DESC:
FORM 2
THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENTS RULES, 2003

COMPLETE SPECIFICATION
(See section 10 and rule 13)
1. TITLE OF THE INVENTION
METHOD AND SYSTEM FOR AUTHENTICATING SUBSCRIBER DURING TRANSITION BETWEEN FIRST NETWORK AND SECOND NETWORK
2. APPLICANT(S)
NAME NATIONALITY ADDRESS
JIO PLATFORMS LIMITED INDIAN OFFICE-101, SAFFRON, NR. CENTRE POINT, PANCHWATI 5 RASTA, AMBAWADI, AHMEDABAD 380006, GUJARAT, INDIA
3.PREAMBLE TO THE DESCRIPTION

THE FOLLOWING SPECIFICATION PARTICULARLY DESCRIBES THE NATURE OF THIS INVENTION AND THE MANNER IN WHICH IT IS TO BE PERFORMED.

FIELD OF THE INVENTION
[0001] The present invention relates to the field of wireless communication system, more particularly relates to a method and system for authenticating a subscriber during transition between a first network and a second network.
BACKGROUND OF THE INVENTION
[0002] In communication networks, 5G nodes have storage which may include Home Subscriber Server (HSS) or Unified Data Management (UDM). The HSS and UDM may work together and may act as storage (or database) to different nodes and act as database of subscriber information. On the outside, the HSS and UDM come across as independent databases, although they may be co-hosted on a single database. For example, for a subscriber of a 4G or a 5G service, the subscriber information is available only with the service provider. The subscriber information may include information about a serving node dealing with the access and mobility information, or information about whether the subscriber is in the 4G network or in the 5G network. The node may itself contact the service provider to know the subscriber details. Therefore, anytime the 4G network is strong in a location, the subscriber may automatically fall back into 4G even if the subscriber was initially latched into a 5G network, and vice versa. For example, in a scenario, the subscriber who may be in Delhi and travelling (e.g. in a car), may transition between 4G network and 5G depending on which one is more strong.
[0003] Every time a subscriber registers on a network, the subscriber is authenticated for that network. Authentication is the process of the initial process of a subscriber being attached or being registered to a network. As such, in the process of registration, the first step is authentication. For example, in a scenario, the authentication may be already done for 4G network because initially the subscriber was in a location where the 4G network was strong. As and when the subscriber moves into 5G network zone, the subscriber is reauthenticated for the 5G network.
[0004] However, since the mobility (transition) is happening in a trusted domain (i.e. both the 4G and 5G networks are provided by the same network service provider), the 4G and 5G networks may be inter-working (i.e. working together). In such scenarios, the reauthentication of the subscriber may be a redundant exercise that may cause unnecessary network as well as database overhead for re-authentication.
[0005] As such, it is desirable to avoid the overhead incurred by the reauthentication in trusted HSS-UDM interworking domain, when an already authenticated subscriber moves from HSS to UDM for registration, for instance the UE does not perform an initial registration.
[0006] It is also desirable to avoid the overhead incurred by the HSS again querying database for MME details to send deregistration notification, when UDM has already queried the database for serving the registration request.
SUMMARY OF THE INVENTION
[0007] One or more embodiments of the present disclosure provide a method and system for authenticating a subscriber during transition between a first network and a second network.
[0008] In one aspect of the present invention, the method of authenticating a subscriber during transition between the first network and the second network is disclosed. The method includes the step of receiving by a one or more processors, a registration request from an Access and Mobility Function (AMF) unit to register the subscriber from the first network onto the second network, the registration request comprises identity particulars of the subscriber and a registration indication of the subscriber, the registration indication is one of true and false. The method further includes the step of parsing, by the one or more processors, the registration request to determine if the registration indication is one of true and false. The method further includes the step of registering by the one or more processors, the subscriber to an assigned database in response to the registration indication being false. The method further includes the step of transmitting, by the one or more processors, to the AMF unit with a registration response subsequent to successful completion of registration of the subscriber.
[0009] In one embodiment, the AMF unit is configured to periodically receive location co-ordinates of the subscriber from a User Equipment (UE). The AMF unit is configured to transmit the registration request to the one or more processors to transition a subscriber from the first network to the second network, in response to the subscriber located in a location where strength of the second network is greater than strength of the first network.
[0010] In another embodiment, the identity particulars of the subscriber pertains to a Subscription Permanent Identifier (SUPI) and includes a set of subscriber credentials for verification purpose.
[0011] In yet another embodiment, the registration indication of the subscriber is false, when the subscriber is already registered in the first network with identical identity particulars of the subscriber and a Home Subscription Server (HSS) unit and the one or more processors of the first network and the second network are part of a same network service provider.
[0012] In yet another embodiment, the method further includes the step of transmitting, by the one or more processors, a de-registration notification to a Home Subscriber Server (HSS) unit to deregister the subscriber from the HSS unit. The method further includes the step of transmitting the registration response to a Mobility Management Entity (MME) unit, thereby allowing the HSS unit to deregister the subscriber without raising a deregistration query to the MME.
