1. Field of the Invention
This invention relates to technologies for security of service consumption by client devices from server devices, and especially by wireless network client devices such as portable telephones and wireless network interface adapters.
2. Description of the Related Art
The proliferation of mobile networked client devices, and especially wireless networked devices, is widespread, from Personal Communications System (“PCS”) and Global System for Mobile (“GSM”) telephones, to wireless network interfaces for laptop computers and Personal Digital Assistants (“PDA”), and to short-range wireless interfaces such as Blue Tooth. As the technology advances, more functionalities are developed to significantly enhance these devices at a breakneck pace in order to meet market needs. In this disclosure, we will discuss primarily issues and problems associated with cellular telephones, but which apply equally well to these other types of devices, as well.
Cellular Network Operation Overview
Though cell phones are widely used and have many advantages, cell phone users are faced with phone security concerns, which is considered one of the biggest problems in wireless communication. Cell phone security can be broken down into two categories:                (1) people listening into cell phone conversations (e.g. “snooping”); and        (2) people illegally consuming services identified to an user's account, which is frequently referred to as cell phone cloning.        
Traditional “analog” cell phones transmit control data and voice information in plain Frequency Modulation (“FM”), which produces a security weakness wherein thieves have an opportunity to easily tap into a phone conversation to snoop. This problem was in part addressed by newer technologies in digital (e.g. PCS, GSM) cell phones, which have more robust security utilizing an encryption technique to secure the phone and its conversation.
The standard encryption process works by defining a “key”, which is stored internally into the telephone, that is used in an equation that compresses the audio information. The encrypted key is sent to the cell tower so the cell tower will know how to decode the conversation. It is more difficult to snoop into the conversation with a scanner because ordinarily a third party would not have the key for decrypting the information being exchanged between the cell tower and the mobile device.
A key characteristic of cellular phone systems is the division of a city into small cell units that allows extensive frequency reuse across a city enabling millions of people to use cell phones simultaneously. Cell phones also have low-power transmitters and relatively low power consumption. The cellular approach requires a large number of base stations and towers to be placed in cities of any size where a phone carrier in each city typically runs one central office called a Mobile Telephone Switching Office (“MTSO”).
All cell phones have special codes associated with them. These codes are used to identify the phone, its owner and the service provider. When a cell phone is manufactured, each phone has an Electronic Serial Number (“ESN”), a unique 32-bit number preprogrammed into the phone.
When the phone is first turned on, it listens for a Systems Identification Code (“SID”) on a predetermined control channel. The control channel is a special frequency that the phone and the base station use to talk to one another about items like call set-up and channel changing. When the SID is received, it is compares to the SID programmed on the phone for a match to verify that the cell phone is communicating with the appropriate service provider.
The cell phone periodically transmits a registration request during each call session so the MTSO can keep track of the phone's location in a database. In this manner, when a phone call is made, a MTSO is constantly able to locate the correct cell tower, and to utilize a Mobile Identification Number (“MIN”), a 10 digit number derived from actual phone number of the mobile device, to transmit the signals to the designated receiver.
Generally speaking, in North America, a standard called Personal Communications Systems (“PCS”) is employed, while throughout much of the rest of the world, a standard called Global System for Mobile (“GSM”) is used. While these systems vary in the details of implementation, their protocols and processes are very similar for a generalized view point.
Turning to FIG. 1, it depicts in a general sense how a call is typically handled between cell phones or a similar device such as a PDA, and its service provider, such as AT&T, Sprint, or Cingular (10). A truly authorized cell phone for this service and account, which we will refer to as an authentic device (13), initiates a session (11) to a service provider (16), but providing a basic Authorization Identifier (12) value with the session request, such as an Electronic Serial Number.
The service provider verifies (14) the received AuthID (12) against a database of known accounts (18). Once verification is complete, the service provider (16) grants the session (15). During the session, a service is consumed (16), such as minutes of talk time or kilobytes of data transferred, until the mobile device releases the session (17). Following completion of the session, appropriate account steps are performed to charge an account associated with the user registered to the particular mobile device for the service consumed, eventually resulting in a charge on an invoice to the consumer.
