In mobile telecommunications systems such as that of the GSM, UMTS (third generation or 3G), CDMAOne, CDMA2000 (including other CDMA variants), LTE or LTE Advanced type, transmitting and receiving terminals (telephone handsets, for example) are provided with individual smart cards or Subscriber Identity Module (SIM) cards which are used to activate the terminals.
In telematics applications, SIM cards are used for analogous purposes—providing the relevant identification and authentication information for each telematics terminal. In certain telematics applications, the SIM may not be provided on a card but on an integrated circuit implanted or integrated into the device. This may, for example, take the form of a VQFN8 package for standardised installation.
Each SIM will be specific to a particular network (the “home” network)—that is, it will have been issued under the control of the operator of that network and will be for use within that network.
SIM cards are specific to the customers and carry information particular to each customer such as the customer's International Mobile Subscriber Identifier (IMSI) together with authentication information, including the individual subscriber authentication key (Ki). Traditionally, the IMSI will be from a range of IMSIs assigned by an issuing authority, for example the International Telecommunications Union (ITU), to the service provider.
Conventionally, there is a one-to-one mapping between the IMSI, Ki and the service provider responsible for issuing the SIM. There is a fundamental assumption throughout the telecommunications field that this one-to-one relationship is the only way to operate a telecommunications network, i.e. there is a deep-seated belief that each IMSI of a SIM must be intrinsically coupled to one security key and one service provider.
Each Ki is intrinsically linked to an IMSI as the IMSI is used as part of the algorithm that generates the Ki. Each network operator may use a different algorithm to generate the Ki, thus maintaining the one-to-one relationship between IMSI, Ki and provider.
It is an essential security requirement of telecommunications systems that the individual subscriber authentication key (Ki) of the SIM is only ever stored at two points of the network, i.e. on the SIM and at the authentication centre (AuC). Additionally, neither the Ki, nor the algorithm that generated it can be shared or transmitted in any sense, whatsoever. In fact, the removal or transmission of the Ki from the SIM at any point after manufacture is illegal in some territories.
In a conventional telecommunications system, the Ki is paired on the SIM with the International Mobile Subscriber Identity (IMSI) of the SIM at the point of manufacture. It has long been a problem for telecommunications network providers that only the IMSI and hence its intrinsically coupled Ki, dictates which network a device can connect to natively and which networks the device can roam onto. It is not presently feasible for a SIM to connect natively to, or inherit the footprint of, a variety of networks because the Ki, as mentioned above, is not transmittable, transferable or programmable. The territoriality of network operators and the telecommunications regulatory framework has ensured that this is the case.
In telematics applications, the conventional SIM and network arrangement is less than satisfactory. For example, a telematics terminal with its SIM card may be incorporated into a product when located in one country (for example during manufacture of the product) but the product may then be exported for use in another country. The eventual destination of the product may be unknown at the time when the terminal and its SIM card are incorporated into the product. For example, a telematics terminal may be incorporated into a vehicle for use not only for providing telephone and data services for an occupant of a vehicle but also for transmitting other information relating to the operation of a vehicle such as, for example, concerning its maintenance or breakdown or relating to its position. In such a case, the initial home network for the SIM card may be a network in a country where the vehicle is manufactured and where the telematics terminal is installed. Thus, it may be necessary to render the SIM card active at this stage in order to enable testing and set up to be carried out. However, the vehicle may then be exported to another country where it will actually be used or primarily used—in which case it will be necessary for the SIM card to be registered to a different home network.
Similarly, if a telematics terminal with its associated SIM card is in use within a product and functioning within a particular operating company's network, problems will arise if the product is then moved permanently into a different geographical region not covered by the network with which it is registered. Although roaming on a terminal into a different network is possible, this is intended for short term movements of a terminal into the different network, not a substantially permanent or long-term transfer. In such cases, it will of course be possible to deal with the problem simply by issuing a new SIM card upon the transfer of the product including telematics terminal into the area of a different network. However, this could be logistically difficult in practice, and, additionally, could have the result that useful information placed on the previous SIM card would be lost. Moreover, in certain telematics applications, where the SIM is not stored in the form of a smart card but on an integrated circuit implanted into a device, a SIM replacement may not be possible.
Previous attempts to design a SIM capable of registering and re-registering on multiple networks have been based on the principle of producing multiple instances of a single SIM within one ‘super SIM’ which is then able to pick an IMSI-Ki pair to be used in each situation, i.e. when registering and re-registering on multiple networks. There are however many disadvantages inherent to such a system.
For example, as the SIM is effectively multiple SIMs placed within the same SIM, there is an inherent ambiguity as to who would be the owner of the ‘super SIM’. Each IMSI-Ki pair would be considered the property of a network in each territory or the organisation responsible for the issuance of each IMSI-Ki pair.
The ‘super SIM’ also provides an inconsistency in security and service. For example, each Ki of the ‘super SIM’ may have been generated using a different algorithm. Some of these encryption algorithms are very weak. The breaking of such a weak algorithm would compromise the security of the entire module. As each IMSI-Ki pair is essentially an individual SIM of different providers, there is an inherent inconsistency.
Further, in conventional telecommunications networks, authentication of the SIM is carried out by a location register acting as an authentication centre. If each IMSI-Ki pair of the ‘super SIM’ corresponds to an individual territory or network, that individual network must be responsible for the authentication. (As mentioned above, the security key can never be transmitted; neither can the algorithm that generates the authentication signals). As a result, when a device with multiple IMSI-Ki pairs attempts to connect to a network, the local network must communicate with a large number of location registers in a plurality of disparate locations in order to authenticate the device on the network.
The routing between local registers may also be such that a large operating overhead is added to the system, for example, in terms of speed, functionality and quality of service. In many circumstances there are specific national routes that must be followed by communications, particularly when travelling across oceans; there are potentially a number of different routes for communications to travel between location registers. As such, the authentication and communication is prohibitively inconsistent. This may be exacerbated by, for example, SS7 congestion. Moreover, to operate such a disparate system, a large number of costly licences is required to run the plurality of distinct location registers.
It would be highly desirable to provide an identity module which is natively operable on a variety of different networks and which can interchangeably uniquely identify itself to a network using unique identifiers associated with a variety of different territories and/or networks. Moreover, it would be desirable to provide such a module, whilst also providing improved consistency of routing minimising the back end system components and hence the operating overheads.