This invention relates to the field of communication systems, and more particulary to a method of preventing unlawful use of a mobile terminal operating in a communication system.
In mobile telecommunication networks, such as the widely used cellular networks, subscribers with mobile terminals, for example, a portable mobile terminal, are identified within the network through one or more ID codes. Generally, a terminal-specific ID code identifies the mobile terminal, and a subscriber-specific ID code identifies a subscriber to the network. At predefined intervals, such as when placing a call, the mobile terminal transmits the ID codes to the network. Before establishing the call, the network verifies the authenticity of the IDs using one of a variety of validation procedures. Once the ID codes are verified, the network allows the call to proceed. Otherwise, the network declines the call.
In some instances, however, the integrity of the validation procedure may be compromised, resulting in unauthorized use of the network, for example, when the mobile terminal is stolen. Other instances of unauthorized use may occur by acquiring the ID codes illegally from the mobile terminal, for example, by reading the stored IDs from the terminal or intercepting them during transmission. Consequently, there is demand for preventing unauthorized use of the network.
The validation procedure in an analog communication network known as Advanced Mobile Phone System (AMPS), which is employed in North America under EIA/TIA 553A standard, includes a registration process that relies on two ID numbers: an electronic serial number (ESN), which is a terminal specific ID and a mobile identification number (MIN), which is a subscriber specific ID. The ESN is a 32-bit hardware-based serial number composed of two parts: an 8-bit Manufacturer Code that identifies the maker of the mobile terminal, and a 24-bit Identification Number that is unique to that mobile for the given Manufacturer Code. The MIN corresponds to a user telephone number assigned when a subscriber account is opened. Both the ESN and MIN are stored in the mobile terminal, usually in a non-volatile memory such as an EEPROM (electrically erasable programmable read-only memory). Under the AMPS specification, at specified instances, such as upon power up, a mobile terminal operating in the AMPS system transmits the ESN and MIN to the network for registration. In other instances, the mobile terminals transmit the ESN and MIN when placing a call or when transitioning from one network to another.
Some of the early installed AMPS systems use a simple and rudimentary subscriber validation process that can subject the network to frequent instances of unauthorized use. The subscriber validation process in the early AMPS systems consists of verifying whether the transmitted ESN and MIN from the mobile terminal are registered in the network as corresponding to each other or not. Also verified is whether the received ESN is listed in a black list of reported stolen terminals. Upon verification of a non-black listed ESN and its correspondence with the received MIN, the network would allow the call to proceed.
Not long ago, the cloning of stolen terminals, the process of reading the ESN of an authentic paying subscriber from the EEPROM, was a common practice for unauthorized use of the terminal. One conventional measure for preventing unlawful reading of the ID codes encrypts the codes, before writing them into the mobile terminal. The terminal then un-encrypts the codes before transmitting them to the network. Because the ID codes are transmitted un-encrypted, however, this measure does not provide any protection against unauthorized over-the-air interception of the codes during transmission to the network. Therefore, a more elaborate validation process was devised to insure against the unauthorized interception of the ID codes.
More advanced AMPS systems use a key-based authentication procedure to validate the generated calls. Under this arrangement, the ESN and MIN are keyed with a hidden Authentication key (A-key), which is known to the network operator. In authenticating AMPS systems, a Shared Secret Data (SSD) is used in the authentication process. Under a procedure described in EIA/TIA 553A, the SSD is derived from the A-key and the ESN. Based on the SSD, an authentication algorithm in the terminal produces a terminal authentication result (AUTHR), which is transmitted to the network along with the ESN and MIN. Upon receipt, the network registers the terminal, and based on the received MIN, produces a network generated AUTHR. The network then determines whether the terminal generated AUTHR matches the network generated AUTHR. If so, the network allows the call to proceed. In this way, the key-based authentication process eliminates or substantially reduces the risk of fraudulent over-the-air interception of the IDs.
