Description

METHOD FOR ENHANCING LBS SECURITY AND PROTECTING PRIVACY IN WIMAX NETWORK

Technical Field

[1] The present invention relates to the field of mobile communications, in particular to a method for authentication and authorization check of Location Based Service (LBS) with authentication/authorization/accounting (AAA) in a Worldwide Interoperability for Microwave Access (Wimax) network. With this method, the security of LBS can be guaranteed and users' privacy can be protected in a Wimax network. Background Art

[2] Mechanism on LBS confidentiality checking in Wideband Code Division Multiple

Access (WCDMA) network has been regulated in the 3rd Generation Project Partnership (3GPP) technical specifications 3GPP TS 22.071 and 3GPP TS 23.271. The modules associated with privacy checking include:

[3] ( 1 ) Privacy Profile Register (PPR)

[4] The PPR primarily functions to implement privacy checking. Its address is saved in

Home Location Register (HLR) or Home Subscriber Server (HSS). Home Mobile Location Centre (H-GMLC) can access PPR through Lpp interface. PPR can be either an independent entity or integrated in H-GMLC. In the PPR, subscription information on a subscriber's privacy is stored. All LBS clients are prohibited by default. Privacy properties include:

[5] • Codeword: codeword is adopted by a target UE to specify which requesters are permitted or the level of the UE' s location information. Detailed definition of Codeword is not addressed in 3GPP but can be configured by operators according to their own LBS conditions.

[6] • Privacy exception list: the list records that which LBS clients, which services and which types of LBS clients can be locate certain target UE;

[7] # Service type Privacy: this serves to specify which type of services allow LBS clients to obtain the location of the target UE;

[8] • Privacy-beyond indicator: the indicator specifies the applicability of privacy exception list;

[9] A requester needs to indicate the codeword of certain target UE when requesting for the UE' s location information. The codeword can be provided by the requester and forwarded by LBS Client to the target UE for checking. The codeword also can be registered in advance in LBS Client by the target UE or the subscriber and checked in the LBS server. No details on the generation or distribution of codeword are given in

3GPP standard. Besides the fundamental functions of codeword above, an enhanced codeword contains the specific time period and the specific times for which the codeword can be used, etc.

[10] (2) Pseudonym Mediation Device (PMD)

[11] PMD functions to map or decrypt a pseudonym to the true identifier of a UE, such as

International Mobile Subscriber Identifier (IMSI) or Mobile Station Integrated Service Digital Network (MSISDN) number. PMD can be either an independent equipment or integrated in PPR, Gateway Mobile Location Center (GMLC) or other equipment in the network. No details on functions of PMD are given in 3GPP standard.

[12] In 3GPP, the flow of authorization checking process is illustrated in Figure 1 as follows.

[13] 101a GMLC sends a LBS authorization request message to PPR, which message including the following parameters:

[14] - Target UE identifier (ID) including one or both of MSISDN and IMSI, optional;

[15] - LBS client ID;

[16] - LBS client type, such as value-added service, emergency service, legal monitoring;

[17] - Service type, optional;

[18] - Codeword, optional;

[19] - Location type, such as "current location", "current or latest known location",

"initial location";

[20] - Others.

[21] If PMD is integrated in PPR, the UE ID included in the message is not the real one but the pseudonym of the target UE.

[22] 102a If the LBS authorization request message includes the target UE' s pseudonym,

PPR enables the PMD function to determine the target UE' s real UE ID, such as IMSI or MSISDN. According to the privacy information subscribed by the target UE, PPR performs privacy checking process, and the checking result is returned to GMLC as a LBS authorization response message. If the location request is prohibited, the LBS authorization response message will include only a location request prohibition indicator. Otherwise, it will include the following permission indicators:

[23] - This location request is not permitted;

[24] - This location request is permitted and is not necessary to inform UE;

[25] - This location request is permitted and is necessary to inform UE;

[26] - This location request is necessary to be informed to UE and should be verified by the UE, only a location request that passes the verification or has no response to the informing can be authorized;

[27] - This location request is necessary to be informed to UE and should be verified by

UE, only a location request that passes the verification can be authorized.

