`
`
`
`
`USO005913175A
`
`
`5,913,175
`115
`[11] Patent Number:
`United States Patent
`
`
`
`
`
`
`
`
`
`
`
`[45] Date of Patent:
`Jun. 15, 1999
`Pinault
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`FOREIGN PATENT DOCUMENTS
`[54] METHOD OF MAKING THE USE OF A
`
`
`
`
`TERMINAL OF A CELLULAR MOBILE
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`RADIO SYSTEM MORESECURE, AND 03 01 740 A2=2/1989 European Pat. Off. .
`
`
`
`
`
`
`
`
`
`CORRESPONDING TERMINAL AND USER
`OTHER PUBLICATIONS
`
`
`CARD
`
`
`[75]
`
`
`
`
`
`
`
`Inventor: Francis Pinault, Bois Colombes,
`
`France
`
`
`
`
`
`
`[73] Assignee: Alcatel Mobile Phones, Paris, France
`
`
`
`
`
`
`J. K. Omura, “A computer dial access system based on
`
`
`
`
`
`
`
`
`
`
`public-key techniques”, EEK Communications Magazine,
`
`
`
`
`
`Jul. 1987, vol. 25, No. 7, Jul. 1987, ISSN 0163-6804, pp.
`
`
`
`
`
`
`
`
`
`
`
`73-79.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`21 Claims, 5 Drawing Sheets
`
`
`
`Primary Examiner—Dwayne D. Bost
`
`
`
`
`
`
`
`
`Assistant Examiner—Jean A. Gelin
`[21] Appl. No.: 08/777,734
`
`
`
`
`
`
`
`Attorney, Agent, or Firm—Sughme, Mion, Zinn, Macpeak
`> 4.
`
`
`
`
`& Seas, PLLC
`[22]
`Filed:
`Dec. 20, 1996
`
`
`
`
`
`
`
`
`
`ABSTRACT
`[57]
`[30]
`Foreign Application Priority Data
`
`
`Aterminalof a cellular mobile radio system cooperates with
`Brameween 95 15283
`Dec. 21, 1995
`[ER]
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`a user card and is able to operate in at least two separate
`[SD] Unt, Cho ccc ccccsseeccssssessesecssneseeessanees H04Q 7/32
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
` [58] Field of Search oo... 455/410, 411,
`
`
`
`
`
`
`
`
`
`
`
`operating modes, namely a normal mode in which it can be
`[52] U.S. CL......
`455/558; 455/410; 455/411
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`used with any user card and a locked mode in whichit can
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`be used only with the user card to which it is locked, the
`455/557, 558; 379/114, 143, 357; 235/380,
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`latter constituting a linked user card. To make use of the
`389: 380/21.
`28. 30. 23.3
`
`
`
`
`
`
`, eee terminal more secure,
`first
`locking data is stored in a
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`memoryarea of the linkeduser cardand, in the locked mode,
`References Cited
`
`
`the methodincludes a phase of authentication by the termi-
`
`
`
`
`
`
`
`
`
`nal of the user card with which it is cooperating. In the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`authentication phase second locking data is calculated in the
`terminal from the intermediate data read in a memoryarea
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`accessible to the terminal using a calculation function spe-
`cific to the terminal, and the first and second locking data is
`
`
`
`
`
`
`
`
`
`
`
`compared in the terminal and use of the terminal is autho-
`
`
`
`
`
`
`
`
`
`
`rized only in the event of equality, that is to say if the user
`
`
`
`
`
`
`
`
`
`
`
`
`
`card with which the terminal is cooperating is authenticated
`
`
`
`
`
`
`
`
`as the linked user card
`
`
`
`
`
`.
`
`
`
`
`
`
`
`[56]
`
`
`
`
`
`
`U.S. PATENT DOCUMENTS
`4,736,419
`4/1983 ROE seecescscscsssssssssccsssssssssssessesssees 380/23
`
`
`
`
`
`
`5,390,252
`2/1995 Suzuki etal.
`. AS5/41L
`
`
`
`
`
`
`
`
`5,444,764
`8/1995 Galecki
`.......
`.. 455/558
`
`
`
`
`
`5,600,708
`2/1997 Mecheetal.
`455/411
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`5,604,787
`2/1997 Kotzin etal. ...
`» 455/558
`
`
`
`
`
`5,617,470
`4/1997 Depasquale....
`- 379/114
`
`
`
`
`
`
`
`.
`5,661,806
`8/1997 Nevoux et al.
`380/25
`
`
`
`
`
`
`
`5,675,607 10/1997 Alesio et al.
`...
`379/114
`4/1998 Gallantetal.
`5,742,910
`455/558
`
`
`
`
`
`
`
`. 455/407
`5/1998 Loder......
