| Title of Invention | MOBILE RADIO NETWORK, METHOD FOR OPERATING A TERMINAL DEVICE IN SUCH A NETWORK AND TERMINAL DEVICE WITH INTEGRATED ELECTRONIC CIRCUIT ARRANGEMENTS FOR STORING PARAMETERS THAT IDENTIFY THE TERMINAL DEVICE. |
|---|---|
| Abstract | The invention relates to a mobile radio network (MFN) which comprises at least one network node (NKn) and at least one Server (S) and a plurality of terminal devices (ME) comprising one electronic circuit arrangement each that is integrated into the terminal device (ME), a parameter identifying the terminal device (ME) being stored in said circuit arrangement. At least one access network node (ZNK) to a packet data network (PDN) is connected to the network node (NKn). The invention also relates to a method for operating a terminal device (ME) in the mobile radio network (MFN) and to a terminal device (ME) for use in said method. |
| Full Text | Description The invention relates to a mobile radio network which comprises at least one network node and at least one Server and a plurality of terminal devices comprising one electronic circuit arrangement each that is integrated into the terminal device, a parameter identifying the terminal device being stored in said circuit arrangement. At least one access network node to a packet data network is connected to the network node. A mobile radio network of the type stated in the introduction is a cellular mobile radio network; mobile radio networks of this type are nowadays usually operated on the basis of what are called second- or third-generation mobile radio Standards, for which the abbreviations 2G and 3G are also frequently used. An example of a widespread second-generation mobile radio Standard is the GSM (Global System for Mobile Communications) Standard. With the introduction of the GPRS (General Packet Radio Service) Standard for supporting Services in a packet data network (packet data Services), GSM was further developed, enabling access to IP (Internet Protocol)-based packet data networks such äs, for example, the Internet. An example of a third-generation mobile radio network is the UMTS (Universal Mobile Telecommunication System) Standard, which has been specified äs part of 3GPP (3rd Generation Partnership Project) in the second- and third-gineration mobile radio networks mentioned,the personalization of a terminal device for a subscriber takes place through the use of a so- called SIM (Subscriber Identity Module) card, which is normally provided by the network operators or mobile radio providers. At least one application called the (U)SIM((Universal) suncriber identity Module) is located on the SIM card, also referred to in the context of 3GPP standardization as a UICC (Universal integrated Circuit Chip). This normally contains all the subscriber- specific data such as, for example, the international mobile subscriber ISDN number MSISDN, the international mobile subscriber identity IMSI and the routines and parameters used for the purposes of authentication and key agreement when logging on the terminal device in the mobile radio network. An important function of the (U)SIM consists in generating the keys used for the encryption of data transmission and signaling between the terminal device and the mobile radio network. The (U)SIM routines for authentication and key computation are, both in the GSM Standard and in the 3GPP Standard, normally specific to the respective network operator, i.e. they are not an integral pari of the respective mobile radio Standards. This means that both in the (U)SIM and in the authentication centers of the network operators routines specific to the respective network operator are implemented. Furthermore, the (U)SIM and the authentication center störe a secret value specific to each (U)SIM, said value being needed for the symmetrical methods used for authentication and key generation. Symmetrical methods are broadly distinguished by the fact that the same key is used for encryption and decryption respectively. The mobile radio Standards GSM and 3GPP currently provide a (U)SIM stored on a SIM card with an international mobile subscriber ISDN number MSISDN and an international mobile subscriber identity IMSI even for terminal devices provided exclusively for packet data transmission. The international mobile subscriber ISDN number MSISDN is needed for data transmission by means of short messages SMS (Short Message Service) and for circuit-switched data Services. In addition to this, charging is typically also effected under the international mobile subscriber ISDN number MSISDN. The subscriber, his network operator and the hörne location register HLR, in which the data of the respective subscriber is stored, are identified by means of the international mobile subscriber identity IMSI. The Services which can be used by a terminal device with a (U)SIM are restricted by the home location register HLR. So, for example, in the case of a terminal device provided for data transmission only, a restriction to one or more data Services can be configured in the home location register HLR. In addition, the quality of service QoS guaranteed to a subscriber for packet data Services can be restricted in the home location register HLR. The general network architecture of a third-generation digital mobile radio network in accordance with 3GPP Standardization is known from the Internet publication 3GPP TS 23.002 V6.6.0 (2004-12) (http://www.3aDD.ora/). In connection with the Provision of packet data Services, the following network elements, in particular, are described in this Internet publication: - a network node serving the terminal device SGSN (Serving GPRS Support Node), - an access network node GGSN (Gateway GPRS Support Node), which is connected to the SGSN and enables access to a packet data network, and - a Server in the form of a home location register HLR. It is known from the Internet publication 3GPP TS 22.016 V6.0.0 (2005-01) for a Parameter identifying a terminal device to be filed or stored in the terminal device in the form of the international mobile equipment identity IMEI in an electronic circuit arrangement that is integrated into the terminal device in the form of a memory module. The term "electronic circuit arrangement that is integrated into the terminal device" broadly means within the scope of the present invention all the electronic circuit parts of the terminal device which in conceptual terms are indivisibly connected to the terminal device. In addition to volatile and non-volatile memory means, this also comprises electronic circuits by means of which routines or parameters can be implemented. The SIM card, in particular, is not part of the electronic circuit arrangement that is integrated into the terminal device. The international mobile equipment identity IMEI enables the blocking of such terminal devices which have either been reported äs stolen or whose use can no longer be tolerated for technical reasons. In addition to this, the international mobile equipment identity IMEI can also be used äs an identity for carrying out emergency calls. This is the case if the terminal device does not have a SIM card with a valid (U)SIM containing an international mobile subscriber identity IMSI. The function of the international mobile equipment identity IMEI is in this case to restrict the improper use of terminal devices for carrying out hoax emergency calls. The object of the invention is to further develop a mobile radio network of the type stated in the introduction such that packet data Services can be provided particularly cost-effectively. This object is achieved according to the invention in a mobile radio network of the type stated in the introduction in that the terminal devices are non-SIM card terminal devices, and a further Identification parameter and routines needed for authentication or routines and Parameters needed for authentication are stored in the electronic circuit arrangement that is integrated into the terminal device; the Server is a server communicating with the network node on the basis of the Internet Protocol, and the network node is configured such that it is ready to receive the further Identification parameter sent during the logging-on of the terminal device to the mobile radio network and the parameter identifying the terminal device sent during the logging-on of the terminal device to the mobile radio network. It is particularly advantageous here that non-SIM card terminal devices are used. A SIM card is a considerable cost factor, particularly in simple terminal devices such äs those used, for example, äs a data capture device. Such simple terminal devices often achieve only Iow sales, which is why there is an interest in reducing the acquisition costs by dispensing with the SIM card. The use of a server communicating with the network node on the basis of the Internet Protocol enables in addition the use of relatively Iow-cost network elements, äs the requirement for a mobile radio-specific home location register HLR no longer applies. The server in this case has an internal or external database in which the subscriber-specific data is filed. Furthermore, the application of authentication and authorization methods also used outside the mobile radio area is enabled, äs a result of which the operating costs in respect of the administration and charging of the terminal devices being operated in the mobile radio network are reduced. The storage of the further identification parameter and of the routines needed for authentication or of the routines and parameters needed for authentication in the electronic circuit arrangement that is integrated into the terminal device offers the advantage that the possible damage which can occur in cases of loss, misappropriation or improper use of the terminal device is reduced. Since the possibilities for using such terminal devices are restricted due to the lack of an opportunity for replacing a SIM card, the interest in misappropriating the terminal device is also reduced. The server communicating on the basis of the Internet Protocol is advantageously an AAA server. Such AAA (Authentication, Authorization and Accounting) Servers are deployed to a greater extent in particular in the Internet area. The conceptual idea behind the AAA server is to standardize and group together the various steps in the logging on to a network, authorization for a service and charging. An AAA server is linked up here by means of special protocols such äs, for example, RADIUS or DIAMETER. The general architecture of an AAA server is known e.g. from the Internet publication RFC 2903 "Generic AAA Requirements", August 2000 of the IETF (Internet Engineering Task Force, http://www.ietf.org). Within the context of 3GPP standardization, an AAA server has been described in the Internet publication 3GPP TS 23.234 V6.3.0 (2004-12) in which the interworking between a 3GPP System and a WLAN (Wireless Local Area Network) is specified. The aim here is to make available to a 3GPP subscriber transport Services which enable the establishment of a connection over the WLAN to IP-based Services like, for example, the Internet. The task of the AAA server lies in authenticating and authorizing the 3GPP subscriber connected over the WLAN. Within the scope of the present invention, the AAA server replaces fully or in part for the non-SIM card terminal devices used in the mobile radio network the mobile radio-specific home location register HLR. Use of an AAA Server in this way offers the advantage that a reduction in acquisition and administration costs can be achieved through the utilization of infrastructure already used in the Internet area and of authentication and authorization methods being applied there. The mobile radio network according to the invention can advantageously also be configured such that the access network node is arranged between the network node and the Server communicating on the basis of the Internet Protocol. In this case, in addition to its principal task which is the Provision of access to the packet data network, the access network node also serves to connect the Server communicating on the basis of the Internet Protocol to the network node, i.e. the access network node is intermediately switched in communication between the network node and the Server communicating on the basis of the Internet Protocol. This is particularly advantageous when the access network node already has an Interface suitable for connecting to the Server communicating on the basis of the Internet Protocol. This may be the case e.g. where the server communicating on the basis of the Internet Protocol is an AAA server, since the access network node usually already has an AAA Interface, simplifying the connection of the server communicating on the basis of the Internet Protocol. A mobile radio network can advantageously be used in which an authorization server is connected to the access network node and, in the event of activation of a service within the packet data network being requested by the terminal device, carries out an authorization of the terminal device. This makes it possible to use for the authorization, i.e. the user credential check, a server which can also be employed in other respects. The use of a mobile radio-specific home location register HLR is consequently no longer necessary. The mobile radio network is advantageously configured such that the authorization server is an AAA server. This is particularly preferred since an AAA Server, in terms of its architecture and the protocols like RADIUS or DIAMETER which it Supports, is specifically geared for carrying out authorizations. The mobile radio network can preferably also be configured such that the authorization Server is the Server communicating on the basis of the Internet Protocol. This offers the advantage that a common Server can be used for authentication and authorization. The mobile radio network according to the invention can be configured such that a presence Server is connected to the network node, said presence server, during the logging-on process, storing presence data relating to the terminal device. Such a presence Server is also known from the Internet publication 3GPP TS 23.141 V6.7.0 (2004-09). Its function consists in administering the presence information associated with a subscriber or a terminal device. This presence information can be made available by the presence server to watcher applications, enabling these to process, display or utilize this information for other applications. The use of the presence server in the mobile radio network according to the invention is advantageous in particular because it is possible äs a result to pinpoint the location of the terminal device or subscriber even without using a home location register HLR. The presence server can also implement additional functions. Such a function could, in the case of terminal devices used for packet data communication in stationär/ vending machines, consist, for example, in the presence server triggering an alarm in the event of the terminal device changing its position, which could point to misuse, for example in the form of theft. The access network node can preferably also communicate with the presence server. This can occur either via the network node or eise via a direct connection between the access network node and the presence server and enables the access network node, for example after a packet data Service has been activated, to initiate