The use of cellular phones for both personal and business related communication has become much more commonplace today. With the increase in use of cellular phones, theft of the encryption keys for the cellular phones has become more prevalent, so much so that cellular phone service providers have begun to look for methods to prevent encryption key theft and the resultant unauthorized cellular phone usage.
For example, U.S. Pat. No. 5,655,004, issued Aug. 5, 1997 to Holbrook, relates to a method and apparatus for the detection of cellular-phone fraud. To prevent fraud, a central processing facility allows communication service between a cellular phone and a recipient only upon proper authentication. Authentication is carried out using a request for service message sent by the cellular phone to the central processing facility. The request for service message includes both an identification code specific to the cellular phone and an authentication code which represents a cumulative total of the prior usage of the cellular phone. Based upon the identification code, the authentication code is compared by the central processing facility to a previously stored authentication code for the cellular phone. Communication between the cellular phone and the recipient is allowed only if the transmitted authentication code and the stored authentication code match within established tolerances. Update of the authentication code occurs at the end of communication to reflect the additional usage of the cellular phone. This method, however, may be subject to an ever increasing discrepancy between the cumulative usage authentication code in the cellular phone and the stored authentication code in the central processing facility. Further, it may be possible to intercept the data transmitted in the request for service message, monitor the length of the call, and use that data to fraudulently place a call at a later time.
Another example of an attempt to deter cellular-phone fraud is described in U.S. Pat. No. 5,490,201, issued Feb. 6, 1996 to Moberg et al. This patent relates to a method for updating a database of a home location register (HLR) with only minimal losses of processing capacity in the database of a visitor location register (VLR) in a GSM-type (i.e., Global System for Mobile communication) mobile telephone system. Updating of the HLR database is accomplished by sending a reset-message from the HLR to the VLR which identifies the HLR database to the VLR database. In response, the VLR database determines if any of the cellular phones with which it had radio contact belong to the HLR requesting an update. If such is the case, the VLR compares time point data of the radio contact with the cellular phone and if it was before the time point of the receipt of the reset-message, the VLR will send update data to the HLR. This method, however, relies on an intermediary between the HLR and the cellular phone which may be prone to error. For instance, the method must rely on the accuracy of the VLR database in determining proper ownership of the cellular phones and the proper recordation of time points of the radio contacts and the reset-message. Further, this method of data transmission is similarly subject to interception.
Yet another example, described in U.S. Pat. No. 5,404,404, issued Apr. 4, 1995 to Novorita, relates to a method for updating encryption key information in a communication unit. Updating is carried out when a key management controller transmits a key updating message, including an identification variable and a re-key session number, to a communication resource allocator. The communication resource allocator then transmits the key updating message to the communication unit. Upon receipt, the communication unit compares the identification variable to an internal identification variable. If the identification variables match, the communication unit then compares the received re-key session number to a re-key session number stored in memory. If the re-key session numbers do not match, the communication unit contacts the key-management controller to receive updated encryption key information. This method similarly suffers from the disadvantages of relying on the identification procedure being carried out correctly, as well as from the disadvantages of requiring an initial communication of the message by an intermediary. Also, the updated encryption key information is subject to interception during transmission.
Thus, as can be seen from the above examples, an improved method for dynamically updating cellular phone encryption keys is necessary.