[0013] In another aspect of the present invention, the system for switching between the first network and the second network is disclosed. The system includes a transceiver, configured to receive, a registration request from an Access and Mobility Function (AMF) unit to register the subscriber from the first network onto the second network, wherein the registration request comprises identity particulars of the subscriber and a registration indication of the subscriber, wherein the registration indication is one of true and false. The system further includes a parsing unit configured to parse, the registration request to determine if the registration indication is one of true and false. The system further includes a registering unit configured to register, the subscriber to an assigned database in response to the registration indication being false. The transceiver is further configured to transmit, to the AMF unit with a registration response subsequent to successful completion of registration of the subscriber.
[0014] In another aspect of the present invention, a User Equipment (UE) is disclosed. The UE includes a Subscriber Identity Module (SIM) card and a one or more primary processors communicatively coupled to one or more processors. The one or more primary processors coupled with a memory. The memory stores instructions which when executed by the one or more primary processors causes the UE to transmit location co-ordinates of a subscriber to an Access and Mobility Management Function (AMF) unit. Further, the one or more processors are configured to perform the method authenticating a subscriber during transition between a first network and a second network.
[0015] In yet another aspect of the present invention, a non-transitory computer-readable medium having stored thereon computer-readable instructions that, when executed by a processor is disclosed. The processor is configured to receive, a registration request from an Access and Mobility Function (AMF) unit to register the subscriber from the first network onto the second network, the registration request comprises identity particulars of the subscriber and a registration indication of the subscriber, the registration indication is one of true and false. The processor is further configured to parse the registration request to determine if the registration indication is one of true and false. The processor is further configured to register, the subscriber to an assigned database in response to the registration indication being false. The processor is further configured to transmit to the AMF unit with a registration response subsequent to successful completion of registration of the subscriber.
[0016] Other features and aspects of this invention will be apparent from the following description and the accompanying drawings. The features and advantages described in this summary and in the following detailed description are not all-inclusive, and particularly, many additional features and advantages will be apparent to one of ordinary skill in the relevant art, in view of the drawings, specification, and claims hereof. Moreover, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes and may not have been selected to delineate or circumscribe the inventive subject matter, resort to the claims being necessary to determine such inventive subject matter.
BRIEF DESCRIPTION OF THE DRAWINGS
[0017] The accompanying drawings, which are incorporated herein, and constitute a part of this disclosure, illustrate exemplary embodiments of the disclosed methods and systems in which like reference numerals refer to the same parts throughout the different drawings. Components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present disclosure. Some drawings may indicate the components using block diagrams and may not represent the internal circuitry of each component. It will be appreciated by those skilled in the art that disclosure of such drawings includes disclosure of electrical components, electronic components or circuitry commonly used to implement such components.
[0018] FIG. 1 is an exemplary block diagram of a communication system for authenticating a subscriber during transition between a first network and a second network, according to one or more embodiments of the present invention;
[0019] FIG. 2 is an exemplary block diagram of the system for authenticating a subscriber during transition between a first network and a second network, according to one or more embodiments of the present invention;
[0020] FIG. 3 is an exemplary flow diagram of the system of FIG. 2, according to one or more embodiments of the present invention;
[0021] FIG. 4 is an exemplary architecture of the system for authenticating a subscriber during transition between a first network and a second network.
[0022] FIG. 5 is a signal flow diagram illustrating the flow for authenticating a subscriber during transition between a first network and a second network, according to one or more embodiments of the present disclosure; and
[0023] FIG. 6 is a flow diagram of a method for authenticating a subscriber during transition between a first network and a second network, according to one or more embodiments of the present invention.
[0024] The foregoing shall be more apparent from the following detailed description of the invention.
DETAILED DESCRIPTION OF THE INVENTION
[0025] Some embodiments of the present disclosure, illustrating all its features, will now be discussed in detail. It must also be noted that as used herein and in the appended claims, the singular forms "a", "an" and "the" include plural references unless the context clearly dictates otherwise.
[0026] Various modifications to the embodiment will be readily apparent to those skilled in the art and the generic principles herein may be applied to other embodiments. However, one of ordinary skill in the art will readily recognize that the present disclosure including the definitions listed here below are not intended to be limited to the embodiments illustrated but is to be accorded the widest scope consistent with the principles and features described herein.
[0027] A person of ordinary skill in the art will readily ascertain that the illustrated steps detailed in the figures and here below are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed. These examples are presented herein for purposes of illustration, and not limitation. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed embodiments.
[0028] The present invention provides a system and method for authenticating a subscriber during transition between a first network and a second network. Every time during the transition between the first network and the second network, an authentication is performed. The present disclosure provides for one or more techniques for bypassing the authentication. In other words, re-authentication in the second network is avoided (in the trusted domain) as a means of optimization, especially when initial registration indication is FALSE as the subscriber is already authenticated in the first network with same set of subscriber credentials. The invention obviates the network overhead incurred by the reauthentication in trusted HSS-UDM interworking domain, when an already authenticated subscriber moves from HSS to UDM for registration.