`5,748,720
`
`
`
`
`
`6/1998 Mooney et al. oe 455/558
`5,761,624
`
`
`
`
`
`
`
`
`
`
`
`1 of 13
`
`SAMSUNG EXHIBIT 1007
`
`1 of 13
`
`SAMSUNG EXHIBIT 1007
`
`
`
`wre em mw we ewe ew we ne em eh me ww we = eee ee ee ee eee me meer ewe emer rere rer reren
`
`CALCULATE D2=A(DI)
`
`U.S. Patent
`
`Jun.15, 1999
`
`Sheet 1 of 5
`
`5,913,175
`
`wwe ee em ewe ee ee ee een
`aa
`meeeeeweeeeeeewweeeSEEweeeee
`
`MANUFACTURE
`
`NORMAL MODE
`
`LOCKED MODE
`
`
`
`AUTHENTICATE LINK
`
`
`
`
`Fig. 5
`
`2 of 13
`
`
`
`U.S. Patent
`
`Jun.15, 1999
`
`Sheet 2 of 5
`
`5,913,175
`
`Fig. 2B
`
`Fig. 2A
`
`Fig. 3A
`
`Fig. 3B
`
`()
`
`
`TERMINAL
`
`@)
`
`
`T TERMINAL
`
`Fig. 4A
` Fig. 4B
`
`3 of 13
`
`
`
`U.S. Patent
`
`Jun, 15, 1999
`
`Sheet 3 of 5
`
`5,913,175
`
`NORMAL MODE
`
`LOCKING CODE P}
`
`YES
`
`CREATE LINK
`
`AUTHENTICATE LINK
`
`LOCKED MODE
`
`BLOCK TERMINAL
`
`UNBLOCK TERMINAL.
`
`61
`
`10
`
`62
`
`ELIMINATE
`PREVIOUS LINK
`
`65
`
`66
`
`t Y
`
`ES
`
`64
`
`Fig. 6
`
`4 of 13
`
`
`
`U.S. Patent
`
`Jun.15, 1999
`
`Sheet 4 of 5
`
`5,913,175
`
`Fig. 7
`
`
`
`
` eeeree)
`
`
`pert tren rer wee we Teen ewwwnewer 1
`
`BLOCKING COMMAND?
`
`YES
`
`82
`
`a4
`
`ee BLOCKINGCODE?
`
`YES
`
`MODIFY DI INCARD MEMORY
`
`/
`
`65
`
`83
`
`Fig. 8
`
`pececeeennnennneefovo-sossoseaseasosecsocasesoccateceatanes
`UNBLOCKING COMMAND ?
`YES
`92
`
`ee UNBLOCKING CODE ?
`
`YES
`
`93
`
`
`
`
`
`Fig. 9
`
`91
`
`/
`
`66
`
`5 of 13
`
`
`
`U.S. Patent
`
`Jun. 15, 1999
`
`Sheet 5 of 5
`
`5,913,175
`
`T1 FIRST TERMINAL
`
`T2 SECOND TERMINAL
`
`CARD
`
`USER
`
`TERMINAL
`
`ISECURTY
`‘ENHANCER
`
`Fig. 11
`
`111
`
`6 of 13
`
`
`
`5,913,175
`
`
`
`
`
`
`
`
`1
`METHOD OF MAKING THE USE OFA
`
`
`
`
`
`
`
`TERMINAL OF A CELLULAR MOBILE
`
`
`
`
`
`RADIO SYSTEM MORE SECURE, AND
`
`
`
`
`
`CORRESPONDING TERMINAL AND USER
`
`
`
`CARD
`
`BACKGROUND OF THE INVENTION
`
`
`
`1. Field of the Invention
`
`
`
`
`
`The field of the invention is that of cellular mobile radio
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`systems with terminals (also called mobile stations). In the
`ficld of cellular mobile radio, European standards include
`
`
`
`
`
`
`
`
`the GSM (Global System for Mobile communications)
`
`
`
`
`
`
`
`standard, covering public mobile radio systems operating in
`
`
`
`
`
`
`
`
`the 900 MHz band.
`
`
`
`
`To be more precise, the invention concerns a method of
`
`
`
`
`
`
`
`
`
`
`making the use of a terminal of a cellular mobile radio
`
`
`
`
`
`
`
`
`
`
`
`system more secure. The method of the invention can be
`
`
`
`
`
`
`
`
`
`
`uscd in a GSM system,butis not exclusive to that system.
`
`
`
`
`
`
`
`
`
`
`
`
`2. Description of the Prior Art
`
`
`
`
`
`
`A cellular mobile radio system is implemented within a
`
`
`
`
`
`
`
`
`
`network of geographical cells through which the mobile
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`stations (or terminals) travel. A base station is associated
`with each cell and a mobile station communicates through
`
`
`
`
`
`
`
`
`
`the base station of the cell in whichit is located.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`The expression mobile station or terminal (both of which
`are used interchangeably in this description) refer to the
`
`
`
`
`
`
`
`
`
`physical equipment employed by the user of the network to
`
`
`
`
`
`
`
`
`
`
`access the telecommunication services offered. There are
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`various types of terminals, such as vehicle-mounted, por-
`
`
`
`
`table and hand-portable terminals.
