`
`
`
`[11]
`115
`United States Patent
`
`
`
`5,913,175
`Patent Number:
`
`
`
`
`
`
`
`Jun. 15, 1999
`[45]
`Pinault
`Date of Patent:
`
`
`
`
`
`
`
`
`
`
`
`
`US005913175A
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`[54] METHOD OF MAKING THE USE OFA
`
`TERMINAL OF A CELLULAR MOBILE
`
`
`
`
`
`RADIO SYSTEM MORE SECURE, AND
`
`
`
`
`
`CORRESPONDING TERMINAL AND USER
`
`
`
`CARD
`
`
`75|
`
`
`
`
`
`
`
`‘Inventor: Francis Pinault, Bois Colombes,
`
`France
`
`
`
`
`
`
`
`
`
`73| Assignee: Alcatel Mobile Phones, Paris, France
`
`03 O1 740 A2
`
`
`
`
`
`
`2/1989
`
`FOREIGN PATENT DOCUMENTS
`
`
`European Pat. Off. .
`
`
`
`
`OTHER PUBLICATIONS
`
`
`
`
`
`
`
`
`
`J. K. Omura, “A computer dial access system based on
`
`
`
`
`
`
`
`
`
`public-key techniques”, JEEE Communications Magazine,
`
`
`
`
`
`Jul. 1987, vol. 25, No. 7, Jul. 1987, ISSN 0163-6804,pp.
`
`
`
`
`
`
`
`
`
`
`
`73-79.
`
`
`
`
`
`
`Primary Examiner—Dwayne D. Bost
`
`
`
`
`
`
`
`Assistant Examiner—Jean A. Gelin
`Attorney, Agent, or Firm—Sughrue, Mion, Zinn, Macpeak
`
`
`
`
`
`
`& Seas, PLLC
`
`
`
`ABSTRACT
`[57]
`
`
`Aterminalofa cellular mobile radio system cooperates with
`
`
`
`
`
`
`
`
`
`a user card and is able to operate in at least two separate
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`operating modes, namely a normal mode in whichit can be
`
`
`
`
`
`
`
`
`
`
`
`
`
`used with any user card and a locked mode in whichit can
`
`
`
`
`
`
`
`
`
`
`
`
`
`be used only with the user card to which it is locked, the
`
`
`
`
`
`
`
`
`
`
`
`latter constituting a linked user card. To make use of the
`terminal more secure,
`first
`lacking data is stored in a
`
`
`
`
`
`
`
`
`
`
`memoryarea of the linked user card and, in the locked mode,
`
`
`
`
`
`
`
`
`
`
`
`
`the method includes a phase of authentication by the termi-
`
`
`
`
`
`
`
`
`
`oal of the user card with which it is cooperating. In the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`authentication phase second locking data is calculated in the
`
`
`
`
`
`
`
`
`
`
`terminal from the intermediate data read in a memory area
`
`
`
`
`
`
`
`
`accessible to the terminal using a calculation function spe-
`cific to the terminal, and the first and second locking data is
`
`
`
`
`
`
`
`
`
`
`
`compared in the terminal and use of the terminal is autho-
`
`
`
`
`
`
`
`
`
`
`rized onlyin the event of equality, that is to say if the user
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`card with which the terminal is cooperating is authenticated
`
`
`
`
`
`
`
`
`
`as the linked user card.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`21 Claims, 5 Drawing Sheets
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`21] Appl. No.: 08/777,734
`
`
`
`21
`Filed:
`Dec. 20, 1996
`
`
`a
`o
`.
`
`
`
`
`30
`Foreign Application Priority Data
`
`France weceeccecceecesereeeceeeranes 95 15283
`Dee. 21, 1995
`[FR]
`
`
`
`
`
`
`
`Int, C0oeee cceeccsecssssssessssesessssssesssesees H04Q 7/32
`SL]
`
`
`
`
`
`
`52] US. Che cece
`455/558; 455/410; 455/411
`
`
`
`
`
`
`
`
`Field of Search oo.eee 455/410, 411,
`58]
`
`
`
`
`
`
`
`455/557, 558; 379/114, 143, 357; 235/380,
`
`
`
`
`
`
`382; 380/21, 28, 30, 23, 3
`
`
`
`
`
`
`
`56
`
`
`
`
`
`
`
`References Cited
`
`_
`
`
`U.S. PATENT DOCUMENTS
`.. 380/23
`4/1988 Roe...
`
`
`
`
`
`
`455/411
`2/1995 Suzukietal.
`
`
`
`
`
`
`
`. 455/558
`8/1995 Galecki
`........
`
`
`
`
`
`2/1997 Mecheet al.
`455/411
`
`
`
`
`
`
`
`
`
`
`
`
`455/558
`2/1997 Kotzinetal.
`
`
`
`
`4/1997 Depasquale .....secseseerenees 379/114
`
`
`
`
`
`
`8/1997 Nevoux et al.sss 380/25
`
`
`
`
`
`
`10/1997 Alesio et al.
`....
`379/114
`4/1998 Gallant et al.
`455/558
`
`
`
`
`
`
`5/1998 Loder ..........
`. 455/407
`
`
`
`
`6/1998 Mooney et al... 455/558
`
`
`
`
`
`
`
`
`
`4,736,419
`
`5,390,252
`
`5,444,764
`
`5,600,708
`
`
`5,604,787
`
`5,617,470
`
`5,661,806
`
`5,675,607
`5,742,910
`
`5,748,720
`
`5,761,624
`
`
`Page 1 of 13
`
`MICROSOFT CORP.
`
`EXHIBIT 1011
`
`Page 1 of 13
`
`SAMSUNG EXHIBIT1011
`
`Page 1 of 13
`
`Page 1 of 13
`
`SAMSUNG EXHIBIT 1011
`
`

