`
`
`[11] Patent Number:
`United States Patent
`[19]
`5,913,175
`
`
`
`
`
`
`
`
`
`
`[45] Date of Patent:
`Jun. 15, 1999
`Pinault
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`U5005913175A
`
`
`
`
`
`
`
`
`
`[54] METHOD OF MAKING THE USE OF A
`
`
`
`
`
`
`
`
`TERMINAL OF A CELLULAR MOBILE
`
`
`
`
`
`RADIO SYSTEM MORE SECURE, AND
`
`
`
`
`
`CORRESPONDING TERMINAL AND USER
`
`
`
`CARD
`
`
`
`
`
`[75]
`
`
`
`Inventor: Francis Pinault, Bois Colombes,
`
`
`
`
`France
`
`
`
`
`[73] Assignee: Alcatel Mobile Phones, Paris, France
`
`
`
`
`
`
`
`
`
`[21] Appl. No.: 08/777,734
`
`
`
`Filed:
`
`[22]
`
`
`
`
`Dec. 20, 1996
`
`
`
`
`Foreign Application Priority Data
`
`
`
`
`[FR]
`France ................................... 95 15283
`
`
`
`
`[51]
`Int. Cl.6 ................................................ H04Q 7/32
`
`
`
`
`
`
`[52] US. Cl.
`455/558, 455/410, 455/411
`
`
`
`
`
`
`
`
`[58] Field of Search ................................. 455/410, 411,
`
`
`
`
`
`
`
`455/557, 558; 379/114, 143, 357; 235/380,
`
`
`
`
`
`
`382, 380/21, 28, 30, 23, 3
`
`
`
`
`
`
`
`[30]
`
`
`Dec. 21, 1995
`
`
`
`
`
`
`
`
`
`[56]
`
`
`
`References Cited
`
`
`U.S. PATENT DOCUMENTS
`
`
`
`4,736,419
`4/1988 Roe ........................................... 380/23
`
`
`
`
`
`
`5,390,252
`2/1995 Suzuki et al.
`.. 455/411
`
`
`
`
`
`
`
`5,444,764
`8/1995 Galecki
`.......
`.. 455/558
`
`
`
`
`
`
`5,600,708
`2/1997 Meche et al.
`.. 455/411
`
`
`
`
`
`
`
`5,604,787
`2/1997 Kotzin et al.
`.. 455/558
`
`
`
`
`
`
`
`5,617,470
`4/1997 Depasquale
`.. 379/114
`
`
`
`
`
`5,661,806
`8/1997 Nevoux et al.
`380/25
`
`
`
`
`
`
`
`5,675,607 10/1997 Alesio et al.
`.. 379/114
`
`
`
`
`
`
`
`4/1998 Gallant et al.
`.. 455/558
`5,742,910
`
`
`
`
`
`
`
`5/1998 Loder ......
`.. 455/407
`5,748,720
`
`
`
`
`
`6/1998 Mooney et a .
`........................ 455/558
`5,761,624
`
`
`
`
`
`
`
`
`.
`
`
`
`
`FOREIGN PATENT DOCUMENTS
`
`
`2/1989 European Pat. 01f. .
`03 01 740 A2
`
`
`
`
`
`
`
`OTHER PUBLICATIONS
`
`
`
`
`
`
`
`
`.l. K. Omura, “A computer dial access system based on
`
`
`
`
`
`
`
`
`
`
`publicikey techniques”, IEEE Communications Magazine,
`
`
`
`
`
`Jul. 1987, vol. 25, No. 7, Jul. 1987, ISSN 016376804, pp.
`
`
`
`
`
`
`
`
`
`
`
`73—79.
`
`
`
`
`Primary Examiner—Dwayne D. Bost
`
`
`
`Assistant Examiner—Jean A. Gelin
`
`
`
`
`Attorney, Agent, or Firm—Sughnle, Miou, Zinn, Macpeak
`
`
`
`
`
`
`& Seas, PLLC
`
`
`
`[57]
`
`ABSTRACT
`
`
`
`Aterminal of a cellular mobile radio system cooperates with
`
`
`
`
`
`
`
`
`
`a user card and is able to operate in at least two separate
`
`
`
`
`
`
`
`
`
`
`
`
`
`operating modes, namely a normal mode in which it can be
`
`
`
`
`
`
`
`
`
`
`
`used with any user card and a locked mode in which it can
`
`
`
`
`
`
`
`
`
`
`
`
`
`be used only with the user card to which it is locked, the
`
`
`
`
`
`
`
`
`
`
`
`
`
`latter constituting a linked user card. To make use of the
`
`
`
`
`
`
`
`
`
`
`
`terminal more secure,
`first
`locking data is stored in a
`
`
`
`
`
`
`
`
`
`
`memory area of the linked user card and, in the locked mode,
`
`
`
`
`
`
`
`
`
`
`
`
`the method includes a phase of authentication by the termi-
`
`
`
`
`
`
`
`
`
`nal of the user card With which it is cooperating. In the
`
`
`
`
`
`
`
`
`
`
`
`
`authentication phase second locking data is calculated in the
`
`
`
`
`
`
`
`
`
`terminal from the intermediate data read in a memory area
`
`
`
`
`
`
`
`
`
`
`accessible to the terminal using a calculation function spe-
`
`
`
`
`
`
`
`
`cific to the terminal, and the first and second locking data is
`
`
`
`
`
`
`
`
`
`
`
`compared in the terminal and use of the terminal is autho—
`
`
`
`
`
`
`
`
`
`
`rized only in the event of equality, that is to say if the user
`
`
`
`
`
`
`
`
`
`
`
`
`
`card with which the terminal is cooperating is authenticated
`
`
`
`
`
`
`
`
`as the linked user card.
`
`
`
`
`
`
`
`
`
`
`
`
`
`21 Claims, 5 Drawing Sheets
`
`
`
`
`
`
`
`lofl3
`
`SAMSUNG EXHIBIT 1007
`
`1 of 13
`
`SAMSUNG EXHIBIT 1007
`
`