`they generally have to
`When a user uses a terminal,
`
`
`
`
`
`
`
`
`
`
`connect a user card that they retain in orderfor the latter to
`
`
`
`
`
`
`
`
`
`
`
`
`
`communicate their subscriber numberto the terminal. In the
`
`
`
`
`
`
`
`
`
`case of the GSM system, the user card that the user must
`
`
`
`
`
`
`
`
`
`
`
`
`connect to the terminal is a removable memory card called
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`the Subscriber Identity Module (SIM), which communicates
`to the terminal the user’s International Mobile Subscriber
`
`
`
`
`
`
`
`
`
`
`
`Identity (MSI) oumber.
`In other words, all of the personalized information con-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`cerning the subscriber is stored on the user card (or SIM
`
`
`
`
`
`
`
`
`
`
`
`card), Thus, in the general case, any terminal can be used
`with any user card.
`
`
`
`
`An authentication mechanism prevents unauthorized use
`
`
`
`
`
`
`of the identity of a network subscriber.
`It must not be
`
`
`
`
`
`
`
`
`
`
`
`possible for a person knowing onlythe identity (or IMSDof
`
`
`
`
`
`
`
`
`
`
`
`a subscriber to pass themselves off as that subscriber to the
`
`
`
`
`
`
`
`
`
`
`
`network. To this end, the user card also contains an indi-
`
`
`
`
`
`
`
`
`
`
`vidual authentication key and an authentication algorithm.
`
`
`
`
`
`
`
`After the subscriber has identified himself or herself,
`the
`
`
`
`
`
`
`
`
`
`network can therefore check their identity and break off the
`
`
`
`
`
`
`
`
`
`
`procedure if the authentication procedure fails.
`
`
`
`
`
`
`Subscribers may inform the network operator or manager
`
`
`
`
`
`
`
`that their card has been lost or stolen. This means that any
`
`
`
`
`
`
`
`
`
`
`
`attempt bya third party to use their user card can be detected
`
`
`
`
`
`
`
`
`
`
`
`and barred at system level.
`
`
`
`
`
`The operator often offers an additional degree of protec-
`
`
`
`
`
`
`
`
`tion of the user card. For this, a Personal Identity Number
`
`
`
`
`
`
`
`
`
`
`
`
`(PIN) is stored on the user card. Subscribers are asked to
`
`
`
`
`
`
`
`
`
`
`enter their PIN code on the keypadofthe terminal each time
`
`
`
`
`
`
`
`
`
`
`
`
`the card is inserted into the terminal or each time that the
`
`
`
`
`
`
`
`
`
`
`
`
`terminal is switched on. This prevents anyone using a lost or
`
`
`
`
`
`
`
`
`
`
`stolen user card if they do not know the PIN code associated
`
`
`
`
`
`
`
`
`
`
`
`
`with that user card.
`
`
`
`
`Although in the early days of cellular mobile radio
`
`
`
`
`
`
`
`
`
`systems various means of protecting user cards against
`
`
`
`
`
`
`
`
`
`
`
`
`
`wn
`
`
`
`
`
`
`
`20
`
`
`
`
`
`
`
`as)m
`
`
`
`40
`
`
`
`
`
`
`
`
`
`
`
`
`
`7 of 13
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`2
`unauthorized use were proposed, as explained above, the
`
`
`
`
`
`
`
`
`same cannotbe said in respect to protection of the terminals.
`
`
`
`
`
`
`
`
`
`
`
`First generation terminals do not have any particular pro-
`
`
`
`
`
`
`
`
`tection against unauthorized use. Consequently, a lost or
`
`
`
`
`
`
`
`stolen terminal can be used by anyone holding a valid user
`
`
`
`
`
`
`
`
`
`
`card. The network verifies the validity of the user card but
`
`
`
`
`
`
`
`
`
`
`notthat of the terminal. In protection terms, the terminal can
`
`
`
`
`
`
`
`
`
`
`therefore be classified as “passive”.
`
`
`
`
`
`Each terminal of a cellular mobile radio system is a costly
`
`
`
`
`
`
`
`
`device, whether the cost is met by the subscriber or by the
`
`
`
`
`
`
`
`
`
`
`
`operator. There is therefore an obvious benefit in attempting
`
`
`
`
`
`
`
`
`to make its use more secure, in particular in the event of loss
`
`
`
`
`
`
`
`
`
`
`
`
`of theft.
`
`
`Making the use of a terminal more secure generally
`
`
`
`
`
`
`
`
`
`consists in proposing, in addition to the normal operating
`
`
`
`
`
`
`
`
`
`mode, a so-called locked mode in which the terminal can be
`
`
`
`
`
`
`
`
`
`
`
`used only with a user card with which it is “locked”, called
`
`
`
`
`
`
`
`
`
`
`
`
`the linked user card. In other words, a link is established
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`between the terminal and a particular user card (the linked
`
`
`user card).
`One technique for implementing a locked modeofthis
`
`
`
`
`
`
`
`
`
`kind is described in patent U.S. Pat. No. 4,868,846, assigned
`
`
`
`
`
`
`
`
`
`
`to NOKIA MOBILE PHONESLTD. The method described
`
`
`
`
`
`
`
`
`in the above patent includes a phase of creating a terminal/
`
`
`
`
`
`
`
`
`
`
`
`usercard link and a phase of verifying the terminal/user card
`
`
`
`
`
`
`
`
`
`
`link.