[0029] Referring to FIG. 1, FIG. 1 illustrates an exemplary block diagram of a communication system 100 for authenticating a subscriber during transition between a first network and a second network, according to one or more embodiments of the present invention. The communication system 100 includes, a first set of User Equipment (UE) 102, a second set of UE 116, a server 104, a first network 106, a second network 114, a system 108, a Access and Mobility Management Function unit (AMF) 110, a Home Subscriber Server (HSS) unit 112 and a Mobility Management Entity (MME) unit 118.
[0030] As per the illustrated embodiment and for the purpose of description and explanation, the description will be explained with respect to the first set of user equipment’s (UEs) 102 , or to be more specific will be explained with respect to a first UE 102a, a second UE 102b, and a third UE 102c of the first set of UEs 102, and should nowhere be construed as limiting the scope of the present disclosure. Each of the at least one UE 102 namely the first UE 102a, the second UE 102b, and the third UE 102c is configured to connect to the server 104 via the first network 106. Further, at least one of the first set of UE 102 is connected to the AMF unit 110 via the first network 106.
[0031] As per the illustrated embodiment and for the purpose of description and explanation, the description will be explained with respect to a second set of user equipment’s (UEs) 116, or to be more specific will be explained with respect to a first UE 116a, a second UE 116b, and a third UE 162c of the second set of UEs 116, and should nowhere be construed as limiting the scope of the present disclosure. Each of the at least one UE 116 namely the first UE 116a, the second UE 116b, and the third UE 116c is configured to connect to the server 104 via the second network 114. Further, each of the at least one of the second set of UE 116 is connected to the at least one of, the HSS unit 112 and the MME unit 118 via the second network 114.
[0032] In an embodiment, each of the first set of UE 102 and each of the second set of UE 116 is one of, but not limited to, any electrical, electronic, electro-mechanical or an equipment and a combination of one or more of the above devices such as virtual reality (VR) devices, augmented reality (AR) devices, laptop, a general-purpose computer, desktop, personal digital assistant, tablet computer, mainframe computer, or any other computing device.
[0033] The first network 106 and the second network 114 includes, by way of example but not limitation, one or more of a wireless network, a wired network, an internet, an intranet, a public network, a private network, a packet-switched network, a circuit-switched network, an ad hoc network, an infrastructure network, a Public-Switched Telephone Network (PSTN), a cable network, a cellular network, a satellite network, a fiber optic network, or some combination thereof. The first network 106 and the second network 114 may include, but is not limited to, a Third Generation (3G), a Fourth Generation (4G), a Fifth Generation (5G), a Sixth Generation (6G), a New Radio (NR), a Narrow Band Internet of Things (NB-IoT), an Open Radio Access Network (O-RAN), and the like.
[0034] The first network 106 and the second network 114 may also include, by way of example but not limitation, at least a portion of one or more networks having one or more nodes that transmit, receive, forward, generate, buffer, store, route, switch, process, or a combination thereof, etc. one or more messages, packets, signals, waves, voltage or current levels, some combination thereof, or so forth. The first network 106 and the second network 114 may also include, by way of example but not limitation, one or more of a wireless network, a wired network, an internet, an intranet, a public network, a private network, a packet-switched network, a circuit-switched network, an ad hoc network, an infrastructure network, a Public-Switched Telephone Network (PSTN), a cable network, a cellular network, a satellite network, a fiber optic network, a VOIP or some combination thereof.
[0035] The communication system 100 includes the server 104 accessible via the first network 106 and the second network 114. The server 104 may include by way of example but not limitation, one or more of a standalone server, a server blade, a server rack, a bank of servers, a server farm, hardware supporting a part of a cloud service or system, a home server, hardware running a virtualized server, a processor executing code to function as a server, one or more machines performing server-side functionality as described herein, at least a portion of any of the above, some combination thereof. In an embodiment, the entity may include, but is not limited to, a vendor, a network operator, a company, an organization, a university, a lab facility, a business enterprise side, a defense facility side, or any other facility that provides service.
[0036] The communication system 100 further includes the Access and Mobility Management Function unit (AMF) unit 110. The AMF unit 110 is a part of the 3rd Generation Partnership Project (3GPP) 5G Architecture. The primary task of the AMF unit 110 includes at least one of, but not limited to, registration management, connection management, reachability management, mobility management and various functions relating to security and access management and authorization.
[0037] The communication system 100 further includes the Home Subscriber Server (HSS) unit 112. Accordingly, the HSS unit 112 serves as the primary database repository of subscriber information within a Long Term Evolution (LTE)/ Evolved Packet Core (EPC) or IP Multimedia Subsystem (IMS) network core. Further, the HSS unit 112 is a carrier grade, high capacity, fault tolerant and scalable cluster solution designed to serve millions of network elements in at least one of, the first network 106 and the second network 114. The HSS unit 112 is a converged solution developed in-house to serve 2G/3G/4G and 5G subscribers. The HSS unit 112 supports Home Location Register (HLR) and Equipment Identification Register (EIR) functionality compliant to 3GPP specifications. Further, the HSS unit 112 supports diameter interfaces and is capable to integrate with any 3GPP compliant Mobility Management Entity (MME) unit 118, Service Capability Exposure Function (SCEF), Short Message Service Center (SMSC), Call Session Control Function (CSCF), Application Server (AS) and Gateway Mobile Location Centre (GMLC).
[0038] The communication system 100 further includes the Mobility Management Entity (MME) unit 118. The Mobility Management Entity (MME) unit 118 is a key component of the standards-defined Evolved Pack Core (EPC) for a Long-Term Evolution (LTE). The MME unit 118 provides mobility session management for the LTE network and supports subscriber authentication, roaming and handovers to other networks.