`

`US. Patent
`
`Jun. 15, 1999
`
`Sheet 1 0f 5
`
`5,913,175
`
`
`
`MANUFACTURE
`
`NORMAL MODE
`
`LOCKED MODE
`
`
`
`Fig. 5
`
`20f13
`
`AUTHENTICATE LINK
`
`
`
`
`

`

`US. Patent
`
`Jun. 15, 1999
`
`Sheet 2 of 5
`
`5,913,175
`
`T Q
`
`CU
`
`
`D1-
` Fig. 2A
`
`USER CARD
`
`TERMINAL
`) E30i©
`USER CARD
`
`m
`
`Fig. 28
`
`CU
`
`D1-©
`
`Fig. 3A USERCARD
`®
`
`T
`
`Dil::1
`
`TERMINAL
`
`TERMINAL
`Q)
`
`©
`
`
`
`
`_,
`Fig. 4A USERCARD
`o. [:1
`DI' —
`
`CU
`
`T TERMINAL
`
`USER CARD
`
`3of13
`
`

`

`US. Patent
`
`Jun. 15, 1999
`
`Sheet 3 of5
`
`5,913,175
`
`NORMAL MODE
`
`LOCKINGCODE? ‘6
`
`CREATE LINK
`
`62
`
`10
`
`ELIMINATE
`PREVIOUS LINK
`
`AUTHENTICATE LINK
`
`LOCKED MODE
`
`BLOCK TERMINAL
`
`UNBLOCK TERMINAL
`
`Wm
`
`YES
`
`64
`
`Fig. 6
`
`4of13
`
`

`

`US. Patent
`
`Jun. 15, 1999
`
`Sheet 4 of5
`
`5,913,175
`
`
`
`50f13
`
`

`

`US. Patent
`
`Jun. 15,1999
`
`Sheet 5 0f 5
`
`5,913,175
`
`T1 FIRST TERMINAL
`
`T2 SECOND TERMINAL
`
`{sie'éfifiu'fi """"""""""
`:ENHANCER
`
`
`
`W/A
`
`TERMINAL
`
`Fig. 11
`
`111
`
`6of13
`
`

