IDENTIFYING A WIRELESS USER BASED ON RE-ROUTING
Technical scope
The present invention involves a process and a system for integrity positioning of a mobile station on a communication network for mobile stations and in relation to a positioning service provider.
Prior art
A small number of systems for positioning are currently in operation. They are managed and used by telecom providers to offer services to their customers. A provider's customer requests a function, which is based on positioning of a few or several telephones on the provider's network.
A subscription telephone is directly linked to a subscriber, and positioning a telephone is thereby a positioning of a physical person. The right to access this position information is critical, since the integrity of subscribers is directly connected to the possibility of controlling who can or may see their position.
Telecom providers cannot cmrently produce position information as part of the external service provider's positioning solutions and simultaneously guarantee the integrity of the subscriber, unless the subscriber himself requests the positioning from his telephone and has logged on to the provider's portal with user identity and password. Such solutions entail additional steps in executing a positioning service, reduce the security and risk the personal integrity when SIM (Subscriber Identity Module) cards are exchanged.
Part of the problem is that the mobile telephone is anonymous on the Internet; i.e., no connection to the identity of the mobile station or subscriber is known to outsiders; such a connection is required for positioning said mobile station.
Summary of the invention
The present invention intends to solve problems associated with mobile positioning with regard to the personal integrity of a user of a mobile station that is connected to a communication network for such a mobile station and also to position the mobile station without its identity being known on the telephone network.
To achieve said integrity, a process for positioning a mobile station on a communication network for mobile stations and in relation to a positioning service provider is indicated. The process comprises the following steps: the subscriber activates a positioning procedure by sending an http inquiry to the positioning service provider's network computer;
said http inquiry contains a special domain name which is associated with a special IP address; said special domain name and special IP address are used specifically for http inquiries whereby the subscriber is to be positioned; ' the subscriber is connected via a dial-up server, address translation function and a WAP gateway, among other possibilities; the routing list on the WAP gateway contains information so that the IP packet that will be sent to a final IP address given by the aforementioned special IP address is first sent to the telecom provider's positioning platform; the aforementioned http inquiry thus arrives at the telecom provider's positioning platform, which in this manner receives an indication that the subscriber who sent said http inquiry is to be positioned; if required, the telecom provider's positioning platform authenticates the positioning service provider corresponding to the target IP address and domain name; if required, the telecom provider' s positioning platform authenticates the subscriber and verifies that the subscriber has activated the positioning service in question and also that the subscriber has permission to use said service; if the above authentication steps are successful, the following steps are executed: the telecom provider's positioning platform extracts the source IP address and source port which the subscriber uses; the telecom provider's positioning platform contacts, if such a condition exists, one or more IP address translation functions on the telecom provider's network to obtain the internal IP address and internal port which the telephone uses on the internal page of said address translation functions; the telecom provider's positioning platform contacts an authentication function for subscribers, alternatively a dial-up server, to translate the internal port and internal IP address to a subscriber number; the telecom provider's positioning platform requests a position from the telecom provider's positioning system with said subscriber number as parameter; the positioning platform obtains the position from the positioning system and adds this information as parameters to said http inquiry; said http inquiry with added position information is forwarded to said network computer; said network computer generates a web page based on the returned position and sends it to the subscriber.
One embodiment of the invention indicates that said IP address translation function is implemented on the telecom provider's positioning platform, on which pairs of IP addresses are stored.
In an additional embodiment of the invention, said IP address translation function is placed between said dial-up function and the telecom provider's WAP gateway.
In an additional embodiment of the invention, said IP address translation function is placed on one or more of the nodes that comprise the provider's connection to the Internet. In an additional embodiment of the invention, said IP address translation function is placed on the node that implements the dial-up server.
In an additional embodiment of the invention, said IP address translation function is placed on the WAP gateway, with which the specialist is very familiar. In an additional embodiment of the invention, said authentication function is implemented as a stand-alone server.
In an additional embodiment of the invention, said authentication function is implemented on the dial-up server.
In an additional embodiment of the invention, said authentication function is implemented as a RADIUS server, a term with which the specialist in the technical field is very familiar.