[0039] The communication system 100 further includes the system 108 communicably coupled to the server 104, the AMF unit 110, the HSS unit 112, the MME unit 118 and each of the first set of UE 102, and the second set of UE 116 via the first network 106 and the second network 114. In one or more embodiments, the system 108 is adapted to be embedded within the server 104 or is embedded as an individual entity. However, for the purpose of description, the system 108 is illustrated as remotely coupled with the server 104, without deviating from the scope of the present disclosure.
[0040] Operational and construction features of the system 108 will be explained in detail with respect to the following figures.
[0041] FIG. 2 is an exemplary block diagram of the system 108 for authenticating a subscriber during transition between the first network 106 and the second network 114, according to one or more embodiments of the present invention.
[0042] As per the illustrated and preferred embodiment, the system 108 is a Unified Data Management (UDM) unit. The system 108, as part of at least one of, the first set of UE 102 and the second set of UE 116 authentication procedures for 3GPP access generates AKA authentication credentials and provides them to AUSF (Authentication Service Function) for subscriber authentication. Similarly, for non-3GPP access, EAP-AKA is supported. Subscriber identities e.g. public identity (SUPI) and private identity (SUCI), stored in the system 108, are used to perform user identification procedures. Based on the subscription data stored in the system 108, service access is granted to at least one of, the first set of UE 102 and the second set of UE 116. The Subscriber Data Management (SDM) in the system 108 supports various operations such as Subscriber Identification Management based on private and public identity, Private identity concealment, Authentication Vector generation, Authorized access to network based on subscription data , Service and Session continuity, Subscriber Registration/Attach management, Subscription Management, SMS Management, Lawful Interception, especially in case subscriber is out-roaming as the system 108 is the only point of source for roaming PLMN, External Parameter Provisioning to control at least one of, the first set of UE 102 and the second set of UE 116 behavior. It also supports MT-SMS delivery functionality and other SMS management procedures. Each specialized functionality of the system 108 runs as a separate Micro Service (MS). All above operations are exposed towards other Network Functions (NFs) communicating over following “Nudm” microservices. The Nudm is related to the 3GPP 5G Architecture. Nudm identifies a Service-based Interface for the system 108.
[0043] The system 108, in accordance with the present disclosure, is a 3GPP compliant, micro-service based, high capacity, scalable and carrier-grade UDM Cluster solution with integrated Unified Data Repository (UDR). The 5GCN micro-service of the system 108 expose Nudm service based interface towards other 5GCN service consumers. The system 108 provisioning micro-service exposes RESTFul APIs towards Operations Support Systems (OSS). The provisioning micro-service also provides interfaces for Equipment Validation e.g. provisioning of whitelisted Type Allocation Codes (TACs) and Blacklisting or Grey-Listing of TACs/ International Mobile Equipment Identity (IMEIs). The system 108 Cluster Manager micro-service manages the whole cluster of UDM and helps in NRF registration/de-registration, fault and performance Management and configuration management. The User Interface (UI) offers an intuitive graphical user interface as part of this solution to manage subscriber’s identities and subscription data. The UI also supports Role Based Access Control (RBAC) for UI users. The system 108 also integrates with HSS 112 /HLR to enable mobility of subscribers across 3G/4G/5G networks.
[0044] As per the illustrated and preferred embodiment, the system 108 includes one or more processors 202, a memory 204, and a database 220. The one or more processors 202 includes a transceiver 206, a parsing unit 208, and a registering unit 210. The one or more processors 202, hereinafter referred to as the processor 202, may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, single board computers, and/or any devices that manipulate signals based on operational instructions. However, it is to be noted that the system 108 may include multiple processors as per the requirement and without deviating from the scope of the present disclosure. Among other capabilities, the processor 202 is configured to fetch and execute computer-readable instructions stored in the memory 204.
[0045] As per the illustrated embodiment, the processor 202 is configured to fetch and execute computer-readable instructions stored in the memory 204 as the memory 204 is communicably connected to the processor 202. The memory 204 is configured to store one or more computer-readable instructions or routines in a non-transitory computer-readable storage medium, which may be fetched and executed to authenticate the subscriber during transition between the first network 106 and the second network 114. The memory 204 may include any non-transitory storage device including, for example, volatile memory such as RAM, or non-volatile memory such as disk memory, EPROMs, FLASH memory, unalterable memory, and the like.
[0046] As per the illustrated embodiment, the database 220 is a master database configured to store the subscriber’s data such as subscription related information and location information of the subscriber. The database 220 is one of, but not limited to, a centralized database, a cloud-based database, a commercial database, an open-source database, a distributed database, an end-user database, a graphical database, a No-Structured Query Language (NoSQL) database, an object-oriented database, a personal database, an in-memory database, a document-based database, a time series database, a wide column database, a key value database, a search database, a cache databases, and so forth. The foregoing examples of database 220 types are non-limiting and may not be mutually exclusive e.g., a database can be both commercial and cloud-based, or both relational and open-source, etc.
[0047] Initially, at least one of the first set of UE 102 transmits the location coordinates of the subscriber to the AMF unit 110. Based on the location of the subscriber the AMF unit 110 transmits a registration request to the processor 102 for transitioning from the first network 106 onto the second network 114. Hereinafter, for the purpose of description, the first set of UE 102 is referred to as the UE 102 and the second set of UE 116 is referred to as the UE 116, without deviating from the scope of the present disclosure.