[28] Although methods for authorization checking (also called privacy checking) have been specified in 3GPP, but these methods can not be directly applied in Wimax network for the following reasons:

[29] (1) The entire network architecture of 3GPP is completely different from that of

Wimax;

[30] (2) Mechanism on LBS privacy checking in 3GPP is difficult to understand and poor in practicability, therefore it is not in accordance with the intention of being popular and practical in Wimax network;

[31] (3) Mechanism on LBS privacy checking in 3GPP is complicated and is not in accordance with the principle of simple and practical in Wimax network, either;

[32] (4) Too much blank space is left to operators in mechanism on LBS privacy checking in 3GPP.

[33] In view of the above, the Network Work Group (NWG) of Wimax Forum regulated a basic processing procedure of LBS authentication and authorization checking in a Wimax network in the specification draft of LBS Stage-2 standard on Wimax network approved in June, 2007, as shown in Figure 2.

[34] 101b Mobile station (MS) or LBS client initiates LBS, either the LBS client or MS sends a location request message to a location server (LS), which message including the identifier (MO ID) of the MS that initiates the location request, the identifier of the located or target MS (MT ID), the LBS client, the LBS service type, etc.;

[35] 102b LS sends an authentication and authorization checking request message to

AAA to request authorization checking on the LBS and the location requester;

[36] 103b Authentication and authorization checking process is performed in AAA;

[37] 104b An authentication and authorization checking response is returned to LS, which response including an authentication and authorization checking result indicating that the authentication and authorization checking pass or that the authentication and authorization checking fail;

[38] 105b Subsequent processing after the authentication and authorization checking in the LBS end-to-end processing: if both authentication and authorization checking pass, a location controller (LC) located at a serving access service network gateway (ASN-GW) is found, LS sends the location request to LC, and the process of determining the location information and the like are performed within the serving ASN; if only one of authentication and authorization checking passes, or neither of them passes, a location response message is sent to the LBS client for indicating that the location process is rejected.

[39] The processing procedure above is merely a basic framework and basic processing flow of LBS authentication and authorization checking in a Wimax network. And the following problems have not been settled:

[40] (1) How to perform authentication on LBS clients so that only legal LBS clients can obtain location service;

[41] (2) How to authenticate LBS so as to guarantee that only subscribed LBS can be served other than unsubscribed LBS;

[42] (3) How to implement LBS authorization checking so as to guarantee that a location request MS (the MS locating another MS, referred to as MO MS) can successfully obtain information on the location of a located MS (i.e., the target MS or MT MS) only in the case that the MT MS permits the MO MS to locate the MT MS, thereby securing user's privacy to some extent;

[43] (4) Since the current protocol stack in Wimax network is not able to transmit or process messages for LBS authentication or authorization checking, which type of protocol stack can be adopted to transmit and process the authentication and authorization checking request/response messages in Figures 1 and 2.

[44] A method and device for LBS authentication and authorization checking in a Wimax network is proposed in Patent Application (Application No.: 200710126101.3, hereinafter referred to as Patent Document 1) submitted to the State Intellectual Property Office of the People's Republic of China in June, 2007. In Patent Document 1, two solutions are put forward as follows.

[45] (1) Solution 1: AAA implements LBS authentication, and LS implements authorization checking on a location requester.

[46] (2) Solution 2: AAA implements LBS authentication as well as authorization checking on a location requester.

[47] For solution 1, Patent Document 1 has provides a detailed solution to realize the method of LBS authentication and authorization checking in Wimax network. For solution 2, however, no detailed description but only basic framework and procedure are regulated in current Wimax LBS specification. So it is necessary to refine and enhance the solution. In addition, solution 1 only provides a method for implementing authentication on a LBS client. It is possible to provide alternatives for selection by operating personnel.