`

`
`U.S. Patent
`
`
`
`Jun. 15, 1999
`
`
`
`
`
`
`Sheet 1 of 5
`
`5,913,175
`
`
`
`arene ne ene ww ee ee Oe
`
`ee ee et ee ew we Hee
`
`
`
`CALCULATE D2=A(D1)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`REFUSE USE
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`MANUFACTURE
`
`
`
`
`
`
`
`
`NORMAL MODE
`
`
`
`
`
`LOCKED MODE
`
`
`
`
`
`AUTHENTICATE LINK
`
`
`
`
`Fig. 5
`
`
`
`Page 2 of 13
`
`Page 2 of 13
`
`Page 2 of 13
`
`Page 2 of 13
`
`

`

`
`U.S. Patent
`
`
`
`
`Fig. 2A
`
`
`
`
`Fig. 2B
`
`
`
`
`Fig. 3A
`
`
`
`
`
`Fig. 3B
`
`Fig. 4A
`
`
`
`
`
`Fig. 4B
`
`
`
`Jun. 15, 1999
`
`
`
`
`
`
`Sheet 2 of 5
`
`5,913,175
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`TERMINAL
`
`
`(A)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`T TERMINAL
`
`¢)
`
`
`
`
`
`
`
`
`
`
`
`Page 3 of 13
`
`Page 3 of 13
`
`Page 3 of 13
`
`Page 3 of 13
`
`

`

`
`U.S. Patent
`
`
`
`Jun. 15, 1999
`
`
`
`
`
`
`Sheet 3 of 5
`
`
`
`5,913,175
`
`_ Y
`
`
`
`ES
`
`
`
`
`
`NORMAL MODE
`
`
`
`
`
`
`
`CREATE LINK
`
`
`
`AUTHENTICATE LINK
`
`
`
`LOCKED MODE
`
`
`
`BLOCK TERMINAL
`
`
`
`UNBLOCK TERMINAL.
`
`
`61
`
`
`
`62
`
`
`
`10
`
`
`
`
`ELIMINATE
`PRE VIOUS LINK
`
`
`
`65
`
`
`
`66
`
`ISTEyy
`
`
`
`
`
`
`
`
`YES
`
`
`
`64
`
`
`Fig. 6
`
`
`
`Page 4 of 13
`
`Page 4 of 13
`
`Page 4 of 13
`
`Page 4 of 13
`
`

`

`
`U.S. Patent
`
`
`
`Jun. 15, 1999
`
`
`
`
`
`
`Sheet 4 of 5
`
`
`
`5,913,175
`
`
`
`
`
`
`
`
`
`
`
`
`
`BLOCKING COMMAND?
`
`
`
`
`
`
`
`
`
`
`
`
`
`YES
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`81
`
`
`
`ee BLOCKING CODE?
`
`
`
`
`
`
`
`
`
`YES
`
`
`
`
`
`
`
`
`
`
`
`6s Fig,8
`
`
`poneneneneenseeeeefovoersressoseecenonsacanescncanacnccescnes
`
`
`
`
`YES
`UNBLOCKING COMMAND ?
`92
`
`
`
`_—a Tosesererernoveventitteneteeseseead
`
`
`
`
`6 Fig.9
`
`
`
`
`Meoe UNBLOCKING CODE?
`
`
`
`
`
`
`
`.
`
`
`YES
`
`
`
`
`
`REWRITE DI IN CARD MEMORY
`
`
`
`
`
`
`
`
`
`9]
`
`
`
`Page 5 of 13
`
`Page 5 of 13
`
`Page 5 of 13
`
`Page 5 of 13
`
`

`

`
`U.S. Patent
`
`
`
`Jun. 15, 1999
`
`
`
`Sheet 5 of 5
`
`
`
`
`5,913,175
`
`
`
`
`
`
`T1 FIRST TERMINAL
`
`
`
`
`T2 SECOND TERMINAL
`
`CARD
`
`
`
`
`
`
`
`
`
`
`USER
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`USER
`
`CARD
`
`
`T
`
`)'it'§ '‘t!1 Ii'I1!u1L T
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`ISECURTY
`
`
`
`(ENHANCER
`
`
`
`
`i‘''''1‘'tt1LU‘ !‘t'i
`
`
`
`
`
`WL
`
`
`
`110
`
`
`
`
`
`
`
`
`
`
`ERMINAL
`
`
`
`Fig. 11
`
`
`111
`
`Page 6 of 13
`
`Page 6 of13
`
`Page 6 of 13
`
`Page 6 of 13
`
`