[0048] In an embodiment, the transceiver 206 of the processor 202 is configured to receive the registration request from the AMF unit 110 to register the subscriber from the first network 106 onto the second network 114. In particular, the registration request includes the identity particulars of the subscriber and a registration indication of the subscriber which is one of true and false. In one embodiment, the identity particulars of the subscriber pertain to a Subscription Permanent Identifier (SUPI) and includes a set of subscriber credentials for a verification purpose. Upon receipt of the registration request at the transceiver 206, the transceiver 206 of the processor 202 is configured to transmit the registration request to the parsing unit 208 of the processor 202.
[0049] In an embodiment, the parsing unit 208 of the processor 202 is configured to parse the registration request to determine if the registration indication is one of true and false subsequent to receiving the registration request from the transmitting unit 210. In one embodiment, the registration indication of the subscriber is false, when one of the subscriber is already registered in the first network 106 with identical identity particulars of the subscriber and the HSS unit 112 and the system 108 of the first network 106 and the second network 114 are part of a same network service provider.
[0050] In an embodiment, the registering unit 210 of the processor 202 is configured to register the subscriber to an assigned database 220 in response to the registration indication being false. In particular, the registering unit 210 receives the response from the parsing unit 208 pertaining to the registration indication being false based on which the registering unit 210 registers the subscriber to the assigned database 220.
[0051] Subsequent to the successful completion of registration of the subscriber, the transceiver 206 of the processor 202 is further configured to transmit a registration response to the AMF unit 110. Thereafter, the transceiver 206 is further configured transmit a de-registration notification to the HSS unit 112 to deregister the subscriber from the HSS unit 112, thereby allowing the HSS unit 112 to deregister the subscriber without raising a deregistration query to the MME unit 118.
[0052] The transceiver 206, the parsing unit 208, and the registering unit 210 in an exemplary embodiment, are implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the processor 202. In the examples described herein, such combinations of hardware and programming may be implemented in several different ways. For example, the programming for the processor 202 may be processor-executable instructions stored on a non-transitory machine-readable storage medium and the hardware for the processor may comprise a processing resource (for example, one or more processors), to execute such instructions. In the present examples, the memory 204 may store instructions that, when executed by the processing resource, implement the processor 202. In such examples, the system 108 may comprise the memory 204 storing the instructions and the processing resource to execute the instructions, or the memory 204 may be separate but accessible to the system 108 and the processing resource. In other examples, the processor 202 may be implemented by electronic circuitry.
[0053] FIG. 3 illustrates an exemplary block diagram of an architecture for the system 108 of FIG. 2, according to one or more embodiments of the present invention. More specifically, FIG. 3 illustrates the system 108 configured for authenticating the subscriber during transition between the first network 106 and the second network 114. It is to be noted that the embodiment with respect to FIG. 3 will be explained with respect to the UE 102 for the purpose of description and illustration and should nowhere be construed as limited to the scope of the present disclosure.
[0054] FIG. 3 shows communication between the UE 102 and the system 108. For the purpose of description of the exemplary embodiment as illustrated in FIG. 3, the UE 102 uses network protocol connection to communicate with the system 108. In an embodiment, the network protocol connection is the establishment and management of communication between the UE 102 and the system 108 over the first network 106 using a specific protocol or set of protocols. The network protocol connection includes, but not limited to, Session Initiation Protocol (SIP), System Information Block (SIB) protocol, Transmission Control Protocol (TCP), User Datagram Protocol (UDP), File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP), Simple Network Management Protocol (SNMP), Internet Control Message Protocol (ICMP), Hypertext Transfer Protocol Secure (HTTPS) and Terminal Network (TELNET).
[0055] In an embodiment, the UE 102 includes a primary processor 302, and a memory 304. In alternate embodiments, the UE 102 may include more than one primary processor 302 as per the requirement of the first network 106. The primary processor 302, may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, single board computers, and/or any devices that manipulate signals based on operational instructions.
[0056] In an embodiment, the primary processor 302 is configured to fetch and execute computer-readable instructions stored in the memory 304. The memory 304 may be configured to store one or more computer-readable instructions or routines in a non-transitory computer-readable storage medium, which may be fetched and executed to authenticate the subscriber during transition between the first network 106 and the second network 114. The memory 304 may include any non-transitory storage device including, for example, volatile memory such as RAM, or non-volatile memory such as disk memory, EPROMs, FLASH memory, unalterable memory, and the like.
[0057] Initially, when the subscriber is turning on the UE 102 for the very first time with a new Subscriber Identity Module (SIM) card, an initial authentication and registration is performed pertaining to the connectivity of the subscriber to the particular network such as the first network 106 or the second network 114. Further when the subscriber is moving from one location to another location, the UE 102 of the subscriber transmits the location coordinates of the subscriber to the AMF unit 110. Based on the location coordinates, the registration request is transmitted from the AMF unit 110 to the transceiver 206 of the processor 202 to transition the subscriber from the first network 106 to the second network 114 as the strength of the second network 114 is greater than strength of the first network 106 at the subscriber’s location.