A similar key-based authentication process is used in Global System for Mobile Communications (GSM) radiotelephone system, which is currently in use in Europe and other parts of the world. In the GSM systems, a Subscriber Information Module (SIM) card is inserted into the mobile terminal for providing subscriber identification, billing information and other information concerning the operation of the mobile terminal. Each GSM mobile terminal has a terminal-based International Mobile Equipment Identity (IMEI), which is stored in the GSM terminal. Each GSM subscriber is identified by a SIM-based International Mobile Subscription Identity (IMSI) belonging to a specific SIM card. The IMSI, which corresponds to AMPS MIN, is also referred to as the SIM-ID. Upon a subscriber application, the system operator issues a SIM-ID number and a SIM card that when inserted in the GSM mobile terminal, enables the subscriber to use the services provided by the operator. In this way, the same GSM terminal can be used with any SIM card inserted into the GSM mobile terminal.
Under GSM authentication processes, a GSM authentication algorithm keys the SIM ID with a hidden authentication key, known as Ki, which corresponds to AMPS A-key. Similar to the AMPS authentication process, the terminal and network generated authentication results are compared for authenticating each call. Unlike AMPS authentication process, which uses the terminal-specific ESN, the GSM authentication process uses only the SIM-based Ki, and the subscriber-specific SIM-ID. Thus, a valid SIM card may be used with any valid GSM mobile terminal, because the GSM specification does not link a terminal-specific IMEI validation process to a subscriber specific IMSI validation process.
With the introduction of dual-mode mobile phones that operate under the GSM-1900/AMPS dual-mode environment, a removable SIM card storing the MIN allows subscribers to easily move the AMPS subscription data from one physical mobile terminal to another, without network assistance. As such, the dual-mode system provides for the capability of handling changes in the ESN that may occur when the SIM card is removed from one mobile terminal and inserted into another by associating each MIN with multiple ESN""s or a range of ESN""s. Because the early AMPS networks do not perform a key-based authentication, the association of a single MIN with multiple ESNs increases the possibility of fraud in the non-authenticating AMPS networks.
In order to diminish the possibility of fraud in the AMPS networks, it would have been desirable to incorporate the ESN and the MIN together on the SIM card, where a set of SIM-based MIN and SIM-based ESN could have been transmitted together. This SIM-based ESN could also have been used to generate the authentication result AUTHR, thereby safely linking the ESN and MIN values together. However, current U.S. Federal Communications Commission (FCC) regulations require that a terminal-based ESN, which is embedded, i.e., hard wired, to the terminal, be transmitted in the system access response from the mobile terminal to the network. In fact, the GSM-1900/AMPS Dual-Mode specification has reserved a secondary ESN on the SIM card. However, the specification is silent as to how this secondary ESN may be used in the authentication process. The Personal Communication Systems Universal Identity Module (PCS UIM) Specification allows for both a mobile terminal-based and a UIM/SIM-based ESN. Given the FCC requirements, however, the PCS UIM does not currently provide any way to use the SIM-based ESN. This specification has been written to support a SIM based ESN authentication if and when the FCC regulation is changed to allow such authentication.
Moreover, if the ESN is changed as a result of inserting a new SIM card from one terminal into another, the SSD must be updated to accommodate the change in the ESN. The algorithm for updating the SSD is complicated, taking a substantial amount of time, usually in the range of 4-5 seconds, each time the SSD is to be updated.
In view of the current FCC regulation, therefore, there exists a need for providing a fast authentication process that supports SIM cards in the dual-mode communication system, while reducing the risk of fraud in the early non-authenticating systems and maintaining backward compatibility with existing systems.
Briefly, the present invention is embodied in a dual-mode communication system within which a dual-mode terminal equipped with a SIM card operates. The dual-mode system includes a first network, such as the AMPS network, and a second network, such as the GSM network. The validation method of the present invention uses a terminal-based ESN for registration in the first network, a SIM-based ESN for a key-based authentication process in the first network, and a non-ESN key-based authentication process in the second network. The dual-mode terminal stores the terminal-based ESN, and the SIM card stores the SIM-based ESN.