In an additional embodiment of the invention, said authentication executed by the positioning platform comprises a procedure in which said http inquiry contains a key. This key is used to receive confirmation from the positioning service provider that the positioning request is valid. Said key is originally generated by the positioning service provider.
In an additional embodiment of the invention, said authentication executed by the positioning platform comprises a procedure in which the subscriber's external IP address and port are used to receive confirmation from the positioning service provider that the positioning request is valid. In an additional embodiment of the invention, said http inquiries take place over encrypted links, so-called HTTPS links.
In an additional embodiment of the invention, the positioning platform sends the position information as a separate http inquiry to the positioning service provider. In this manner the use of encrypted links is simplified.
Brief description of the figure
Further, the text of the description refers consecutively to the attached figure for a better understanding of the present invention and its embodiments or exemplifications, the figure schematically illustrating a system according to the present invention.
Detailed description of presented embodiments
The figure illustrates a system 100 for integrity positioning of mobile stations. The subscriber 101 connects via the telecom provider's telecommunication network 103 to a computer network via a dial-up server 105. The connection to the dial-up server 105 is of the PPP type, and the subscriber 101 is thus assigned an IP address. In the connection procedure the dial-up server 105 records the subscriber's number, the so-called CLID (Caller Line ID). In the connection procedure the user is authenticated. In this authentication procedure, assigned IP address and CLID, among other things, are stored, either on the dial-up server or on a separate server 119. In the example it is assumed that the dial-up server belongs to the subscriber's telecom provider, but this is not a restriction.
The subscriber connects further to a WAP gateway 109, which in the example is assumed to belong to the subscriber's telecom provider, but this is not a restriction. The existence of an address translation function 107 somewhere between the dial-up server and the WAP gateway is assumed, but it is not necessary. This address translation function is a logical function that can be realized physically on the dial-up server 105, the WAP gateway 109 or on a separate network node, for example a router. Furthermore, there can be address translation functions between the WAP gateway and the telecom provider's Internet connection.
The telecom provider's network 114 is connected to the Internet 116 via the interface 115.
The service provider's server 111 is connected to the Internet 116. The subscriber connects to the server 111 by downloading a web page located on the server 111. The subscriber activates a positioning procedure by sending a special http inquiry intended for the server 111. This special http inquiry contains a special domain name, for example "wap.servernamePOSITION.com", which is associated with a special target IP address and which is used exclusively for positioning services. On the WAP gateway 109, the routing list contains an entry for this special target IP address, which points out that the packet that will be sent to this special target IP address is first sent to the IP address of the positioning platform 117.
The above http inquiry thus arrives at the positioning platform 117. When such an http inquiry arrives at the positioning platform 117, this indicates that a positioning is to be executed, and it is executed according to the following steps: the telecom provider's positioning platform extracts the source IP address and source port the subscriber uses; the telecom provider's positioning platform 117 authenticates the positioning service provider 111 corresponding to the target IP address and domain name; the telecom provider's positioning platform authenticates the subscriber and verifies that the subscriber has activated the current positioning service and also that the subscriber has permission to use said service; if the above authentication steps are successful, a positioning procedure internal to the telecom provider is started: the positioning platform 117 contacts the address translation function 107 to obtain the IP address and port the subscriber uses internally on the telecom provider's network; given the internal IP address, the positioning platform contacts either the dial-up server 105 or the authentication server 119 to obtain the subscriber's subscriber number; given the subscriber number, the positioning platform first confirms that the subscriber allows positioning to be executed by the current service provider . Given a positive confirmation, the positioning platform requests the position from the provider's positioning system 121.
Given the subscriber's position, the positioning platform sends it to the positioning service provider in the form of an http request. This http request contains at least the position and also the IP address and port the subscriber uses.
Using the returned position and other information, the positioning service provider's server 111 generates a page, which is returned to the subscriber. If any of the above steps is unsuccessful, the positioning service provider's server 111 generates instead a relevant error message, which is returned to the subscriber; alternatively, another positioning procedure is initiated.
In the above inquiry the subscriber's identity never leaves the telecom provider's network. The personal integrity is thus not compromised.
The present invention has been described here with examples and embodiments, but it is the attached claims that define additional embodiments for a specialist in the technical field.