`
`In the link creation phase, the terminal reads the user
`
`
`
`
`
`
`
`
`
`identification data stored on the user card andstoresit in its
`
`
`
`
`
`
`
`
`
`
`
`memory.
`
`During the link verification phase the terminal reads the
`
`
`
`
`
`
`
`
`
`user identification data stored on the user card with whichit
`
`
`
`
`
`
`
`
`
`
`
`is cooperating and comparesit with that stored in its memory
`
`
`
`
`
`
`
`
`
`
`
`during the link creation phase, authorizing operation of the
`
`
`
`
`
`
`
`
`
`terminal or not according to whether the data read and that
`
`
`
`
`
`
`
`
`
`
`
`stored are identical or not.
`
`
`
`
`
`This prior art technique therefore prevents a terminal
`
`
`
`
`
`
`
`
`being used with a user card other than that with which it has
`
`
`
`
`
`
`
`
`
`
`
`
`been locked. This prevents unauthorized use of a terminal
`
`
`
`
`
`
`
`
`
`lost or stolen without its linked user card. This contributes to
`
`
`
`
`
`
`
`
`
`
`
`reducing the number of terminal thefts.
`
`
`
`
`
`
`Note that even if the terminal is lost or stolen with its
`
`
`
`
`
`
`
`
`
`
`
`
`linked user card, it can be used only with the latter. As
`
`
`
`
`
`
`
`
`
`
`
`
`already explained, the subscriber can tell the operator that
`
`
`
`
`
`
`
`
`
`their user card has beenlost or stolen, so that its use can be
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`barred at system level. Stealing the terminal is therefore of
`
`
`
`
`
`
`
`
`
`
`no benefit in this case either.
`
`
`
`
`
`
`This prior art technique of making the use of a terminal
`
`
`
`
`
`
`
`
`
`
`more secure nevertheless has at least two major drawbacks.
`
`
`
`
`
`
`
`
`
`Tirstly, it does not totally eliminate all risks of unautho-
`
`
`
`
`
`
`
`
`
`rized use of the terminal. The terminal/usercard link is based
`
`
`
`
`
`
`
`
`
`
`
`on the storage in the memory of the terminal of the user
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`identification data (read by the terminal from the user card
`
`
`
`
`
`
`
`
`
`
`
`during the link creation phase). There is nothing to stop a
`person directly modifying the content of the terminal
`
`
`
`
`
`
`
`
`memory in order to modify the existing locking link. In this
`
`
`
`
`
`
`
`
`
`
`
`the identification data of the linked user card is
`case,
`
`
`
`
`
`
`
`
`
`
`replaced in the terminal memory with new identification
`
`
`
`
`
`
`
`
`data from anotherusercard. In this way, althoughit is in the
`
`
`
`
`
`
`
`
`
`
`
`
`
`locked mode, unauthorized use of the terminal is possible
`
`
`
`
`
`
`
`
`
`since il sees the other user card as that with which it is
`
`
`
`
`
`
`
`
`
`
`
`
`
`linked.
`
`Moreover, this prior art technique is generally combined
`
`
`
`
`
`
`
`with protection by requiring subscribers to enter their PIN
`
`
`
`
`
`
`
`
`code each time their user card is inserted into the terminal or
`
`
`
`
`
`
`
`
`
`
`
`each time the latter is switched on. Entering the PIN code
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`7 of 13
`
`
`
`5,913,175
`
`
`
`
`3
`can become a nuisanceif it has to be carried out many times
`
`
`
`
`
`
`
`
`
`
`
`a day. For this reason, some subscribers leave their terminal
`
`
`
`
`
`
`
`
`
`
`switched on in order to avoid having to enter their PIN code
`
`
`
`
`
`
`
`
`
`
`
`
`several times. Then, even if the locked mode is selected,
`
`
`
`
`
`
`
`
`
`
`stealing the terminal whenit is switched on and cooperating
`
`
`
`
`
`
`
`
`
`
`with its linked user card enables a person to access the
`
`
`
`
`
`
`
`
`
`
`
`services of the network until this is barred at system level
`
`
`
`
`
`
`
`
`
`
`
`after the subscriber has reportedthe loss of theft of their user
`
`
`
`
`
`
`
`
`
`
`
`
`card. It must be remembered that, in respect of the use of
`
`
`
`
`
`
`
`
`
`
`
`
`stolen terminals, there is no barring procedure at system
`
`
`
`
`
`
`
`
`
`level equivalent to that which exists for stolen user cards.
`
`
`
`
`
`
`
`
`
`
`One objective of the invention is to overcome these
`
`
`
`
`
`
`
`
`drawbacks of the prior art.
`
`
`
`
`
`To be more precise, one objective of the present invention
`
`
`
`
`
`
`
`
`
`is to provide a method of makingthe use of a cellular mobile
`
`
`
`
`
`
`
`
`
`
`radio system terminal more secure that completely elimi-
`
`
`
`
`
`
`
`nates all risk of unauthorized use of the terminal.
