enabling servers" is not of course appropriate.

Claims

1. A mobile telecommunication system having a plurality of mobile terminals (MT 1 ), and characterised by including authenticating means (LES) responsive to a request ("location request") coming from a third party (ASP) outside the system and relating to the location of a specified one of the mobile terminals (MTl) for authenticating the allowability of the location request against a plurality of pretermined criteria (TABLE 1, TABLE 2), and location determining means (LS) responsive to receipt of the location request after authentication by the authentication means (LES) ("authenticated location request") for initiating determination of the location of the specified mobile terminal (MTl), the authentication means (LES) and the location determining means (LS) being functionally separate within the system.
2. A system according to claim 1, formed by a plurality of mobile terminal networks (10.10 A), in which each mobile terminal (MTl) is registered with one of the networks (10) ("home network") and may roam into another of the networks (10A) ("visited network"), in which the predetermined criteria include conditions relating to the network in which the mobile terminal (MTl) is currently located.
3. A system according to claim 2, in which there are a plurality of the third parties (ASPl, ASP2) each registered with one of the networks (10, 10 A) and the predetermined criteria include conditions relating to the network with which the third party from which the location request comes is registered.
4. A system according to claim 3, in which the authentication means (LES) comprises respective authentication means (H/LES, V/LES) in each network (10,10A) for authenticating the allowability of location requests relating to specified ones of the mobile terminals (MTl) registered with that network (10,10A) according to the predetermined criteria, and in which the location determining means (LS) comprise respective location detemiining means (H/LS, V/LS) in each network (10,10A) and responsive to receipt of an authenticated location request in respect of a specified one of the mobile terminals (MTl).
5. A system according to claim 4, in which each location determining means (H/LS, V/LS) receives the authenticated location request from the authentication means (H/LES. V/LES) in the same network (10,10A).
6. A system according to claim 4, in which the authentication means (V/LES) in the visited network (10A) receives the authenticated location request relating to a specified one of the mobile terminals (MTl) roaming in the visited network (10A) from the authentication means (H/LES) in the home network.
7. A system according to any one of claims 3 to 6, in which the authentication means (H/LES, V LES) in each network (10,10A) receives location requests coming from a third party registered (ASPl, ASP2) with that network (10,10A) and passes any such request relating to a specified one of the mobile terminals (MTl) not registered with that network (10,10A) to the authentication means (H/LES, V/LES) in the network (10,10A) with which that terminal is registered for authentication in accordance with the predetermined criteria.
8. A system according to any one of claims 4 to 7, in which each authentication means (H/LES, V/LES) includes means associated with it for registering the identity or identities of the other authentication means (H/LES, V/LES) in the system, and in which each authentication means (H/LES, V/LES) is only responsive to a location request received from another authentication means if that other authentication means (H/LES, V/LES) is registered with it.
9. A mobile telecommunications system, comprising a plurality of mobile telephone networks (10,10A) and a plurality of mobile terminals (MTl), each mobile terminal (MTl) being registered with one of the networks (10) ("home network") and being able to roam to another of the networks (10A) ("visited network"), and characterised by a respective authentication means (H/LES, V/LES) in each network (10,10A) responsive to a request ("location request") coming from a third party (ASPl, ASP2) outside the system and relating to the location of a specified one of the mobile teπninals (MTl) registered with that network (10, 10 A) for authenticating that location request according to predetermined criteria, and location determining means (H/LS, V/LS) in each network (10,10A) responsive to receipt of an authenticated location request for at least initiating determination of the location of the specified mobile terminal (MTl), in which a location request in respect of a specified one of the mobile terminals (MTl) roaming in a visited network (10A) ("visiting mobile terminal") is sent to the authentication means (H/LES) of the home network (10) of the visiting mobile terminal (MTl) for authentication there in accordance with the predetermined criteria, and the location determining means (V/LS) in the visited network (10A) is responsive to the authenticated location request.
10. A system according to claim 9, in which the authenticated location request from the authentication means (H/LES) in the home network (10) is sent to the location detection means (H/LS) in the home network (10) for determination of the identity of the visited network (10A) in which the visiting mobile terminal (MTl) is located and information relating thereto is passed by the authentication means (H/LES) in the home network (10) to the authentication means (V/LES) in the visited network (10A) and thence to the location detection means (V/LS) in the visited network (10A) for determination of the location of the visiting mobile teπninal (MTl) in the visited network (10A).
11. A system according to claim 9 or 10, in which there are a plurality of the third parties (ASPl, ASP2), in which each of the third parties is registered with at least one of the authentication means (H/LES, V/LES), and in which a location request coming from a particular third party is passed initially to the authentication means (H/LES, V/LES) with which that third party (ASPl, ASP2) is registered for confirmation that that third party (ASPl, ASP2) is so registered.
12. A system according to claim 11, in which there are a plurality of the third parties (ASPl, ASP2) each registered with one of the networks (10, 10 A) and the predetermined criteria include conditions relating to the network (10, 10 A) with which the third party from which the location request comes is registered.