an Update of the Status of the terminal device in the presence server. A mobile radio network can advantageously be used in which a further Server is connected to the access network node, said further server sending at the request of the access network node quality of Service QoS restrictions to the access network node. This makes it possible to administer data relating to the restriction in the quality of Service QoS in a separate Server which is not identical to the server communicating on the basis of the Internet Protocol or the authorization server. The mobile radio network according to the invention can be configured such that the further server is a policy decision function PDF server. The policy decision function is known from the Internet publication 3GPP TS 23,207 V6.4.0 (2004-09) which describes within the scope of 3GPP standardization the concept and the architecture for end-to-end quality of service (QoS). The restriction of usable packet data Services is effected here using Standard IP mechanisms through the use of the policy decision function PDF. The PDF server is in this case connected to the access network node and communicates to said access network node the service restrictions with regard to the quality of service QoS to be provided. The implementation of the further server in the form of a PDF server is advantageous since, due to the specification of the PDF server which has already been carried out within the scope of the 3GPP standardization, the necessity for additional standardization and implementation of a new network component no longer applies. In a further advantageous embodiment of the invention, the further server is a charging rules function CRF server. The charging rules function is known from the Internet publication 3GPP TS 23.125 V6.3.0 (2005-01) and makes it possible for the access network node to filter packet data traffic such that packets which belong to a defined service data flow can be identified. Due to the specification which has already been carried out äs part of the 3GPP standardization, the implementation of the further server in a CRF server avoids additional outlay on standardizing and implementing a new network component. The invention also relates to a method for operating a terminal device in a mobile radio network comprising at least one network node, at least one access network node to a packet data network, said access network node being connected to the network node, and at least one Server, a parameter identifying the terminal device and a further identification parameter being stored in the terminal device, and the parameter identifying the terminal device being stored in an electronic circuit arrangement that is integrated into the terminal device, comprising the following method steps: the network node receives the further identification parameter, the network node determines from the received further identification parameter an address of a Server and sends a request to the Server determined, the Server gives a response to the request by sending authentication information to the network node, after receiving the authentication information, the network node sends an authentication prompt to the terminal device, the terminal device determines, using routines needed for authentication stored in the terminal device or routines and parameters needed for authentication stored in the terminal device and using information received in the authentication prompt an authentication response and sends it to the network node, and the authentication is completed with successful checking of the authentication response by the network node. Operating a terminal device is understood here to mean in particular the logging on or registration thereof in the mobile radio network and the requesting of a packet data Service. A method of the type stated is known from Internet publication 3GPP TS 23.060 V6.7.0 (2004-12), which contains a description of the sequences and methods occurring in connection with the Provision of GPRS Services. In chapter 6.5 of this Internet publication, the sequence of the logging-on method for utilizing packet data Services is described. The known logging-on method is characterized in that a network node in the form of an SGSN receives a further identification parameter in the form of the international mobile subscriber identity IMSI which serves both to identify the subscriber using the terminal device and to identify a Server in the form of a home location register HLR in which the subscriber data is filed. The SGSN now sends an authentication request to the HLR, which responds to this by sending authentication information. The SGSN then sends an authentication prompt to the terminal device, which, using routines stored on the (U)SIM and information received in the authentication prompt, determines an authentication response and sends it to the SGSN. Within the framework of the authentication, the terminal device also computes the session Key and the integrity key which are needed for applying the encryption. The SGSN authenticates the subscriber identified by the international mobile subscriber identity IMSI stored on the (U)SIM from the authentication response transmitted by the terminal device. The specification of the various numbers, addresses and identities relevant to the sequence of a telecommunication call is known from the Internet publication 3GPP TS 23.003 V6.5.0 (2004-12). Thus, among other things, the structure and the formats of the following parameters are defined here: international mobile subscriber identity IMSI, temporary mobile subscriber identity TMSI, international mobile subscriber ISDN number MSISDN, international mobile equipment identity IMEI and access point name APN. As already described in connection with the mobile radio network according to the invention, it is known from Internet publication 3GPP TS 22.016 V6.0.0 (2005-01) for a parameter identifying the terminal device to be stored in the form of the international mobile equipment identity IMEI in an electronic circuit arrangement integrated into the terminal device in the form of a memory module. In addition, it is generally known for a further identification parameter to be stored in the terminal device in the form of the international mobile subscriber identity IMSI. The object of the invention is to further develop a method of the type stated such that packet data Services can be provided particularly cost-effectively. This object is achieved according to the invention in that a non-SIM card terminal device is used äs a terminal device and the further identification parameter and the routines needed for authentication or the routines and Parameters needed for authentication are stored in the electronic circuit arrangement that is integrated into the terminal device, the network node receives in addition to the further identification parameter the parameter identifying the terminal device, said further identification parameter serving to determine the address of a Server communicating on the basis of the Internet Protocol, and the parameter identifying the terminal device is transmitted with the request to the server communicating on the basis of the Internet Protocol, and the terminal device is authenticated with successful checking of the authentication response by the network node. It has already been explained in connection with the mobile radio network according to the invention that the use of a non-SIM card terminal device is advantageous in particular on cost grounds. It has also already been stated that storage of the further identification parameter and of the routines needed for authentication or routines and parameters needed for authentication in the electronic circuit arrangement that is integrated into the terminal device offers advantages in the event of the loss, misappropriation or improper application of the terminal device. Due to the absence of the SIM card and, in conjunction therewith, also of the (U)SIM and its parameters, both the storage location and the significance of the further identification parameter change compared with the known method. Thus, in the method according to the invention, said further identification parameter is stored in the electronic circuit arrangement that is integrated into the terminal device. It is particularly advantageous here that the further identification parameter permits determination of the address of the server communicating on the basis of the Internet Protocol. This enables the network node to request from the Server communicating on the basis of the Internet Protocol data which is needed äs part of the logging-on of the terminal device in the mobile radio network. The Server communicating on the basis of the Internet Protocol is typically arranged here in the mobile radio network of the network operator which issued the terminal device, it being possible for the issuing of the terminal device to be carried out directiy by the network operator or via a further provider. This means that in cases of "roaming" äs it is called, the network node with which the terminal device logs on and the Server communicating on the basis of the Internet Protocol are arranged in mobile radio networks of different network operators. Due to the use of the parameter identifying the terminal device when logging on the terminal device in the mobile radio network, authentication of the terminal device takes place. The method is preferably configured such that, after receiving the authentication prompt, the terminal device undertakes, using the routines needed for authentication which are stored in the electronic circuit arrangement that is integrated into the terminal device or the routines and Parameters needed for authentication which are stored in the electronic circuit arrangement that is integrated into the terminal device and using information received in the authentication prompt, authentication of the mobile radio network. This is advantageous äs authentication of the mobile radio network by the terminal device results in an increase in security and this complies furthermore with the existing 3GPP standardization in accordance with the Internet publication 3GPP TS 23.060 V6.7.0 (2004-12). The inventive method for operating a terminal device in a mobile radio network can be configured such that the terminal device sends a first type of log-on request to the network node if a temporary identity assigned to the terminal device by a network node last serving the terminal device is still valid, the first type of log-on request containing the temporary identity and a location area identity identifying the network node last serving the terminal device, the network node requests the Parameters of the terminal device associated with the temporary identity from the network node last serving the terminal device and the network node last serving the terminal device sends the parameter identifying the terminal device and the further Identification parameter to the network node. This is advantageous since by this means the unencrypted transmission in the mobile radio network of the parameter identifying the terminal device and of the further identification parameter is avoided. The corresponding use of temporary identities in the form of the temporary mobile subscriber identity TMSI is known for example from the Internet publication 3GPP TS 23.060 V6.7.0 (2004-12), but not in conjunction with the method according to the invention. The method according to the invention can also be configured such that the terminal device sends to the network node a second type of log-on request which contains the parameter identifying the terminal device, the network node then asks the terminal device for information about the Server communicating on the basis of the Internet Protocol and the terminal device responds by sending the further identification parameter to the network node. It is particularly advantageous here that in accordance with the Internet publication 3GPP TS 23.060 V6.7.0 (2004-12) in 3GPP standardization a corresponding log-on request currently already prompts the SGSN to send an identity request to the terminal device, äs a result of which the necessary extensions of the interface between the terminal device and the network node are kept to a minimum. The method according to the invention can also be configured such that the terminal device sends to the network node with a third type of log-on request the parameter identifying the terminal device and the further identification parameter. This is advantageous since, by sending the two parameters needed for logging on the terminal device simultaneously, the signaling traffic between the terminal device and the network node is optimized. The method can advantageously be configured such that with the further Identification parameter the identity of the server communicating on the basis of the Internet Protocol is stipulated directly and the network node determines directly from the further identification parameter the address of the server communicating on the basis of the Internet Protocol. It is particularly advantageous here that the address of the server communicating on the basis of the Internet Protocol can be determined in a simple manner by the network node. The method can also be configured such that the network node derives from the further identification parameter the identity of the access network node which stipulates the packet data network that can be reached by the terminal device. This is advantageous since deriving the identity of the access network node from the further identification parameter reduces the outlay in respect of configuration and administration. Furthermore, data traffic is restricted by this means to networks which can be reached via the respective combination of the two Parameters identity of the server communicating on the basis of the Internet Protocol and identity of the access network node, äs a result of which possibilities of misuse and the effect of faulty terminal devices are reduced. The method according to the invention can also be configured such that the identity of the access network node is stipulated directly with the further identification parameter and the network node derives from the further identification parameter the identity of the server communicating on the basis of the Internet Protocol and from this determines the address of the server communicating on the basis of the Internet Protocol. This is advantageous since, in the protocol messages between the terminal device and the access network node currently defined within the scope of 3GPP standardization, the identity of the access network node is already transmitted and thus the necessity of a change to the protocol in this respect does not apply. In addition, the outlay in terms of configuration and administration is reduced and data traffic is restricted to the networks which can be reached via the respective combination of Parameters, äs a result of which the possibilities of misuse and the effect of faulty terminal devices are again reduced. The method according to the invention can also be configured such that through the identity of the Server communicating on the basis of the Internet Protocol the network operator of the home network and/or the application field of the terminal device is identified. This advantageously simplifies configuration and makes it possible to demarcate reciprocally the data traffic of terminal devices