Telecommunications – Radiotelephone system – Security or fraud prevention
Reexamination Certificate
2000-04-11
2004-02-10
Urban, Edward F. (Department: 2685)
Telecommunications
Radiotelephone system
Security or fraud prevention
C455S558000, C455S557000
Reexamination Certificate
active
06690930
ABSTRACT:
FIELD OF INVENTION
The invention pertains to a process to control a subscriber identity module (SIM) in mobile phone systems.
DISCUSSION OF RELATED ART
Mobile stations consist of a mobile phone terminal that assumes all radio and transmission functions and a subscriber identity module (SIM) associated with it. Most SIM's are in the form of a chip card that establishes the subscriber relationship with the mobile phone system operator. Important individual subscriber data saved on the SIM facilitate the use of the mobile phone services. The SIM contains the mobile subscriber identification (IMSI), the secret individual subscriber key (Ki) an authentication algorithm (A3), a ciphering key generating algorithm (A8), a personal identification number (PIN) and other permanent and temporary data.
The SIMS are personalized with an IMSI, Ki, etc., ahead of time at a “personalization” center run by the mobile phone network operator and are then issued to the subscribers. A change to the permanent data saved on the SIM, to update procedures or make security-related improvements, for example, is usually no longer possible or can only be done at the personalization center. If the SIM data is to be changed for a large number of subscribers, this can become very labor- and cost intensive.
A primary purpose of the invention is to present a process to control a subscriber identity module (SIM) for mobile phone systems which meets high security requirements and which is easy to implement.
The invention consists of a process in which the mobile phone network sends one or more distinct control values to the subscriber identity module. These values then initiate certain actions or procedures within the subscriber identity module. Certain random values sent from the mobile phone network to the subscriber identity module for regular authentication are used as the control values (Control RANDs).
Prior to initiating an action or procedure in the subscriber module, a test of these received control values (Control RAND) is performed in which the control values are compared to certain comparison values available on the SIM (Comparison RANDs). There is at least one comparison value saved on the SIM either as a permanent parameter or that can be calculated. For example, Control/Comparison RANDs can be generated specific to each card by evaluating them as a function of the secret key Ki and/or other permanently stored parameters Z using the A3/A8 security algorithms implemented in the SIM.
In order to perform the comparison quickly, the comparison value can be stored on the SIM.
Also, each SIM must have more than one control value reserved for it. Each value must initiate a certain action or procedure on the SIM. A series of allowable control values is maintained at a suitable point in the mobile phone network, for example, at the authentication center (AC). Each of these control values is assigned to a particular SIM with particular actions to be initiated.
To raise the security in the mobile phone network, many different A3/A8 security algorithms can be stored on the SIM. These algorithms can be alternated by receiving the correct control value.
It is also possible to store a number of secret keys Ki on the SIM card or to derive them from a single stored Ki. Receiving the correct control value can allow these keys to be alternated.
Each initiated action or procedure can be initiated not only by a single Control RAND, but also by a Control RAND that is part of a group of Control RANDS. Only a portion of the Control RAND is used, which allows subsequent Control RANDs to differ from one another but have the same control bits.
An advantage of this invention is that no additional control values, which could otherwise be easily identified and misused, need to be transferred for this type of ‘remote control’ of actions or procedures on the SIM. Using a random number that is transferred during every authentication as a control value renders it unidentifiable. The control values appear as “common” RAND values that are sent by the network to the SIM for authentication. Also, there is no need to change the GSM protocols.
The following describes the invention in more detail with the help of an embodiment example. More features and advantages of the invention are included.
REFERENCES:
patent: 5036461 (1991-07-01), Elliott et al.
patent: 5310999 (1994-05-01), Claus et al.
patent: 5742910 (1998-04-01), Gallant et al.
patent: 5878135 (1999-03-01), Blatter et al.
patent: 5915226 (1999-06-01), Martineau
patent: 6073238 (2000-06-01), Drupsteen
patent: 6198823 (2001-03-01), Mills
patent: 6240187 (2001-05-01), Lewis
patent: 6373946 (2002-04-01), Johnston
patent: 0757502 (1997-02-01), None
patent: 0 757 502 (1997-02-01), None
patent: 92/12584 (1992-07-01), None
Chow C.
T-Mobile Deutschland GmbH
The Maxham Firm
Urban Edward F.
LandOfFree
Process to control a subscriber identity module (SIM) in... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Process to control a subscriber identity module (SIM) in..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Process to control a subscriber identity module (SIM) in... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3281345