[48] To settle the problems mentioned above, a method for enhancing LBS security and protecting privacy in a Wimax network is proposed in the present invention. And the above problems can be overcome in the following three aspects. Disclosure of Invention Technical Solution

[49] To solve the problems mentioned above, the object of the present invention is to provide a method for security enhancement of location-based service and privacy protection in Wimax network.

[50] According to an aspect of the present invention, a method for authenticating a location-based service (LBS) client by a location server (LS) includes steps of: [51] negotiating security capability property between the LBS client and the LS;

[52] performing authentication and key exchange between the LBS client and LS;

[53] determining whether the process of authentication and key exchange is successful by the LBS client and the LS, if it is successful, negotiating a check value; [54] transferring LBS messages between the LBS client and the LS using the negotiated check value. [55] A method for performing authorization checking on a LBS requester in Wimax network includes steps of:

[56] sending an authentication request to AAA by a location server (LS);

[57] performing authentication and authorization checking on the LBS by AAA; and

[58] returning an authentication request response to the LS by AAA.

[59] Thus, the present invention prevents any illegal LBS client, unsubscribed LBS service or unauthorized MS from obtaining requested LBS service in three aspects of authentication on LBS client, authentication on LBS service and authorization checking on LBS service. Therefore, the security can be enhanced for LBS service and user privacy can be protected in Wimax network, and relevant blank space in the current Wimax standard can be made up for.

Brief Description of the Drawings

[60] Figure 1 is a flowchart of authorization checking in 3GPP;

[61] Figure 2 shows the existing process of authentication and authorization checking in the draft of Wimax LBS specification;

[62] Figure 3 shows an interface protocol stack between LBS client and LS;

[63] Figure 4 is a signaling flowchart for authenticating between LBS client and LS and starting LBS service according to the present invention; [64] Figure 5 is a schematic block diagram of authentication and authorization checking on LBS service within AAA in Wimax network according to the present invention; [65] Figure 6 is a signaling flowchart of authentication on LBS service by AAA according to the present invention; [66] Figure 7 is a signaling flowchart of authentication on a location requester within

AAA in Wimax network according to the present invention.

Best Mode for Carrying Out the Invention [67] To achieve the above object, a method for enhancing the security of LBS service and protecting privacy in a Wimax network is described in the following three aspects. [68] 1. Authentication on LBS clients

[69] (1) The list of LBS clients that are permitted to access is saved in LS.

[70] The list of access-permitted LBS clients is held in LS. LBS includes the identifier

(ID) of a location request LBS client in the location request message sent to LS. And the message can be transmitted with the message being entirely encrypted, part of parameters being encrypted or at least the ID of the LBS client being encrypted. Detailed explanation of this solution has been given in Patent Document 1.

[71] (2) Existing security protocols like SSL/TLS, etc. are employed by LBS clients and

LS.

[72] Secure Sockets Layer (SSL) protocol is a network secure transmission protocol developed by Netscape Company. This protocol is the current predominant protocol for secure point-to-point (especially between a Web browser and a server) data communication in Internet. Since SSL has advantages such as wide application, low implementation cost, high security and efficiency, simple operation, etc., it becomes a security protocol widely applied in between Web browsers and servers.

[73] Transport Layer Security (TLS) protocol can be regarded as enhanced protocol of

SSL and can replace SSL. TLS is defined in the specification Request For Comment (RFC) 2246 of the Internet Engineering Task Force (IETF). TLS is a protocol used in establishing secure connections between clients and servers.

[74] Before sending a location request message to LS, a LBS client establishes a secure connection between the LBS client and LS according to the handshaking protocol in existing security protocols like SSL/TLS. During this process, a check value is generated and negotiated. After the handshaking process is successfully completed, the LBS client sends a location request message to LS again. All subsequent LBS messages are checked with this negotiated check value. Only the messages that pass the checking are regarded as messages sent from legal entities. And the messages that fail the verification are discarded.

[75] With the application of mature and perfect security protocol, the above solution has higher security. But it is comparatively complicated. Therefore, its implementation complexity is high. This solution is suitable for operators and LBS services having higher requirements on security.