13. A system according to claim 11 or 12, in which, where the third party (ASP2) from which the location request comes is registered with the visited network (10A), the location request is passed from the authentication means (V/LES) in the visited network (10A) to the authentication means (H/LES) in the home network (10) for authentication there according to the predetermined criteria.
14. A system according to any one of claims 9 to 13, in which each authentication means (H/LES, V/LES) includes means associated with it for registering the identity or identities of the other authentication means (H/LES, V/LES) in the system, and in which each authentication means (H/LES, V/LES) is only responsive to a location request received from another authentication means (H/LES, V/LES) if that other authentication means (H/LES, V/LES) is registered with it.
15. A mobile telecommunications system, comprising a plurality of mobile telephone networks (10, 10 A) and a plurality of mobile terminals (MTl), each mobile terminal (MTl) being registered with one of the networks (10) ("home network") and being able to roam to another of the networks (10A) ("visited network"), and characterised by a respective authentication means (H/LES, V/LES) in each network (10,10A) responsive to an authentication request coming from a third party (ASPl, ASP2) outside the system and relating to a specified one of the mobile terminals (MTl) registered with that network (10, 10 A) for authenticating that request according to predetermined criteria, in which an authentication request received by the authentication means (H/LES, V/LES) of one of the networks (10,10A) with which the mobile terminal (MTl) is not registered is passed to the authentication means (H/LES, V/LES) of the network with which the mobile terminal (MTl) is registered for authentication in accordance with the predetermined criteria, and including means associated with each authentication means (H/LES, V/LES) for registering the identity or identities of the other authentication means (H/LES, V/LES) in the system, and in which each authentication means (H/LES, V/LES) is only responsive to an authentication request received from another authentication means (H/LES, V/LES) if that other authentication means (H/LES, V/LES) is registered with it.
16. A system according to claim 15, in which there are a plurality of the third parties, in which each of the third parties (ASPl, ASP2) is registered with at least one of the authentication means (H/LES, V/LES), and in which an authentication request coming from a particular third party (ASPl, ASP2) is passed initially to the authentication means (H/LES, V/LES) with which that third party (ASPl, ASP2) is registered for confirmation that that third party (ASPl, ASP2) is so registered.
17. A system according to claim 15, in which there are a plurality of the third parties (ASPl, ASP2) each registered with one of the networks (10,10A) and the predetermined criteria include conditions relating to the network (10, 10 A) with which the third party (ASPl, ASP2) from which the request comes is registered.
18. A system according to claim 16 or 17, in which, where the third party (ASPl, ASP2) from which the authentication request comes is registered with the visited network (10A), the authentication request is passed from the authentication means (H/LES, V/LES) in the visited network (10A) to the authentication means (H/LES, V/LES) in the home network (10) for authentication there according to the predetermined criteria.
19. A system according to any one of claims 15 to 18, in which the authentication request is a request for the location of the specified one of the mobile terminals (MTl).
20. A system according to any one of claims 15 to 19, in which the authentication request is a request not related to the location of the specified one of the mobile terminals (MTl).
21. A system according to claim 20, in which the authentication request is a request relating to the credit rating of the specified one of the mobile terminals (MTl).
22. A system according to any preceding claim, in which the predetermined criteria include the identity of the third party (ASPl, ASP2).
23. A system according to any preceding claim, in which the predetermined criteria include one or more privacy conditions settable by the mobile terminal (MTl).
24. A system according to any preceding claim, in which the predetermined criteria include identification criteria relating to the identity of the mobile terminal (MTl) in respect of which the request is made.
25. A system according to claim 24, in which the request may identify the mobile terminal (MTl) by means of an address with which the mobile terminal (MTl) can be accessed by normal operation of the system or by means of an identifying code with which the mobile terminal (MTl) can be accessed only when permitted by the system, and in which the identification criteria specify for a particular mobile terminal (MTl) whether a request identifying the mobile terminal (MTl) by means of the address and/or by means of the identifying code can be authenticated.
26. A system according to any preceding claim, in which the predetermined criteria include origination criteria relating to the origin of the request.
27. A system according to claim 26, in which the origination criteria specify for the specified one of the mobile terminals (MTl) whether a request originated by that mobile terminal (MTl) and/or by some other origin can be authenticated.
28. A system according to claim 27, in which the origination criteria allow a request in respect of a specified one of the mobile teπninals (MTl) originating from a predetermined said other origin to be authenticated.
29. A system according to any preceding claim, in which the third party or each of the third parties is an application service provider communicating with the system by means of the Internet.
30. A system according to any preceding claim, in the form of cellular mobile telephone system.
PCT/GB2002/002624 2001-06-21 2002-05-31 Telecommunications systems WO2003001818A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2002345152A AU2002345152A1 (en) 2001-06-21 2002-05-31 Telecommunications systems

