Cryptography – Cellular telephone cryptographic authentication
Reexamination Certificate
1999-07-27
2004-03-16
Peeso, Thomas R. (Department: 2132)
Cryptography
Cellular telephone cryptographic authentication
C380S270000, C380S256000, C713S176000, C713S184000
Reexamination Certificate
active
06707915
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The invention relates to a new method for transferring a data packet, e.g. a software sequence, between two communication terminals.
2. Description of the Prior Art
Until now communication terminals, such as cellular phones, are loaded with software when leaving the factory. The software is normally flashed into a flash ROM during the assembly of the terminal. A Master Software is copied into the terminal. During the product lifetime the software development continues. This means if minor software improvements are introduced after the launch of the terminal, the Master Software is amended so subsequently manufactured terminals contain copies of the amended version.
When a terminal has been sent for service the entire set of software instructions (the operative system of the terminal) will very often become updated by re-flashing a copy of the Master Software. The User will normally not notice any difference. The loading of software has been performed by inserting a plug into the terminal thus establishing an electronic connection.
However the assignee presented a Smart Messaging concept at the CeBIT fair in 1997. Hereby any GSM phone with the SMS (Short Message Service) capability can access the services. The Smart Messaging technology allows the GSM subscriber access to a wide range of new applications, such as information and “infotainment” services and the Internet. Services could include flight schedules, weather reports, stock news, currency rates, telebanking information, sports news and movie listings. Furthermore the concept may be used for downloading software sold in aftersale. For example, new ringing tones may be downloaded Over The Air (OTA),
Communication terminals such as cellular phones have yet to be type approved in order to ensure that the activity of the terminal does not interact with the network or other types of electronic equipment in an unintended or unfavorable manner. Therefore both the manufacturer and the owner of such a communication terminal have a need for securing the terminal against unauthorized software loading into the phone.
SUMMARY OF THE INVENTION
According to one aspect of the present invention there is provided a method of transferring a data packet from a providing communication terminal to a requesting communication terminal, wherein said requesting communication terminal transfers a message to the providing communication terminal including a request for receiving the data packet and a first unique identification code identifying the requesting communication terminal; said providing communication terminal verifies the validity of the first unique identification code, and upon a successful verification, responds by transferring a message to the requesting communication terminal including the requested data packet and a second unique identification code; and said requesting communication terminal verifies the validity of the second unique identification code, and upon a successful verification, stores the data packet accordingly.
Hereby, in embodiments of the invention, the providing communication terminal has an opportunity to verify the identity of the requesting communication terminal before the delivery of the data packet. By controlling the validity of the second unique identification code the requesting communication terminal may verify the identity of the providing communication terminal and thereby check whether the data packet is provided by an authorized provider or not. If the data packet is deemed to be provided by an authorized provider the requesting communication terminal stores the received data packet and if the data packet includes a computer program or parts thereof the terminal automatically runs the required setup routines.
In cellular communication systems the providing communication terminal may advantageously be a fixed unit which is a part of a wireless communication network, while the requesting communication terminal then may be a mobile unit communicating via said wireless communication network.
In a cellular system as for example the GSM network the requesting communication terminal may be a GSM phone and the first unique identification code may include an International Mobile Equipment Identity (IMEI) code. The IMEI code uniquely identifies the phone and includes a Type Approval Code (TAC), a Final Assembly Code (FAC) identifying the assembly plant and a serial number (SN). In total the IMEI code includes 15 digits. In the GSM system its is a part of the standard that the mobile stations (phone) transfer their IMEI code to the network operator in response to a request (RIL3-MM IDENTITY REQUEST message), and these requests are given in order to identify the phone, for example upon location update or in order identify failures in the system.
A Master Password is defined by the administrator of the providing communication terminal. Phones or a communication terminal supporting the data packet verification method according to embodiments of the invention, are each provided with a phone password. The phone password is stored in the phone and is calculated by combining the IMEI number and the Master Password by means of a secure hash algorithm, such as a public key algorithm (for example, the MD5 algorithm from the RSA Data Security Company). The MD5 algorithm is a one-way hash function producing a 128 bit hash value (16 byte) from input messages of arbitrary length.
When the administrator of the providing communication terminal transmits the data packet the phone password calculated based on the Master Password may be used for the calculation of the second unique identification code. This second unique identification code is calculated by combining the code image of the data packet to be sent and the phone password by means of an secure hash algorithm, such as the MD5 algorithm . The code image and the second unique identification code is then transferred to the requesting communication terminal. The requesting communication terminal separates the code image and combines this and the phone password stored in the phone by means of an secure hash algorithm, such as the MD5 algorithm to obtain another signature. Then the requesting communication terminal compares the received second unique identification code and said calculates another signature. When the comparison shows that the codes are identical the requesting communication terminal deems the received code image to authenticated and stores the data accordingly.
Furthermore a successful verification of authentication of the received data packet indicates that the data packet is free from bit errors occurring during the transmission.
According to another aspect of the present invention there is provided a wireless communication network in which a data packet may be transferred securely from a providing communication terminal to a requesting communication terminal, wherein said requesting communication terminal comprises means for transmitting a message to the providing communication terminal, said message includes a request for the data packet and an identification of itself by means of a first unique identification code; said providing communication terminal includes means for verifying the validity of the first unique identification code, and means for transmitting a message, upon a successful verification, to the requesting communication terminal, said message includes the requested data packet and a second unique identification code; said requesting communication terminal comprises means for verifying the validity of the second unique identification code; and the requesting communication terminal includes means for storing the data packet, upon a successful verification of the validity of the received message. This network is able to ensure that unauthorized programs are not downloaded via the network to the communication terminals connected thereto. Otherwise the communication traffic could be affected.
According to a further aspect of the present invention there is provided a computer program product
Jobst Matthias
Stage Erling Bugge
Antonelli Terry Stout & Kraus LLP
Nokia Mobile Phones Limited
Peeso Thomas R.
Stulberger Cas
LandOfFree
Data transfer verification based on unique ID codes does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Data transfer verification based on unique ID codes, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Data transfer verification based on unique ID codes will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3204741