`

`5,913,175
`
`
`
`
`
`
`
`
`1
`METHOD OF MAKING THE USE OF A
`
`
`
`
`
`
`
`TERMINAL OF A CELLULAR MOBILE
`
`
`
`
`
`RADIO SYSTEM MORE SECURE, AND
`
`
`
`
`
`CORRESPONDING TERMINAL AND USER
`
`
`
`CARD
`
`BACKGROUNDOF THE INVENTION
`
`
`
`1. Field of the Invention
`
`
`
`
`
`Thefield of the inventionis that of cellular mobile radio
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`systems with terminals (also called mobile stations). In the
`field of cellular mobile radio, European standards include
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`the GSM (Global System for Mobile communications)
`
`
`
`
`
`
`
`
`standard, covering public mobile radio systems operating in
`the 900 MHzband.
`
`
`
`
`To be more precise, the invention concerns a method of
`
`
`
`
`
`
`
`
`
`
`making the usc of a terminal of a cellular mobile radio
`
`
`
`
`
`
`
`
`
`
`
`system more secure. The method of the invention can be
`
`
`
`
`
`
`
`
`
`
`used in a GSM system, but is not exclusive to that system.
`
`
`
`
`
`
`
`
`
`
`
`
`2. Description of the Prior Art
`
`
`
`
`
`
`A cellular mobile radio system is implemented within a
`
`
`
`
`
`
`
`
`
`network of geographical cells through which the mobile
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`stations (or terminals) travel. A base station is associated
`with each cell and a mobile station communicates through
`
`
`
`
`
`
`
`
`
`the base station of the cell in which it is located.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`The expression mobile station or terminal (both of which
`
`
`
`
`
`
`
`
`
`are used interchangeably in this description) refer to the
`physical equipment employed by the user of the network to
`
`
`
`
`
`
`
`
`
`
`access the telecommunication services offered. There are
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`various types of terminals, such as vehicle-mounted, por-
`
`
`
`
`table and hand-portable terminals.
`they generally have to
`When a user uses a terminal,
`
`
`
`
`
`
`
`
`
`
`connect a user card that they retain in order for the latter to
`
`
`
`
`
`
`
`
`
`
`
`
`
`communicate their subscriber numberto the terminal. In the
`
`
`
`
`
`
`
`
`
`case of the GSM system, the user card that the user must
`
`
`
`
`
`
`
`
`
`
`
`
`connect to the terminal is a removable memory card called
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`the Subscriber Identity Module (SIM), which communicates
`to the terminal the user’s International Mobile Subscriber
`
`
`
`
`
`
`
`
`
`
`
`Identity (MSI) number.
`
`
`
`
`
`
`
`
`In other words, all of the personalized information con-
`
`
`
`
`
`
`
`
`
`
`
`
`cerning the subscriber is stored on the user card (or SIM
`
`
`
`
`
`
`
`
`
`
`
`card). Thus, in the general case, any terminal can be used
`with any user card.
`
`
`
`
`An authentication mechanism prevents unauthorized use
`
`
`
`
`
`
`of the identity of a network subscriber.
`It must not be
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`possible for a person knowingonly the identity (or IMSI) of
`a subscriber to pass themselves off as that subscriber to the
`
`
`
`
`
`
`
`
`
`
`
`network. To this end, the user card also contains an indi-
`
`
`
`
`
`
`
`
`
`
`vidual authentication key and an authentication algorithm.
`
`
`
`
`
`
`
`After the subscriber has identified himself or herself, the
`
`
`
`
`
`
`
`
`
`network can therefore check their identity and break off the
`
`
`
`
`
`
`
`
`
`
`procedure if the authentication procedure fails.
`
`
`
`
`
`
`Subscribers may inform the network operator or manager
`
`
`
`
`
`
`
`that their card has been lost or stolen. This means that any
`
`
`
`
`
`
`
`
`
`
`
`attemptby a third party to use their user card can be detected
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`and barred at system level.
`The operator often offers an additional degree of protec-
`
`
`
`
`
`
`
`
`tion of the user card. For this, a Personal Identity Number
`
`
`
`
`
`
`
`
`
`
`
`(PIN) is stored on the user card. Subscribers are asked to
`
`
`
`
`
`
`
`
`
`
`
`enter their PIN code on the keypad of the terminal each ime
`
`
`
`
`
`
`
`
`
`
`
`
`the card is inserted into the terminal or each time that the
`
`
`
`
`
`
`
`
`
`
`
`
`terminal is switched on. This prevents anyone usinga lost or
`
`
`
`
`
`
`
`
`
`
`stolen user card if they do not knowthe PIN code associated
`
`
`
`
`
`
`
`
`
`
`
`
`with that user card.
`
`
`
`
`
`
`
`
`
`
`
`
`
`Although in the early days of cellular mobile radio
`systems various means of protecting user cards against
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`2
`unauthorized use were proposed, as explained above, the
`
`
`
`
`
`
`
`
`same cannotbesaid in respect to protection of the terminals.
`
`
`
`
`
`
`
`
`
`
`
`lirst generation terminals do not have any particular pro-
`
`
`
`
`
`
`
`