[0058] For example, let’s assume the first network 106 and the second network 114 is at least one of, a 4G network and a 5G network. When the subscriber is switching between the 4G network and the 5G network while being subscribed to the same network service provider (trusted network) where the 4G network and the 5G network are co-hosted, the authentication and reauthentication can be avoided. Based on parsing the registration request and determining if the registration indication is false then the reauthentication in the 5G network is avoided as the subscriber is already authenticated in the 4G network with same set of subscriber credentials. There are no different credentials involved in authentication. However, when the subscriber has different credentials for the 4G network and different security credentials for the 5G network, then the reauthentication would be necessitated and required. For example, the security credentials may include permanent subscriber key etc. Further, the subscriber is registered to the to the assigned database 220 in response to the registration indication being false and the registration response is transmitted to the AMF unit 110 subsequent to successful completion of registration of the subscriber.
[0059] Once the successful completion of registration of the subscriber is complete, then the HSS unit 112 is requested to deregister that subscriber from the 4G network because the subscriber is now connected to the 5G network. In one embodiment, the registration response is transmitted to the HSS unit 112 to deregister the subscriber without raising a deregistration query to the MME unit 118.
[0060] FIG. 4 is an exemplary architecture of the system for authenticating a subscriber during transition between the first network 106 and the second network 114.
[0061] As per the illustrated and preferred embodiment, the architecture 400 includes various network elements including the system 108, the HSS unit 112, a Network Function (NF) 402, a Network Function (NF) 404, a Unified Data Repository (UDR) 406, non- Service-Based Architecture (SBA) network nodes 408 and SBA IP Multimedia Network Subsystem (IMS) network nodes 410.
[0062] In one embodiment, the at least one of, the NF 402 and the NF 404 is at least one of, but not limited to, the AMF unit 110 which utilizes one or more Service-Based Architecture (SBA) interfaces in order to interact with the network elements included in the architecture 400.
[0063] In one embodiment, a Nudm is related to the 3GPP 5G Architecture. The Nudm is a service-based interface exhibited by the system 108. The system 108 offers various services to the network elements via the Nudm interface. In another embodiment, a Nhss is a service-based interface exhibited by the HSS unit 112. The HSS unit 112 offers various services to the network elements via the Nhss interface.
[0064] In one embodiment, the UDR 406 is a centralized database that stores subscription information of the subscriber which is used by other network elements of the architecture 400. A Nudr interface is used by the network elements to access a particular set of the data stored in the UDR 406. The UDR 406 includes a 5GS-UDR (Unified Data Repository) 406a and EPS-UDR (User Data Repository) 406b which are combined to form a common UDR 406. The HSS unit 112 uses the Ud reference point to interact with the EPS-UDR 406b.
[0065] In one embodiment, one or more non-SBA interfaces between the HSS unit 112 and non-SBA network nodes 408 includes interfaces to/from a Short Message Service (SMS) - Gateway Mobile Switching Centre (GMSC)/ Interworking Mobile Switching Center (IWMSC) and a SMS router. In the architecture 400, these non-SBA interfaces may either be supported by the HSS unit 112 or by the system 108. The non-SBA network nodes 408 are the nodes from the other networks which are connected to the architecture 400. In another embodiment, an IMS SBA interfaces are the interfaces which supports the interaction between the network elements and the SBA IMS network nodes 410.
[0066] FIG. 5 is a signal flow diagram illustrating the system for authenticating the subscriber during transition between the first network 106 and the second network 114, according to one or more embodiments of the present disclosure.
[0067] At step 502, the UE 102 transmits information of the subscriber including, at least one of, but not limited to, the location coordinates of the subscriber to the AMF unit 110.
[0068] At step 504, the AMF unit 110 receives the information of the subscriber from the UE 102, based on which the registration request is transmitted from the AMF unit 110 to the system 108. The registration request represents transition from the first network 106 to the second network 114 of the subscriber. The registration request is a request which registers the UE 102 which is serving a Network Function (NF) such as the AMF unit 110 in the communication system 100. In particular, the registration request is at least one of, a Nudm UE Context Management (UECM)_Registration request.
[0069] At step 506, the system 108 receives the registration request from the AMF unit 110 to register the subscriber from the first network 106 onto the second network 114. The registration request comprises identity particulars of the subscriber and the registration indication of the subscriber. The system 108 further parses the registration request to determine if the registration indication is one of true and false. Thereafter, if the registration indication is false then the system 108 registers the subscriber to the assigned database 220 and transmits a registration response to the AMF unit 110 subsequent to successful completion of registration of the subscriber. In particular, upon receipt of the Nudm_UECM_Registration request by the system 108, and if the registration request is valid, then the system 108 transmits the verification and authentication registration response message to the AMF unit 110. The registration response is a message which is provided by the system 108 to the AMF unit 110 which confirms the identity of the UE 102 and the validity of the registration request.
[0070] At step 508, subsequent to forwarding the registration response to the AMF unit 110, the system 108 transmits a SN deregistration request to the HSS unit 212 to deregister the subscriber from the HSS unit 212. The SN deregistration request is a request which is transmitted by the system 108 to the HSS unit 212 to initiate a MAP Cancel Location procedure towards the MME unit 218 due to Inter Radio Access Technology (IRAT) mobility. The SN deregistration request contains the UE's 102 identity such as an International Mobile Subscriber Identity (IMSI).