which are provided for different applications. The method according to the invention can be configured such that the address of the Server communicating on the basis of the Internet Protocol is determined based upon the identity of the server communicating on the basis of the Internet Protocol using the domain name System DNS method. This is advantageous since by this means a widely used Standard method for determining IP addresses can be applied for determining the address of the server communicating on the basis of the Internet Protocol. The international mobile equipment identity IMEI is advantageously used äs the Parameter identifying the terminal device. In this way, a parameter that has already been specified and is available in the electronic circüit arrangement that is integrated into the terminal device can be used for identifying the terminal device. The method according to the invention can also be configured such that, after successful authentication of the terminal device, the network node reports the terminal device to the server communicating on the basis of the Internet Protocol äs registered in the mobile radio network, the server communicating on the basis of the Internet Protocol sends to the network node which last served the terminal device a prompt to delete the data assigned to the terminal device, the network node which last served the terminal device confirms the deletion of the data assigned to the terminal device by sending a Signal to the Server communicating on the basis of the Internet Protocol and the server communicating on the basis of the Internet Protocol confirms the reporting of the registration of the terminal device by sending a confirmation Signal to the network node. Using a home location register HLR in place of the Server communicating on the basis of the Internet Protocol, these method steps are described in the Internet publication 3GPP TS 23.060 V6.7.0 (2004-12). However, this does not apply in connection with the method according to the invention for which they are advantageous, since the server communicating on the basis of the Internet Protocol is enabled to störe the Status of the terminal devices in the mobile radio network and, furthermore, the data assigned to the terminal device can be deleted from the network node last serving the terminal device, thereby enabling effective data administration with regard to the terminal devices served by the network node. The method according to the invention can also be configured such that the server communicating on the basis of the Internet Protocol sends with the confirmation Signal to the network node Service and/or location area restrictions applicable to the terminal device. This advantageously enables restriction of the Services which can be used by the terminal device, i.e. in particular of the quality of service QoS provided for the packet data Service, and of the admissible location areas, äs a result of which the intended use of terminal devices can be assured. The method can advantageously proceed such that, after successful authentication of the terminal device, the network node sends a log-on confirmation to the terminal device. The method can be configured such that a new temporary subscriber identity is transmitted in encrypted form with the log-on confirmation sent by the network node to the terminal device, and the terminal device responds by sending a receipt acknowledgement to the network node. The assignment of a new temporary subscriber identity by the network node to the terminal device avoids the transmission of the parameter identifying the terminal device for the signaling messages that follow. A corresponding procedure is disclosed in the Internet publication 3GPP TS 23.060 V6.7.0 (2004-12) in respect of the method described there. The inventive method can be configured such that, after successful authentication, the terminal device requests a Service in the packet data network from the network node, the network node requests the setting up of the packet data Service by the access network node, the access network node sends an authorization request for authorization of the packet data Service to an authorization Server, the authorization Server reports the terminal device äs authorized to use the requested Service by sending an authorization confirmation to the access network node, the access network node confirms the setting up of the packet data service to the network node and the network node sends a Signal to the terminal device confirming the setting up of the packet data service. The requesting of the packet data service by the terminal device can here be carried out either immediately subsequent to successful authentication or eise at a possibly very much later point in time. It is advantageous in the case of this embodiment that a Server of the type also used for other applications, for example in the Internet field, can be used äs the authorization Server. This produces advantages compared with the use of a telecommunication-specific home location register HLR with regard to the outlay on and the costs of setting up and administering the authorization Server. A further advantageous embodiment of the method consists in the use of the Server communicating on the basis of the Internet Protocol äs the authorization Server. This enables central administration of all the data needed for authentication and authorization. The method according to the invention can be configured such that the authorization Server transmits with the authorization confirmation to the access network node a call number assigned to the terminal device and/or an IP address assigned to the terminal device. It is particularly advantageous here that, due to the dynamic assignment during the method sequence, the assignment of a fixed, static call number and/or the assignment of a fixed, static IP address to the terminal device can be dispensed with. It should be taken into account here that the supply of call numbers (MSISDN within the framework of 3GPP standardization) for terminal devices is short and a large number of terminal devices for data applications would exacerbate this shortage. The method can be configured such that Parameters defining the quality of service QoS guaranteed are transmitted with the authorization confirmation from the authorization Server to the access network node, and the access network node applies the received parameters defining the quality of service QoS to the packet data service requested by the terminal device. This embodiment is advantageous since in this way the authorization Server äs a central component is given the facility to restrict the quality of service QoS made available. The method is advantageously configured such that an AAA server is used äs the authorization server. This is particularly preferred since an AAA server Supports protocols such äs RADIUS or DIAMETER which can be used for authorization. The method can also be configured such that, after receiving the authorization confirmation, the access network node sends a request message to a further server, the further server sends in its response parameters defining the guaranteed quality of service QoS to the access network node, and the access network node applies the received parameters defining the quality of service QoS to the packet data service requested by the terminal device. The method can advantageously also be configured such that a policy decision function PDF Server is used äs the further Server. Since the network element PDF Server, äs was explained in connection with the mobile radio network according to the invention, has already been specified within the scope of the 3GPP standardization, the outlay on the additional standardization and implementation of a further network element can in this way be avoided. The method according to the invention can advantageously also proceed such that a charging ruies function CRF Server is used äs the further Server. This embodiment of the method is preferred since a CRF Server has also already been specified within the scope of the 3GPP standardization, äs has likewise already been described hereinabove, and the outlay on the additional standardization and implementation of an additional network element is consequently avoided. The method can advantageously also be configured such that a symmetrical method is used between the terminal device and the network node for authentication and key agreement. From Internet publication 3 GPP TS 33.102 V6.3.0 (2004-12), the security architecture for third-generation mobile radio networks in accordance with the 3GPP standardization is known. The Internet publication describes in particular the symmetrical method used for authentication and key agreement. As part of the reciprocal authentication of the terminal device and of the mobile radio network, agreement takes place simultaneously on the keys subsequently to be used for the encryption of data transmission and signaling between the terminal device and the mobile radio network. In the case of the symmetrical method described in the Internet publication, it is to this end necessary for the terminal device and the authentication center to maintain a secret value specifically for each (U)SIM. The use of a symmetrical method for authentication and key agreement between the network node and the terminal device is advantageous in respect of the inventive method äs changes to the method sequence known from 3GPP standardization are in this way avoided. The method can preferably also be configured such that an asymmetrical method is used between the terminal device and the network node for authentication and key agreement. In this case, in contrast to the use of a symmetrical method for authentication and key agreement, the necessity to provide network-operator-specific routines in the electronic circuit arrangement that is integrated into the terminal device or alternatively to carry out a standardization of the routines needed for authentication and key agreement advantageously does not apply. This would otherwise be required since, according to the inventive method, the routines previously stored in the (u)SIM and needed for authentication are stored in the electronic circuit arrangement that is integrated into the terminal device. In addition to this, compared with the use of a symmetrical method for authentication and key agreement, the outlay on configuring and protecting the secret values (also called shared secrets) of the symmetrical encryption method in the authentication center is avoided. The mechanisms and authentication Parameters used by the asymmetrical encryption method can, in addition, also be used by other applications of the terminal device. The inventive method is preferably configured such that a private key of the terminal device and a public key of the Server communicating on the basis of the Internet Protocol are stored in the electronic circuit arrangement that is integrated into the terminal device and a private key of the Server communicating on the basis of the Internet Protocol and a public key of the terminal device are stored in the Server communicating on the basis of the Internet Protocol. Particularly preferred is the embodiment whereby the public and private keys needed respectively are stored in the form of certificates in the electronic circuit arrangement that is integrated into the terminal device and in the Server communicating on the basis of the Internet Protocol. The integrity of the respective Keys is in this case assured through the use of certificates. The method according to the invention can be configured such that äs authentication information information is used which contains a Session key, an integrity key, a sequence number and an expected response, all of which are encrypted with the public key of the terminal device, äs well äs a first type of signature of the server communicating on the basis of the Internet Protocol, said signature being computed by means of the private key of the server communicating on the basis of the Internet Protocol from the session key, the integrity key, the sequence number and the expected response, the network node sends the received information with the authentication prompt to the terminal device, the terminal device decrypts the parameters session key, integrity key, sequence number and expected response, encrypted with its public key, using its private key, the terminal device verifies the first type of signature of the server communicating on the basis of the Internet Protocol with the aid of the decrypted parameters session key, integrity key, sequence number and expected response and of a public key of the server communicating on the basis of the Internet Protocol, and upon successful verification the terminal device sends the decrypted expected response to the network node äs an authentication response. It is particularly advantageous here that the extensions required in the functionality of the network node are kept to a minimum. This produces advantages in particular where the network node is to continue in parallel serving terminal devices with (U)SIM which support the known symmetrical method for authentication and key agreement. For the network node, no changes arise with regard to the use of values from the authentication vectors used for authentication and encryption. The method can also be configured such that äs authentication information information is used which contains the session key, the sequence number and the expected response, all of which are encrypted with the public key of the terminal device, äs well äs a second type of signature of the Server communicating on the basis of the Internet Protocol, said signature being computed by means of the private Key of the Server communicating on the basis of the Internet Protocol from the Session key, the sequence number and the expected response, the network node sends the received Information with the authentication prompt to the terminal device, the terminal device decrypts the Parameters Session key, sequence number and expected response, encrypted with its public key, using its private key, the terminal device determines the integrity key from the Session key and/or the sequence number and/or the expected response, the terminal device verifies the second type of signature of the Server communicating on the basis of the Internet Protocol with the aid of the decrypted Parameters session key, sequence number and expected response and of the public key of the Server communicating on the basis of the Internet Protocol, and upon successful verification the terminal device sends the decrypted expected response to the network node äs an authentication response. It is particularly advantageous here that deriving the integrity key from the other authentication parameters dispenses with the need to transmit the integrity key to the terminal device. The consequence of this is that data structure and data length of the authentication vectors known from the Internet publication 3GPP TS 33.102 V6.3.0 (2004-12) do not have to be changed, äs a result of which the outlay on introducing the inventive method is reduced. The method according to the invention can also be configured such that äs authentication Information Information is used which contains äs parameters encrypted with the public key of the terminal device the session key, the integrity key, the sequence number and a third type of signature of the