`
`
`
`
`
`
`
`
`
`An additional objective of the invention is to provide a
`
`
`
`
`
`
`
`
`
`
`methodof the above kindthat does not require users to enter
`
`
`
`
`
`
`
`
`
`
`
`
`their PIN code each time they insert their user card into the
`
`
`
`
`
`
`
`
`
`
`
`
`terminal or each time they switch the latter on.
`
`
`
`
`
`
`
`
`
`A further object of the invention is to provide a method of
`
`
`
`
`
`
`
`
`
`
`
`
`the above kindthat offers not only the advantages offered by
`
`
`
`
`
`
`
`
`
`
`
`the prior art method described in patent U.S. Pat. No.
`
`
`
`
`
`
`
`
`
`
`4,868,846, referred to above, but has additional advantages
`
`
`
`
`
`
`
`
`that cannot be offered by the prior art method.
`
`
`
`
`
`
`
`
`
`In other words, one objective of the invention is to
`
`
`
`
`
`
`
`
`
`
`provide a method of the above kind which, like the prior art
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`method, allows operation in locked mode in which the ,
`terminal can be used only with a particular user card.
`
`
`
`
`
`
`
`
`
`
`A further objective of the invention is to provide a method
`
`
`
`
`
`
`
`
`
`of the above kind which allowsa terminal to be left switched
`
`
`
`
`
`
`
`
`
`
`on with its user card inside it but which nevertheless
`
`
`
`
`
`
`
`
`
`prevents unauthorized use of the terminal, which is not
`
`
`
`
`
`
`
`
`possible with the prior art method.
`
`
`
`
`
`
`A further objective of the inventionis to provide a method
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`of the above kind enabling local or remote blocking (total
`
`
`
`
`
`
`
`
`prohibition of operation) or unblocking (authorization of
`operation in locked mode) of a terminal.
`
`
`
`
`
`
`Another objective of the invention is to provide a method
`
`
`
`
`
`
`
`
`
`
`of the above kind enabling a subscriber having more than
`
`
`
`
`
`
`
`
`
`
`one terminalfor the same subscription to have atall times at
`
`
`
`
`
`
`
`
`
`
`
`
`least one terminal providing various “passive reception”
`
`
`
`
`
`
`
`functions (answering machine type operation), such as
`
`
`
`
`
`
`
`
`incoming call storage.
`
`
`
`SUMMARYOF THE INVENTION
`
`
`
`
`These various objectives, and others that will emerge
`
`
`
`
`
`
`
`
`hereinafter, are achieved in accordance with the invention by
`
`
`
`
`
`
`
`
`
`a method of making the use of a terminal of a cellular mobile
`
`
`
`
`
`
`
`
`
`
`
`radio system more secure, said terminal being of the type
`
`
`
`
`
`
`
`
`
`
`adapted to cooperate with a user card and being able to
`
`
`
`
`
`
`
`
`
`
`
`operate in at least two separate operating modes, namely a
`
`
`
`
`
`
`
`
`
`
`normal mode in whichit can be used with any user card and
`
`
`
`
`
`
`
`
`
`
`
`
`
`a locked mode in which it can be used only with the user
`
`
`
`
`
`
`
`
`
`
`
`
`
`card to which it is locked, constituting a linked user card,
`
`
`
`
`
`
`
`
`
`
`
`wherein first locking data is stored in a memoryarea of
`
`
`
`
`
`
`
`
`
`
`said linked user card,
`
`
`
`
`and, in said locked mode, the method includes a phase of
`
`
`
`
`
`
`
`
`
`
`authentication by said terminal of the user card with which
`
`
`
`
`
`
`
`
`
`
`it is cooperating, said authentication phase including the
`
`
`
`
`
`
`
`
`following steps:
`
`
`second locking data is calculated in said terminal from
`
`
`
`
`
`
`
`
`
`said intermediate data read in a memory area accessible to
`
`
`
`
`
`
`
`
`
`
`said terminal using a calculation function specific to said
`
`
`
`
`
`
`
`
`
`terminal, and
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`40
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`4
`said first aod second locking, data is compared in said
`
`
`
`
`
`
`
`
`
`terminal and use of said terminal is authorized only in the
`
`
`
`
`
`
`
`
`
`
`event of equality, that is to say if said user card with which
`
`
`
`
`
`
`
`
`
`
`
`
`said terminal is cooperating is authenticated as said linked
`
`
`
`
`
`
`
`
`user card.
`
`
`The general principle of the inventionis to establish a link
`
`
`
`
`
`
`
`
`
`between a terminal and a user card by storing locking data
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`on the user card(calledthe linkeduser card). This principle
`is fundamentally different from that proposedin the previ-
`
`
`
`
`
`
`
`
`ously mentioned patent U.S. Pat. No. 4,868,846. Although
`
`
`
`
`
`
`
`the prior art principle also establishes a link between the
`
`
`
`
`
`
`
`
`
`terminal and a usercard,it is based on storing locking data
`
`
`
`
`
`
`
`
`
`
`
`in the terminal (and not on the linked user card).
`
`
`
`
`
`
`
`
`
`
`In this way the method of the invention enables operation
`
`
`
`
`
`
`
`
`
`in locked mode in which the terminal can be used only with
`
`
`
`
`
`
`
`
`
`
`
`the linked user card.