[0071] At step 510, the HSS unit 212 transmits the SN deregistration response to the system 108 subsequent to deregistering the subscriber from the HSS unit 212. The SN deregistration response is a response transmitted by the HSS unit 212 to the system 108 which informs the system 108 regarding the deregistration of the subscriber.
[0072] At step 512, the MAP Cancel Location Procedure (CLP) is used between the HSS unit 212 and the MME unit 118 to delete the subscriber record from the MME unit 118. The CLP is invoked by the HSS unit 212 which informs the MME unit 118 about the subscriber’s subscription withdrawal. The CLP uses commands such as Cancel-Location-Request/Cancel-Location Answer (CLR/CLA) for interaction between the HSS 212 and the MME unit 118 regarding the deregistering of the subscriber.
[0073] FIG. 6 is a flow diagram of a method 600 for authenticating the subscriber during transition between the first network 106 and the second network 114, according to one or more embodiments of the present invention. For the purpose of description, the method is described with the embodiments as illustrated in FIG. 2 and should nowhere be construed as limiting the scope of the present disclosure.
[0074] At step 602, the method 600 includes the step of receiving a registration request from an Access and Mobility Function (AMF) unit 110 to register the subscriber from the first network 106 onto the second network 114, wherein the registration request comprises identity particulars of the subscriber and a registration indication of the subscriber, wherein the registration indication is one of true and false. In one embodiment, the transceiver 206 of the processor 202 is configured to receive the registration request from the AMF unit 110 to register the subscriber from the first network 106 onto the second network 114. Further, the registration request includes the identity particulars of the subscriber pertaining to the Subscription Permanent Identifier (SUPI), the set of subscriber credentials for verification purpose and the registration indication (i.e. initialRegistrationInd). The Subscription Permanent Identifier (SUPI) is a unique identifier used to represent a subscriber's permanent identity in at least one of, the first network 106 and the second network 114.
[0075] At step 604, the method 600 includes the step of parsing the registration request to determine if the registration indication is one of true and false. In one embodiment, the parsing unit 208 of the processor 202 is configured to parse the registration request to determine if the registration indication is one of true and false. For example, the parsing unit 208 analyzes the registration request and determines that the registration indication (i.e. initialRegistrationInd) is false. Here, the processor 202 does not reauthenticate the subscriber in the second network 114 as the registration indication is false because the subscriber is already authenticated and registered in the first network 106 with identical identity particulars of the subscriber. Advantageously, while transitioning from the first network 106 to the second network 114, the reauthentication of the subscriber is avoided.
[0076] At step 606, the method 600 includes the step of registering the subscriber to an assigned database in response to the registration indication being false. In one embodiment, the registering unit 210 of the processor 202 is configured to register the subscriber to the assigned database 220 in response to the registration indication being false. For example, the registering unit 210 registers the subscriber to the second network 114.
[0077] At step 608, the method 600 includes the step of transmitting to the AMF unit 110 with a registration response subsequent to successful completion of registration of the subscriber. In one embodiment, the transceiver 206 of the processor 202 is configured to transmit the registration response to the AMF unit 110 pertaining to the successful completion of registration of the subscriber. For example, the processor 202 registers the subscriber and responds to the AMF unit 110 with a ‘Nudm_ UE Context Management (UECM)_Registration’ response.
[0078] Further, the transceiver 206 of the processor transmits the deregistration notification to the HSS unit 112 to deregister the subscriber from the HSS unit 112 as the subscriber is now connected to the second network 114. Along with the deregistration notification, the transceiver 206 transmits the details of the MME unit 118 to the HSS unit 112 due to which there is no need for the HSS unit 112 to generate an additional database query to fetch the MME unit 118 details for transmitting the deregistration notification.
[0079] The present invention further discloses a non-transitory computer-readable medium having stored thereon computer-readable instructions. The computer-readable instructions are executed by the processor 202. The processor 202 is configured to receive a registration request from an Access and Mobility Function (AMF) unit 110 to register the subscriber from the first network onto the second network, the registration request comprises identity particulars of the subscriber and a registration indication of the subscriber, the registration indication is one of true and false. The processor 202 is further configured to parse, the registration request to determine if the registration indication is one of true and false. The switching request representative of switching from the first network 106 to the second network 114 of a subscriber. The processor 202 is further configured to register the subscriber to an assigned database 220 in response to the registration indication being false. The processor 202 is further configured to transmit to the AMF unit 110 with a registration response subsequent to successful completion of registration of the subscriber.
[0080] A person of ordinary skill in the art will readily ascertain that the illustrated embodiments and steps in description and drawings (FIG.1-6) are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed. These examples are presented herein for purposes of illustration, and not limitation. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed embodiments.
[0081] The present disclosure provides technical advancement. For example, the techniques allow identification of the subscriber which is already authenticated. Further, the reauthentication procedure during the transitioning from the first network onto the second network is bypassed which leads to optimization of the network, database, and processing.
[0082] The present invention offers multiple advantages over the prior art and the above listed are a few examples to emphasize on some of the advantageous features. The listed advantages are to be read in a non-limiting manner.