Server communicating on the basis of the Internet Protocol, said signature being computed by means of the private key of the Server communicating on the basis of the Internet Protocol from the session key, the integrity key and the sequence number, the network node sends the received Information with the authentication prompt to the terminal device, the terminal device decrypts the parameters Session key, integrity key, sequence number and third type of signature of the Server communicating on the basis of the Internet Protocol, encrypted with its public key, using its private key, the terminal device verifies the third type of signature of the Server communicating on the basis of the Internet Protocol with the aid of the decrypted parameters Session key, integrity key and sequence number and of the public key of the Server communicating on the basis of the Internet Protocol, and upon successfui verification the terminal device sends the decrypted third type of signature of the Server communicating on the basis of the Internet Protocol äs an authentication response to the network node. The use of the third type of signature of the Server communicating on the basis of the Internet Protocol äs an authentication response is advantageous since this avoids the transmission of a separate expected response in the form of an additional parameter. The method according to the invention can also be configured such that äs authentication information information is used which contains äs parameters encrypted with the public key of the terminal device the Session key, the sequence number and a fourth type of signature of the Server communicating on the basis of the Internet Protocol, said signature being computed by means of the private key of the server communicating on the basis of the Internet Protocol from the session key and the sequence number, the network node sends the received information with the authentication prompt to the terminal device, the terminal device decrypts the parameters session key, sequence number and fourth type of signature of the server communicating on the basis of the Internet Protocol, encrypted with its public key, using its private key, the terminal device determines the integrity key from the session key and/or the sequence number, the terminal device verifies the fourth type of signature of the server communicating on the basis of the Internet Protocol with the aid of the decrypted parameters session key and sequence number and of the public key of the server communicating on the basis of the Internet Protocol, and upon successfui verification the terminal device sends the decrypted fourth type of signature of the Server communicating on the basis of the Internet Protocol äs an authentication response to the network node. This embodiment is particularly advantageous since in this way neither the integrity key nor the expected response are needed äs separate parameters. The method is advantageously configured such that an AAA Server is used äs the Server communicating on the basis of the Internet Protocol. The use of this type of server which can be applied in diverse ways makes it possible to reduce the costs of administering and operating the communication network. The method according to the invention can also be configured such that communication between the network node and the Server communicating on the basis of the Internet Protocol is effected via the access network node. This is particularly advantageous if in this way an existing Interface of the access network node to the server communicating on the basis of the Internet Protocol can be utilized. This is the case, for example, where the server communicating on the basis of the Internet Protocol is an AAA server and the access network node is a GGSN, äs the latter will already have an AAA interface. The method according to the invention can advantageously proceed such that the terminal device is pooled with further terminal devices of the same type into a group, and the group of terminal devices is assigned a shared call number under which the charges incurred by the terminal devices of the group are billed, and the individual terminal devices are identified from the parameter identifying the terminal device or the IP address of the terminal device. This is advantageous since, äs already explained, the supply of call numbers (MSISDN in the 3GPP Standard) for terminal devices is short and this problem would be exacerbated by a large number of terminal devices for data applications. A separate call number for each terminal device is necessary only for data transmission by means of short messages (Short Message Service SMS) and for circuit-switched data Services, but not for packet-switched data Services. Typically, the charging will also continue to be effected using the call number äs an assignment criterion. The assignment of a call number to a group of terminal devices now makes it possible to pool under this call number all the charges accruing in respect of the terminal devices of the group. The terminal devices pooled into a group may, for example, be all the terminal devices of an operator of remotely readable power-consumption meters. In addition to this, further actions can be pooled under the shared call number of the terminal devices, the identity of the Server communicating via the Internet Protocol or the identity of the access network node. Thus, for example, rules in respect of Service restrictions or the rules regarding charging have to be defined just once for the whole group. The inventive method can also be configured such that the network node sends presence data relating to the registration of the terminal device to a presence Server, and the presence Server confirms the entry of the presence data with a response Signal. As previously explained in connection with the mobile radio network according to the invention, the presence Server is known äs such from the Internet publication 3GPP TS 23.141 V6.7.0 (2004-09). Within the scope of the method according to the invention, its use advantageously makes it possible for the location of the terminal device to be pinpointed even without using a home location register HLR. The method can be configured such that information on the location of the terminal device is sent äs an integral part of the presence data. This is advantageous since the monitoring and evaluation of the location of the terminal device is enabled in this way. A further preferred embodiment of the inventive method is such that the presence Server compares the received information regarding the location of the terminal device with a predetermined location and triggers an alarm if the location of the terminal device does not match the predetermined location. This provides in respect of stationary terminal devices for data communication the facility for triggering an alarm if the terminal device changes its position, pointing to misuse, e.g. the theft of a terminal device or of a vending machine connected to it. The method can preferably also proceed such that, after activation of the packet data service, the presence Server receives a message updating the Status of the terminal device from the network node and/or the access network node, said message containing information on the activated packet data service and the associated IP address, and the presence Server responds with a confirmation message. This makes it possible for the activation of the packet data service to be noted together with the IP address used by the terminal device in the data administered by the presence Server, and this information can be made available to the watcher applications registered in respect of the terminal device. The information relating to the IP address used by the terminal device for utilizing the packet data service is of interest in particular where the terminal device uses a dynamic IP address, i.e. such an address äs is assigned to the terminal device only äs part of registration in the mobile radio network or activation of a packet data service. The possibility exists here that in the event of a terminal device having already activated a packet data service with an IP address, an application can request the IP address from the presence server and can then transmit data to the terminal device. The method according to the invention can also be configured such that an application server logs on to the presence server, the presence server evaluates the log-on of the application server and, where a predefined evaluation result exists, the presence server prompts the terminal device to activate a further packet data service, whereupon a dynamic IP address is automatically assigned to the terminal device. This enables the establishment of data connections from the mobile radio network with the assignment of a dynamic IP address to the terminal device, advantageously saving network resources for data connections for such applications äs only occasionally transmit data and do so initiated from the network side. Consequently, applications pinpointed on the application server are allowed to send data to the terminal device without the terminal device having previously initiated or requested this data (so-called push Services). The method preferably proceeds such that the presence Server sends a prompt message, modified for using dynamic IP addresses, to activate the further packet data service to the terminal device, and the terminal device thereupon activates the further packet data service, äs a result of which a dynamic IP address is assigned to the terminal device. The presence Server can first send the prompt message direct to the network node which then prompts the terminal device to activate the further packet data service. The presence server can, however, also send a prompt message to the access network node which then sends a prompt message, modified for utilizing dynamic IP addresses, to the network node. In a particularly preferred embodiment, the presence server initiates a network- requested PDP context activation, which is already known from Internet publication 3GPP TS 23.060 V6.7.0 (2004-12) and, in accordance with a proposal from Internet publication 3GPP S2-034257 (http://www.3qpp.org/ftp/tsg sa/WG2 Arch/TSGS2 36 New York/tdocs/). is modified for utilizing dynamic IP addresses. The terminal device thereupon activates the further packet data service, äs a result of which a dynamic IP address is assigned to the terminal device. The mechanisms already known from the Internet publication 3GPP TS 23.141 V6.7.0 (2004-09) then report the assigned IP address to the presence server which in turn communicates it to the watcher application or watcher applications. In a further particularly preferred embodiment of the method according to the invention, the dynamic l P address of the terminal device is communicated to the presence server by the access network node and to the application server by the presence server. A prerequisite here is that the terminal device be registered in a mobile radio network of the type described above. In a particularly preferred embodiment of the method according to the invention, an application Server logs on to the presence Server äs a watcher application. If no dynamic IP address has yet been assigned to the terminal device to which the application server would like to send data, the presence Server prompts this in accordance with the method described previously. The assigned IP address is reported via known mechanisms to the presence server which in turn communicates it to the watcher application. The application server can now transmit data to the terminal device. After data transmission, the application server preferably logs off from the presence server again äs watcher appiication. In this way, the next log-on to the presence server of an application server äs watcher application can in turn trigger an assignment of a dynamic IP address to a corresponding terminal device. A fresh assignment is required if the mobile radio network or the corresponding terminal device have released the resources and the IP address again, for example because of prolonged non-use. In another preferred embodiment of the inventive method, the application server logs on to the presence server only indirectly. This means that a so-called "push-proxy" server logs on to the presence server äs watcher application. This server is already known from the specification 3GPP TR 23.976 V6.1.0 (2004-06). The "push-proxy" server then learns via the presence server the IP address(es) assigned to the terminal device. The application server then always sends its push data to the appropriate "push-proxy" server which is logged on to the presence server. This "push-proxy server" then forwards the data to the terminal device over the pathways available, e.g. via a circuit switched data Service. If the "push-proxy" server is to transmit the data in a packet-based manner, then this is carried out to the IP address which the presence server discloses. If no dynamic IP address has yet been assigned, the presence server prompts this in accordance with the method Steps described. After data transmission, the "push-proxy" server preferably logs off from the presence server äs watcher application. In this way, the next log-on äs watcher application for a data transmission can in turn trigger the assignment of a dynamic IP address if the mobile radio network or the terminal device has again released the resources and the IP address, for example due to prolonged non-use. In a further particularly preferred embodiment of the method according to the invention, a distinction is made when the application or application Server logs on to the presence Server äs watcher application of a terminal device or of a corresponding subscriber äs to whether this log-on should also lead to the assignment of an IP address, in particular a dynamic IP address, or whether the watcher application should only, äs is already known, be informed about states or Status changes. To this end, the predefined evaluation result is set by the terminal device and filed with the presence Server. This means that it will thus be possible for the terminal device or the corresponding subscriber to file and to modify its preferences accordingly. It can be set by the terminal device whether the terminal device would like to receive push data, i.e. whether the mobile radio network can or should prompt to this end the activation of a packet data service together with the assignment of a dynamic IP address or whether the transmission of push data by the terminal device is not desired. In another preferred embodiment of the method according to the invention, the predefined evaluation result is set by a network operator such that the presence Server prompts each terminal device newly registering in the mobile radio network to activate the further packet data service. This takes account of the desire of a network operator to transmit data or information to terminal devices or corresponding subscribers äs soon äs these register in the mobile radio network. For this purpose, a corresponding application server logs on to the presence Server äs watcher application for all terminal devices or corresponding subscribers or for a subgroup, for example of subscribers from external networks. As soon äs the presence Server learns of the registration of a terminal device or of a corresponding subscriber, the presence server initiates the prompt message