`

`5,913,175
`
`
`
`1
`
`METHOD OF MAKING THE USE OFA
`
`
`
`
`
`
`
`TERMINAL OF A CELLULAR MOBILE
`
`
`
`
`
`RADIO SYSTEM MORE SECURE, AND
`
`
`
`
`
`CORRESPONDING TERMINAL AND USER
`
`
`
`CARD
`
`
`
`
`
`
`BACKGROUND OF THE INVENTION
`
`
`
`1. Field of the Invention
`
`
`
`
`
`The field of the invention is that of cellular mobile radio
`
`
`
`
`
`
`
`
`
`
`
`systems with terminals (also called mobile stations). In the
`
`
`
`
`
`
`
`
`
`field of cellular mobile radio, European standards include
`
`
`
`
`
`
`
`
`the GSM (Global System for Mobile communications)
`
`
`
`
`
`
`
`standard, covering public mobile radio systems operating in
`
`
`
`
`
`
`
`
`the 900 MHz band.
`
`
`
`
`To be more precise, the invention concerns a method of
`
`
`
`
`
`
`
`
`
`
`making the use of a terminal of a cellular mobile radio
`
`
`
`
`
`
`
`
`
`
`
`system more secure. The method of the invention can be
`
`
`
`
`
`
`
`
`
`
`used in a GSM system, but is not exclusive to that system.
`
`
`
`
`
`
`
`
`
`
`
`
`2. Description of the Prior Art
`
`
`
`
`
`
`A cellular mobile radio system is implemented within a
`
`
`
`
`
`
`
`
`
`network of geographical cells through which the mobile
`
`
`
`
`
`
`
`
`stations (or terminals) travel. A base station is associated
`
`
`
`
`
`
`
`
`
`
`with each cell and a mobile station communicates through
`
`
`
`
`
`
`
`
`
`the base station of the cell in which it is located.
`
`
`
`
`
`
`
`
`
`
`
`The expression mobile station or terminal (both of which
`
`
`
`
`
`
`
`
`
`are used interchangeably in this description) refer to the
`
`
`
`
`
`
`
`
`
`physical equipment employed by the user of the network to
`
`
`
`
`
`
`
`
`
`
`access the telecommunication services offered. There are
`
`
`
`
`
`
`
`various types of terminals, such as vehicle-mounted, por-
`
`
`
`
`
`
`
`table and hand-portable terminals.
`
`
`
`
`they generally have to
`When a user uses a terminal,
`
`
`
`
`
`
`
`
`
`
`connect a user card that they retain in order for the latter to
`
`
`
`
`
`
`
`
`
`
`
`
`
`communicate their subscriber number to the terminal. In the
`
`
`
`
`
`
`
`
`
`case of the GSM system, the user card that the user must
`
`
`
`
`
`
`
`
`
`
`
`
`connect to the terminal is a removable memory card called
`
`
`
`
`
`
`
`
`
`
`the Subscriber Identity Module (SIM), which communicates
`
`
`
`
`
`
`
`to the terminal the user’s International Mobile Subscriber
`
`
`
`
`
`
`
`
`Identity (IMSI) number.
`
`
`
`In other words, all of the personalized information con-
`
`
`
`
`
`
`
`
`cerning the subscriber is stored on the user card (or SIM
`
`
`
`
`
`
`
`
`
`
`
`
`card). Thus, in the general case, any terminal can be used
`
`
`
`
`
`
`
`
`
`
`
`with any user card.
`
`
`
`
`An authentication mechanism prevents unauthorized use
`
`
`
`
`
`
`of the identity of a network subscriber.
`It must not be
`
`
`
`
`
`
`
`
`
`
`
`possible for a person knowing only the identity (or IMSI) of
`
`
`
`
`
`
`
`
`
`
`
`a subscriber to pass themselves off as that subscriber to the
`
`
`
`
`
`
`
`
`
`
`
`network. To this end, the user card also contains an indi-
`
`
`
`
`
`
`
`
`
`
`vidual authentication key and an authentication algorithm.
`
`
`
`
`
`
`
`After the subscriber has identified himself or herself,
`the
`
`
`
`
`
`
`
`
`
`network can therefore check their identity and break off the
`
`
`
`
`
`
`
`
`
`
`procedure if the authentication procedure fails.
`
`
`
`
`
`
`Subscribers may inform the network operator or manager
`
`
`
`
`
`
`
`that their card has been lost or stolen. This means that any
`
`
`
`
`
`
`
`
`
`
`
`attempt by a third party to use their user card can be detected
`
`
`
`
`
`
`
`
`
`
`
`and barred at system level.
`
`
`
`
`
`The operator often offers an additional degree of protec—
`
`
`
`
`
`
`
`
`tion of the user card. For this, a Personal Identity Number
`
`
`
`
`
`
`
`
`
`
`
`(PIN) is stored on the user card. Subscribers are asked to
`
`
`
`
`
`
`
`
`
`
`
`enter their PIN code on the keypad of the terminal each time
`
`
`
`
`
`
`
`
`
`
`
`
`the card is inserted into the terminal or each time that the
`
`
`
`
`
`
`
`
`
`
`
`
`terminal is switched on, This prevents anyone using a lost or
`
`
`
`
`
`
`
`
`
`
`stolen user card if they do not know the PIN code associated
`
`
`
`
`
`
`
`
`
`
`
`
`with that user card.
`
`
`
`
`Although in the early days of cellular mobile radio
`
`
`
`
`
`
`
`
`
`systems various means of protecting user cards against
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`2
`
`unauthorized use were proposed, as explained above, the
`
`
`
`
`
`
`
`
`same cannot be said in respect to protection of the terminals.
`
`
`
`
`
`
`
`
`
`
`
`First generation terminals do not have any particular pro-
`
`
`
`
`
`
`
`