`
`
`
`
`Moreover, it totally eliminates all risks of unauthorized
`
`
`
`
`
`
`
`
`use of the terminal. It is therefore free of the vulnerability of
`
`
`
`
`
`
`
`
`
`
`
`the prior art method. The terminal/user card link is
`
`
`
`
`
`
`
`
`
`dependent,firstly, on first data stored on the linked user card
`
`
`
`
`
`
`
`
`
`
`
`and, secondly, on a calculation function specific to the
`
`
`
`
`
`
`
`
`
`terminal. Under no circumstances can an unauthorized user
`
`
`
`
`
`
`
`
`discover this calculation function as it is not accessible in
`
`
`
`
`
`
`
`
`
`
`read mode. Moreover, unless the linked user card is stolen
`
`
`
`
`
`
`
`
`
`
`with the terminal, the unauthorizcd uscr docs not knowthe
`
`
`
`
`
`
`
`
`
`
`first data stored either. Consequently, the unauthorized user
`
`
`
`
`
`
`
`
`cannot modify a user card in their possession so that the
`
`
`
`
`
`
`
`
`
`
`
`terminalsees the latter as the user card to which it is linked.
`
`
`
`
`
`
`
`
`
`
`
`
`
`It is clear that, in the mannerthat is knowninitself, if the
`
`
`
`
`
`
`
`
`
`
`
`
`
`linked user card is stolen with the terminal the subscriber can
`
`
`
`
`
`
`
`
`
`
`
`advise the nctwork operator or manager so that usc of their
`
`
`
`
`
`
`
`
`
`
`
`uscr card can be barred at system level.
`
`
`
`
`
`
`
`
`The method of the invention offers operation in lacked
`
`
`
`
`
`
`
`
`
`mode that is sufficiently secure for the user not to need to
`
`
`
`
`
`
`
`
`
`
`
`
`enter their PIN code again each time that they insert their
`
`
`
`
`
`
`
`
`
`
`
`usercard into the terminalor each time that they switch it on.
`
`
`
`
`
`
`
`
`
`
`
`
`
`Said authentication phase is advantageously effected:
`
`
`
`
`
`
`each time the terminal is switched on, and/or
`
`
`
`
`
`
`
`
`each time the user card cooperating with the terminal is
`
`
`
`
`
`
`
`
`
`changed.
`
`The authentication phase can advantageouslybe repeated
`
`
`
`
`
`
`in accordance with a predeterminedstrategy, for example at
`
`
`
`
`
`
`
`predetermined time intervals, regular or otherwise.
`
`
`
`
`
`
`Said calculation function specific to the terminalis pref-
`
`
`
`
`
`
`
`
`erably an encryption function using a predetermined algo-
`
`
`
`
`
`
`
`rithm and said first and second locking data are preferably
`
`
`
`
`
`
`
`
`
`encrypted using this encryption function.
`
`
`
`
`
`‘This makes the use of the terminal even more secure.
`
`
`
`
`
`
`
`
`
`
`In a first preferred embodimentof the invention, the step
`
`
`
`
`
`
`
`
`
`
`of storing first locking data in a memoryarea of the linked
`
`
`
`
`
`
`
`
`
`
`
`
`user card is effected during preliminary personalization of
`
`
`
`
`
`
`
`
`said linked user card.
`
`
`
`
`This preliminary personalization is carried out during
`
`
`
`
`
`
`fabrication of the user card, for example, during, commis-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`sioning, of the user card (by the manufacturer, operator or
`distributor) or during the putting together of a personalized
`
`
`
`
`
`
`
`
`system comprising the terminal and its user card. In other
`
`
`
`
`
`
`
`
`
`
`words, the user card is personalized either in the factory or
`
`
`
`
`
`
`
`
`
`
`
`by a distributor. In so far as its operation in locked mode is
`
`
`
`
`
`
`
`
`
`
`
`
`concerned, the user card is therefore linked to a particular
`
`
`
`
`
`
`
`
`
`
`terminal as soonasit is personalized, this terminal being the
`
`
`
`
`
`
`
`
`
`
`
`one whose specific calculation function calculates, from
`
`
`
`
`
`
`
`intermediate data, second locking data identical to thefirst
`
`
`
`
`
`
`
`
`
`locking data stored on the linked user card. In other words,
`
`
`
`
`
`
`
`
`
`
`
`the user card can be locked only to this particular terminal.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`8 of 13
`
`8 of 13
`
`
`
`5,913,175
`
`
`
`
`5
`In a second preferred embodiment of the invention, the
`
`
`
`
`
`
`
`
`
`step of storing first locking data in a memory area of the
`
`
`
`
`
`
`
`
`
`
`
`
`linked user card is effected on each change from the normal
`
`
`
`
`
`
`
`
`
`
`
`mode to the locked mode, new first data to be stored being
`
`
`
`
`
`
`
`
`
`
`
`
`calculated in the terminal from said intermediate data by
`
`
`
`
`
`
`
`
`
`said calculation function specific to said terminal.
