Theft and misuse of mobile phones and other wireless communications devices are of big concern to individuals as well as corporations/organizations. Such devices often contain sensitive information and their illegitimate use can incur loss of sensitive data and large costs to its owner or user. To hinder illegitimate use of phones and other radio based equipment different schemes for phone locking and Over-The-Air (OTA) deactivation have previously been designed.
One known procedure for blocking illegitimate use of a mobile phone that may incur cost for the subscription owner is to ask the operator to block the subscription. This however does not stop the use of the phone itself, e.g. by inserting and using another Subscriber Identity Module (SIM) card.
To reduce the risk of misuse of stolen PCs, laptops and other types of mobile equipment several protection methods have been developed. Most devices support the use of passwords for access protection; other devices augment password protection with encryption of data so that this data when being extracted from storage media is not in clear text. However the device itself can in many cases be considered lost as it can be refitted with new software for subsequent use.
The 3GPP Mobile telephony standard specifications discuss the concept of personalization, see 3GPP TS 22.022. Here the International Mobile Subscriber Identity (IMSI) is read from the SIM card and compared to a normally factory-preset data setting. This mechanism is used for operator locking of mobile telephones, i.e. to ensure that a phone can only be used with a subscription from a given operator, i.e. to establish a unidirectional binding between the phone and the SIM cards of a particular operator. However, this prior art mechanism is susceptible to attacks since the communication between the SIM card and the mobile phone is not protected. Thus data that is exchanged can be intercepted and modified. Examples of such attacks are known as TurboSIM where a processor is placed between the SIM card reader and the actual SIM card. Modern mobile phones may implement a secure channel, as for example specified in ETSI TS 102 484, which gives a secure way of communicating between the SIM and the mobile phone. However, an operator lock as described above provides no security to the user against misuse of the mobile phone, if the mobile phone is stolen.
Some solutions exist that are intended to protect mobile telephones from unauthorized use, e.g. the solution marketed under the name McAfee Wavesecure. This solution requires connection to the network infrastructure and thus operation in a coverage area of a communications network. Furthermore, some mobile phones implement what is called a phone lock which blocks normal operation of the phone until a correct Personal Identification Number (PIN) code or password has been entered successfully. These solutions have problems due to the fact that if the user forgets the PIN he or she cannot use the phone. This may force phone manufacturers to create backdoors or tools that can reset such locks. However, since maintaining knowledge of who is the right owner of a phone or not is cumbersome and expensive such backdoors and tools work irrespective if it is the right owner or not. Likewise, some devices augment password protection with encryption of data so that this data when being extracted from storage media (hard disk, tape, flash memory, USB stick, etc.) is not in clear text. However, in many cases, the device itself has to be considered lost as it can be refitted with new software for subsequent use. Hence such phone locks and similar solutions like screen locks have little if any real security value.
Special security solutions like Intel's Anti-theft technology in mobile devices are available. However such solutions imply that the device to be protected needs to be equipped with double security hardware: In addition to the special Anti-theft hardware, functionality and system support a wireless communications device further needs to be equipped with a SIM card or similar hardware in order to get access to most common mobile networks such as Global System for Mobile communication (GSM), Enhanced Data for GSM Evolution (EDGE), Universal Mobile Telecommunication System (UMTS), Long Time Evolution (LTE) etc.
Further security solutions exist that are suitable in environments where the device distribution can easily be controlled, e.g. the security solution for relay nodes (see 3GPP TS 33.401). However, it is normally not practically possible for network operators or device manufacturers to know which communications device is ultimately to be used with which SIM card, thus limiting the usefulness of known operator- or manufacturer-controlled mechanisms.
In view of the above prior art, it would thus be desirable to provide an efficient, user-friendly and secure protection of wireless communications devices against misuse that does not require additional hardware.