`tection against unauthorized use. Consequently, a lost or
`
`
`
`
`
`
`
`stolen terminal can be used by anyone holding a valid user
`
`
`
`
`
`
`
`
`
`
`card. The network verifies the validity of the user card but
`
`
`
`
`
`
`
`
`
`
`not that of the terminal. In protection terms, the terminal can
`
`
`
`
`
`
`
`
`
`
`therefore be classified as “passive”.
`
`
`
`
`
`Each terminal of a cellular mobile radio system is a costly
`
`
`
`
`
`
`
`
`device, Whether the cost is met by the subscriber or by the
`
`
`
`
`
`
`
`
`
`
`
`operator. There is therefore an obvious benefit in attempting
`
`
`
`
`
`
`
`
`to make its use more secure, in particular in the event of loss
`
`
`
`
`
`
`
`
`
`
`
`
`of theft.
`
`
`Making the use of a terminal more secure generally
`
`
`
`
`
`
`
`
`
`consists in proposing, in addition to the normal operating
`
`
`
`
`
`
`
`
`
`mode, a so-called locked mode in which the terminal can be
`
`
`
`
`
`
`
`
`
`
`
`used only with a user card with which it is “locked”, called
`
`
`
`
`
`
`
`
`
`
`
`
`the linked user card. In other words, a link is established
`
`
`
`
`
`
`
`
`
`
`
`between the terminal and a particular user card (the linked
`
`
`
`
`
`
`
`
`
`
`user card).
`
`
`One technique for implementing a locked mode of this
`
`
`
`
`
`
`
`
`
`kind is described in patent U.S. Pat. No. 4,868,846, assigned
`
`
`
`
`
`
`
`
`
`
`to NOKIA MOBILE PHONES LTD. The method described
`
`
`
`
`
`
`
`
`in the above patent includes a phase of creating a terminal/
`
`
`
`
`
`
`
`
`
`
`
`user card link and a phase of verifying the terminal/user card
`
`
`
`
`
`
`
`
`
`
`link.
`
`In the link creation phase, the terminal reads the user
`
`
`
`
`
`
`
`
`
`identification data stored on the user card and stores it in its
`
`
`
`
`
`
`
`
`
`
`
`memory.
`
`During the link verification phase the terminal reads the
`
`
`
`
`
`
`
`
`
`user identification data stored on the user card with which it
`
`
`
`
`
`
`
`
`
`
`
`is cooperating and compares it with that stored in its memory
`
`
`
`
`
`
`
`
`
`
`
`during the link creation phase, authorizing operation of the
`
`
`
`
`
`
`
`
`
`terminal or not according to whether the data read and that
`
`
`
`
`
`
`
`
`
`
`
`stored are identical or not.
`
`
`
`
`
`This prior art technique therefore prevents a terminal
`
`
`
`
`
`
`
`
`being used with a user card other than that with which it has
`
`
`
`
`
`
`
`
`
`
`
`
`been locked. This prevents unauthorized use of a terminal
`
`
`
`
`
`
`
`
`
`lost or stolen without its linked user card. This contributes to
`
`
`
`
`
`
`
`
`
`
`
`reducing the number of terminal thefts.
`
`
`
`
`
`
`Note that even if the terminal is lost or stolen with its
`
`
`
`
`
`
`
`
`
`
`
`
`linked user card, it can be used only with the latter. As
`
`
`
`
`
`
`
`
`
`
`
`
`already explained, the subscriber can tell the operator that
`
`
`
`
`
`
`
`
`
`their user card has been lost or stolen, so that its use can be
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`barred at system level. Stealing the terminal is therefore of
`
`
`
`
`
`
`
`
`
`
`no benefit in this case either.
`
`
`
`
`
`
`This prior art technique of making the use of a terminal
`
`
`
`
`
`
`
`
`
`
`more secure nevertheless has at least two major drawbacks.
`
`
`
`
`
`
`
`
`
`Firstly, it does not totally eliminate all risks of unautho-
`
`
`
`
`
`
`
`
`
`rized use of the terminal. The terminal/user card link is based
`
`
`
`
`
`
`
`
`
`
`
`on the storage in the memory of the terminal of the user
`
`
`
`
`
`
`
`
`
`
`
`
`identification data (read by the terminal from the user card
`
`
`
`
`
`
`
`
`
`
`during the link creation phase). There is nothing to stop a
`
`
`
`
`
`
`
`
`
`
`
`person directly modifying the content of the terminal
`
`
`
`
`
`
`
`
`memory in order to modify the existing locking link. In this
`
`
`
`
`
`
`
`
`
`
`
`the identification data of the linked user card is
`case,
`
`
`
`
`
`
`
`
`
`
`replaced in the terminal memory with new identification
`
`
`
`
`
`
`
`
`data from another user card. In this way, although it is in the
`
`
`
`
`
`
`
`
`
`
`
`
`
`locked mode, unauthorized use of the terminal is possible
`
`
`
`
`
`
`
`
`
`since it sees the other user card as that with which it is
`
`
`
`
`
`
`
`
`
`
`
`
`
`linked.
`
`
`Moreover, this prior art technique is generally combined
`
`
`
`
`
`
`
`with protection by requiring subscribers to enter their PIN
`
`
`
`
`
`
`
`
`code each time their user card is inserted into the terminal or
`
`
`
`
`
`
`
`
`
`
`
`each time the latter is switched on. Entering the PIN code
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Ul
`
`
`
`10
`
`
`
`
`
`20
`
`
`
`tom
`
`
`
`
`
`mm
`
`
`
`40
`
`
`
`
`
`50
`
`
`
`55
`
`
`
`60
`
`
`
`
`
`
`
`
`
`70f13
`
`7 of 13
`
`

