In the area of motor vehicles, in-car communication devices are known, commonly called “car kits” offering a “hands free” function making it possible to dial and telephone without having to manipulate the mobile telephone. These devices generally operate when coupled to a mobile telephone which for this purpose is placed in a support called “cradle” or “base unit”. Some of these devices may also integrate a mobile telephone.
These devices may be divided into two categories. In the first category the device consists of an in-car computer able to manage a mobile telephone, loud speakers, a microphone and other vehicle equipment. Devices in this category are rather more intended for the public at large since they are designed to be connected to the user's usual mobile telephone. Once the telephone is placed on the base unit of the device, the user can activate the “hands free” function of the device which integrates voice recognition functions able to recognize some words such as “telephone” uttered by the user and captured by the microphone of the device. In this category, the user's mobile telephone is always used to access an external telephony network. The devices which come under this category therefore have the advantage of not being equipped with telecommunications equipment.
If the mobile telephone is equipped with a SIM card (Subscriber Identity Module), the user has to enter a personal “PIN” code which is verified by the SIM card. If the correct code is entered, the user is able to access the telephony network.
In the second category, the device also consists of an in-car computer, but has its own telephone equipment comprising a modem linked to an external antenna. The telephone equipment must be equipped with a SIM card and hence its owner must hold a specific telephone subscription. The devices in this category are therefore rather more intended for professional use. In addition, they have the added benefit of an external antenna offering better gain than the antenna of a mobile telephone.
Also, some of these devices use what is called a “Bluetooth profile” called “SIM Access Profile” (SAP) grouping together a set of functions offering users the possibility to use the SIM card of their mobile telephone without having to place the telephone in the base unit of the device. With this Bluetooth profile it is possible to separate the telephone equipment from the SIM card which may be in the mobile telephone or in a card reader of the device, the link between the telephone equipment and the SIM card being ensured by a Bluetooth link. In this second category, this operating function avoids the use of a specific SIM card while using the external antenna with which the vehicle is equipped.
Some communication devices (car kits) also enable PC-type equipment (or personal digital assistant) provided with communication means of Bluetooth type to be placed in communication with voice or data services accessible via the mobile network, the payment of these services being made by the holder of the SIM card inserted in the communication device or in communication therewith via SAP.
The functioning of this kind of device is illustrated in FIG. 2. On activating the communication device, for example when inserting the vehicle's ignition key, the device executes procedure 20 shown in this figure. During the first step 21 of this procedure, the communication device scans the radio environment to detect equipment equipped with a Bluetooth interface. In the following step 22, if no equipment is detected, the device returns to the previous step optionally passing through an intermediate standby step 23. If one or more items of equipment are detected, and if such items include one or more mobile telephones, one is chosen at random giving preference to a mobile telephone with which it has already been connected.
If during step 24, the chosen telephone is being connected for the first time to the device, this device carries out Bluetooth pairing procedure (step 25). This procedure uses a telephone authentication mechanism based on entry by the user of a common secret code called Bluetooth PIN code shared by the telephone and the device. If pairing procedure is successful, a Bluetooth connection is set up between the device and the telephone. If at step 24 for the chosen telephone this is not a first-time connection, an automatic authentication mechanism (no user action) based on the use of a session key obtained during the previous session is used before setting up the connection.
If telephone authentication is successful (step 26), the communication device sets up a connection with the mobile telephony network using the SIM card of this telephone. Subsequently, other equipment such as equipment of PC or PDA type can be connected to the device via a Bluetooth or wire link to use the connection that has been set up with the telephony network in order to access voice or information services offered by the telephony network, these services then being invoiced to the owner-user of the telephone paired with the communication device.
Should the communication device detect several mobile telephones equipped with a SAP profile, it chooses at random the first telephone recognized, which raises a problem since the user chosen by the device is not necessarily the person wishing to pay for access to the services. In other words, it is not possible to choose which mobile telephone must be paired with the device. It is also not possible to refuse access by one or more items of equipment of PC or PDA type to the data or voice services once the connection with the telephony network has been set up.
In addition, if the security of the telephone chosen by the communication device has been disabled, the owner of the mobile telephone may not be informed that it is he/she who will pay for access to the services offered by the network.
At the current time, Bluetooth protection between the communication device and equipment of PC or PDA type is rarely enabled or used efficiently. The Bluetooth PIN code of the communication device is often chosen in simplistic fashion, e.g. “1234” for easy memorizing. There is therefore a high risk that an unwanted person may access the network services by passing through the communication device unknown to its owner, and therefore of making the latter pay for this access. In addition, if the fraudulent person has managed to connect once, there is no further need to enter the Bluetooth PIN code for any subsequent times since his equipment has been memorized as already having been connected.