`
`
`
`
`
`
`
`In this case,
`the user card is not linked to a terminal
`
`
`
`
`
`
`
`
`
`
`
`
`beforchand and can therefore be locked to any terminal. It is
`
`
`
`
`
`
`
`
`
`
`
`only on changing from the norma! modeto the locked mode
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`that the link with the terminalis created (so that the terminal
`is that with which the user card is cooperating).
`
`
`
`
`
`
`
`
`
`On each change from the locked mode to the normal
`
`
`
`
`
`
`
`
`
`
`mode, the content of the memory area of the previously
`
`
`
`
`
`
`
`
`
`
`linked user card in which the first locking data is stored is
`
`
`
`
`
`
`
`
`
`
`
`
`advantageously modified, at
`least
`in part,
`to delete the
`
`
`
`
`
`
`
`
`
`authentication link between the terminal and the previously
`
`
`
`
`
`
`
`
`linked user card.
`
`
`
`This makes it certain that before the next change to the
`
`
`
`
`
`
`
`
`
`
`
`locked mode there is no user card linked to the terminal. In
`
`
`
`
`
`
`
`
`
`
`
`
`other words,
`in normal mode no user card holds in its
`
`
`
`
`
`
`
`
`
`
`
`memory any trace of an earlier link with the terminal, and
`
`
`
`
`
`
`
`
`
`
`
`this applies even to the user card that was previously locked
`
`
`
`
`
`
`
`
`
`
`
`to the terminal.
`
`
`
`In said locked mode, the terminal can advantageously be
`
`
`
`
`
`
`
`
`
`used with at least one other user card, referred hereinafter as
`
`
`
`
`
`
`
`
`
`
`
`the other linked user card, in a multi-user session starting
`
`
`
`
`
`
`
`
`
`
`after a multi-user code has been transmitted to the terminal
`
`
`
`
`
`
`
`
`
`
`and ending either when said other linked user card is no
`
`
`
`
`
`
`
`
`
`
`
`longer cooperating with the terminal or whenthe terminal is
`
`
`
`
`
`
`
`
`
`
`switched off and then switched on again.
`
`
`
`
`
`
`
`In this case, the terminal operates in the locked mode with
`
`
`
`
`
`
`
`
`
`
`
`either of the two linked user cards. When the multi-user
`
`
`
`
`
`
`
`
`
`
`session allowing,
`the use of a second linked user card
`
`
`
`
`
`
`
`
`
`
`terminates,
`the system reverts to the link between the
`
`
`
`
`
`
`
`
`
`terminal andthe first linked user card. The linked user card
`
`
`
`
`
`
`
`
`
`
`
`with which the terminal cooperates can therefore be replaced
`
`
`
`
`
`
`
`
`
`by another uscr card withoutit being necessary to go through
`
`
`
`
`
`
`
`
`
`
`
`the normal mode. Consequently,
`the use of the terminal
`
`
`
`
`
`
`
`
`
`remains totally secure, even if there are two linked user
`
`
`
`
`
`
`
`
`
`
`cards, rather than only one.
`
`
`
`
`
`Said intermediate data is prefcrably stored in a memory
`
`
`
`
`
`
`
`
`area of the terminal.
`
`
`
`
`In a first preferred embodiment, said intermediate data is
`
`
`
`
`
`
`
`
`
`stored in a memory area of a user card with which the
`
`
`
`
`
`
`
`
`
`
`
`
`terminal cooperates.
`
`
`that combines the
`In a second preferred embodiment
`
`
`
`
`
`
`
`
`previous two solutions, part of said intermediate data is
`
`
`
`
`
`
`
`
`
`stored in a memoryarea of the terminal and the remainder
`
`
`
`
`
`
`
`
`
`
`
`in a memoryarca of the uscr card with which the terminal
`
`
`
`
`
`
`
`
`
`
`
`
`cooperates.
`
`The step of storing the intermediate data is advanta-
`
`
`
`
`
`
`
`
`geously effected:
`
`
`during manufacture of the terminal, in the case of inter-
`
`
`
`
`
`
`
`
`
`mediate data stored in a memory area of the terminal, and
`
`
`
`
`
`
`
`
`
`
`
`during manufacture of the user card,
`in the case of
`
`
`
`
`
`
`
`
`
`
`intermediate data stored in a memoryarea of the user card.
`
`
`
`
`
`
`
`
`
`
`
`Changing the terminal from the normal mode to the
`
`
`
`
`
`
`
`
`
`locked mode preferably requires the transmission to the
`
`
`
`
`
`
`
`
`terminal of a predetermined locking/unlocking code and
`
`
`
`
`
`
`
`changing the terminal from the locked mode to the normal
`
`
`
`
`
`
`
`
`
`
`mode requires the transmission to the terminal of said
`
`
`
`
`
`
`
`
`
`locking/unlocking code.
`
`
`This makes use of the terminal even more secure.
`
`
`
`
`
`
`
`
`
`Said locking/unlocking code is advantageously entered by
`
`
`
`
`
`
`
`a user of the terminal through a keypad connected to the
`
`
`
`
`
`
`
`
`
`
`
`terminal.