[76] The interface protocol stack between LBS clients and LS includes 201 IP layer, 202

TCP layer, 203 TLS record layer, 204 TLS handshaking protocol and 205 LBS control layer.

[77] The flow of authentication between LBS clients and LS with the existing security protocol, such as SSL/TLS, etc. and starting LBS service includes the following five steps:

[78] 1. Establishment of security capability property;

[79] 2. Server authentication and key exchange; (optional)

[80] 3. Client authentication and key exchange;

[81] 4. Completion;

[82] 5. Start of LBS service.

[83] 2. Authentication on LBS service

[84] AAA provides the function of LBS service authentication to guarantee that only subscribed LBS services can be served, while unsubscribed service cannot be served.

[85] Firstly, before an operator permits a user to user a LBS service, it is necessary to register the user's LBS service. And it is necessary to add subscription information on the user's LBS service in AAA database of the operator in any other memory, as mentioned below.

[86] The LBS-related subscription information registered by the user in the operator's

Wimax network is saved in AAA. Generally speaking, LBS services that each LBS user can use and the corresponding quality of service (QoS) parameters, such as the registered LBS service type, precision requirements and so on, are saved in AAA. Specific information to be saved is determined by the operator according to its service providing condition. No restriction is inflicted on the parameter and format of subscription information, etc. in the method proposed in the present invention. In addition, a user can easily add, delete or modify his or her subscription information.

[87] After LS receives the location request message, it sends an authentication and authorization request message to AAA, which message including the requested LBS service type and corresponding QoS parameter. AAA is queried for the MO MS's subscription information. If the request LBS service information can be found and the QoS parameter is matched, the LBS service authentication passes; otherwise, the LBS service authentication fails and a location response is sent to the location requester (MS or LBS client), which response indicating that the locating process fails and carrying a reason value of "LBS service authentication fails".

[88] For moree detailed technical solution, please refer to Patent Document 1. Details will be omitted here.

[89] 3. Authorization checking on LBS service

[90] To realize this function, the following two solutions are provided.

[91] 1. Implementing authorization checking on LBS service in LS

[92] The advantage of this solution is taking into account the existing mature AAA products in a Wimax network. At present, no location server equipment is configured in a Wimax system. If location service is needed, it is necessary for equipment manufacturers to develop LS equipment again. To reduce the cost in researching and developing Wimax system products, less modification should be made to AAA, and it should be maintained that AAA provides only function related to authentication. The disadvantage is that the function related to LBS service security is decentralized. For more details, please refer to Patent Document 1.

[93] 2. Implementing authorization checking on LBS service in AAA

[94] In this case, the function of authentication and authorization checking on LBS service is centralized. But comparatively more modification needs to be done to AAA. The present invention mainly addresses this part. Preferably, the following information is saved in AAA.

[95] Information on privacy related to LBS that is registered by a user in an operator's

Wimax network, generally speaking, information on which external clients and which users can query for the user's location information, etc. is saved in AAA, such security information on the user's LBS service being the list of LBS clients that are permitted to access, the list of MSs that are permitted to access and the like. What LBS-related privacy information and its format to be saved on AAA are determined by operators who provide this service. No specific parameter or format needs to be stipulated. A user can easily add, delete or modify information on the user's privacy. In addition, in the following embodiments of the present invention, authorization and security also refers to privacy. And privacy checking is also depicted as authorization checking and LBS-related security checking.

[96] After AAA receives the location request from LS, it checks the list of MSs that are permitted to locate a MT MS, and the list of MSs that are forbidden to locate the MT MS. If a MO MS is in the list of the MSs that are permitted to locate the MT MS, the authorization checking succeeds. And if the MO MS is in the list of MSs that are forbidden to locate the MT MS, the authorization checking fails. In this case, a location response message is returned to the LBS requester (LBS client or MS), which indicates that the request is rejected and also carries a reason value of "authorization checking fails". If the MO MS is in neither the list of MSs that are permitted to locate MT MS nor the list of the MSs that are forbidden to locate MT MS, the MT MS is queried. If the MT MS indicates that the locating is permitted, subsequent LBS process, such as routing to Serving Location Control (Serving LC) to perform locating measurement and calculation, etc. are implemented. If the MT MS indicates that locating is forbidden, it returns a location response message to the LBS requester (either LBS client or MS), which message indicating that the request is rejected and carrying a reason value of "authorization checking fails".

