Hi,
we own a frequency usage licence from the Bundesnetzagentur and ran our network with auth policy token. So every new phone trying to attach to our network will receive a SMS with information how to register and a token. Thereafter, the phone is kicked out and will no longer be able to register again.
Now there was a problem with some phones from Cupertino which, as I heard, registered to our network, received the SMS, were kicked out again but did not try to re-register with their home network. So some "nice" guys threaten to call the Bundesnetzagentur if we will not shut down the network immediately.
As a quick solution, we changed the registration procedure from Token-Input to IMEI-Input.
My question is: Are there really legal problems when using the "Auth Token" policy?
Many Thanks, Lennart
On 10/18/2011 08:18 AM, Lennart Müller wrote:
Hi,
Hi Lennart,
IANAL, regarding the token auth, you might find a way instead of sending the MM Auth Reject to omit the LU Accept and schedule a LU Reject after the SMS is sent? Did the user accidently end in your network and thanks to a broken phone stayed in it, but didn't read the SMS that is on the lock-screen of his fruit phone? Did the "nice' guy open a ticket with the fruit company too?
Hi Holger,
On Tue, Oct 18, 2011 at 09:27:00AM +0200, Holger Hans Peter Freyther wrote:
IANAL, regarding the token auth, you might find a way instead of sending the MM Auth Reject to omit the LU Accept and schedule a LU Reject after the SMS is sent? Did the user accidently end in your network and thanks to a broken phone stayed in it, but didn't read the SMS that is on the lock-screen of his fruit phone? Did the "nice' guy open a ticket with the fruit company too?
We tried this early in the project: Many phones don't accept CP-DATA before having received a LU Accept.
Hi Holger,
IANAL, regarding the token auth, you might find a way instead of sending the MM Auth Reject to omit the LU Accept and schedule a LU Reject after the SMS is sent?
I think a phone can only receive SMS after it successfully registered itself at the network?
Did the user accidently end in your network and thanks to a broken phone stayed in it, but didn't read the SMS that is on the lock-screen of his fruit phone?
He saw it - thats the reason why he blame us.
I think his home network was not reachable and so his phone simply tried to "roam" into our network. The configured reject cause is:
location updating reject cause 11
So in my understanding, after kicking out the phone, it should not try to automatically register to our network again until switched off or manually selecting our network, and instead simply switch back to the home network.
Probable instead of switching back, it stayed offline - until a power cycle as I heard.
Did the "nice' guy open a ticket with the fruit company too?
Certainly not - "This never happened elsewhere - it must be your network!".
Regards, Lennart
Hi Lennart,
On Tue, Oct 18, 2011 at 08:18:24AM +0200, Lennart Müller wrote:
we own a frequency usage licence from the Bundesnetzagentur and ran our network with auth policy token. So every new phone trying to attach to our network will receive a SMS with information how to register and a token. Thereafter, the phone is kicked out and will no longer be able to register again.
Now there was a problem with some phones from Cupertino which, as I heard, registered to our network, received the SMS, were kicked out again but did not try to re-register with their home network. So some "nice" guys threaten to call the Bundesnetzagentur if we will not shut down the network immediately.
we have only used the "Auth Token" mechanism in the Netherlands, where
the regulatory authority didn't make any complaint. However, I remember some people with the (then not all-omnipresent) iPhone reporting some issues.
In order to be on the safe side, we started issuing our own sim cards at CCC Congress and related events. This means that people have to obtain such a card before being able to acces the network. I believe legally, this is the better situation anyway, as the "real operator" SIM card in their device belongs to their "real operator", and we don't know the details of the agreement they have with their operator. They could have some fine print that that SIM is only permitted to be used with roaming partners of the "real operator". So by not accepting foreign SIM cards, we make sure nobody is violating such terms. Furthermore, we can of course use A3/A8 and as a result also A5/1, if we want.
My question is: Are there really legal problems when using the "Auth Token" policy?
The fact that we have the auth-token (or any other) functionality in our software doesn't mean that it is safe to run it, or that you will hve legal guarantees about regulatory approval in any jurisdiction!
Regards, Harald
Hi Harald,
we have only used the "Auth Token" mechanism in the Netherlands, where the regulatory authority didn't make any complaint. However, I remember some people with the (then not all-omnipresent) iPhone reporting some issues.
Seems to be a general problem...
In order to be on the safe side, we started issuing our own sim cards at CCC Congress and related events. This means that people have to obtain such a card before being able to acces the network. I believe legally, this is the better situation anyway, as the "real operator" SIM card in their device belongs to their "real operator", and we don't know the details of the agreement they have with their operator. They could have some fine print that that SIM is only permitted to be used with roaming partners of the "real operator". So by not accepting foreign SIM cards, we make sure nobody is violating such terms. Furthermore, we can of course use A3/A8 and as a result also A5/1, if we want.
Everybody using our sim cards would be the best of couse - we have some there lying in the drawer. But simply switching the network seems to be more popular - only one person came to get a programmed SIM card. We will put a legal notice about fine prints onto the registration page.
So after all we will probably leave the Auth Token Policy off and let the users enter their IMEI (followed by a registration) before accepting a location update the first time.
The fact that we have the auth-token (or any other) functionality in our software doesn't mean that it is safe to run it, or that you will hve legal guarantees about regulatory approval in any jurisdiction!
That's clear. But as I configured it some time ago, I thought it would not be a problem, since normally the phones should only try to roam if they cannot establish a connection to their home network. Since they are only one time in our network for about 5 seconds to send the SMS, I saw no problem in there - believing phones try to register back immediately after being thrown out.
Regards, Lennart
Lennart -
Similarly, with public OpenBTS tests, we either issue our own SIMs (with known Ki), or we issue expired China Mobile SIMs (when we are sure that none of the carriers in the area have roaming agreements with China Mobile). Another thing we have found useful for these events is to have accept/reject decisions based on regular expression matching of the IMSIs, so that the regular expression is just a string in the configuration table.
And to echo Harald's *next* email, we have also found that many phones refuse SMS transfers prior to receiving LU accept.
-- David
On Oct 18, 2011, at 12:33 AM, Harald Welte wrote:
In order to be on the safe side, we started issuing our own sim cards at CCC Congress and related events. This means that people have to obtain such a card before being able to acces the network. I believe legally, this is the better situation anyway, as the "real operator" SIM card in their device belongs to their "real operator", and we don't know the details of the agreement they have with their operator. They could have some fine print that that SIM is only permitted to be used with roaming partners of the "real operator". So by not accepting foreign SIM cards, we make sure nobody is violating such terms. Furthermore, we can of course use A3/A8 and as a result also A5/1, if we want.
-
David A. Burgess -
Harald Welte -
Holger Hans Peter Freyther -
Lennart Müller