The subscriber identity module, such as a SIM card, is subscriber-specific, which means that subscriber equipments are not confined to a specific subscriber. The subscriber identity module, such as a SIM card or a GSM card, is a smart card or a smart card which is placed in the mobile equipment and contains information required for identifying a subscriber and for encrypting radio traffic. A subscriber identity module, such as a SIM card, refers herein to a smart card that can be removed from a mobile equipment and that allows a subscriber to use the card controlled mobile equipment.
If a subscriber identity module is employed, the user need not have a mobile equipment of his own, but a subscriber identity module is all he needs. Such a subscriber identity module can be, for example, a SIM card (Subscriber Identity Module) which is, in a way, a phone card that allows the subscriber to make (and receive) calls from any mobile equipment of the system. The purpose of a SIM card, on the one hand, is to provide the mobile equipment with data identifying the user safely in a protected form, and, on the other hand, to provide services to the mobile equipment. The services include maintenance of the identification number (input, alteration, etc.), calculating an encryption key by means of user identity algorithms, and unblocking a SIM card blocked after an excessive number of entered false personal identification numbers (PIN) for example by means of a PUK code (PUK-code=Personal Unblocking Key).
As an alternative way of implementing a SIM card in hand-held phones, a so-called plug-in-SIM has been introduced. A plug-in-SIM is a coin-sized part containing the electronics of a credit card sized SIM card. It is so placed in a phone that the user is not able to replace it with ease. The phone may also have an incorporated plug-in-SIM and, in addition, a card reader. If the card reader contains a card, the phone is identified on the basis of the external card, otherwise on the basis of the incorporated plug-in-SIM. The term subscriber identity module, such as a SIM card, herein generally refers to both the plug-in-SIM and the smart card SIM unless advised to the contrary.
The general function of a SIM card is specified in the GSM recommendation 02.17, Subscriber Identity Modules, ETSI, of the GSM mobile communication system. It defines the terms associated with a SIM card and sets the requirements for the security of a SIM card, functions of the highest level, defines the tasks for the network operator and the information to be stored in a SIM card. It also specifies the minimum requirements for a SIM card of a user interface of a phone, such as a mobile equipment, concerning for example the input and change of a user's Personal Identification Number (PIN).
In addition, the GSM recommendation 11.11, SIM Application Protocol, ETSI, defines more closely the issues specified by the aforementioned GSM recommendation 02.17 by defining the protocols between a SIM card and a mobile equipment (ME=Mobile Equipment), the exact contents and lengths of the data fields of the SIM card, as well as the matters related to mechanical and electrical connections. The GSM recommendation 11.11 is a documentation on the basis of which engineers are expected to be able to provide the software and hardware implementation of a SIM interface.
A problematic situation arises in the use of mobile communications systems when a mobile equipment and/or a SIM card is lost and comes into the wrong hands. Thus, since losing the phone is not necessarily noticed immediately, the person who has stolen the mobile equipment may try breaking the PIN code of the SIM card by trying different codes. When an unauthorized user has made a sufficient number of attempts to break the PIN code, the SIM card may block itself in such a way that it cannot be activated any more by means of the PIN code only, but a PUK code for cancelling the blocking must be entered. This function alone prevents unauthorized use of the SIM card, but it does not assist in identifying or neutralizing the unauthorized user in any way.
When a mobile equipment is taken into use, identifying the mobile user is usually started by requesting the user an identification number, such as a PIN (Personal Identification Number) associated with the mobile equipment or the SIM card. The personal identification number PIN related to the user of the SIM card and the mobile equipment must thus be entered into the mobile equipment and further into the SIM card if data fields determined on a PIN encryption level are wished to be read or altered. In practice, this is done every time in connection with activating the telephone or inserting the SIM card into a card reader.
Once the valid identification number has been entered, the card will also allow reading information located within a confidential area of the card memory.
If the user enters an invalid personal identification number (PIN), the SIM returns the invalid code, and the identification number is requested again. The SIM also increments its internal error counter, which cannot be adjusted by the user in any circumstances. If the user enters three invalid identification numbers in a row, the SIM shifts into a blocked state.
A blocked card may be re-activated, depending on the implementation, with a specific PUK identification number or possibly only by means of the service measures carried out by the manufacturer. A SIM that is in the blocked state only receives an unblocking command (UNBLOCK) for a blocked SIM card. In such a case, the user enters the SIM card an unblock PUK code which is 8 digits in length. Provided that the user enters an invalid unblock PUK identification number e.g. for ten times, the SIM shifts into a permanently blocked state, from which it can be returned only by the network operator that has provided the SIM card.
A mobile equipment that operates according to the prior art--in the first embodiment of the invention--and, on the other hand, a subscriber identity module i.e. a SIM card--in the second embodiment of the invention--may prevent the use of mobile equipment or correspondingly of the subscriber identity module, that is, the SIM card in such a manner that when an unauthorized user makes a sufficient number of attempts to break the PIN code, that is, when the unauthorized user enters an invalid PIN code for a sufficient number of times, the mobile equipment or the card blocks itself so that it can no longer be reactivated only by means of the PIN code, but some other unblocking code, such as a PUK code must be entered. The mobile equipment or the subscriber identity module is thus deactivated provided that the unauthorized user knows neither the PIN code nor the PUK code (PUK=Personal Unblocking Key).
Another aspect of the matter disclosed above is the fact that the memory of the smart cards employed as subscriber identity modules, or SIM cards, is usually divided into parts according to the fact who has an access right to the data located in the memory: the memory is usually divided into three zones on the basis of the encryption class: an open, a confidential and a secret zone. On the confidential zone, such data is stored that, in order to be read and altered, requires a PIN identification number to be entered to the card. The memory of such a mobile equipment that is not connected to a subscriber identity module may also be divided into open, secret/confidential zones in the manner described above. In the confidential area of both the mobile equipment and of the SIM card, all user-specific data is stored, including protected subscriber identities, such as an IMSI=International Mobile Subscriber Identity in the GSM system and an ITSI=Individual Tetra Subscriber Identity in the TETRA system.