`tection against unauthorized use. Consequently, a lost or
`
`
`
`
`
`
`
`stolen terminal can be used by anyone holding a valid user
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`card. The network verifies the validity of the user card but
`notthat of the terminal. In protection terms, the terminal can
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`therefore be classified as “passive”.
`Each terminal of a cellular mobile radio systemis a costly
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`device, whether the cost is met by the subscriber or by the
`operator. There is therefore an obvious benefit in attempting
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`to make its use more secure, in particular in the event of loss
`of theft.
`
`
`
`
`
`
`
`
`
`
`
`Making the use of a terminal more secure generally
`consists in proposing, in addition to the normal operating
`
`
`
`
`
`
`
`
`
`mode, a so-called locked mode in which the terminal can be
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`used only with a user card with whichit is “locked”, called
`the linked user card. In other words, a link is established
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`between the terminal and a particular user card (the linked
`
`
`user card).
`One technique for implementing a locked mode of this
`
`
`
`
`
`
`
`
`
`kind is described in patent U.S. Pat. No. 4,868,846, assigned
`
`
`
`
`
`
`
`
`
`
`to NOKIA MOBILE PHONESLTD. The method described
`
`
`
`
`
`
`
`
`in the above patent includes a phase of creating a terminal/
`
`
`
`
`
`
`
`
`
`
`
`user card link and a phaseof verifying the terminal/user card
`
`
`
`
`
`
`
`
`
`
`link.
`
`the terminal reads the user
`In the link creation phase,
`
`
`
`
`
`
`
`
`
`identification data stored on the user card andstoresit in its
`
`
`
`
`
`
`
`
`
`
`
`memory.
`
`During the link verification phase the terminal reads the
`
`
`
`
`
`
`
`
`
`user identification data stored on the user card with whichit
`
`
`
`
`
`
`
`
`
`
`
`is cooperating and comparesit with that stored in its memory
`
`
`
`
`
`
`
`
`
`
`
`during the link creation phase, authorizing operation of the
`
`
`
`
`
`
`
`
`
`terminal or not according to whether the data read and that
`
`
`
`
`
`
`
`
`
`
`
`stored are identical or not.
`
`
`
`
`
`This prior art technique therefore prevents a terminal
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`being used with a user card other than that with whichit has
`been locked. This prevents unauthorized use of a terminal
`
`
`
`
`
`
`
`
`
`lost or stolen without its linked user card. This contributes to
`
`
`
`
`
`
`
`
`
`
`
`reducing the numberof terminal thefts.
`
`
`
`
`
`
`Note that even if the terminal is lost or stolen with its
`
`
`
`
`
`
`
`
`
`
`
`
`linked user card, it can be used only with the latter. As
`
`
`
`
`
`
`
`
`
`
`
`
`already explained, the subscriber can tell the operator that
`
`
`
`
`
`
`
`
`
`their user card has beenlost or stolen, so that its use can be
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`barred at system level. Stealing the terminal is therefore of
`
`
`
`
`
`
`
`
`
`
`no benefit in this case either.
`
`
`
`
`
`
`This prior art technique of making the use of a terminal
`
`
`
`
`
`
`
`
`
`
`more secure nevertheless has at least two major drawbacks.
`
`
`
`
`
`
`
`
`
`Firstly, it does not totally eliminate all risks of unautho-
`
`
`
`
`
`
`
`
`
`rized use of the terminal. The terminal/usercardlink is based
`
`
`
`
`
`
`
`
`
`
`
`on the storage in the memory of the terminal of the user
`
`
`
`
`
`
`
`
`
`
`
`
`identification data (read by the terminal from the user card
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`during the link creation phase). There is nothing to stop a
`
`
`
`
`
`
`
`
`person directly modifying the content of the terminal
`memoryin order to modify the existing locking link. In this
`
`
`
`
`
`
`
`
`
`
`
`the identification data of the linked user card is
`case,
`
`
`
`
`
`
`
`
`
`
`replaced in the terminal memory with new identification
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`data from another user card. In this way, althoughit is in the
`locked mode, unauthorized use of the terminal is possible
`
`
`
`
`
`
`
`
`
`since it sees the other user card as that with which it is
`
`
`
`
`
`
`
`
`
`
`
`
`
`linked.
`
`Moreover, this prior art technique is generally combined
`
`
`
`
`
`
`
`
`with protection by requiring subscribers to enter their PIN
`
`
`
`
`
`
`
`
`
`code each timetheir user card is inserted into the terminal or
`
`
`
`
`
`
`
`
`
`
`
`
`each time the latter is switched on. Entering the PIN code
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`1s
`
`
`
`
`
`25
`
`
`30
`
`
`
`35
`
`
`
`40
`
`
`
`45
`
`
`
`
`55
`
`
`
`60
`
`
`
`65
`
`
`
`
`
`
`Page 7 of 13
`
`Page 7 of 13
`
`Page 7 of 13
`
`Page 7 of 13
`
`

