Multifunction terminals are playing a growing predominant role within the framework of the exchanging of data, audio, video services between user of these terminals, by virtue, on the one hand, of the constant increase in their processing performance, and, on the other hand, of the transmission capacities in terms of bit rate and/or bandwidth allowable for networks permitting these exchanges.
One of the typical, nonlimiting, examples of terminals of this type is given by mobile telephone terminals or handsets, which allow the execution of multiple functions, while the mobile telephone networks in which the GSM network, or the UMTS network, more recent, illustrate the growing increase in their transmission capacities.
When, in particular, the aforesaid multifunction terminals are mobile telephone handsets, they allow the implementation of numerous functions, proposed and implemented under the control of the network operator.
As a general rule, multifunction terminals usually comprise, in addition to a central processor unit, a security processor in communication with the latter and allowing the execution of a public-key cryptography system, allowing or participating in the implementation of these multiple functions.
Such is the case of mobile telephone handsets which customarily comprise a SIM card (Subscriber Identity Module), which usually plays the role of security processor.
A SIM card is in fact a chip card containing a memory and a microcontroller. The most recent SIM cards are able to host applications intended for the subscriber. The GSM or UMTS network operators can remotely update the content of certain files of the SIM card. The microcontroller ensures access to the data files and application files, in terms of access entitlements to the functions of the terminal or mobile handset, in particular the cryptography functions, related for example to access code values, and the execution of the applications or functions controlled by the network operator.
More specifically, the control of the aforesaid functions is executed by means of a restriction/inhibition mechanism for technical functions or services at the level of each handset, as defined minimally by the ETSI TS 101 624 V7.0.0 standard and designated SIM card locking, or SIMLOCK.
According to the aforesaid standard, the restrictions relate essentially to the locking of network access, the mobile handset being able, for example, only to connect to a predefined set of GSM/UMTS networks. Other technical functions may moreover be protected by this mechanism, such as for example, access to the Internet through the WAP protocol (Wireless Application Protocol), access to MMS multimedia messaging servers, or the like.
The user of the handset is able to reactivate any locked or restricted technical function by entering, by way of the keypad of the handset, a value of a relatively short specific unlocking code comprising between 8 and 16 decimal digits.
Customarily, locking/unlocking codes are available simultaneously on a given handset, each of the aforesaid codes activating or inhibiting one or more technical or service functions.
The locking/unlocking codes are generated randomly in the SIM card manufacturer's installations and stored in each handset, before being communicated to the network operator by way of a communication channel defined by a common agreement.
The aforesaid mode of operation exhibits the following drawbacks however.
The short length of the locking/unlocking codes makes it very difficult to protect them. In particular, these codes are too short to form signatures obtained through an asymmetric-key signature algorithm, so that they are, usually, protected by symmetric-key cryptographic algorithms.
Due to the short length of the codes, it is relatively easy to conduct an exhaustive attack in order to retrieve the codes or define new ones. Protection may vary from one host platform to another, depending on the security capabilities of the hardware.
Code leaks or compromises may emanate from SIM card manufacturers, since:                they produce these codes and must register them in each handset;        they must be capable of communicating these codes to a network operator even after a determined time duration.        
Consequently, these codes are kept in the manufacturer's databases for a long time, so the latter must be highly secure.
This fact may impair the relationships between manufacturers and operators, since, when a leak occurs, there is always a doubt as to the origin of the leak, network operator or manufacturer's databases.
The object of the present invention is to remedy all of the aforesaid drawbacks.
In particular, an object of the present invention is the strengthening of the security of management of codes for locking/unlocking the network access functions of multifunction terminals, in particular SIM cards forming the security processor of such terminals.
Another object of the present invention is moreover to render the management of locking/unlocking codes by the manufacturers of security processors, in particular of SIM cards, totally independent of the management undertaken by network operators, the method and the system which are the subject of the invention making it possible to remove the need for the manufacturers to know the locking/unlocking codes of handsets.