modified for the use of dynamic IP addresses, namely the previously mentioned modified "network-requested PDP context activation". The dynamic IP address then assigned to the terminal device or to the corresponding subscriber is communicated to the presence Server by means of the mechanisms specified in 3GPP TS 23.141 V6.7.0 (2004-09). The presence Server informs the application Server which can then transmit data that is to be transmitted to the terminal device such äs, for example a welcome greeting, to the terminal device or to the subscriber. Furthermore, to authenticate application Servers functioning äs watcher applications for presence Servers, methods specified in 3GPP TS 23.141 V6.7.0 (2004-09) are used in order to prevent unauthorized transmissions to a terminal device or to the corresponding subscriber. The presence Server communicates the IP address(es) of a terminal device or of a corresponding subscriber only to watcher applications or application Servers authorized by the subscriber and/or by the network operator. Accordingly, an activation of a packet data service in a terminal device, including an associated assignment of a dynamic IP address to the terminal device, is prompted by a presence Server only if the application Server is authorized by the subscriber and/or network operator. The application Server preferably transmits specific data to the terminal device by means of the dynamic IP address. This means that the application server now has the facility to send data from the mobile radio network to the terminal device without the terminal device having initiated or requested the transmission of precisely this data. The Initiation by the terminal device has been effected äs it were indirectly via the activation of the packet data service at prompting by the presence Server and an accompanying automatic assignment of an IP address, via which the terminal device can now be reached by the application server. That means that the application server can now, with the aid of the IP address communicated to it by the presence server, send data in the form of a push service. The invention relates furthermore to a terminal device comprising an electronic circuit arrangement integrated into the terminal device, a parameter identifying the terminal device being stored in said electronic circuit arrangement, for use in a mobile radio network comprising at least one network node and at least one server, and comprising at least one access network node to a packet data network, said access network node being connected to the network node. Such a terminal device emerges from the prior art discussed in the introduction äs known. The object of the invention is to further develop a terminal device of the type stated such that packet data Services can be provided particularly cost-effectively. In a terminal device of the type stated, the object according to the invention is achieved in that the terminal device is a non-SIM card terminal device, and a further Identification parameter and routines needed for authentication or routines and parameters needed for authentication are stored in the electronic circuit arrangement that is integrated into the terminal device. The use of a non-SIM card terminal device advantageously avoids the costs of the SIM card and the SIM-card reader for the terminal device. Storage of the further identification parameter and of the routines needed for authentication or of the routines and Parameters needed for authentication in the electronic circuit arrangement that is integrated into the terminal device makes it possible for the terminal device to continue to be able to be operated despite the absence of the SIM card. The terminal device according to the invention is advantageously configured such that the routines needed for a symmetrical method for authentication and key agreement or the routines and parameters needed for authentication and key agreement are stored in the electronic circuit arrangement that is integrated into the terminal device. The support of a symmetrical method for authentication and key agreement avoids changes in the mobile radio network since by this means the symmetrical method for authentication and key agreement known from the 3GPP standardization can continue to be used despite the use of non-SIM card terminal devices. The method according to the invention can also be configured such that the routines needed for an asymmetrical method for authentication and key agreement or the routines and parameters needed for authentication and key agreement are stored in the electronic circuit arrangement that is integrated into the terminal device. It is particularly advantageous here that the use of an asymmetrical method for authentication and key agreement avoids both the necessity for network operator-specified terminal devices and the necessity for standardization of the routines of the symmetrical method needed for authentication and key agreement or of the routines and parameters of the symmetrical method needed for authentication and key agreement. The terminal device according to the invention can also be configured such that a private key of the terminal device and a public key of the Server communicating on the basis of the Internet Protocol are stored in the electronic circuit arrangement that is integrated into the terminal device. The terminal device according to the invention can be configured such that the keys are stored in the electronic circuit arrangement that is integrated into the terminal device in the form of certificates. This is advantageous since the use of certificates safeguards the integrity of the stored keys. In a further preferred embodiment of the terminal device according to the invention further data specific to the terminal device and/or for the subscriber using the terminal device is stored in the electronic circuit arrangement that is integrated into the terminal device. This enables personalization of the terminal device according to the requirements of the respective network operator. The storage of data normally stored on the SIM card in the electronic circuit arrangement that is integrated into the terminal device avoids restrictions with regard to the functionality of the terminal device. The terminal device according to the invention is advantageously configured such that the further data is a list of the network operators permitted for the terminal device and/or a list of the network operators not permitted. This is advantageous in particular since in this way a terminal device can be permanently linked to a network operator, äs a result of which the possibility of any misuse is restricted äs attempts to register in the networks of other network operators are avoided. A reduction in signaling traffic is also achieved by this means. The terminal device according to the invention can also be configured such that the electronic circuit arrangement that is integrated into the terminal device contains a non-volatile memory. This is advantageous since the data stored in the electronic circuit arrangement that is integrated into the terminal device is normally to be retained, even when the power supply is disconnected. Furthermore, the terminal device according to the invention can be configured such that the electronic circuit arrangement that is integrated into the terminal device contains a volatile memory, the content of which is lost when the power supply is interrupted. This is advantageous for certain application cases since by this means the possibilities for the misuse of stolen terminal devices are reduced and the routines for authentication and key agreement or the routines and Parameters for authentication and key agreement stored in the electronic circuit arrangement that is integrated into the terminal device are protected, for example in the event of an interruption of the power supply due to a theft. The terminal device according to the invention can also be configured such that the routines needed for authentication and key agreement which are stored in the electronic circuit arrangement that is integrated into the terminal device or the routines and parameters needed for authentication and key agreement which are stored in the electronic circuit arrangement that is integrated into the terminal device and/or the function of the terminal device overall are protected by a password. In this way, the possibility exists that the validity and integrity of the certificates in the terminal device can be checked only after password clearance. Misuse of the terminal device is rendered considerably more difficult by this means. To further explain the invention Figure 1 shows a schematic representation of the network elements of an embodiment of the mobile radio network according to the invention together with a packet data network, Figure 2 shows in a diagrammatic representation the message flows running äs part of authentication and key agreement between the network elements shown in Figure 1 in one embodiment of the method according to the invention, Figure 3 shows in a diagrammatic representation the message flows running äs part of authentication and key agreement between the network elements shown in Figure 1 in a further embodiment of the method according to the invention, Figure 4 shows in a diagrammatic representation the message flows running äs part of authentication and key agreement between the network elements shown in Figure 1 in an additional embodiment of the method according to the invention, Figure 5 shows in a diagrammatic representation a type of the message flows running äs part of the requesting of a packet data Service between the network elements shown in Figure 1 and Figure 6 shows in a diagrammatic representation a further type of the message flows running äs part of the requesting of a packet data Service between the network elements shown in Figure 1. Figure 1 shows an embodiment of the mobile radio network MFN according to the invention and a packet data network PDN. It can be seen that a terminal device ME using the mobile radio network MFN is connected by means of a base-station System BS to the other elements of the mobile radio network MFN. It should be noted in this connection that not all the network elements required for operating the mobile radio network MFN are shown and described below, but only those which are relevant in connection with the description of the features of the mobile radio network MFN according to the invention. Thus, the necessity, for example, of a base-station System for the functionality of a mobile radio network will be mentioned once at this point, while further normal components of a mobile radio network which do not play a substantial role in explaining the invention, are not mentioned. The base-station System BS is connected to a network node NKn of the mobile radio network MFN. To provide a connection to a packet data network PDN, the network node NKn is connected to an access network node ZNK which is linked to the packet data network PDN. Normally, the network node NKn and the access network node ZNK are two separate network elements; there is, however, also the possibility of using a network element which implements both the functionality of the network node NKn and that of the access network node ZNK. The mobile radio network MFN can, for example, be such a network that conforms to the GPRS Standard, in which case the network node NKn is a serving GPRS support node (SGSN) and the access network node ZNK is a gateway GPRS support node (GGSN). Apart from being connected to the access network node ZNK, the network node NKn is connected to a presence Server PS and a Server S communicating on the basis of the Internet Protocol. In addition, the network node NKn also communicates with a network node NKa that last served the terminal device. The access network node ZNK is connected to an authorization Server AS and a further Server S2. In addition, a communication link exists between the presence Server PS and an application Server AWS. The Server S communicating on the basis of the Internet Protocol provides authentication vectors which in known mobile radio networks are supplied by the home location registers HLR. This can be carried out either directly by the Server S itself communicating on the basis of the Internet Protocol or by an authentication center (not shown) connected to the Server S. Within the scope of the invention, the authentication center connected to the Server S communicating on the basis of the Internet Protocol is viewed äs an integral part of the Server S. The presence Server PS can by way of derogation from the representation shown in Figure 1 also be directly connected to the access network node ZNK; a connection via the network node NKn to the access network node ZNK is also possible. The invention will be explained in detail hereinbelow with reference to Figures 2 to 6 with the aid of diagrammatic representations of the message flows running in various embodiments between the network elements shown in Figure 1. Figure 2 shows the message flows between the network elements in one embodiment of the method according to the invention. The network elements are illustrated respectively by a rectangle with a line running vertically downward. The messages exchanged between the various network elements are represented by horizontal arrows. The temporal sequence of the messages is given by the vertical axis, i.e. an arrow shown further down in the diagram represents a message which in the temporal sequence is normally transmitted after a message represented by an arrow shown further up. In accordance with Figure 2, the inventive method for operating a terminal device ME in a mobile radio network MFN can proceed such that the terminal device ME logs on to the network node NKn with a first type of log-on request 1a containing its temporary identity. The temporary identity is a parameter identifying the terminal device ME, said parameter having been assigned to the terminal device ME äs part of an earlier log-on process. In addition, the terminal device ME sends a location area identity identifying the network node NKa last serving the terminal device ME to the network node NKn. The network node NKn then sends a request 2, which contains the temporary identity, to the network node NKa last serving the terminal device ME. Triggered by the request 2, the network node NKa last serving the terminal device ME sends with the message 3 a parameter identifying the terminal device ME and a further identification parameter to the network node NKn. Due to the use of the temporary identity, it is thus possible for the network node NKn to receive the parameter identifying the terminal device ME and the further identification parameter without the terminal device ME having to send these Parameters in unencrypted form to the network node NKn. In the next method step, the network node NKn determines from the received further identification parameter the address of the Server S communicating on the basis of the Internet Protocol and sends a request 6 to the Server S. The determination of the address of the Server S communicating on the basis of the Internet Protocol from the further identification parameter can be effected here in different ways in accordance with various embodiments of the inventive method. On the one hand, there is the possibility that the identity, i.e. a parameter identifying the log-on domain, of the Server S