The present invention relates to security measures for wireless telephones or cellular mobile phones. More particularly, the invention relates to authentication methods employing biometric information (e.g., fingerprints) to guarantee non-fraudulent use of wireless telephones or cellular mobile phones.
As known in the state of the art, wireless telephones or cellular mobile phones are identified by mobile identification numbers (MINs) and electronic serial numbers (ESNs). Current protocols for wireless communication, either placing or receiving a call, require both the MIN and the ESN to be broadcast through a standard common air interface (CAI) between the wireless telephone and a mobile switching center (MSC) for authorization and billing purposes. However, such information can be easily intercepted and obtained via specialized scanning equipment that is readily available. MINs and ESNs captured this way can be illegally programmed into other cellular phones for the purpose of placing calls that will be billed to the person that the MIN and ESN has been legitimately assigned to. This type of theft has become a common practice world-wide, and millions of dollars are lost to the wireless service providers and law enforcement agencies (US $650 million in 1995).
Various methods have been proposed to solve this problem. One method (described in U.S. Pat. No. 5,448,760) proposes the idea of requesting a personal identification number (PIN) each time a call is placed. The PIN can be safely transmitted through a different channel. However, this inconveniences the user and many users even forget their PINs. Another method (described in U.S. Pat. No. 5,420,908) proposes monitoring each customer's habit or calling pattern (also known as user profiles) and blocking any calls that do not fit the customer's previous calling pattern. However, such a method suffers from two problems: (1) the calling pattern of a customer is difficult to accurately pin point (any time the calling pattern changes a legitimate call might be blocked) and (2) it will not successfully block calls from phones that continually change the MIN-ESN pair that they employ.
In another method (described in U.S. Pat. No. 5,420,908 issued to Hodges and Rubenstein and incorporated herein by reference), a "challenge response" authentication scheme is proposed to solve fraudulent use in wireless communication. The proposed method includes a central authentication system serving several MSCs which store all MINs with associated secret keys that are used to generate the "challenge response" authentication. Having one central authentication system for several MSCs eliminates the need for cross-system access between different MSCs. However, for security reasons--e.g. power failure, computer hacker attacks, natural disasters--there should be at least one additional remote site that maintains a mirror copy of the central authentication system. Ideally backup communication between central authentication system and its mirror(s) allow both hot and cold backups to dynamically maintain identical copies at all times. All MSCs communicate with the central authentication platform through a standard phone line. This method also requires each wireless phone to have a device which contains special information to generate a correct response to a specific "challenge". Each time that a user uses a cellular phone, the MIN and ESN are sent to the MSC just as in the standard protocol used in wireless communication today. Then the MSC sends the information through a secure public switched telephone network (PSTN) line to the central authentication platform. The central system then takes the secret key which is associated with the MIN and generates a challenge which is sent to the cellular phone through a different wireless forward channel. The cellular phone then uses its special internal module to generate a response to the challenge which is then sent back to the MSC by wireless means and then forwarded to the central system via standard PSTN lines. The central system then compares the cellular phone's response to the pre-calculated response value it expects. If the response is correct the use is authorized.
Such a system has certain advantages and should improve security in wireless communication. Although no specific type of secret key was disclosed in the '908 patent, the specified secret keys--including a string of special integers--suffer major drawbacks. First, computer systems are always subject to intruders/hackers. For example, just recently there was the much celebrated case of Tsutomu Shimomura the network security expert and his attacker Kevin Mitnick the outlaw computer hacker (In Takedown by John Markoff and T. Shimomura, Hyperion Press: USA 1995). In the case of a break-in or even a suspicion of a break-in, all stored secret keys are rendered useless and all the keys need to be updated. This necessarily means that all the users have to visit their service provider in person and update their secret key. Second, if only one or a few keys are stolen at any given time, the system would not be able to detect the theft until the end of each billing cycle (if even then). Third, the "challenge" is MIN-specific, the thieves who capture the MIN and ESN through the air interface can also capture the "challenge" and its "response" and attempt to crack the secret key. While some encryption methods like RSA can be made very secure now, the powerful computers that can be expected to become widely available in the future may allow secret keys to be cracked with the knowledge of multiple challenges and their responses. Still further, with the global computer connectivity, Internet viruses have become a major issue and almost every week there is a new virus that is released, particularly from less developed countries. If the central authentication system gets infected and the files tampered with, as before, all users have to return to their service provider to have a new secret key reissued. All these four scenarios are quite likely to happen in our age of high-tech criminals and even-higher tech teenage pranksters.
What is needed therefore, is an improved security system to protect against unauthorized use of wireless communications. The method and associated system should provide improved security and be easy to maintain.