`

`5,913,175
`
`
`
`
`
`
`
`
`
`
`
`
`
`3
`
`can become a nuisance if it has to be carried out many times
`
`
`
`
`
`
`
`
`
`
`
`a day. For this reason, some subscribers leave their terminal
`
`
`
`
`
`
`
`
`
`
`switched on in order to avoid having to enter their PIN code
`
`
`
`
`
`
`
`
`
`
`
`
`several times. Then, even if the locked mode is selected,
`
`
`
`
`
`
`
`
`
`
`stealing the terminal when it is switched on and cooperating
`
`
`
`
`
`
`
`
`
`
`with its linked user card enables a person to access the
`
`
`
`
`
`
`
`
`
`
`
`services of the network until this is barred at system level
`
`
`
`
`
`
`
`
`
`
`
`after the subscriber has reported the loss of theft of their user
`
`
`
`
`
`
`
`
`
`
`
`
`card. It must be remembered that, in respect of the use of
`
`
`
`
`
`
`
`
`
`
`
`
`stolen terminals, there is no barring procedure at system
`
`
`
`
`
`
`
`
`
`level equivalent to that which exists for stolen user cards.
`
`
`
`
`
`
`
`
`
`
`One objective of the invention is to overcome these
`
`
`
`
`
`
`
`
`drawbacks of the prior art.
`
`
`
`
`
`To be more precise, one objective of the present invention
`
`
`
`
`
`
`
`
`
`is to provide a method of making the use of a cellular mobile
`
`
`
`
`
`
`
`
`
`
`radio system terminal more secure that completely elimi-
`
`
`
`
`
`
`
`nates all risk of unauthorized use of the terminal.
`
`
`
`
`
`
`
`
`
`An additional objective of the invention is to provide a
`
`
`
`
`
`
`
`
`
`
`method of the above kind that does not require users to enter
`
`
`
`
`
`
`
`
`
`
`
`
`their PIN code each time they insert their user card into the
`
`
`
`
`
`
`
`
`
`
`
`
`terminal or each time they switch the latter on.
`
`
`
`
`
`
`
`
`
`Afurther object of the invention is to provide a method of
`
`
`
`
`
`
`
`
`
`
`
`
`the above kind that offers not only the advantages offered by
`
`
`
`
`
`
`
`
`
`
`
`the prior art method described in patent US. Pat. No.
`
`
`
`
`
`
`
`
`
`
`4,868,846, referred to above, but has additional advantages
`
`
`
`
`
`
`
`
`that cannot be offered by the prior art method.
`
`
`
`
`
`
`
`
`
`In other words, one objective of the invention is to
`
`
`
`
`
`
`
`
`
`
`provide a method of the above kind which, like the prior art
`
`
`
`
`
`
`
`
`
`
`
`
`method, allows operation in locked mode in which the
`
`
`
`
`
`
`
`
`
`terminal can be used only with a particular user card.
`
`
`
`
`
`
`
`
`
`
`Afurther objective of the invention is to provide a method
`
`
`
`
`
`
`
`
`
`of the above kind which allows a terminal to be left switched
`
`
`
`
`
`
`
`
`
`
`on with its user card inside it but which nevertheless
`
`
`
`
`
`
`
`
`
`prevents unauthorized use of the terminal, which is not
`
`
`
`
`
`
`
`
`possible with the prior art method.
`
`
`
`
`
`
`A further objective of the invention is to provide a method
`
`
`
`
`
`
`
`
`
`
`of the above kind enabling local or remote blocking (total
`
`
`
`
`
`
`
`
`
`
`prohibition of operation) or unblocking (authorization of
`
`
`
`
`
`
`
`
`operation in locked mode) of a terminal.
`
`
`
`
`
`
`Another objective of the invention is to provide a method
`
`
`
`
`
`
`
`
`
`
`of the above kind enabling a subscriber having more than
`
`
`
`
`
`
`
`
`
`
`one terminal for the same subscription to have at all times at
`
`
`
`
`
`
`
`
`
`
`
`
`least one terminal providing various “passive reception”
`
`
`
`
`
`
`
`functions (answering machine type operation), such as
`
`
`
`
`
`
`
`
`incoming call storage.
`
`
`
`SUMMARY OF THE INVENTION
`
`
`
`
`These various objectives, and others that will emerge
`
`
`
`
`
`
`
`
`hereinafter, are achieved in accordance with the invention by
`
`
`
`
`
`
`
`
`
`a method of making the use of a terminal of a cellular mobile
`
`
`
`
`
`
`
`
`
`
`
`radio system more secure, said terminal being of the type
`
`
`
`
`
`
`
`
`
`
`adapted to cooperate with a user card and being able to
`
`
`
`
`
`
`
`
`
`
`
`operate in at least two separate operating modes, namely a
`
`
`
`
`
`
`
`
`
`
`normal mode in which it can be used with any user card and
`
`
`
`
`
`
`
`
`
`
`
`
`
`a locked mode in which it can be used only with the user
`
`
`
`
`
`
`
`
`
`
`
`
`
`card to which it is locked, constituting a linked user card,
`
`
`
`
`
`
`
`
`
`
`
`wherein first locking data is stored in a memory area of
`
`
`
`
`
`
`
`
`
`
`said linked user card,
`
`
`
`
`and, in said locked mode, the method includes a phase of
`
`
`
`
`
`
`
`
`
`
`authentication by said terminal of the user card with which
`
`
`
`
`
`
`
`
`
`
`it is cooperating, said authentication phase including the
`
`
`
`
`
`
`
`
`following steps:
`
`
`second locking data is calculated in said terminal from
`
`
`
`
`
`
`
`
`
`said intermediate data read in a memory area accessible to
`
`
`
`
`
`
`
`
`
`
`said terminal using a calculation function specific to said
`
`
`
`
`
`
`
`
`
`terminal, and
`
`
`
`
`
`Lil
`
`
`
`10
`
`
`
`
`
`20
`
`
`
`tom
`
`
`
`
`
`mm
`
`
`
`40
`
`
`
`
`
`50
`
`
`
`55
`
`
`
`60
`
`
`
`
`
`8of13