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0115206A GB2376846B (en) 2001-06-21 2001-06-21 Telecommunication systems and methods
GB0115206.5 2001-06-21

Publications (2)

Publication Number Publication Date
WO2003001818A2 true WO2003001818A2 (en) 2003-01-03
WO2003001818A3 WO2003001818A3 (en) 2003-05-08

Family

ID=9917094

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2002/002624 WO2003001818A2 (en) 2001-06-21 2002-05-31 Telecommunications systems

Country Status (3)

Country Link
AU (1) AU2002345152A1 (en)
GB (1) GB2376846B (en)
WO (1) WO2003001818A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004089004A1 (en) * 2003-04-02 2004-10-14 Huawei Technologies Co., Ltd. A method of protecting location information in location service
KR101181598B1 (en) 2006-06-09 2012-09-10 삼성전자주식회사 Method and system for providing target set's positioning information in location triggered service

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5329573A (en) * 1991-11-27 1994-07-12 At&T Bell Laboratories Arrangement for obtaining authentication key parameters in a cellular mobile telecommunications switching network
US6138003A (en) * 1997-11-26 2000-10-24 Ericsson Inc. System and method for authorization of location services
SE513773C2 (en) * 1999-03-19 2000-11-06 Ericsson Telefon Ab L M Method and system for electronic commerce
GB2350971A (en) * 1999-06-07 2000-12-13 Nokia Mobile Phones Ltd Security Architecture

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004089004A1 (en) * 2003-04-02 2004-10-14 Huawei Technologies Co., Ltd. A method of protecting location information in location service
KR101181598B1 (en) 2006-06-09 2012-09-10 삼성전자주식회사 Method and system for providing target set's positioning information in location triggered service

Also Published As

Publication number Publication date
GB2376846A (en) 2002-12-24
GB0115206D0 (en) 2001-08-15
GB2376846B (en) 2005-08-03
AU2002345152A1 (en) 2003-01-08
WO2003001818A3 (en) 2003-05-08

Similar Documents

Publication Publication Date Title
EP1446978B1 (en) A telecommunications system and method for controlling privacy
CA2290356C (en) Integrity protection in a telecommunications system
US7289805B2 (en) Method and system for providing a temporary subscriber identity to a roaming mobile communications device
US7280820B2 (en) System and method for authentication in a mobile communications system
KR100559284B1 (en) Telecommunication system and method for authenticating positioning for a mobile station
JP4777314B2 (en) How to provide location information
EP1166497B1 (en) Mobile internet access
KR20020044088A (en) Method and Apparatus for restricting call terminations when a mobile unit is roaming
US20100056102A1 (en) Open to all prepaid roaming systems and methods
KR20100022975A (en) Method and device for authenticatoin and authorization checking on lbs in wimax network
US6363151B1 (en) Method and system for subscriber authentification and/or encryption of items of information
EP1188287B1 (en) Determination of the position of a mobile terminal
US7636845B2 (en) System for preventing IP allocation to cloned mobile communication terminal
JP3854148B2 (en) Method and apparatus for selecting identification confirmation information
US7369860B2 (en) Data protection for position-dependent services
WO2003001818A2 (en) Telecommunications systems
RU2282952C2 (en) Method for requesting confirmation for determining position of mobile radio communication device and appropriate mobile communications network
EP1413160A1 (en) System method and smart card for accessing a plurality of networks
EP1856936A1 (en) Communications method and system
MXPA02002502A (en) Method and process for validating roaming, international cellular users.

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载