Mobile Device Cloning
“Cloning” a mobile device generally refers to programming a mobile device to simulate a properly authorized device such that the clone device can obtain and consume service from a service provider, while the costs for the service are charged to a user without his or her knowledge or approval. Often, a cloned device is only usable until one billing period for the victimized user transpires, after which the user detects the unauthorized use, and notifies the service provider, which results in disabling of the account so that both the authorized device and any clone(s) are no longer able to use that account. Depending on the service contract and/or local laws and regulations, the user may be responsible for the charges, the service provider may have to absorb the charges, or some combination of the two may be required. However, even with the newer digital technologies employed in cell phones, the number of cell phone cloning cases continues to rise, which costs service providers an estimated $500 million a year.
PCS utilizes a “soft” programmable ESN which is programmed easily into the phone when it is issued to a user when an account is established. This technique, although intended to allow for quick reprogramming of the device in case it was cloned, actually promoted cloning of stolen telephones by allowing stolen telephones to be quickly programmed as clones.
GSM digitizes and compresses data using a removable Subscriber Identify Module (“SIM”) card that is plugged into the cell phone, which was originally thought to add additional security to the phone to protect it from cloning. But even with its sophisticated technology, cell phone cloning remains a problem when modified SIM cards are installed. It has been proven that at certain times, such as powering up a GSM telephone, the identification data stored on the SIM can be remotely snooped by a thief using a special receiver due to power fluctuations caused when the device reads the SIM card.
Generally speaking, mobile device cloning can occur in many ways, one form of which is gaining physical access to a device such as a PCS or GSM phone, which can be achieved by thieves stealing the phone and copying the private data using an appropriate programmer, or through newer wireless technologies such as Blue Tooth.
A second cloning method to reprogram a wireless device so that it acts as a “prepaid” device with unlimited credits on the user account. Alternatively, thieves can also purchase one cell phone service and then clone the phone, duplicating phones with the same phone service and generate profit from distribution of these cloned phones.
Yet a fourth cloning alternative is to use a radio receiver to receive the ESN and MIN values transmitted during service sessions, and programming a device to use the same identifier values, which results in two or more mobile devices both using the same unique identification information with service provider. As such, cloning remains a major problem that affects both analog and digital communication standards.
FIG. 2 shows a generalization of a scenario between a cloned device and service provider when private data such as ESN and MIN (20) are stolen (22). A authentic device (13) communicates (11, 15, 16, 17) normally with a service provider (16) to establish an authorized session, during which the AuthID (12) of the authentic device (13) may be captured by a snooping device, as previous discussed. Alternatively, the AuthID (12) may be accessed physically by obtaining the phone (e.g. stealing the phone or GSM SIM card).
When fraudulent theft occurs to an authentic device (13), the AuthID (12) is copied (22) into a cloned device (21), giving the cloned device an internal AuthID (12′) which simulates that of the authentic device making the cloned device (21) indistinguishable to the service provider (16).
When the cloned device initiates (23) a service session to a service provider (16), the service provider follows the normal processes to verify (14′) the authorization identification (12′) with its own collection (15) authorization identification values. Upon authentication, the service provider grants the requested service session (24) to the cloned device as if it were the authentic device, and service is consumed (25) (e.g. telephone conversation, web browsing, etc.) by the thief until the cloned device terminates (26) the session. Account usage is recorded (25), which may not be detected by the user of the authentic device until the next billing cycle (e.g. in the next invoice). Theft activities can continue until either the account holder disputes the billing charges at the end of billing cycle, or until the service provider somehow detects usage of the same device from different locations at the same time (e.g. the same telephone seems to be being used simultaneously in Dallas and in Houston).