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`4
`
`said first and second locking data is compared in said
`
`
`
`
`
`
`
`
`
`terminal and use of said terminal is authorized only in the
`
`
`
`
`
`
`
`
`
`
`event of equality, that is to say if said user card with which
`
`
`
`
`
`
`
`
`
`
`
`
`said terminal is cooperating is authenticated as said linked
`
`
`
`
`
`
`
`
`user card.
`
`
`The general principle of the invention is to establish a link
`
`
`
`
`
`
`
`
`
`between a terminal and a user card by storing locking data
`
`
`
`
`
`
`
`
`
`
`on the user card (called the linked user card). This principle
`
`
`
`
`
`
`
`
`
`
`is fundamentally different from that proposed in the previ-
`
`
`
`
`
`
`
`
`ously mentioned patent US. Pat. No. 4,868,846. Although
`
`
`
`
`
`
`
`the prior art principle also establishes a link between the
`
`
`
`
`
`
`
`
`
`terminal and a user card, it is based on storing locking data
`
`
`
`
`
`
`
`
`
`
`
`in the terminal (and not on the linked user card).
`
`
`
`
`
`
`
`
`
`
`In this way the method of the invention enables operation
`
`
`
`
`
`
`
`
`
`in locked mode in which the terminal can be used only with
`
`
`
`
`
`
`
`
`
`
`
`the linked user card.
`
`
`
`
`Moreover, it totally eliminates all risks of unauthorized
`
`
`
`
`
`
`
`
`use of the terminal. It is therefore free of the vulnerability of
`
`
`
`
`
`
`
`
`
`
`
`the prior art method. The terminal/user card link is
`
`
`
`
`
`
`
`
`
`dependent, firstly, on first data stored on the linked user card
`
`
`
`
`
`
`
`
`
`
`
`and, secondly, on a calculation function specific to the
`
`
`
`
`
`
`
`
`
`terminal. Under no circumstances can an unauthorized user
`
`
`
`
`
`
`
`
`discover this calculation function as it is not accessible in
`
`
`
`
`
`
`
`
`
`
`read mode. Moreover, unless the linked user card is stolen
`
`
`
`
`
`
`
`
`
`
`with the terminal, the unauthorized user does not know the
`
`
`
`
`
`
`
`
`
`
`first data stored either. Consequently, the unauthorized user
`
`
`
`
`
`
`
`
`cannot modify a user card in their possession so that the
`
`
`
`
`
`
`
`
`
`
`
`terminal sees the latter as the user card to which it is linked.
`
`
`
`
`
`
`
`
`
`
`
`
`
`It is clear that, in the manner that is known in itself, if the
`
`
`
`
`
`
`
`
`
`
`
`
`
`linked user card is stolen with the terminal the subscriber can
`
`
`
`
`
`
`
`
`
`
`
`advise the network operator or manager so that use of their
`
`
`
`
`
`
`
`
`
`
`
`user card can be barred at system level.
`
`
`
`
`
`
`
`
`The method of the invention offers operation in locked
`
`
`
`
`
`
`
`
`
`mode that is sufficiently secure for the user not to need to
`
`
`
`
`
`
`
`
`
`
`
`
`enter their PIN code again each time that they insert their
`
`
`
`
`
`
`
`
`
`
`
`user card into the terminal or each time that they switch it on.
`
`
`
`
`
`
`
`
`
`
`
`
`
`Said authentication phase is advantageously effected:
`
`
`
`
`
`
`each time the terminal is switched on, and/or
`
`
`
`
`
`
`
`
`each time the user card cooperating with the terminal is
`
`
`
`
`
`
`
`
`
`changed.
`
`The authentication phase can advantageously be repeated
`
`
`
`
`
`
`in accordance with a predetermined strategy, for example at
`
`
`
`
`
`
`
`predetermined time intervals, regular or otherwise.
`
`
`
`
`
`
`Said calculation function specific to the terminal is pref—
`
`
`
`
`
`
`
`
`erably an encryption function using a predetermined algo—
`
`
`
`
`
`
`
`rithm and said first and second locking data are preferably
`
`
`
`
`
`
`
`
`
`encrypted using this encryption function.
`
`
`
`
`
`This makes the use of the terminal even more secure.
`
`
`
`
`
`
`
`
`
`
`In a first preferred embodiment of the invention, the step
`
`
`
`
`
`
`
`
`
`
`of storing first locking data in a memory area of the linked
`
`
`
`
`
`
`
`
`
`
`
`
`user card is effected during preliminary personalization of
`
`
`
`
`
`
`
`
`said linked user card.
`
`
`
`
`This preliminary personalization is carried out during
`
`
`
`
`
`
`fabrication of the user card, for example, during commis-
`
`
`
`
`
`
`
`
`sioning of the user card (by the manufacturer, operator or
`
`
`
`
`
`
`
`
`
`
`distributor) or during the putting together of a personalized
`
`
`
`
`
`
`
`
`system comprising the terminal and its user card. In other
`
`
`
`
`
`
`
`
`
`
`words, the user card is personalized either in the factory or
`
`
`
`
`
`
`
`
`
`
`
`by a distributor. In so far as its operation in locked mode is
`
`
`
`
`
`
`
`
`
`
`
`
`concerned, the user card is therefore linked to a particular
`
`
`
`
`
`
`
`
`
`
`terminal as soon as it is personalized, this terminal being the
`
`
`
`
`
`
`
`
`
`
`
`one whose specific calculation function calculates, from
`
`
`
`
`
`
`
`intermediate data, second locking data identical to the first
`
`
`
`
`
`
`
`
`
`locking data stored on the linked user card. In other words,
`
`
`
`
`
`
`
`
`
`
`
`the user card can be locked only to this particular terminal.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`8 of 13
`
`

