Mobile phones today have the capability of many different applications over that of simply making and receiving telephone phone calls. Some have calendar functions, music players and games, while many have applications that can utilize the mobile phone's ability to connect to the internet using an internet browser, such as instant messaging and download services. These applications may be preloaded onto the phone or downloaded using various techniques. The download methods, so-called “over-the-air” methods, include the well-known WAP-push technique, which allows content and applications to be pushed to a mobile device by providing an encoded SMS message to the device which includes a link to a WAP address for downloading the application.
Many of these applications, in particular those that access services, over the internet, require registration before they can be used. The registration process usually involves setting up of sign-on details, such as usernames and passwords, and providing payment details if the service requires it. This is used to authenticate the user before a service is provided and helps control other functions such as billing. This is particularly important with applications that are provided by a third party over the internet where authentication and billing are critical. Alternatively, users might be asked before they download an application via a web site to pay for the application first and to enter the device serial number (IMEI). This method is most often used by application vendors to tie an application to a particular mobile phone. However, in these cases when the user changes mobile phone, the application has to be downloaded again.
In third party provided applications and services, the third party/vendor will not automatically have access to the user's details that will have been provided to the user's home mobile network, specifically in the home location register. This means that this separate registration process is required, and is typical in most third party provided applications and services, such as music downloads and instant messaging.
From an authentication perspective, it is important to avoid the situation where a user who has registered an application on his mobile device and subsequently loses that device, does not lose too much data associated with that device. If the registration process for an application is “weak”, for example in a one-off registration process to activate an application prior to subsequent use, another user could simply insert their SIM card into the lost device and use the registered application at the expense of the genuine user. Even if the application is tied to the serial number of the mobile device, another user could still insert their SIM and use the application, as the device serial number remains unchanged.