[97] According to the present invention, the hardware structure to realize this method includes a LBS subscription information memory, an authorization list memory, an authentication processing module and an authorization checking module, as shown in Figure 5.

[98] Referring to Figure 6, a detailed description will be made to the authorization method of the present invention.

[99] 1. Presetting information

[100] In Wimax network, the following information should be preset in the Wimax network entity AAA before LBS service is used:

[101] (1) Subscription information on LBS that is registered by a user in an operator's

Wimax network, the user can easily add, delete or modify the subscription information;

[102] (2) Privacy and authorization checking information on LBS that is registered by a user in an operator's Wimax network, the user can easily add, delete or modify his or her authorization checking information.

[103] 2. Processing flow

[104] (1) LS sends an authorization checking message to AAA;

[105] (2) After AAA receives the request for authorization checking, it performs authorization checking on the MO MS. If the MO MS is in the MT MS's list of the MSs that are permitted to locate, the authorization checking succeeds. If the MO MS is in the MT MS's list of MSs that are forbidden to locate, the authorization checking fails, and a location response message is returned to the party (either LBS client or MS) that initiates the LBS, which message indicating that the request is rejected. If the MO MS is in neither the list of MSs that are permitted to locate nor the list of MSs that are forbidden to locate, the MT MS is queried. If the MT MS indicates that the locating is permitted, the authorization checking succeeds; if the MT MS rejects the request, it indicates that the authorization checking fails.

[106] (3) The authentication and authorization checking response is sent from AAA to LS, which response indicating whether the authentication and authorization checking succeeds or not. If not, the reason value is included in the response.

[107] Detailed description will be made to the embodiments of the present invention in three aspects. For the implementation that is the same as Patent Document 1, only reference explanation but no detail is made in the present invention.

[108] To enhance the security of LBS service and protect user privacy in Wimax network, the above three aspects are preferably implemented at the same time. However, the present invention is not confined to the implementation of all above three aspects for enhancing the security of LBS service and protecting user privacy in Wimax network. Certain one aspect or two or three aspects can be selected to enhance the security of LBS service and protect user privacy in Wimax network according to specific LBS and network condition of operators.

[109] In addition, the three aspects can be implemented preferably in the following order: firstly, authenticating a LBS client; if the authentication succeeds, authentication LBS service; if this authentication also succeeds, performing authorization checking on LBS service. However, the present invention is not confined to such order. And an operator can properly adjust the order to according to specific LBS and network condition. Moreover, specific parameters included in messages in a message flow are only for il-

lustration. The operator can selectively use the parameters, design other new parameters or add other ones. [110] 1. Authentication on LBS client

[111] (1) The list of the LBS clients that are permitted to access is saved in LS.

[112] For a detailed technical solution, please refer to Patent Document 1;

[113] (2) LBS client and LS employs an existing security protocol like SSL/TLS, etc.;

[114] The interface protocol stack between LBS clients and LS is shown in Figure 3. The protocol stack consists of the following layers.

[115] 201 IP layer

[116] IP layer, i.e., the network layer in the protocol stack of transport control protocol (TCP) / Internet protocol (IP) currently widely applied in Internet, is mainly responsible for route selection of IP messages. In addition, it has functions such as congestion control, network interlink and so on.

[117] 202 TCP layer

[118] TCP layer is the transport layer in TCP/IP protocol stack widely applied in Internet. TCP layer is responsible for segmenting higher level data and providing end-to-end reliable or unreliable transport. In addition, it has functions such as end-to-end error control and traffic control.