`

`5,913,175
`
`
`
`5
`
`In a second preferred embodiment of the invention, the
`
`
`
`
`
`
`
`
`
`step of storing first locking data in a memory area of the
`
`
`
`
`
`
`
`
`
`
`
`
`linked user card is effected on each change from the normal
`
`
`
`
`
`
`
`
`
`
`
`mode to the locked mode, new first data to be stored being
`
`
`
`
`
`
`
`
`
`
`
`
`calculated in the terminal from said intermediate data by
`
`
`
`
`
`
`
`
`
`said calculation function specific to said terminal.
`
`
`
`
`
`
`
`In this case,
`the user card is not linked to a terminal
`
`
`
`
`
`
`
`
`
`
`
`
`beforehand and can therefore be locked to any terminal. It is
`
`
`
`
`
`
`
`
`
`
`
`only on changing from the normal mode to the locked mode
`
`
`
`
`
`
`
`
`
`
`
`that the link with the terminal is created (so that the terminal
`
`
`
`
`
`
`
`
`
`
`
`
`is that with which the user card is cooperating).
`
`
`
`
`
`
`
`
`
`On each change from the locked mode to the normal
`
`
`
`
`
`
`
`
`
`
`mode, the content of the memory area of the previously
`
`
`
`
`
`
`
`
`
`
`linked user card in which the first locking data is stored is
`
`
`
`
`
`
`
`
`
`
`
`
`advantageously modified, at
`least
`in part,
`to delete the
`
`
`
`
`
`
`
`
`
`authentication link between the terminal and the previously
`
`
`
`
`
`
`
`
`linked user card.
`
`
`
`This makes it certain that before the next change to the
`
`
`
`
`
`
`
`
`
`
`
`locked mode there is no user card linked to the terminal. In
`
`
`
`
`
`
`
`
`
`
`
`
`other words,
`in normal mode no user card holds in its
`
`
`
`
`
`
`
`
`
`
`
`memory any trace of an earlier link with the terminal, and
`
`
`
`
`
`
`
`
`
`
`
`this applies even to the user card that was previously locked
`
`
`
`
`
`
`
`
`
`
`
`to the terminal.
`
`
`
`In said locked mode, the terminal can advantageously be
`
`
`
`
`
`
`
`
`
`used with at least one other user card, referred hereinafter as
`
`
`
`
`
`
`
`
`
`
`
`the other linked user card, in a multi-user session starting
`
`
`
`
`
`
`
`
`
`
`after a multi-user code has been transmitted to the terminal
`
`
`
`
`
`
`
`
`
`
`and ending either when said other linked user card is no
`
`
`
`
`
`
`
`
`
`
`
`longer cooperating with the terminal or when the terminal is
`
`
`
`
`
`
`
`
`
`
`switched off and then switched on again.
`
`
`
`
`
`
`
`In this case, the terminal operates in the locked mode with
`
`
`
`
`
`
`
`
`
`
`
`either of the two linked user cards. When the multi-user
`
`
`
`
`
`
`
`
`
`
`session allowing the use of a second linked user card
`
`
`
`
`
`
`
`
`
`
`terminates,
`the system reverts to the link between the
`
`
`
`
`
`
`
`
`
`terminal and the first linked user card. The linked user card
`
`
`
`
`
`
`
`
`
`
`
`with which the terminal cooperates can therefore be replaced
`
`
`
`
`
`
`
`
`
`by another user card without it being necessary to go through
`
`
`
`
`
`
`
`
`
`
`
`the normal mode. Consequently,
`the use of the terminal
`
`
`
`
`
`
`
`
`
`remains totally secure, even if there are two linked user
`
`
`
`
`
`
`
`
`
`
`cards, rather than only one.
`
`
`
`
`
`Said intermediate data is preferably stored in a memory
`
`
`
`
`
`
`
`
`area of the terminal.
`
`
`
`
`In a first preferred embodiment, said intermediate data is
`
`
`
`
`
`
`
`
`
`stored in a memory area of a user card with which the
`
`
`
`
`
`
`
`
`
`
`
`
`terminal cooperates.
`
`
`that combines the
`In a second preferred embodiment
`
`
`
`
`
`
`
`
`previous two solutions, part of said intermediate data is
`
`
`
`
`
`
`
`
`
`stored in a memory area of the terminal and the remainder
`
`
`
`
`
`
`
`
`
`
`
`in a memory area of the user card with which the terminal
`
`
`
`
`
`
`
`
`
`
`
`
`cooperates.
`
`The step of storing the intermediate data is advanta-
`
`
`
`
`
`
`
`
`geously effected:
`
`
`during manufacture of the terminal, in the case of inter-
`
`
`
`
`
`
`
`
`
`mediate data stored in a memory area of the terminal, and
`
`
`
`
`
`
`
`
`
`
`
`during manufacture of the user card,
`in the case of
`
`
`
`
`
`
`
`
`
`
`intermediate data stored in a memory area of the user card.
`
`
`
`
`
`
`
`
`
`
`
`Changing the terminal from the normal mode to the
`
`
`
`
`
`
`
`
`
`locked mode preferably requires the transmission to the
`
`
`
`
`
`
`
`
`terminal of a predetermined locking/unlocking code and
`
`
`
`
`
`
`
`changing the terminal from the locked mode to the normal
`
`
`
`
`
`
`
`
`
`
`mode requires the transmission to the terminal of said
`
`
`
`
`
`
`
`
`
`locking/unlocking code.
`
`
`This makes use of the terminal even more secure.
`
`
`
`
`
`
`
`
`
`Said locking/unlocking code is advantageously entered by
`
`
`
`
`
`
`
`a user of the terminal through a keypad connected to the