`
`
`
`
`
`
`
`
`
`
`20
`
`
`
`
`
`
`
`
`
`40
`
`
`
`
`
`50
`
`
`
`
`
`
`
`
`9 of 13
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`6
`In one advantageous embodimentof the invention, in said
`
`
`
`
`
`
`
`
`locked mode, the method further comprises:
`
`
`
`
`
`
`astep of blocking of the terminal during which the content
`
`
`
`
`
`
`
`
`
`
`
`of the memoryareaof the linked user card in whichsaidfirst
`
`
`
`
`
`
`
`
`
`
`
`
`
`locking data is storedis at least partially modified to render
`
`
`
`
`
`
`
`
`
`
`
`the terminal unusable even if the user card with which il is
`
`
`
`
`
`
`
`
`
`
`
`
`cooperating is the linked user card, and
`
`
`
`
`
`
`
`a step of unblocking the terminal during which said first
`
`
`
`
`
`
`
`
`
`
`locking data is rewritten into the memoryarea of the linked
`
`
`
`
`
`
`
`
`
`
`
`user card to render the terminal usable again if the user card
`
`
`
`
`
`
`
`
`
`
`
`
`with which it is cooperating is the linked user card.
`
`
`
`
`
`
`
`
`
`
`Accordingly, when it is in the locked mode, the terminal
`
`
`
`
`
`
`
`
`
`can be rendered unusable (complete blocking preventing
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`unauthorized use) without being switched off.
`In this
`“switched on but blocked” condition,
`the terminal can
`
`
`
`
`
`
`
`
`
`
`
`
`implementvarious “passive reception” functions (answering
`
`
`
`
`
`
`
`
`machine type operation), such as storing incoming calls.
`Said blocking step is preferably effected when a blocking
`
`
`
`
`
`
`
`
`commandis transmitted to the terminal and said unblocking
`
`
`
`
`
`
`
`
`step is preferably effected when an unblocking commandis
`
`
`
`
`
`
`
`
`transmitted to the terminal.
`
`
`
`
`Accordingly, the method of the invention enables local or
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`remote blocking (total barring of operation) or unblocking
`
`
`
`
`
`
`
`
`(authorization of operation in locked mode) of the terminal.
`
`Said blocking and unblocking commands are advanta-
`
`
`
`
`
`
`geously ignored by the terminal unless they are accompa-
`
`
`
`
`
`
`
`
`nied by a predetermined blocking/unblocking code.
`
`
`
`
`
`
`This makes use of the terminal even more secure.
`
`
`
`
`
`
`
`
`
`Said blocking and unblocking commandsare preferably
`
`
`
`
`
`
`transmitted to the terminal by means of a Short Messages
`
`
`
`
`
`
`
`
`Service.
`
`In a preferred embodiment, said blocking and unblocking
`
`
`
`
`
`
`commands are transmitted to the terminal using a Data
`
`
`
`
`
`
`
`
`Transmission Service.
`
`
`In a preferred embodimentofthe invention, said blocking
`
`
`
`
`
`
`
`and unblocking commandsare transmitted to said terminal,
`
`
`
`
`
`
`
`constituting a first terminal, from another terminal, consti-
`
`
`
`
`
`
`
`tuting a second terminal, and the user card with which said
`
`
`
`
`
`
`
`
`
`
`second terminal cooperates and the user card with which
`
`
`
`
`
`
`
`
`said first terminal cooperates correspond to the same sub-
`
`
`
`
`
`
`
`
`scription.
`
`Accordingly, the method of the invention enables a sub-
`
`
`
`
`
`
`
`
`scriber having more than one terminal for the same sub-
`
`
`
`
`
`
`
`
`
`scription to haveat all times at least one terminal provide an
`
`
`
`
`
`
`
`
`
`
`
`
`answering machine type service (for example to store
`
`
`
`
`
`
`
`
`
`
`incoming calls).
`The invention also concerns a terminal and a user card for
`
`
`
`
`
`
`
`
`
`implementing the method as explained hereinabove.
`
`
`
`
`
`
`The terminal of the invention includes means for making
`
`
`
`
`
`
`
`
`its use more secure including:
`
`
`
`
`
`first meansfor reading first locking data in a memory area
`
`
`
`
`
`
`
`
`
`of said linked user card;
`
`
`
`
`
`second means for reading intermediate data in a memory
`
`
`
`
`
`
`
`
`area accessible to said terminal;
`
`
`
`
`
`means for calculating second locking data from said
`
`
`
`
`
`
`
`
`intermediate data using a calculation function specific to
`
`
`
`
`
`
`
`
`said terminal;
`
`
`means for comparing said first and second locking data;
`
`
`
`
`
`
`
`
`and
`
`selective authorization means allowing use of said termi-
`
`
`
`
`
`
`
`nal onlyin the case of equality, that is to say if the user card
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`with which the terminal is cooperating is authenticated as
`
`
`
`
`
`
`
`
`the linked user card.
`
`
`
`
`The user card of the invention includes a memoryarea to
`
`
`
`
`
`
`
`
`
`
`receive first locking da