REFERENCE NUMERALS

[0083] Communication system - 100;
[0084] First set of User Equipment (UE) - 102;
[0085] Second set of User Equipment (UE) - 116;
[0086] Server - 104;
[0087] First network- 106;
[0088] System -108;
[0089] AMF unit -110;
[0090] HSS unit – 112;
[0091] Second network- 114;
[0092] MME unit – 118;
[0093] Processor - 202;
[0094] Memory - 204;
[0095] Transceiver – 206;
[0096] Parsing unit – 208;
[0097] Registering unit – 210;
[0098] Database – 220;
[0099] Primary processor- 302;
[00100] Memory- 304;
[00101] Network Functions (NF) – 402 and 404;
[00102] UDR – 406;
[00103] Non- SBA network nodes – 408; and
[00104] SBA IMS network nodes – 410.
,CLAIMS:
CLAIMS
We Claim:

1. A method (600) of authenticating a subscriber during transition between a first network (106) and a second network (114), the method (600) comprising the steps of:
receiving, by a one or more processors (202), a registration request from an Access and Mobility Function (AMF) unit (110) to register the subscriber from the first network (106) onto the second network (114), wherein the registration request comprises identity particulars of the subscriber and a registration indication of the subscriber, wherein the registration indication is one of true and false;
parsing, by the one or more processors (202), the registration request to determine if the registration indication is one of true and false;
registering, by the one or more processors (202), the subscriber to an assigned database (220) in response to the registration indication being false; and
transmitting, by the one or more processors (202), to the AMF unit (110) with a registration response subsequent to successful completion of registration of the subscriber.

2. The method (600) as claimed in claim 1, wherein the AMF unit (110) is configured to periodically receive location co-ordinates of the subscriber from a User Equipment (UE) (102), wherein the AMF unit (110) is configured to transmit the registration request to the one or more processors (202)to transition a subscriber from the first network (106) to the second network (114), in response to the subscriber located in a location where strength of the second network (114) is greater than strength of the first network (106).

3. The method (600) as claimed in claim 1, wherein the identity particulars of the subscriber pertains to a Subscription Permanent Identifier (SUPI) and includes a set of subscriber credentials for verification purpose.

4. The method (600) as claimed in claim 1, wherein the registration indication of the subscriber is false, when one of:
the subscriber is already registered in the first network (106) with identical identity particulars of the subscriber; and
a Home Subscription Server (HSS) unit (112) and the one or more processors (202) of the first network (106) and the second network (114) are part of a same network service provider.

5. The method (600) as claimed in claim 1, further comprising the steps of:
transmitting, by the one or more processors (202), a de-registration notification to a Home Subscriber Server (HSS) unit (112) to deregister the subscriber from the HSS unit (112), and
transmitting, by the one or more processors (202) the registration response to a Mobility Management Entity (MME) unit (118), thereby allowing the HSS unit (112) to deregister the subscriber without raising a deregistration query to the MME (118).

6. A system (108) of authenticating a subscriber during transition between a first network (106) and a second network (112), the system (108) comprising:
a transceiver (206), configured to, receive, a registration request from an Access and Mobility Function (AMF) unit (110) to register the subscriber from the first network (106) onto the second network (114), wherein the registration request comprises identity particulars of the subscriber and a registration indication of the subscriber, wherein the registration indication is one of true and false;
a parsing unit (208), configured to, parse, the registration request to determine if the registration indication is one of true and false;
a registering unit (210), configured to, register, the subscriber to an assigned database in response to the registration indication being false; and
the transceiver (206), configured to, transmit, to the AMF unit (110) with a registration response subsequent to successful completion of registration of the subscriber.

7. The system (108) as claimed in claim 6, wherein the identity particulars of the subscriber pertains to Subscription Permanent Identifier (SUPI) and includes a set of subscriber credentials for verification purpose.

8. The system (108) as claimed in claim 6, wherein the registration indication of the subscriber is false, when one of:
the subscriber is already registered in the first network (106) with identical identity particulars of the subscriber; and
a Home Subscription Server (HSS) unit (112) and the system (108) of the first network (106) and the second network (114) are part of a same network service provider.

9. The system (108) as claimed in claim 6, wherein the transceiver (206) is further configured to:
transmit, a de-registration notification to a Home Subscriber Server (HSS) unit (112) to deregister the subscriber from the HSS unit (112), and
transmit, the registration response to a Mobility Management Entity (MME) unit (118), thereby allowing the HSS unit (112) to deregister the subscriber without raising a deregistration query to the MME (118).

10. A User Equipment (UE) (102) comprising of:
a subscriber identity module (SIM) card;
a one or more primary processors (302) having a memory unit (304), communicatively coupled to a one or more processors (202) wherein said memory unit (304) stores instructions which when executed by the one or more primary processors (302) causes the UE (102) to:
transmit location co-ordinates of a subscriber to an Access and Mobility Management Function (AMF) unit (110); and
wherein the one or more processors (202) is configured to perform the steps as claimed in claim 1.