`

`5,913,175
`
`
`
`
`
`
`
`
`
`
`
`3
`can becomea nuisanceif it has to be carried out many times
`
`
`
`
`
`
`
`
`
`
`
`a day. For this reason, some subscribers leave their terminal
`
`
`
`
`
`
`
`
`
`
`switched on in order to avoid having to enter their PIN code
`
`
`
`
`
`
`
`
`
`
`
`
`several times. Then, even if the locked modeis selected,
`
`
`
`
`
`
`
`
`
`
`stealing the terminal whenit is switched on and cooperating
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`with its linked user card enables a person to access the
`services of the network until this is barred at system level
`
`
`
`
`
`
`
`
`
`
`
`after the subscriber has reportedthe loss of theft of their user
`
`
`
`
`
`
`
`
`
`
`
`
`card. It must be rememberedthat, in respect of the use of
`
`
`
`
`
`
`
`
`
`
`
`
`stolen terminals, there is no barring procedure at system
`
`
`
`
`
`
`
`
`
`level equivalent to that which exists for stolen user cards.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`One objective of the invention is to overcome these
`drawbacksof the prior art.
`
`
`
`
`
`‘lo be moreprecise, one objective of the present invention
`
`
`
`
`
`
`
`
`
`
`is to provide a method of makingthe use of a cellular mobile
`
`
`
`
`
`
`
`
`
`
`
`radio system terminal more secure that completely elimi-
`
`
`
`
`
`
`
`nates all risk of unauthorized use of the terminal.
`
`
`
`
`
`
`
`
`
`An additional objective of the invention is to provide a
`
`
`
`
`
`
`
`
`
`
`method of the above kind that does not require users to enter
`
`
`
`
`
`
`
`
`
`
`
`
`their PIN code each time they insert their user card into the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`terminal or each time they switch the latter on.
`A further object of the invention is to provide a method of
`
`
`
`
`
`
`
`
`
`
`
`
`the above kind that offers not only the advantages offered by
`
`
`
`
`
`
`
`
`
`
`
`the prior art method described in patent U.S. Pat. No.
`
`
`
`
`
`
`
`
`
`
`4,868,846, referred to above, but has additional advantages
`
`
`
`
`
`
`
`
`that cannot be offered by the prior art method.
`
`
`
`
`
`
`
`
`
`In othcr words, one objective of the invention is to
`
`
`
`
`
`
`
`
`
`
`provide a method of the above kind which, like the prior art
`
`
`
`
`
`
`
`
`
`
`
`
`method, allows operation in locked mode in which the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`terminal can be used only with a particular user card.
`A further objective of the invention is to provide a method
`
`
`
`
`
`
`
`
`
`of the above kind which allowsa terminalto beleft switched
`
`
`
`
`
`
`
`
`
`
`on with its user card inside it but which nevertheless
`
`
`
`
`
`
`
`
`
`prevents unauthorized use of the terminal, which is not
`
`
`
`
`
`
`
`
`possible with the prior art method.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`A further objective of the invention is to provide a method
`
`
`
`
`
`
`
`
`
`
`of the above kind enabling local or remote blocking (total
`
`
`
`
`
`
`
`
`prohibition of operation) or unblocking (authorization of
`
`
`
`
`
`
`operation in locked mode) of a terminal.
`Another objective of the invention is to provide a method
`
`
`
`
`
`
`
`
`
`
`of the above kind enabling a subscriber having more than
`
`
`
`
`
`
`
`
`
`
`one terminal for the same subscription to haveatall times at
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`least one terminal providing various “passive reception”
`
`
`
`
`
`
`
`
`functions (answering machine type operation), such as
`incoming call storage.
`
`
`
`SUMMARYOF THE INVENTION
`
`
`
`
`‘These various objectives, and others that will emerge
`
`
`
`
`
`
`
`
`hereinafter, are achicved in accordance with the invention by
`
`
`
`
`
`
`
`
`
`a method of making the use of a terminal of a cellular mobile
`
`
`
`
`
`
`
`
`
`
`
`radio system more secure, said terminal being of the type
`
`
`
`
`
`
`
`
`
`
`adapted to cooperate with a user card and being able to
`
`
`
`
`
`
`
`
`
`
`
`operate in at least two separate operating modes, namely a
`
`
`
`
`
`
`
`
`
`
`normal mode in whichit can be used with any user card and
`
`
`
`
`
`
`
`
`
`
`
`
`
`a locked mode in which it can be used only with the user
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`card to which it is locked, constituting a linked user card,
`wherein first locking data is stored in a memoryarea of
`
`
`
`
`
`
`
`
`
`
`said linked user card,
`
`
`
`
`and, in said locked mode, the method includes a phase of
`
`
`
`
`
`
`
`
`
`
`authentication by said terminal of the user card with which
`
`
`
`
`
`
`
`
`
`
`it is cooperating, said authentication phase including the
`
`
`
`
`
`
`
`
`
`
`following steps:
`second locking data is calculated in said terminal from
`
`
`
`
`
`
`
`
`
`said intermediate data read in a memory area accessible to
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`said terminal using a calculation function specific to said
`terminal, and
`
`
`
`
`
`
`
`10
`
`
`
`1s
`
`
`
`
`
`25
`
`
`
`
`35
`
`
`
`40
`
`
`
`45
`
`
`50
`
`
`
`55
`
`
`
`60
`
`
`
`65
`
`
`
`
`
`
`
`
`
`
`4