communicating on the basis of the Internet Protocol can be derived directly from the further Identification parameter. In this case, the network node NKn can derive from the further Identification parameter the address of the Server S communicating on the basis of the Internet Protocol, for example by means of the domain-name-system method. In addition, the identity of the access network node ZNK is preferably derived from the identity of the Server S communicating on the basis of the Internet Protocol. In the case of a mobile radio network that conforms to the GPRS Standard, the identity of the access network node ZNK can be the known APN (access point name), which stipulates the packet data network that can be reached by the terminal device ME. This may, for example, be a private IP network of a Company. On the other hand, the possibility exists according to a further embodiment of the inventive method that the further Identification parameter specifies directly the identity of the access network node ZNK. In this case, the network node NKn derives from the further Identification parameter the identity of the server S communicating on the basis of the Internet Protocol and in turn determines from the identity of the Server S communicating via the Internet Protocol the address of the server S communicating on the basis of the Internet Protocol. The two alternatives, i.e. the derivation either of the identity of the access network node ZNK from the identity of the server S communicating via the Internet Protocol or eise the derivation of the identity of the server S communicating via the Internet Protocol from the identity of the access network node are equivalent. It is broadly advantageous to derive one of the two Parameters from the other since by this means configuration and administration costs are reduced. Furthermore, data traffic is restricted by this means to networks which can be reached via the respective identity of the server S communicating via the Internet Protocol and the respective identity of the access network node ZNK, äs a result of which the opportunities for misuse and the effect of faulty terminal devices are reduced. It can be stated äs an example of a possible derivation of one of the parameters from the other that the identity of the server S communicating on the basis of the Internet Protocol can be given, for example, by the character string AAA.x.y.gprs. The identity of the access network node ZNK (which corresponds to the APN in the known 3GPP standardization) could be derived herefrom e.g. to the character string M2M_APN.x.y.gprs. After the network node NKn has determined, using the further Identification Parameter, the identity of the server S communicating on the basis of the Internet Protocol, it sends a request 6 with the parameter identifying the terminal device to the server S communicating on the basis of the Internet Protocol. The identity of the server S communicating on the basis of the Internet Protocol advantageously also contains the name of the home network, e.g. in the form of the name components country code and network code already defined for the APN in the Internet publication 3GPP TS 23.003 V6.5.0 (2004-12), which together identify the home network of the terminal device ME. Furthermore, the network node NKn can, äs described, also determine from the identity of the server S communicating on the basis of the Internet Protocol the identity of the access network node ZNK. In the case of a mobile radio network conforming to the GPRS Standard, this corresponds to the APN. Using the APN, a HLR PDP context is then created and stored which restricts the packet data Services that are permitted. The network node NKn sets the quality-of-service QoS parameters contained in the HLR PDP context to maximum values or to values predetermined in the network node NKn. These values can then be changed when setting up a packet data Service to the values permitted in the particular case, äs will be explained in detail with the aid of Figures 5 and 6. The request 6 is answered by the server S communicating on the basis of the Internet Protocol by the sending 7 of authentication information to the network node NKn. The content of the authentication information can differ depending on whether a symmetrical or an asymmetrical method is used for authentication and key agreement. Where a symmetrical method is used for authentication and key agreement, it should be noted that in this case due to the use of non-SIM card terminal devices ME different encryption methods will possibly have to be implemented in the electronic circuit arrangement that is integrated into the terminal device ME for different network operators. This could be avoided by the standardization of the routines needed for authentication and Key agreement. As an alternative to this, according to a further advantageous embodiment of the method according to the invention, an asymmetrical method can be used which additionally offers the advantage that the outlay on configuring and protecting the secret values of the symmetrical encryption method in the authentication center is avoided. Furthermore, the mechanisms and authentication parameters used by the asymmetrical encryption method can also be used by applications of the terminal device. When using an asymmetrical method for authentication and key agreement, the inventive method is advantageously configured such that the necessary functionality extensions of the network node NKn are kept to a minimum. This makes it easier to use the currently existing terminal devices with SIM cards and a (U)SIM and non-SIM card terminal devices ME simultaneously in accordance with the present invention. After receiving the authentication information, the network node NKn sends an authentication prompt 8 to the terminal device ME. The terminal device ME then carries out an authentication of the mobile radio network MFN using the routines which are implemented in the electronic circuit arrangement that is integrated into the terminal device ME or using the routines and parameters which are implemented in the electronic circuit arrangement that is integrated into the terminal device ME, determines, using additionally the information received in the authentication prompt, a value for the expected response and, where authentication is successful, sends an authentication response 9 to the network node NKn. The network node NKn carries out a check of the expected response contained in the authentication response 9 and, after successful authentication, logs the terminal device ME on to the Server S communicating on the basis of the Internet Protocol by means of the message 10 äs registered in the mobile radio network MFN. The Server S communicating on the basis of the Internet Protocol then sends a prompt 11 to delete the data assigned to the terminal device ME to the network node NKa last serving the terminal device ME. The network node NKa last serving the terminal device ME confirms the deletion of the data assigned to the terminal device ME by sending a Signal 12 to the server S communicating on the basis of the Internet Protocol. The server S communicating on the basis of the Internet Protocol then confirms the registration of the terminal device ME by sending a confirmation signal 13 to the network node NKn. It should be pointed out that in principle the confirmation Signal 13 can also occur at a time prior to the confirmation of the network node NKa last serving the terminal device ME with regard to the deletion of the data assigned to the terminal device ME by the sending of the signal 12. The server S communicating on the basis of the Internet Protocol can now communicate to the network node NKn further data specific to the terminal device ME. This data may, for example, be an HLR PDP context, unless this has already been generated after transmission of message 6. The network node NKn now sends by means of the message 14 presence data relating to the terminal device ME to a presence server PS, and the presence server PS confirms the entry of the presence data with a response signal 15. In the exemplary embodiment shown, the network node NKn sends in the next step a log-on confirmation 16 to the terminal device ME, said log-on confirmation containing in encrypted form a new temporary subscriber identity. The terminal device ME then responds by sending a receipt confirmation 17 to the network node NKn. Figure 3 shows the message flow in a further embodiment of the method according to the invention. Here, the terminal device ME first sends a second type of log-on request 1b to the network node NKn, said log-on request containing the parameter identifying the terminal device ME. This form of log-on request is necessary in particular where the terminal device ME does not possess a valid temporary identity. Since the parameter identifying the terminal device ME does not permit establishment of the identity of the Server S communicating on the basis of the Internet Protocol, the network node NKn requests with the message 4 a further identity from the terminal device ME. The terminal device ME then responds by sending the message 5, which contains the further identification parameter, to the network node NKn. The further Steps.6 to 17 shown in Figure 3 are identical with the method steps already explained in connection with Figure 2. Figure 4 shows in a diagrammatic representation the message flow between the network elements involved with reference to a further exemplary embodiment of the inventive method, in which a further type of log-on request is sent by the terminal device ME. In this third type of log-on request 1c the terminal device ME sends directly both the parameter identifying the terminal device ME and the further identification parameter to the network node NKn. Consequently, in this case both of the identification parameters needed by the network nodes NKn, i.e. both the parameter identifying the terminal device ME and the further identification parameter, are transmitted together with the log-on request 1c to the network node NKn. It is advantageous here that the number of messages sent between the network elements is minimized. However, the two identification Parameters have to be transmitted unencrypted between the terminal device ME and the network node NKn, since authentication and key agreement have not yet taken place between the terminal device ME and the network node NKn. In this connection, it should be pointed out that in the case of the method according to the invention it may generally be necessary for the network node NKn to pass on the keys used for the encryption of data transmission and of signaling to the base-station System BS. This is required where the base-station System BS and not the network node NKn carries out the encryption within the mobile radio network MFN. The further messages 6 to 17 correspond to the messages already explained in connection with Figure 2. Figure 5 shows in a diagram the message flow in respect of an exemplary embodiment of the method according to the invention, in which a packet data service is requested by the terminal device ME. With reference to the temporal sequence, the signaling of the corresponding messages occurs after successful authentication and key agreement, which have already been explained in detail with reference to the exemplary embodiments shown in Figures 2 to 4. The terminal device ME requests by means of the message 21 the packet data service from the network node NKn. The terminal device ME can communicate an IP address, an identity of an access network node (corresponding to the APN) and the desired quality of service QoS. Alternatively, the terminal device ME can request the respective values stipulated in the mobile radio network MFN. The network node NKn validates the requested parameters and can restrict the desired quality of service QoS. The network node NKn preferably leaves the restriction of the quality of service QoS, however, to the access network node ZNK. In the next step, the network node NKn requests the setting up of the packet data service by means of the message 22 comprising the desired parameters from the access network node ZNK. The parameters contain among other things the Parameter identifying the terminal device and the identity of the access network node ZNK, the identity of the access network node ZNK preferably being derived from the identity of the server S communicating on the basis of the Internet Protocol, i.e. the value stored in the created HLR PDP context is used. The access network node ZNK then sends an authorization request 23 for the authorization of the packet data Service or for the requesting of quality-of-service QoS restrictions to an authorization server AS, which will preferably be an AAA server. The authorization server AS authorizes the terminal device ME by means of an authorization confirmation 24 sent to the access network node ZNK and can assign to the terminal device ME a call number and/or an IP address and/or service restrictions, in particular with regard to the quality of Service QoS, unless this has already been carried out in one of the previous steps. The terminal device ME, the subscriber or the application(s) on the terminal device ME can be identified here by the identity of the access network node and/or the call number and/or the IP address. These parameters can also be used äs the identity under which charging is carried out. The access network node ZNK applies the restrictions received by means of the authorization confirmation 24, in particular on the quality of service QoS, in respect of the packet data service requested by the terminal device ME. This means that the access network node can reduce the quality of service QoS in accordance with the restrictions received. After receiving the authorization confirmation 24, the access network node ZNK confirms the setting up of the packet data service to the network node NKn by sending the message 27. This can contain the quality of service QoS and/or the IP address and/or the call number. The network node NKn then sends a Signal 28 which confirms the setting up of the packet data service to the terminal device ME. The quality of service QoS and/or the IP address and/or the call number can be transmitted from the network node NKn to the terminal device ME, provided the network node NKn has received these parameters beforehand in the message 27. The network node NKn now sends a message 29 updating the Status of the terminal device ME to the presence Server PS, said message containing Information about the packet data service that has been set up and the associated IP address. A corresponding message can alternatively or additionally also be sent by the access network node ZNK. Here, the access network node ZNK can communicate with the presence Server either directiy or via the network node NKn. The presence Server PS responds with a confirmation message 30. Figure 6 shows the message flow in respect of a further embodiment of the inventive method with regard to the requesting of a packet data service. The first two messages 21 and 22 correspond here to the messages already described in connection with Figure 5. In contrast to the previous figure, however, the access network node ZNK now requests in the authorization request 23 no restrictions on the quality of service QoS from the authorization Server AS, which is why these restrictions are also not transmitted with the authorization confirmation 24 from the authorization Server AS to the access network node ZNK. Instead, after receiving the authorization confirmation 24, the access network node ZNK additionally sends a request message 25 to a further Server S2. The further Server S2 sends in its response 26 service restrictions, in particular with regard to the quality of service QoS guaranteed, to the access network node ZNK, and this access network node applies the Service restrictions received to the packet data Service requested by the terminal device ME. The further Server S2 is preferabiy a policy decision function PDF Server or a charging rules function CRF server. The further messages 27 to 30 shown in Figure 6 are identical to the corresponding messages already explained in connection with the exemplary embodiment shown in Figure 5. We claim:- 1. A mobile radio network (MFN) which comprises at least one network node (NKn) and at least one Server (S) and a plurality of terminal devices (ME), comprising one electronic circuit arrangement each that is integrated into the terminal device (ME), a parameter identifying the terminal device (ME) being stored in said circuit arrangement, and comprising at least one access network node (ZNK) to a packet data network (PDN), said access network node (ZNK) being connected to the network node (NKn), wherein the terminal devices are non-SIM card terminal devices (ME), a further Identification parameter and routines needed for authentication or routines and parameters needed for authentication are stored in the electronic circuit arrangement that is integrated into the terminal device (ME), the Server is a Server (S) communicating with the network node (NKn) on the basis of the Internet Protocol and the network node (NKn) is configured such that it is ready to receive the further identification parameter sent during the logging-on of the terminal device (ME) onto the mobile radio network (MFN) and the parameter identifying the terminal device (ME), said parameter being sent during the logging-on of the terminal device (ME) onto the mobile radio network (MFN). 