Mobile terminals are becoming increasingly ubiquitous in the modern world with ever larger numbers of users of all ages and all levels of sophistication owning or having access to mobile communication and/or processing devices. In an effort to market products to such users in a very competitive marketplace, service providers or network operators have adopted a strategy of offering low cost or even free phones to users. In an effort to ensure that such users engage the network operator thereafter for the provision of services for the low cost or free phones, the phones have typically been locked to the corresponding network operator. These phones are sometimes referred to as “subsidized” handsets.
Historically, one mechanism for conducting such “locking” between a phone and a network operator has related to the provision of a subscriber identity module (SIM) lock for a SIM or smart card associated with the phone. The SIM or smart card is often employed to enable the phone to access and utilize many of the phone features and includes identity information specific to the user. In practice, the network operator may institute a SIM lock in a number of ways. However, one common way to provide a SIM lock has been to use International Mobile Subscriber Identity (IMSI) locking. An IMSI is a unique number associated with a mobile subscription. The IMSI also conveys information about the identity of the network operator that provides the subscription. The IMSI is typically stored in the SIM, which may be a removable card, inside the phone and is sent by the phone to the network.
In theory, when the user initially powers up the mobile terminal in a network, the IMSI will be transmitted to identify the subscriber to the network operator. If a valid IMSI (e.g., an IMSI belonging to the network operator to which the mobile terminal is locked) is provided, the phone may get service from the network operator. However, if the IMSI provided does not belong to the network operator to which the phone is locked, then the phone cannot get network service.
A possible problem with the SIM lock mechanism described above has been that it may be relatively easy to insert a device between the SIM card and the mobile terminal device to alter communications therebetween. As such, for example, devices such as the X-SIM, UniversalSIM, TurboSim, TornadoSim, Simable, NoKey and others have been developed. Devices like the X-SIM may make a phone or other mobile terminal useable with a network operator other than the one to which efforts have been made to lock the phone or mobile terminal. The X-SIM may do this by essentially enabling a bypass of the SIM lock by using a “man-in-the-middle” attack. In this regard, for example, the man-in-the-middle device may enable the phone to report an IMSI that satisfies the SIM lock conditions instead of reading it from the SIM card. If the device holds an IMSI value that fits the SIM lock conditions, SIM lock validation may be performed and the mobile terminal may be used on the network. In this case, however, the IMSI obtained from the X-SIM cannot be used to connect to the network, since it represents a subscription belonging to the network operator that the mobile terminal is locked to, and does not reflect the subscription of the SIM card being used.
In order to reduce the likelihood that the user may be identified and/or tracked by a third party, some mobile terminals limit the number of times the IMSI is transmitted. Accordingly, a temporary mobile subscriber identity (TMSI), which is a temporary subscriber identifier associated with a particular location, is often communicated instead. The TMSI is a value that may be changed periodically and whenever the phone enters a different area. When a new TMSI is obtained from the network, it is stored on the SIM card, and subsequently used to identify the subscriber instead of the IMSI. If a TMSI used is rejected, then the IMSI may be sent to the network in order to permit network access via an IMSI attach procedure, which will cause the network to send a new, valid TMSI to the mobile terminal. In situations where an X-SIM is employed, for example, if the X-SIM is able to bypass the initial SIM lock by using a fake IMSI, the TMSI stored on the SIM card is typically used as subscriber identity instead of the IMSI. Thus, even if the IMSI provided to the mobile terminal by the X-SIM card does not match the subscription in the used SIM card, the TMSI can be used to successfully establish a connection to the network using the subscription of the SIM card. In this way, the mobile terminal can be used with a SIM card that would not normally pass the SIM lock, i.e. with a network operator other than the network operator to which the mobile terminal was locked.
Accordingly, it may be desirable to provide an improved mechanism for providing smart card security.