1. Field of the Invention
This invention relates to a method of updating an authentication algorithm in a computer system.
The invention applies to any data processing device storing an authentication algorithm. The invention applies more especially to a smart card.
The smart card can be coupled with any system, embedded or not.
The invention can be implemented in any type of telecommunication network such as GSM (Global System for Mobile communication), UMTS (Universal Mobile Telecommunication Service), GPRS (General Packet Radio Service), etc.
The example chosen to illustrate the invention will be that of the mobile telephone coupled with a SIM (Subscriber Identity Module) smart card.
2. Description of the Related Art
In order to manage a user roaming in a GSM (Global System for Mobile Communication) network, this user must be specifically identified.
Since a radio channel is used, the communications are vulnerable to eavesdropping and fraudulent use. The GSM system therefore:                authenticates each user (or subscriber) before allowing access to a service,        uses a temporary identity,        encrypts the communications.        
The GSM system currently uses four types of code associated with the subscriber:                The IMSI (International Mobile Subscriber Identity) code. This identity is written in the SIM card;        The TMSI (Temporary Mobile Subscriber Identity) code is a temporary identity allocated by the network to a mobile telephone, then used for the transactions on radio channel;        The MSISDN code is the Mobile Station International ISDN Number in compliance with the ITU (International Telecommunications Union) numbering plan E164, and known by the subscriber;        The MSRN (Mobile Station Roaming Number) code is a number allocated temporarily, using a regular telephone number that routes the call to an MSC where the roaming subscriber is currently located.        
During the subscription, a key Ki is allocated to the subscriber with the IMSI code. This pair IMSI/Ki is stored both in the subscriber's SIM card and outside the card, in particular in an authentication centre AuC. A pair is closely linked to one or more authentication algorithms.
Note that the authentication centre AuC is used to authenticate subscribers of a GSM network. For information, note that authentication enables the network to check that a subscriber is authorised to use the network by checking the presence of a secret key in the SIM card.
Another pair may also be stored in a second database known as the HLR (Home Location Register). This database stores the pair MSISDN/IMSI associated with each subscriber, consisting of the subscriber's MSISDN and the invariant IMSI.
A problem arises when updating an algorithm stored in the card, and in any data processing device storing data specific to users (the authentication centre AuC, the home location register HLR, the visitor location register VLR database, etc.) communicating with the card. Updating involves, amongst other things, modifying the algorithm used to authenticate each pair IMSI/Ki and the pairs MSISDN/Ki, both in the card and outside the card in the AuC, the VLR, the HLR, etc.
One simplistic solution could consist in downloading the new algorithm into the card and outside the card in the AuC, the VLR, the HLR, etc. This solution poses a problem in terms of security, however; it is out of the question to consider sending this algorithm on the network, especially since this algorithm is non proprietary.