Two approaches are used currently which attempt to resolve these problems, either through strong encryption or by physically encoding a device identifier onto a communication device. In both cases, thieves can still continue cloning using a multitude of techniques. In fact, both solutions do not solve the central business problem that a cloned device is capable of acting as it is a real authentic device for a considerable period of time, thus incurring loss of revenue, theft of service, and loss of goodwill with customers.
A second hurdle is that these solutions are cumbersome and discourage users from following intrusive security measures. For example, users of cell phones often fail to take advantage of keyboard lock options on the phone because they require the user to enter an unlocking code prior to dialing a number. While this would prevent certain types of cloning and unauthorized use, it would not prevent the cloning attempts which “snoop” the identification data during session set up or session maintenance. It is reasonable to expect, then, that it would not be marketable for the service provider to require user-driven authentication process such as a login with a password or PIN number.
Customers will, however, voluntarily and usually promptly report lost or stolen devices to the appropriate service provider to revoke a device's privileges. However, this does not resolve cloning of active phones, nor fraud of the other types previously discussed. In addition, the security of the unique private keys and data remains unprotected from theft.
A more advanced approach to security has been discussed by the USECA (UMTS SECurity Architecture) group in it's paper entitled “USECA D06 Intermediate report on UMTS security mechanisms”, wherein UMTS abbreviates “Universal Mobile Telecommunications System”. This document provides a detailed description of certain security threats and vulnerabilities in certain mobile telephone architectures, and it proposes an improved security approach as such:                . . . additional security features have to be offered by the mechanisms utilized in UMTS to protect the access network. These additional features include enhancements in user identity confidentiality mechanisms, enhancements in the authentication and key agreement mechanisms to assure the freshness of the agreed keys (used e.g. to provide confidentiality or integrity) also to the user, or to assure the integrity of certain signaling messages to prevent sophisticated attacks. Changes in the security mechanisms in the access network may also have to be introduced because of changes in technology, e.g. the introduction of CDMA requires mechanisms different to the ones in GSM systems. (USECA D06 Intermediate Report on UMTS Security Mechanisms, Version F, Introduction section)        
However, certain questions remain unresolved, and potential vulnerabilities exist even with this improved approach, including:                (a) their “count”, which is a value shared between a phone attempting to access network services and an authorization or security server, can be rolled over, apparently to a maximum of 28, using just a 6-bit value;        (b) their “count” value is automatically updated on both client and server, apparently without using a separate two-phase commit process to ensure that the “count” value stays synchronized between the two;        (c) their “count” continues until there is a conflict, but a conflict is not initiated until a user dials in, following which the detected conflict apparently revokes the handset's service entirely, but it is not clear whether or not this provides a means to initiate a denial of service attack;        (d) their “count” characteristics is dependent on local Home Environment Service Network (“HE/SN”) service agreements;        (e) their “count” value is not persistent on the client device, so there is no capability for non-repudiation;        (f) their “count” is communicated from the network server to the client device as clear data wrapped in encryption, such that if the encryption is compromised, the “count” is compromised, thereby allowing both the original and the clone to be intercepted; and        (g) it appears that multiple clones can be programmed to recapture the correct count.        
Additionally, it is unclear whether or not their “count” value is a special code of any type, and it is unclear if the sequence can be encrypted and set on the client devices. Further, if a “count” value is known, wrapping it as a known element with other elements may provide a seed to breaking the security algorithm.
Consequently, even with newer technology and security enhancements, cloning continues to increase and impact not only customers but service providers. The level of abuse and damages in using fraudulent services and devices is difficult to account and calculate due to its massive nature.
For these reasons, there exists a need in the art for a method which ensures that only one authentic device can use the appropriate services, and that any attempt by a cloned device to consume services will be promptly detected in order to minimize service theft. Preferably, a solution to this problem would interoperate with established network protocols and processes in a minimally intrusive manner so as to avoid user inconvenience that might lead to noncompliance with the security measures, and to minimize impact to device, network, and service provider equipment design.