`said first and second locking data is compared in said
`
`
`
`
`
`
`
`
`
`
`terminal and use of said terminal is authorized only in the
`
`
`
`
`
`
`
`
`
`
`
`event of equality, that is to say if said user card with which
`
`
`
`
`
`
`
`
`
`
`
`
`
`said terminal is cooperating is authenticated as said linked
`
`
`
`
`
`
`
`
`
`user card.
`
`
`The general principle of the inventionis to establish a link
`
`
`
`
`
`
`
`
`
`
`between a terminal and a user card by storing locking data
`
`
`
`
`
`
`
`
`
`
`
`onthe user card (called the linked user card). This principle
`
`
`
`
`
`
`
`
`
`
`
`is fundamentally different from that proposed in the previ-
`
`
`
`
`
`
`
`
`ously mentioned patent U.S. Pat. No. 4,868,846. Although
`
`
`
`
`
`
`
`the prior art principle also establishes a link between the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`terminal and a user card,it is based on storing locking data
`
`
`
`
`
`
`
`
`
`
`in the terminal (and not on the linked user card).
`
`
`
`
`
`
`
`
`
`In this way the method of the invention enables operation
`in locked mode in which the terminal can be used only with
`
`
`
`
`
`
`
`
`
`
`
`the linked user card.
`
`
`
`
`Moreover, it totally eliminates all risks of unauthorized
`
`
`
`
`
`
`
`
`use of the terminal. It is therefore free of the vulnerability of
`
`
`
`
`
`
`
`
`
`
`
`the prior art method. The terminal/user card link is
`
`
`
`
`
`
`
`
`
`dependent,firstly, on first data stored on the linked user card
`
`
`
`
`
`
`
`
`
`
`
`and, sccondly, on a calculation function specific to the
`
`
`
`
`
`
`
`
`
`terminal. Under no circumstances can an unauthorized user
`
`
`
`
`
`
`
`
`discover this calculation function as it is not accessible in
`
`
`
`
`
`
`
`
`
`
`read mode. Moreover, unless the linked user card is stolen
`
`
`
`
`
`
`
`
`
`
`with the terminal, the unauthorized user does not know the
`
`
`
`
`
`
`
`
`
`
`first data stored either. Consequently, the unauthorized user
`
`
`
`
`
`
`
`
`cannot modify a user card in their possession so that the
`
`
`
`
`
`
`
`
`
`
`
`terminal sees the latter as the user card to whichit is linked.
`
`
`
`
`
`
`
`
`
`
`
`
`
`It is clear that, in the mannerthat is knownin itself, if the
`
`
`
`
`
`
`
`
`
`
`
`
`
`linked usercard is stolen with the terminal the subscriber can
`
`
`
`
`
`
`
`
`
`
`
`advise the network operator or manager so that use of their
`
`
`
`
`
`
`
`
`
`
`
`user card can be barred at system level.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`The method of the invention offers operation in locked
`mode that is sufficiently secure for the user not to need to
`
`
`
`
`
`
`
`
`
`
`
`
`enter their PIN cade again each time that they insert their
`
`
`
`
`
`
`
`
`
`
`
`user card into the terminalor each time that they switch it on.
`
`
`
`
`
`
`
`
`
`
`
`
`
`Said authentication phase is advantageously effected:
`
`
`
`
`
`
`each time the terminal is switched on, and/or
`
`
`
`
`
`
`
`
`each time the user card cooperating with the terminal is
`
`
`
`
`
`
`
`
`
`
`changed.
`The authentication phase can advantageously be repeated
`
`
`
`
`
`
`
`in accordance with a predeterminedstrategy, for example at
`
`
`
`
`
`
`
`
`predetermined time intervals, regular or otherwise.
`
`
`
`
`
`
`Said calculation function specific to the terminal is pref-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`erably an encryption function using a predetermined algo-
`rithm and said first and second locking data are preferably
`
`
`
`
`
`
`
`
`
`encrypted using this encryption function.
`
`
`
`
`
`This makes the use of the terminal even more sccure.
`
`
`
`
`
`
`
`
`
`
`In a first preferred embodimentof the invention, the step
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`of storing first locking data in a memoryarea of the linked
`user card is effected during preliminary personalization of
`
`
`
`
`
`
`
`
`said linked user card.
`
`
`
`
`This preliminary personalization is carricd out during
`
`
`
`
`
`
`fabrication of the user card, for example, during commis-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`sioning of the user card (by the manufacturer, operator or
`
`
`
`
`
`
`
`
`distributor) or during the putting together of a personalized
`system comprising the terminal and its user card. In other
`
`
`
`
`
`
`
`
`
`
`words, the user card is personalized either in the factory or
`
`
`
`
`
`
`
`
`
`
`
`by a distributor. In so far as its operation in locked mode is
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`concerned, the user card is therefore linked to a particular
`terminal as soonasit is personalized, this terminal being the
`
`
`
`
`
`
`
`
`
`
`
`one whose specific calculation function calculates, from
`
`
`
`
`
`
`
`intermediate data, second locking data identical to the first
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`locking data stored on the linked user card. In other words,
`the user card can be locked only to this particular terminal.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Page 8 of 13
`
`Page 8 of 13
`
`Page 8 of 13
`
`Page 8 of 13
`
`