Another object of the present invention is the implementation of a mechanism for securing the management of codes for locking/unlocking the network access functions of multifunction terminals, on the basis of a minimal hardware platform including a secure boot or startup entity allowing at least one authentication before startup, provided either through booting locked by One-Time Password (OTP),or by security ROM code available on more recent chips.
Another object of the present invention is the implementation of a trusted execution environment providing a method and a system for strengthened control of the locking/unlocking of the network access functions of multifunction terminals, this environment being able, in a nonlimiting advantageous manner, to be implemented by virtue of a SIM card.
Another object of the present invention, within the framework of the aforesaid trusted environment, is the implementation of an effective and robust parry against attacks from malicious tamperers attempting to alter or delete cryptographic data signed by the network operator.
Another object of the present invention, within the framework of the aforesaid trust environment, is the implementation of an effective and robust parry against exhaustive attacks, aimed at reconstructing one or more locking/unlocking codes, by controlling the response timing and/or the number of responses of the service processor of the SIM card to the authentication of the locking/unlocking code entered by the user, thereby enabling any exhaustive attack to be rendered almost impossible or very difficult.
Another object of the present invention, within the framework of the aforesaid trust environment, is finally, although any manufacturer of a SIM card or a security processor and any network operator are induced to share secrets, the implementation of this trust environment in the absence of the addition of new relational constraints between them.
The method and the system for controlling the locking/unlocking of the network access functions of a multifunction terminal furnished with a security processor, which are the subject of the invention, execute a public-key cryptography system.
They are noteworthy in that they consist in respectively are implemented by allotting this terminal an original public key serving to verify the integrity of the data loaded into said terminal, generating a pair of keys, public key, private key associated with the access network of this terminal, generating an original approval certificate for the terminal containing these public keys, original public key and public key associated with the access network of this terminal, establishing for initialization a locking certificate for this terminal containing at least the original approval certificate for this terminal, data for initial configuration of this terminal and a sequence of random data, and storing the locking certificate and the public key associated with the access network of this terminal, signed digitally on the basis of a private key compatible with the original public key, in a secure area of the security processor. On boot up for use of this terminal by introduction of a code by a user, they make it possible to verify at least, in the absence of an unlocking certificate for at least one function of the terminal or the presence of an invalid unlocking certificate, the integrity of this locking certificate and the elements contained in this locking certificate, and then to unlock and authorize the use of this terminal or of a specific function of this terminal, conditionally upon the successful verification of this locking certificate and upon the validity of the code introduced. This terminal or this specific function is kept locked in the absence of authorization of use, otherwise.
According to another noteworthy aspect of the method and of the system which are the subjects of the present invention, in the presence of a valid unlocking certificate, this unlocking certificate is substituted for the locking certificate in order to continue the process.
According to another noteworthy aspect of the method and of the system which are the subjects of the invention, the step of verifying the locking certificate includes at least the transmission, from the terminal to the security processor, of the locking certificate, of the unlocking certificate if it exists and of the user code.
According to another noteworthy aspect of the method and of the system which are the subjects of the invention, said security processor, in particular, executes the verifying of the integrity of the original approval certificate for the terminal; and, on successful verification, the validating of the locking certificate by means of the original public key; and, following this validation, the establishing of the whole set of codes that can be introduced by the user, on the basis of the random data sequence contained in the locking certificate or of a specific function executed by the security processor.
According to another noteworthy aspect of the method and of the system which are the subjects of the invention, the aforementioned specific function makes it possible to generate the whole set of valid unique codes that can be generated by the user, a code associated with a function of the terminal being generated for one and only one terminal.
According to another aspect, the method and the system which are the subjects of the invention are finally noteworthy in that the security processor compares any code entered by the user with the whole set of valid unique codes. If the code entered by the user does not correspond to any of the codes of the set of valid unique codes, the security processor generates an error code, returned to the terminal and the configuration of the terminal corresponding to the locking certificate or to an unlocking certificate that is preexisting is kept.