This invention relates to a secure interlink receiver for programming wireless telephones wherein the interlink receiver interconnects a wireless telephone with a remote central processor for secure assignment of the necessary phone number and parameters for immediate use of the telephone by a customer with a designated service provider.
The use of an interlink receiver for programming a telephone was first taught in McGregor, et al, U.S. Pat. No. 5,325,418, entitled, xe2x80x9cCellular Phone Accounting Systemxe2x80x9d, issued Jun. 28, 1995. In that patent, phones received from different manufacturers are programmed for use in a controlled environment. For example, in the situation where phones are programmed and activated for governmental use or organizational use in private companies, strict control over the programming procedure is maintained. Similarly, in the rental environment, the phones are programmed and tracked by the organization renting the phones enabling close operational control over the temporary use of the phone by a rental customer.
Although it was suggested that the procedures for programming, tracking and accounting described in the referenced patent could be incorporated into central telephone systems, questions of security as well as inertia were predicted to inhibit broad application.
Additionally, where gang programming of multiple phones by manufacturers or service providers occurs, security can be controlled. A system for programming cellular phones in an interlink receiver with a gang platform is described in the continuation-in-part application of McGregor, et al, entitled, xe2x80x9cMobile Phone with Internal Call Accounting Controlsxe2x80x9d, now U.S. Pat. No. 5,625,669, issued Apr. 29, 1997.
The significant problem of phone security is evident by the massive losses of carriers and service providers. The dramatic increase in wireless communication in the form of cellular telephone systems, cordless personal communication service devices, radio phones and other digital and analog systems that communicate over the airwaves has magnified the vulnerability to fraud. Frequency scanners and other interception devices have allowed access not only to the content of communications, but to the electronic serial numbers and access codes of the callers. Clone phones, that imitate a legitimate subscriber""s phone, are fraudulently programmed to duplicate the codes of the legitimate phone and enable the user of the cloned phone to place calls that are billed to the authorized subscriber. Losses to wireless phone fraud are estimated to be in the hundreds of millions of dollars per year.
As wireless phone distribution moves from the controlled environment of carriers and local service providers to general retailers, the programming and activation of wireless phones is accomplished remotely. Frequently, several entities may be involved behind the transfer of a wireless phone from the retailer to the user. The retailer will likely sell wireless phones from different manufacturers, and offer assignment of the phone to different service providers. The retailer may have available different credit or debit plans for payment of the phone and carrying or underwriting the service provider charges, enabling a new market for intermediaries.
The availability of many of these options is described in the patent of McGregor, et al., U.S. Pat. No. 5,577,100, entitled, xe2x80x9cMobil Phone with Internal Accountingxe2x80x9d issued Nov. 19, 1996. In that patent, convenient methods of remote programming and phone activation are described, including methods that can be accomplished over the airways. With the advent of this prospect, the question of the security of the programming procedure becomes critical.
It is a primary object of this invention to resolve the problems of secure programming and activation of wireless phones where all or part of the programming originates from a host computer at a site remote from the phone being programmed. While the description of the invention is primarily directed to the use of the more secure line connection between the interlink receiver and the host computer to minimize unauthorized intrusion, the interlink receiver system is designed to communicate in encrypted messages to enable the dialog for remote programming to be accomplished via a wireless communication path. In certain areas of the world, the existing hardwire infrastructure is nonexistent or unreliable. Remote programming and activation over the airways is therefore a necessity.
The object of this invention is to provide a device and process that maximizes the ability to remotely program a wireless phone in a secure manner.
This invention relates to a device and process for secure remote programming of wireless phones.
Programming of phones from a remote host computer may be required for a number of reasons. In U.S. Pat. No. 5,325,418, a system for remotely programming wireless phones was described for the primary purpose of central accounting. Programming of cellular telephones in the rental environment includes initial programming and activation of new phones added to the rental inventory, and the reprogramming of rental phones that are returned to different rented sites and added to the return site inventory.
In other situations, programming of wireless phones from a remote host is desired to coordinate the allocation of assignable phone numbers. For example, the service provider may have a block of MIN""s (mobile identification numbers) that must be assigned to new phones before they can be activated. If there is a number of distribution outlets, centralizing this resource allows assignment to be made in accordance with inventory movement at each site.
As programming and activation of the mobile phone moves away from the control of the manufacturer, carrier or service provider, security becomes more difficult to implement. It has been suggested that remote programming can be performed with a conventional personal computer and a modem with the wireless phone directly connected to the serial port of the computer via a cable. Because a personal computer is effectively an open system, security is virtually impossible to implement, where security is to extend to the programmer. However, where there is interposed an interlink receiver between the host computer and the telephone unit as disclosed in the referenced patent, hardware and software can be implemented that effectively codes certain features of the programming sequence that is even secure from the technician programming the phone.
The interlink receiver of this invention is designed to include a secure encoding and encryption chip that permits certain security codes to be entered into a mobile phone without access by the programmer and without certain keys entering the communication dialogue between the host computer and the interlink receiver.
The interlink receiver of this invention is designed with an internal modem to allow the interlink receiver to directly connect to a phone line terminal for station to station connection with a remote host computer. The interlink receiver includes a small microprocessor and updatable memory to perform the procedural tasks of communicating with the host computer and the installed phone unit, and allowing data entry via a small keyboard and feedback with the technician, via a small display.
The secure interlink receiver has its own identification number and includes an internal routine for encrypting communications with the host computer. The interlink receiver is designed to enter a secret authentication key into the phone unit in a tamper-proof manner enabling the phone unit to generate shared secret data with the carrier or system provider. The authentication key or A-key is a 64 bit code assigned to the permanent security and identification memory of the mobile phone unit. The assigned code is known only to the home location register or authentication center, and does not change as the mobile unit roams from one zone to another. As detailed in the TIA/EIA Interim Standard 91 (IS-91), the necessary caller authorization codes and communication encryption codes are generated using in part the A-key. In this manner, each mobile phone unit has a unique key from which changing authentication and encryption codes can be derived. Enabling authentication codes and encryption codes to change for a discrete mobile phone unit greatly enhances the security of the unit. Additional procedures and protocols for secure call placement can be added, including random or calculated change of authentication codes and encryption codes.
The interlink receiver of this invention is designed to be an inexpensive, but secure device that can be used to remotely program and encode a mobile phone unit by a technician or a common sales person. The device is designed for use in a system with a host computer and includes the necessary terminal for interconnection with programmable mobile phone units of different manufacture.
These and other features will be apparent from a consideration of the detailed description of the preferred embodiments.