[119] 203 TLS record layer

[120] TLS record layer serves to encapsulate higher level LBS control messages. Symmetrical encryption algorithm is used here to guarantee security. And a hash message authentication code is used here to guarantee integrity.

[121] 204 TLS handshaking protocol

[122] It is a protocol to implement mutual authentication between a client and a server.

TLS handshaking protocol is used in negotiating encryption algorithm and key. With this protocol, either unidirectional or bidirectional authentication can be implemented between client and server.

[123] 205 LBS control layer

[124] This layer primarily processes LBS related messages transferred between LBS clients and LS. The messages mainly include LBS location request, LBS location response.

[125] The flow that authentication is implemented between LBS clients and LS and the LBS service starts is illustrated in Figure 4. Specific steps are as follows.

[126] 301 Establishment of security capability property

[127] A Hello message is exchanged between a LBS client and LS. Algorithm and exchange random value, etc. are negotiated and agreed on between the LBS client and LS, so that both LBS client and LS use the uniform version number, random number, encryption algorithm, etc.

[128] 302 Server authentication and key exchange

[129] The server sends its own certificate, including a X.509 certificate or a certificate chain. This step is optional. If no authentication on server is needed, this step can be omitted.

[130] 303 Authentication on LBS client and key exchange [131] It is usually necessary to implement authentication on LBS client and key exchange in order to prevent any illegal hacker from disguising as a LBS client and invading LS. [132] 304 Completion [133] This process checks whether the process of authentication and key exchange succeeds or not. If yes, a check value is negotiated between LBS client and LS for checking subsequent LBS messages. So far, the handshaking process finishes. Data exchange can be performed safely between LBS client and LS. [134] 305 Start of LBS service [135] LBS client sends a location request message to LS to start LBS. This message and subsequent ones are necessary to be checked with the check value negotiated at steps

301-304.

[136] 2. Authentication on LBS service

[137] For detailed technical solution, please refer to Patent Document 1. [138] 3. Authorization checking on LBS service

[139] To realize this function, the following two solutions can be adopted. [140] (1) Implementing LBS authorization checking in LS [141] For detailed technical solution, please refer to Patent Document 1. [142] (2) Implementing LBS authorization checking in AAA [143] Hardware structure for implementation of LBS authentication and authorization checking in AAA in Wimax network is illustrated in Figure 5. [144] LS 401 [145] LS is located in a connection service network (CSN) and has the main functions of receiving a LBS client's LBS request and acting as a gateway between the Wimax network and an external network. In addition, calculation related to location can also be carried out in LS. [146] AAA 402 [147] AAA is not an LBS-specific entity but an existing network entity in Wimax network.

For LBS service, AAA plays the role of providing authentication and authorization checking and collecting data on LBS accounting. [148] RADIUS/Diameter client 403 [149] A remote authentication dial-up system (RADIUS) protocol is the most commonly applied authentication protocol at present. It is stipulated in current Wimax NWG specification version 1.0. Diameter is an upgraded version of RADIUS. A RADIUS/

Diameter client is located at LS and initiates a LBS authentication request.

[150] RADIUS/Diameter server 404

[151] RADIUS/Diameter server is located at AAA server and functions to receive requests from RADIUS/Diameter client 403, implement LBS authentication and authorization checking and return processing results to RADIUS/Diameter client 403.

[152] In Figures 1 and 2, the authentication and authorization checking request message

102 and the corresponding response message 104 can be transferred using an expanded RADIUS/Diameter protocol stack message.

[153] In the present invention, the signaling flow of implementing LBS authentication by AAA is illustrated in Figure 6. Detailed processing steps are as follows.

[154] 501 A LBS client or MS initiates LBS. A user starts a specific LBS service, e.g., a location searching service initiated over the Internet for searching another party's location. According to the specific LBS service, the LBS client or MS sends a location request message to LS, which message including parameters, such as the identifier of the MS (MO ID) that initiates the location request, the identifier of the located or target MS (MT ID), the LBS client, the LBS service type, etc.