`

`5,913,175
`
`
`
`
`5
`In a second preferred embodiment of the invention, the
`
`
`
`
`
`
`
`
`
`step of storing first locking data in a memory area of the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`linked user card is effected on each change from the normal
`mode to the locked mode, new first data to be stored being
`
`
`
`
`
`
`
`
`
`
`
`
`calculated in the terminal from said intermediate data by
`
`
`
`
`
`
`
`
`
`said calculation function specific to said terminal.
`
`
`
`
`
`
`
`In this case,
`the user card is not linked to a terminal
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`beforehand and can therefore be locked to any terminal.It is
`
`only on changing from the normal mode to the locked mode
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`that the link with the terminal is created (so that the terminal
`
`
`
`
`
`
`
`
`
`is that with which the user card is cooperating).
`On each change from the locked mode to the normal
`
`
`
`
`
`
`
`
`
`
`mode,
`the content of ihe memory area of the previously
`
`
`
`
`
`
`
`
`
`
`linked user card in which the first locking data is stored is
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`advantageously modified, at
`least
`in part,
`to delete the
`authentication link between the terminal and the previously
`
`
`
`
`
`
`
`
`linked user card.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`This makes it certain that before the next change to the
`locked modethere is no user card linked to the terminal. In
`
`
`
`
`
`
`
`
`
`
`
`
`other words,
`in normal mode no user card holds in its
`
`
`
`
`
`
`
`
`
`
`
`memory anytrace of an earlier link with the terminal, and
`
`
`
`
`
`
`
`
`
`
`
`this applies even to the user card that was previously locked
`
`
`
`
`
`
`
`
`
`
`
`to the terminal.
`
`
`
`In said locked mode, the terminal can advantageously be
`
`
`
`
`
`
`
`
`
`uscd with at lcast onc other user card, referred hercinafter as
`
`
`
`
`
`
`
`
`
`
`
`the other linked user card, in a multi-user session starting
`
`
`
`
`
`
`
`
`
`
`after a multi-user code has been transmitted to the terminal
`
`
`
`
`
`
`
`
`
`
`and ending either when said other linked user card is no
`
`
`
`
`
`
`
`
`
`
`
`longer cooperating with the terminal or when the terminalis
`
`
`
`
`
`
`
`
`
`
`switched off and then switched on again.
`
`
`
`
`
`
`
`In this case, the terminal operates in the locked mode with
`
`
`
`
`
`
`
`
`
`
`
`either of the two linked user cards. When the multi-user
`
`
`
`
`
`
`
`
`
`
`session allowing the use of a second linked user card
`
`
`
`
`
`
`
`
`
`
`terminates,
`the system reverts to the link between the
`
`
`
`
`
`
`
`
`
`terminal and the first linked user card. The linked user card
`
`
`
`
`
`
`
`
`
`
`
`with which the terminal cooperates can therefore be replaced
`
`
`
`
`
`
`
`
`
`by anotheruser card withoutit being necessary to go through
`
`
`
`
`
`
`
`
`
`
`
`the normal mode. Consequently,
`the use of the terminal
`
`
`
`
`
`
`
`
`
`remains totally secure, even if there are two linked user
`
`
`
`
`
`
`
`
`
`
`cards, rather than only one.
`
`
`
`
`
`Said intermediate data is preterably stored in a memory
`
`
`
`
`
`
`
`
`arca of the terminal.
`
`
`
`
`In a first preferred embodiment, said intermediate data is
`
`
`
`
`
`
`
`
`
`stored in a memory area of a user card with which the
`
`
`
`
`
`
`
`
`
`
`
`
`terminal cooperates.
`
`
`that combines the
`In a second preferred embodiment
`
`
`
`
`
`
`
`
`previous two solutions, part of said intermediate data is
`
`
`
`
`
`
`
`
`
`stored in a memoryarca of the terminal and the remainder
`
`
`
`
`
`
`
`
`
`
`
`in a memoryarea of the user card with which the terminal
`
`
`
`
`
`
`
`
`
`
`
`
`cooperates.
`
`The step of storing the intermediate data is advanta-
`
`
`
`
`
`
`
`
`geously effected:
`
`
`
`
`
`
`
`
`
`
`
`during manufacture of the terminal, in the case of inter-
`mediate data stored in a memoryarea of the terminal, and
`
`
`
`
`
`
`
`
`
`
`
`during manufacture of the user card,
`in the case of
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`intermediate data stored in a memoryarea of the user card.
