Electrical computers and digital processing systems: support – System access control based on user identification by...
Reexamination Certificate
1999-01-12
2002-04-02
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
System access control based on user identification by...
C713S151000, C713S162000, C713S166000, C380S247000
Reexamination Certificate
active
06367014
ABSTRACT:
The invention relates to messages exchanged in cellular radio communication systems. In general, these messages are exchanged between a message service center and a plurality of mobile stations. Each mobile station is composed of a terminal cooperating with a microprocessor user card called subscriber identity module (SIM).
More specifically, the invention relates to a particular enhanced message structure and a method for synchronizing and ensuring security when exchanging enhanced messages having this structure.
In the field of cellular radio communication, the GSM standard (global system for mobile public communications operating in the 900 MHz band) is known, primarily in Europe.
The invention applies, in particular, but not exclusively, to a system according to this GSM standard.
In general, a terminal is a piece of physical equipment used by a network user to access the telecommunications services offered. There are a number of different terminal types such as portables or even mobiles mounted on vehicles.
When a terminal is used by a user, the latter must connect his user card (SIM module), which is generally in the form of a smart card, to the terminal.
The user card supports a principal telephone application (for example the GSM application) which allows it, as well as the terminal to which it is connected in the cellular communications system, to operate. In particular, the user card provides the terminal with which it is connected with a unique subscriber identifier (or IMSI identifier, standing for “International Mobile Subscriber Identity”). For this purpose, the user card includes command execution means (for example a microprocessor and a program memory) and data storage means (for example a data storage).
The IMSI identifier, and all the individual information about the subscriber, to be used by the terminal, are stored in the data storage means of the SIM module. This enables each terminal to be used with any SIM module.
In certain known systems, particularly in a GSM system, there is a short message service (SMS) for sending short messages to mobile stations. These messages are transmitted by a short message service center (SMS-C).
When a mobile station receives a short message, it stores it in the data storage means of its SIM module. The principal telephone application of each SIM module handles each short message received.
Originally, the only function of a message was to provide information to the subscriber, generally via a terminal display screen. Messages that have this single function, known as short messages, thus contain only raw data.
Subsequently, an enhanced short message system (ESMS) was designed in which two types of short messages could be sent, namely the normal messages referred to above and enhanced messages which could contain commands.
Thus, the proposal has already been made that commands for updating or reconfiguring this SIM module remotely be transmitted to an SIM module via enhanced messages. In other words, commands encapsulated in enhanced messages enable the main telephone application of the SIM module to be modified. In this way, the SIM module can be reconfigured without having to bring it to a point of sale (and hence the SIM module can execute administrative commands when it is in the application phase).
It has also been proposed that the SIM module serve as a support for applications other than the principal telephone application such as in particular vehicle renting, payment, or loyalty applications.
Since the commands belonging to these other applications are contained in enhanced messages, which are thus external to the SIM module, these other applications are known as remote or OTA (“Over The Air”). On the other hand, the principal telephone application, whose commands are contained in the SIM module data storage means, is known as “local.” The commands are also known as “local” or “remote” depending on whether the application to which they belong is itself local or remote.
Hence, remote applications (renting, payment, reconfiguration of principal telephone application, etc.) can be executed with these remote commands.
It is clear that this recent remote application (or OTA application) concept is highly advantageous for the subscriber. The latter is able to carry out numerous applications such as renting a vehicle or paying for a service very easily simply by inserting his SIM module into a terminal.
In other words, the SIM module is made to do something different (essentially, more commands) that what it is normally able to do once it is in its application phase, namely once it is inserted into a cellular telephone in the user's hand.
This enhanced working capacity of the SIM module entails particular security requirements. This mechanism, which is in fact an additional gateway into the SIM module, should prevent any person from carrying out actions in the SIM module from which he is normally prohibited.
Resynchronization, uniqueness of each message, integrity of each message, and authenticity of the transmitting entity are some of the particular security requirements linked to the utilization of enhanced messages.
This is because it is important to be able to resynchronize the message source and the SIM module if there are transmission problems on the network. Due to transmission problems in the enhanced message channel, neither the path of an enhanced message nor the transmission sequence of several enhanced messages can be guaranteed.
The requirement that each message be unique avoids replaying a message either accidentally (indeed, the path followed by an enhanced message is such that a given message could be transmitted several times to an SIM module) or intentionally (i.e. fraudulently with the idea of having the SIM module execute the same command sequence, such as the commands enabling a prepaid telephone unit meter in the SIM module to be recredited, several times in succession).
The requirement of integrity of each message prevents a message from being corrupted either accidentally (also due to the transmission path between the message service center and the mobile station) or intentionally (with the idea of modifying a message and forcing it to carry out other actions more sensitive than those planned by the message source).
The requirement that the transmitting entity be authentic ensures that it is indeed authorized to send enhanced messages. This remote application mechanism must be reserved for particular transmitters (such as operators and suppliers of services).
The recent remote application concept as currently implemented proves not to meet all these particular security requirements.
The only proposal made to date has been to introduce a checksum into each enhanced message and run a check procedure in which a secret code is presented before remote commands contained in the enhanced message are executed.
Clearly, this solution is incomplete and thus unsatisfactory.
First of all, the use of a checksum, which is a relatively basic solution, only ensures that the transmission has been carried out correctly.
Also, procedures of the secret code checking type do not offer sufficient security guarantees if an enhanced message is intercepted. Since the identifier information does not vary from one message to another, it is easy for an unauthorized person to replay a message, and pass off a fraudulently intercepted message as authentic.
Finally, this known solution does not meet the other requirements listed above, namely resynchronization and integrity of the messages.
The goal of the invention is to overcome these drawbacks of the prior art.
More specifically, one of the goals of the present invention is to provide a method for synchronizing and ensuring security of an exchange of enhanced messages and a corresponding enhanced message structure enabling the message source and the SIM module to be resynchronized if there are transmission problems on the network.
Another goal of the invention is to provide such a method and such an enhanced message structure ensuring uniqueness of each enhanced message t
Huet Cedric
Laget Anne
Proust Philippe
Gemplus S.C.A.
Peeso Thomas R.
Plottel Roland
LandOfFree
Enhanced short message and method for synchronizing and... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Enhanced short message and method for synchronizing and..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Enhanced short message and method for synchronizing and... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2926448