`
`
`
`
`
`
`
`
`
`
`
`terminal.
`
`
`
`
`Ul
`
`
`
`10
`
`
`
`
`
`20
`
`
`
`tom
`
`
`
`mm
`
`40
`
`
`
`
`
`
`
`
`
`50
`
`
`55
`
`
`
`60
`
`
`
`
`
`90f13
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`6
`In one advantageous embodiment of the invention, in said
`
`
`
`
`
`
`
`
`locked mode, the method further comprises:
`
`
`
`
`
`
`a step of blocking of the terminal during which the content
`
`
`
`
`
`
`
`
`
`
`
`of the memory area of the linked user card in which said first
`
`
`
`
`
`
`
`
`
`
`
`
`
`locking data is stored is at least partially modified to render
`
`
`
`
`
`
`
`
`
`
`
`the terminal unusable even if the user card with which it is
`
`
`
`
`
`
`
`
`
`
`
`
`cooperating is the linked user card, and
`
`
`
`
`
`
`
`a step of unblocking the terminal during which said first
`
`
`
`
`
`
`
`
`
`
`locking data is rewritten into the memory area of the linked
`
`
`
`
`
`
`
`
`
`
`
`user card to render the terminal usable again if the user card
`
`
`
`
`
`
`
`
`
`
`
`
`with which it is cooperating is the linked user card.
`
`
`
`
`
`
`
`
`
`
`Accordingly, when it is in the locked mode, the terminal
`
`
`
`
`
`
`
`
`
`can be rendered unusable (complete blocking preventing
`
`
`
`
`
`
`
`unauthorized use) without being switched off.
`In this
`
`
`
`
`
`
`
`“switched on but blocked" condition,
`the terminal can
`
`
`
`
`
`
`
`implement various “passive reception” functions (answering
`
`
`
`
`
`machine type operation), such as storing incoming calls.
`
`
`
`
`
`
`
`
`Said blocking step is preferably effected when a blocking
`
`
`
`
`
`
`
`
`command is transmitted to the terminal and said unblocking
`
`
`
`
`
`
`
`
`step is preferably effected when an unblocking command is
`
`
`
`
`
`
`
`
`transmitted to the terminal.
`
`
`
`
`Accordingly, the method of the invention enables local or
`
`
`
`
`
`
`
`
`remote blocking (total barring of operation) or unblocking
`
`
`
`
`
`
`
`(authorization of operation in locked mode) of the terminal.
`
`
`
`
`
`
`
`
`
`Said blocking and unblocking commands are advanta-
`
`
`
`
`
`
`geously ignored by the terminal unless they are accompa-
`
`
`
`
`
`
`
`
`nied by a predetermined blocking/unblocking code.
`
`
`
`
`
`
`This makes use of the terminal even more secure.
`
`
`
`
`
`
`
`
`
`Said blocldng and unblocking commands are preferably
`
`
`
`
`
`
`transmitted to the terminal by means of a Short Messages
`
`
`
`
`
`
`
`
`Service.
`
`In a preferred embodiment, said blocking and unblocking
`
`
`
`
`
`
`commands are transmitted to the terminal using a Data
`
`
`
`
`
`
`
`
`Transmission Service.
`
`
`In a preferred embodiment of the invention, said blocking
`
`
`
`
`
`
`
`and unblocking commands are transmitted to said terminal,
`
`
`
`
`
`
`
`constituting a first terminal, from another terminal, consti-
`
`
`
`
`
`
`
`tuting a second terminal, and the user card with which said
`
`
`
`
`
`
`
`
`
`
`second terminal cooperates and the user card with which
`
`
`
`
`
`
`
`
`said first terminal cooperates correspond to the same sub—
`
`
`
`
`
`
`
`
`scription.
`
`Accordingly, the method of the invention enables a sub—
`
`
`
`
`
`
`
`
`scriber having more than one terminal for the same sub—
`
`
`
`
`
`
`
`
`
`scription to have at all times at least one terminal provide an
`
`
`
`
`
`
`
`
`
`
`
`
`answering machine type service (for example to store
`
`
`
`
`
`
`
`
`incoming calls).
`
`
`The invention also concerns a terminal and a user card for
`
`
`
`
`
`
`
`
`
`implementing the method as explained hereinabove.
`
`
`
`
`
`
`The terminal of the invention includes means for making
`
`
`
`
`
`
`
`
`its use more secure including:
`
`
`
`
`
`first means for reading first locking data in a memory area
`
`
`
`
`
`
`
`
`
`of said linked user card;
`
`
`
`
`
`second means for reading intermediate data in a memory
`
`
`
`
`
`
`
`
`area accessible to said terminal;
`
`
`
`
`
`means for calculating second locking data from said
`
`
`
`
`
`
`
`
`intermediate data using a calculation function specific to
`
`
`
`
`
`
`
`
`said terminal;
`
`
`means for comparing said first and second locking data;
`
`
`
`
`
`
`
`
`and
`
`selective authorization means allowing use of said termi-
`
`
`
`
`
`
`
`nal only in the case of equality, that is to say if the user card
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`with which the terminal is cooperating is authenticated as
`
`
`
`
`
`
`
`
`the linked user card.
`
`
`
`
`The user card of the invention includes a memory area to
`
`
`
`
`
`
`
`
`
`
`receive first locking data.
`
`
`
`
`
`9 of 13
`
`

`

`5,913,175
`
`
`
`7
`
`Other
`features and advantages of the invention will
`
`
`
`
`
`
`
`
`emerge from a reading