`Changing the terminal from the normal mode to the
`
`
`
`
`
`
`
`
`
`locked mode preferably requires the transmission to the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`terminal of a predetermined locking/unlocking code and
`changing the terminal from the locked mode to the normal
`
`
`
`
`
`
`
`
`
`
`mode requires the transmission to the terminal of said
`
`
`
`
`
`
`
`
`
`locking/unlocking code.
`
`
`This makes use of the terminal even more secure.
`
`
`
`
`
`
`
`
`
`Said locking/unlocking codeis advantageously entered by
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`a user of the terminal through a keypad connected to the
`terminal.
`
`
`
`
`
`
`
`
`1s
`
`
`
`
`
`25
`
`
`
`
`35
`
`
`
`40
`
`
`
`45
`
`
`50
`
`
`55
`
`
`
`60
`
`
`
`65
`
`
`
`
`
`
`
`
`
`
`
`
`
`6
`In one advantageous embodimentofthe invention, in said
`
`
`
`
`
`
`
`
`locked mode, the method further comprises:
`
`
`
`
`
`
`a step of blocking of the terminal during whichthe content
`
`
`
`
`
`
`
`
`
`
`
`of the memoryarea ofthe linked user card in whichsaid first
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`locking data is storedis at least partially modified to render
`the terminal unusable even if the user card with whichit is
`
`
`
`
`
`
`
`
`
`
`
`
`cooperating is the linked user card, and
`
`
`
`
`
`
`
`a step of unblocking the terminal during which said first
`
`
`
`
`
`
`
`
`
`
`locking data is rewritten into the memoryarea of the linked
`
`
`
`
`
`
`
`
`
`
`
`user card to render the terminal usable again if the user card
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`with which it is cooperating is the linked user card.
`Accordingly, when it is in the locked mode, the terminal
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`can be rendered unusable (complete blocking preventing
`
`
`
`
`
`
`
`
`unauthorized use) without being switched off.
`In this
`“switched on but blocked” condition,
`the terminal can
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`implementvarious “passive reception” functions (answering
`
`
`
`
`
`
`
`
`machine type operation), such as storing incoming calls.
`Said blocking step is preferably effected when a blocking
`
`
`
`
`
`
`
`
`
`commandis transmitted to the terminal and said unblocking
`
`
`
`
`
`
`
`
`
`step is preferably effected when an unblocking commandis
`
`
`
`
`
`
`
`
`
`transmitted to the terminal.
`
`
`
`
`Accordingly, the method of the invention enables local or
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`remote blocking (total barring of operation) or unblocking
`
`
`
`
`
`
`
`
`
`(authorization of operation in locked mode) of the terminal.
`
`Said blocking and unblocking commands are advanta-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`geously ignored by the terminal unless they are accompa-
`nied by a predetermined blocking/unblocking code.
`
`
`
`
`
`
`This makes use of the terminal even more secure.
`
`
`
`
`
`
`
`
`
`Said blocking and unblocking commandsare preferably
`
`
`
`
`
`
`
`transmitted to the terminal by means of a Short Messages
`
`
`
`
`
`
`
`
`
`Service.
`
`In a preferred embodiment, said blocking and unblocking
`
`
`
`
`
`
`
`commands are transmitted to the terminal using a Data
`
`
`
`
`
`
`
`
`
`Transmission Service.
`
`
`In a preferred embodimentof the invention, said blocking
`
`
`
`
`
`
`
`and unblocking commandsare transmitted to said terminal,
`
`
`
`
`
`
`
`constituting a first terminal, from another terminal, consti-
`
`
`
`
`
`
`
`tuting a second terminal, and the user card with which said
`
`
`
`
`
`
`
`
`
`
`second terminal cooperates and the user card with which
`
`
`
`
`
`
`
`
`said first terminal cooperates correspond to the same sub-
`
`
`
`
`
`
`
`
`scription.
`
`Accordingly, the method of the invention enables a sub-
`
`
`
`
`
`
`
`
`scriber having more than one terminal for the same sub-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`scription to haveat all timesat least one terminal provide an
`
`
`
`
`
`
`
`
`answering machine type service (for example to store
`incomingcalls).
`
`
`The invention also concerns a terminal and a usercard for
`