[155] 502 Authorization checking is made on the LBS client according to the embodiment of the above first aspect.

[156] 503 LS sends an authentication request to AAA, which request including such parameters as the MO ID, the LBS service type.

[157] 504 Having received the authentication request from LS, AAA preferably starts to search a database for the MO MS's subscribed LBS service information and related QoS by index of the MO ID. If the requested LBS service and related QoS are consistent with the subscription information, the LBS authentication succeeds, and the process goes to LBS authorization checking. Otherwise, the process goes to 505.

[158] 505 AAA sends an authentication response to LS, which response indicating that the authentication fails and including a specific failure reason value. Here, an operator can set the type and settings of the reason value.

[159] 506 LS sends an location response message to the LBS client, which message indicating that the location request fails and the reason is that LBS authentication fails;

[160] The process of authorization checking in AAA is as follows.

[161] 601 A LBS client or MS initiates LBS. A user starts a specific LBS service, e.g., a location searching service initiated over the Internet for searching another party's location. According to the specific LBS service, the LBS client or MS sends a location request message to LS, which message including parameters, such as the identifier of the MS (MO ID) that initiates the location request, the identifier of the located or target MS (MT ID), the LBS client, the LBS service type, etc.

[162] 602 LBS client authorization checking is implemented by LS according to the embodiment of the above first aspect; this process is optional.

[163] 603 LS sends an authentication request to AAA, which request including such parameters as the MO ID, the LBS service type.

[164] 604 AAA implements LBS authentication to check whether the requested LBS and related QoS are matched with the subscribed LBS service or not. This step is optional.

[165] 605 Preferably, by index of MT ID, AAA looks up the MT's authorized access list. If the MO ID is in the MT's authorized access list, the authorization checking passes and the process goes to step 613; otherwise, it goes to 606.

[166] 606 Preferably, by index of MT ID, AAA looks up the MT's forbidden access list. If the MO ID is in the MT's forbidden access list, the MO MS has no right to check the MT MS' s location information and the process goes to step 609; otherwise, it goes to 607.

[167] 607 If the MO ID is in neither the MT's authorized access list nor the forbidden access list, the MO MS sends an authorization query message to the MT MS for inquiring whether the MO MS is authorized to locate the MS or not.

[168] 608 After the MT MS receives the authorization query, it displays this query to the user through a user interface or in other display modes, such as poping up a dialog box, for notifying the user that the user of MT ID wants to locate the MS and asking the user to make a choice between yes or no through the user interface or in other display modes. If the user chooses yes, the process goes to step 612; otherwise, it goes to step 610.

[169] 609 AAA sends an authentication and authorization checking request to LS, which request indicating that the request is rejected by the user.

[170] 610 the MT MS sends an authorization response message to LS, which message indicating that the request is rejected by the user.

[171] 611 LS sends a location response to the LBS requester (the LBS client or MO MS), which response indicating that the location request fails and the reason value is that the MO MS has no right to locate the MT MS.

[172] 612 If the MT MS authorizes the MO MS to implement locating process, it sends an authorization response to LS, which response indicating the authorization query passes.

[173] 613 After the process of authentication and authorization checking passes, subsequent processes, such as LS sending the location request message to LC to trigger subsequent location measurement, location calculation and to obtain the MT MS's location information, etc, are implemented.

[174] The security can be enhanced for LBS service and user privacy can be protected in a Wimax network with the present invention, in virtue of such three aspects of authentication on LBS client, authentication on LBS service and authorization checking on LBS service. LBS client authentication can prevent illegal LBS clients, especially those hackers disguising as LBS clients, from invading the network. The LBS authen-

tication can prevent non-subscribed LBS service from be served. The authorization checking for the location requesting MS can prevent any unauthorized MS from obtaining the MT MS's location information so as to protect user privacy to some extent. And in virtue of the above three aspects, the present invention enhances the security of LBS and protects user privacy in a Wimax network. Moreover, relevant blank spae in the current Wimax standard can be made up for.