2. The mobile radio network äs claimed in Claim 1, wherein the Server (S) communicating on the basis of the Internet Protocol is an AAA Server. 3. The mobile radio network äs claimed in Claim 1 or Claim 2, wherein the access network node (ZNK) is arranged between the network node (NKn) and the Server (S) communicating on the basis of the Internet Protocol. 4. The mobile radio network äs claimed in any one of the preceding Claims, wherein an authorization Server (AS) is connected to the access network node (ZNK) and, when activation of a Service within the packet data network (PDN) is requested by the terminal device (ME), an authorization of the terminal device (ME) is carried out. 5. The mobile radio network äs claimed in Claim 4, wherein the authorization Server (AS) is an AAA Server. 6. The mobile radio network äs claimed in Claim 4 or claim 5, wherein the authorization Server (AS) is the Server (S) communicating on the basis of the Internet Protocol. 7. The mobile radio network äs claimed in any one of the preceding Claims, wherein a presence Server (PS) is connected to the network node (NKn), said presence Server storing, during the logging-on process, presence data relating to the terminal device (ME). 8. The mobile radio network äs claimed in any one of the preceding Claims, wherein a further Server (S2) is connected to the access network node (ZNK), said further Server sending at the request of the access network node (ZNK) quality-of-service (QoS) restrictions to the access network node (ZNK). 9. The mobile radio network äs claimed in claim 8, wherein the further Server (S2) is a policy decision function PDF Server. 10. The mobile radio network äs claimed in claim 8, wherein the further Server (S2) is a charging rules function CRF Server. 11. A method for operating a terminal device (ME) in a mobile radio network (MFN) comprising at least one network node (NKn), at least one access network node (ZNK) to a packet data network (PDN), said access network node (ZNK) being connected to the network node (NKn), and at least one Server (S), wherein a parameter that identifies the terminal device (ME) and a further Identification Parameter are stored in the terminal device (ME), and the parameter that identifies the terminal device (ME) is stored in an electronic circuit arrangement that is integrated into the terminal device (ME), comprising the following method steps: - the network node (NKn) receives the further Identification parameter, - the network node (NKn) determines from the received further identification parameter an address of the Server (S) and sends a request (6) to the Server (S) determined, - the server (S) gives a response (7) to the request (6) by sending authentication information to the network node (NKn), - after receiving the authentication information, the network node (NKn) sends an authentication request (8) to the terminal device (ME), - the terminal device (ME) determines using routines stored in the terminal device (ME) and needed for authentication or routines and Parameters stored in the terminal device (ME) and needed for authentication and using information received in the authentication request (8) an authentication response (9) and sends it to the network node (NKn) and - the authentication is concluded with successful checking of the authentication response (9) by the network node (NKn), wherein - a non-SIM card terminal device (ME) is used äs a terminal device and the further identification parameter and the routines needed for authentication or the routines and parameters needed for authentication are stored in the electronic circuit arrangement that is integrated into the terminal device (ME), - the network node (NKn) receives, in addition to the further identification parameter, the parameter identifying the terminal device (ME), wherein - the further identification parameter serves in determining the address of a server (S) communicating on the basis of the Internet Protocol, -the parameter identifying the terminal device (ME) is transmitted with the request (6) to the server (S) communicating on the basis of the Internet Protocol, and - the terminal device (ME) is authenticated with successful checking of the authentication response (9) by the network node (NKn). 12. The method äs claimed in claim 11, wherein after receiving the authentication request (8), the terminal device (ME), using the routines needed for authentication which are stored in the electronic circuit arrangement that is integrated into the terminal device (ME) or the routines and parameters needed for authentication which are stored in the electronic circuit arrangement that is integrated into the terminal device (ME) and using information received in the authentication request (8), undertakes an authentication of the mobile radio network (MFN). 13. The method äs claimed in claim 11 or 12, wherein the terminal device (ME) sends a first type of log-on request (1a) to the network node (NKn) if a temporary identity assigned to the terminal device (ME) by a network node (NKa) last serving the terminal device (ME) is still valid, the first type of log-on request (1a) containing the temporary identity and a location area identity identifying the network node (NKa) last serving the terminal device (ME), the network node (NKn) asks for (2) the parameters of the terminal device (ME) associated with the temporary identity from the network node (NKa) last serving the terminal device (ME) and the network node (NKa) last serving the terminal device (ME) sends (3) the parameter identifying the terminal device (ME) and the further Identification parameter to the network node (NKn). 14. The method äs claimed in claim 11 or 12, wherein the terminal device (ME) sends a second type of log-on request (1b) to the network node (NKn), said log- on request containing the parameter identifying the terminal device (ME), the network node (NKn) then asks (4) the terminal device (ME) for information about the server (S) communicating on the basis of the Internet Protocol and the terminal device (ME) responds by sending (5) the further identification parameter to the network node (NKn). 15. The method äs claimed in claim 11 or 12, wherein the terminal device (ME) sends with a third type of log-on request (1c) the parameter identifying the terminal device (ME) and the further identification parameter to the network node (NKn). 16. The method äs claimed in any one of Claims 11 to 15, wherein the identity of the Server (S) communicating on the basis of the Internet Protocol is established directiy with the further identification parameter and the network node (NKn) determines directiy from the further identification parameter the address of the Server (S) communicating on the basis of the Internet Protocol. 17. The method äs claimed in claim 16, wherein the network node (NKn) derives from the further identification parameter the identity of the access network node (ZNK) which stipulates the packet data network (PDN) that can be reached by the terminal device (ME). 18. The method äs claimed in any one of Claims 11 to 15, wherein the identity of the access network node (ZNK) is established directiy with the further identification parameter and the network node (NKn) derives from the further identification parameter the identity of the Server (S) communicating on the basis of the Internet Protocol and from this determines the address of the Server (S) communicating on the basis of the Internet Protocol. 19. The method äs claimed in any one of Claims 16 to 18, wherein the network operator of the home network and/or the application area of the terminal device (ME) is identified through the identity of the Server (S) communicating on the basis of the Internet Protocol. 20. The method äs claimed in any one of Claims 16 to 19, wherein the determination of the address of the Server (S) communicating on the basis of the Internet Protocol is effected, based upon the identity of the Server (S) communicating on the basis of the Internet Protocol, using the domain name System DNS method. 21. The method äs claimed in any one of Claims 11 to 20, wherein the international mobile equipment identity IMEI is used äs the parameter identifying the terminal device (ME). 22. The method äs claimed in any one of Claims 11 to 21, wherein after successful authentication of the terminal device (ME), the network node (NKn) reports the terminal device (ME) äs registered in the mobile radio network (MFN) to the server (S) communicating on the basis of the Internet Protocol, the Server (S) communicating on the basis of the Internet Protocol sends (11) to the network node (NKa) last serving the terminal device (ME) a prompt to delete the data assigned to the terminal device (ME), the network node (NKa) last serving the terminal device (ME) confirms the deletion of the data assigned to the terminal device (ME) by sending a Signal (12) to the Server (S) communicating on the basis of the Internet Protocol and the server (S) communicating on the basis of the Internet Protocol confirms the report of the registration of the terminal device (ME) by sending a confirmation Signal (13) to the network node (NKn). 23. The method äs claimed in Claim 22, wherein the server (S) communicating on the basis of the Internet Protocol sends with the confirmation Signal (13) Service and/or location area restrictions valid for the terminal device (ME) to the network node (NKn). 24. The method äs claimed in any one of Claims 11 to 23, wherein after successful authentication of the terminal device (ME), the network node (NKn) sends a log-on confirmation (16) to the terminal device (ME). 25. The method äs claimed in Claim 24, wherein a new temporary subscriber identity is transmitted in encrypted form with the log-on confirmation (16) sent by the network node (NKn) to the terminal device (ME), and the terminal device (ME) responds by sending a receipt confirmation (17) to the network node (NKn). 26. The method äs claimed in any one of Claims 11 to 25, wherein after successful authentication by the network node (NKn), the terminal device (ME) requests a Service in the packet data network (PDN) (packet data Service) (21), the network node (NKn) requests the setup of the packet data Service by the access network node (ZNK) (22), the access network node (ZNK) sends an authorization request (23) for the authorization of the packet data Service to an authorization server (AS), the authorization Server (AS) reports the terminal device (ME) äs authorized to use the requested service by sending an authorization confirmation (24) to the access network node (ZNK), the access network node (ZNK) confirms (27) the setting up of the packet data service to the network node (NKn) and the network node (NKn) sends a Signal (28) to the terminal device (ME), said Signal confirming the setting up of the packet data service. 27. The method äs claimed in claim 26, wherein the server (S) communicating on the basis of the Internet Protocol is used äs the authorization server (AS). 28. The method äs claimed in claim 26 or 27, wherein the authorization server (AS) transmits with the authorization confirmation (24) a call number assigned to the terminal device (ME) and/or an IP address assigned to the terminal device (ME) to the access network node (ZNK). 29. The method äs claimed in any one of Claims 26 to 28, wherein Parameters defining the quality of service QoS guaranteed are transmitted to the access network node (ZNK) with the authorization confirmation (24) from the authorization server (AS) and the access network node (ZNK) applies the received parameters defining the quality of service QoS in respect of the packet data service requested by the terminal device (ME). 30. The method äs claimed in any one of Claims 26 to 29, wherein an AAA Server is used äs the authorization Server (AS). 31. The method äs claimed in any one of Claims 26, 27, 28 or 30, wherein after receiving the authorization confirmation, the access network node (ZNK) sends a request message (25) to a further Server (S2), the further Server (S2) sends in its response (26) parameters defining the quality of service QoS guaranteed to the access network node (ZNK) and the access network node (ZNK) applies the received parameters defining the quality of service QoS in respect of the packet data service requested by the terminal device (ME). 32. The method äs claimed in Claim 31, wherein a policy decision function PDF Server is used äs the further Server (S2). 33. The method äs claimed in Claim 32, wherein a charging rules function CRF server is used äs the further server (S2). 34. The method äs claimed in any one of Claims 11 to 33, wherein a symmetrical method is used between the terminal device (ME) and the network node (NKn) for authentication and key agreement. 35. The method äs claimed in any one of Claims 11 to 33, wherein an asymmetrical method is used between the terminal device (ME) and the network node (NKn) for authentication and key agreement. 36. The method äs claimed in Claim 35, wherein a private key of the terminal device (ME) and a public key of the server (S) communicating on the basis of the Internet Protocol are stored in the electronic circuit arrangement that is integrated into the terminal device (ME) and a private key of the Server (S) communicating on the basis of the Internet Protocol and a public key of the terminal device (ME) are stored in the Server (S) communicating on the basis of the Internet Protocol. 37. The method äs claimed in claim 35 or 36, wherein the public and private keys needed respectively are stored in the form of certificates in the electronic circuit arrangement that is integrated into the terminal device (ME) and in the Server (S) communicating on the basis of the Internet Protocol. 38. The method äs claimed in Claim 36 or 37, wherein äs authentication information, information is used which contains a session key, an integrity key, a sequence number and an expected response, all of which are encrypted using the public key of the terminal device (ME), and a first type of signature of the server (S) communicating on the basis of the Internet Protocol said signature being computed by means of the private key of the server (S) communicating on the basis of the Internet Protocol from the session key, the integrity key, the sequence number and the expected response, the network node (NKn) sends the received information with the authentication prompt (8) to the terminal device (ME), the terminal device (ME) decrypts the parameters session key, integrity key, sequence number and expected response, encrypted with its public key, using its private key, the terminal device (ME) verifies the first type of signature of the Server (S) communicating on the basis of the Internet Protocol with the aid of the decrypted parameters session key, integrity key, sequence number and expected response and of a public key of the server (S) communicating on the basis of the Internet Protocol and where verification is successful, the terminal device (ME) sends the decrypted expected response äs an authentication response to the network node (NKn). 39. The method äs claimed in claim 36 or 37, wherein äs authentication information, information is used which contains the session key, the sequence number and the expected response, all of which are encrypted using the public Key of the terminal device (ME), and a second type of signature of the Server (S) communicating on the basis of the Internet Protocol, said signature being computed by means of the private key of the Server (S) communicating on the basis of the Internet Protocol from the Session key, the sequence number and the expected response, the network node (NKn) sends the received information with the authentication prompt (8) to the terminal device (ME), the terminal device (ME) decrypts the parameters Session key, sequence number and expected response, encrypted with its public key, using its private key, the terminal device (ME) determines the integrity key from the session key and/or the sequence number and/or the expected response, the terminal device (ME) verifies the second type of signature of the Server (S) communicating on the basis of the Internet Protocol with the aid of the decrypted parameters session key, sequence number and expected response and of the public key of the Server (S) communicating on the basis of the Internet Protocol and where verification is successful, the terminal device (ME) sends the decrypted expected response äs an authentication response to the network node (NKn). 40. The method äs claimed in claim 36 or 37, wherein äs authentication information, information is used which contains äs parameters encrypted with the public key of the terminal device (ME) the session key, the integrity key, the sequence number and a third type of signature of the Server (S) communicating on the basis of the Internet Protocol, said signature being computed by means of the private key of the server (S) communicating on the basis of the Internet Protocol from the session key, the integrity key and the sequence number, the network node (NKn) sends the received information with the authentication prompt (8) to the terminal device (ME), the terminal device (ME) decrypts the parameters session key, integrity key, sequence number and third type of signature of the server (S) communicating on the basis of the Internet Protocol, encrypted with its public key, using its private key, the terminal device (ME) verifies the third type of signature of the server (S) communicating on the basis of the Internet Protocol with the aid of the decrypted parameters session key, integrity key and sequence number and of the public key of the Server (S) communicating on the basis of the Internet Protocol and where verification is successful, the terminal device (ME) sends the decrypted third type of signature of the Server (S) communicating on the basis of the Internet Protocol äs an authentication response to the network node (NKn). 41. The method äs claimed in claim 36 or 37, wherein äs authentication information, information is used which contains äs parameters encrypted with the public key of the terminal device (ME) the session key, the sequence number and a fourth type of signature of the Server (S) communicating on the basis of the Internet Protocol, said signature being computed by means of the private key of the Server (S) communicating on the basis of the Internet Protocol from the session key and the sequence number, the network node (NKn) sends the received information with the authentication prompt (8) to the terminal device (ME), the terminal device (ME) decrypts the parameters session key, sequence number and fourth type of signature of the Server (S) communicating on the basis of the Internet Protocol using its private key, the terminal device (ME) determines the integrity key from the session key and/or the sequence number, the terminal device (ME) verifies the fourth type of signature of the Server (S) communicating on the basis of the Internet Protocol with the aid of the decrypted parameters session key and sequence number and of the public key of the Server (S) communicating on the basis of the Internet Protocol and where verification is successful, the terminal device (ME) sends the decrypted fourth type of signature of the Server (S) communicating on the basis of the Internet Protocol äs an authentication response to the network node (NKn). 42. The method äs claimed in any one of Claims 11 to 41, wherein an AAA Server is used äs the Server (S) communicating on the basis of the Internet Protocol. 43. The method äs claimed in any one of Claims 11 to 42, wherein the communication between the network node (NKn) and the Server (S) communicating on the basis of the Internet Protocol is effected via the access network node (ZNK). 44. The method äs claimed in any one of Claims 11 to 43, wherein the terminal device (ME) is pooled with further terminal devices of the same type into a group, and a shared call number is assigned to the group of terminal devices (ME), under which call number the charges caused by the terminal devices (ME) of the group are billed, and the individual terminal devices (ME) are identified from the Parameter identifying the terminal device (ME) or the IP address of the terminal device (ME). 45. The method äs claimed in any one of Claims 11 to 44, wherein the network node (NKn) sends (14) presence data relating to the registration of the terminal device (ME) to a presence Server (PS) and the presence Server (PS) confirms the entry of the presence data with a response Signal (15). 46. The method äs claimed in Claim 45, wherein information regarding the location of the terminal device (ME) is sent äs an integral part of the presence data. 47. The method äs claimed in Claim 46, wherein the presence Server (PS) compares the received information regarding the location of the terminal device (ME) with a predetermined location and triggers an alarm if the location of the terminal device (ME) does not match the predetermined location. 48. The method äs claimed in any one of Claims 45 to 47, wherein after activation of the packet data service, the presence Server (PS) receives from the network node (NKn) and/or the access network node (ZNK) a message (29) updating the Status of the terminal device (ME), said message containing information regarding the activated packet data service and the associated IP address, and the presence Server (PS) responds with a confirmation message (30). 49. The method äs claimed in any one of Claims 45 to 48, wherein an application Server (AWS) logs on to the presence Server (PS), the presence Server (PS) evaluates the log-on of the application Server (AWS) and if a predefined evaluation result is found, the presence Server (PS) prompts the terminal device (ME) to activate a further packet data Service, whereupon a dynamic IP address is automatically assigned to the terminal device (ME). 50. The method äs claimed in claim 49, wherein the presence server (PS) sends to the terminal device (ME) a prompt message modified for the use of dynamic IP addresses for activating the further packet data service, and the terminal device (ME) thereupon activates the further packet data service, äs a result of which a dynamic IP address is assigned to the terminal device (ME). 51. The method äs claimed in any one of Claims 49 or 50, wherein the dynamic IP address of the terminal device (ME) is communicated to the presence server (PS) by the access network node (ZNK) and to the application server (AWS) by the presence server (PS). 52. The method äs claimed in any one of Claims 49 to 51, wherein the "push- proxy" server logs on to the presence server (PS) when it receives data for the terminal device (ME) from the application server (AWS). 53. The method äs claimed in any one of Claims 49 to 52, wherein the predefined evaluation result is stipulated by the terminal device (ME) and filed in the presence server (PS). 54. The method äs claimed in any one of Claims 49 to 52, wherein the predefined evaluation result is stipulated by a network operator such that the presence server (PS) prompts every terminal device (ME) newiy registering in the mobile radio network (MFN) or selected groups of terminal devices (ME) to activate the further packet data Service. 55. The method äs claimed in any one of Claims 51 to 54, wherein the application Server (AWS) transmits specific data to the terminal device (ME) by means of the dynamic IP address. 56. The method äs claimed in any one of Claims 51 to 55, wherein the presence Server (PS) prompts the terminal device (ME) to activate the further packet data service only when an application server (AWS) is authorized and communicates the dynamic IP address of the terminal device (ME) only to an authorized application Server (AWS). 57. The method äs claimed in any one of Claims 51 to 56, wherein after receiving the communication of the dynamic IP address assigned to the terminal device (ME) or after completion of the data transfer to the terminal device (ME), the application Server (AWS) logs off again from the presence server (PS). 58. A terminal device (ME) comprising an electronic circuit arrangement that is integrated into the terminal device (ME), a parameter identifying the terminal device (ME) being stored in said circuit arrangement, for use in a mobile radio network (MFN) comprising at least one network node (NKn) and at least one server, and comprising at least one access network node (ZNK) to a packet data network (PDN), said access network node (ZNK) being connected to the network node (NKn), wherein the terminal device is a non-SIM card terminal device (ME) and a further identification parameter and routines needed for authentication or routines and parameters needed for authentication are stored in the electronic circuit arrangement that is integrated into the terminal device (ME). 59. The terminal device äs claimed in Claim 58, wherein the routines needed for a symmetrical method in respect of authentication and key agreement or the routines and Parameters needed for authentication and key agreement are stored in the electronic circuit arrangement that is integrated into the terminal device (ME). 60. The terminal device äs claimed in claim 58, wherein the routines needed for an asymmetrical method in respect of authentication and key agreement or the routines and parameters needed for authentication and key agreement are stored in the electronic circuit arrangement that is integrated into the terminal device (ME). 61. The terminal device äs claimed in claim 60, wherein a private key of the terminal device (ME) and a public key of the Server (S) communicating on the basis of the Internet Protocol are stored in the electronic circuit arrangement that is integrated into the terminal device (ME). 62. The terminal device äs claimed in claim 61, wherein the keys are stored in the electronic circuit arrangement that is integrated into the terminal device (ME) in the form of certificates. 63. The terminal device äs claimed in any one of Claims 58 to 62, wherein further specific data for the terminal device (ME) and/or for the subscriber using the terminal device (ME) is stored in the electronic circuit arrangement that is integrated into the terminal device (ME). 64. The terminal device äs claimed in claim 63, wherein the further data is a list of the network operators permitted for the terminal device (ME) and/or a list of the network operators not permitted. 65. The terminal device äs claimed in any one of Claims 58 to 64, wherein the electronic circuit arrangement that is integrated into the terminal device (ME) contains a non-volatile memory. 66. he terminal device äs claimed in any one of Claims 58 to 65, wherein the electronic circuit arrangement that is integrated into the terminal device (ME) contains a volatile memory, the content of which is lost when the power supply is interrupted. 67. The terminal device äs claimed in any one of Claims 58 to 66,wherein the routines needed for authentication and key agreement which are stored in the electronic circuit arrangement that is integrated into the terminal device (ME) or the routines and parameters needed for authentication and key agreement which are stored in the electronic circuit arrangement that is integrated into the terminal device (ME) and/or the function of the terminal device (ME) overall are protected by a password. 68. A mobile radio network (MFN) substantially äs hereinbefore described with reference to the accompanying drawings. 69. A method for operating a terminal device (ME) in a mobile radio network (MFN) substantially äs hereinbefore described with reference to the accompanying drawings. 70. A terminal device (ME) substantially äs hereinbefore described with reference to the accompanying drawings. |
|---|
5616-delnp-2007-Claims-(23-01-2013).pdf
5616-delnp-2007-Correspondence Others-(23-01-2013).pdf
5616-delnp-2007-correspondence-others.pdf
5616-delnp-2007-description (complete).pdf
5616-delnp-2007-Form-2-(23-01-2013).pdf
5616-delnp-2007-Form-3-(23-01-2013).pdf
5616-delnp-2007-Petition-137-(23-01-2013).pdf
| Patent Number | 263709 | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Indian Patent Application Number | 5616/DELNP/2007 | ||||||||
| PG Journal Number | 47/2014 | ||||||||
| Publication Date | 21-Nov-2014 | ||||||||
| Grant Date | 17-Nov-2014 | ||||||||
| Date of Filing | 20-Jul-2007 | ||||||||
| Name of Patentee | NOKIA SIEMENS NETWORKS GMBH & CO.KG | ||||||||
| Applicant Address | ST. MARTIN STR. 76, 81541 MUNCHEN, GERMANY. | ||||||||
Inventors:
|
|||||||||
| PCT International Classification Number | H04Q 7/32 | ||||||||
| PCT International Application Number | PCT/DE2005/000150 | ||||||||
| PCT International Filing date | 2005-01-26 | ||||||||
PCT Conventions:
|
|||||||||