In the past decade, mobile telephony networks have experienced an enormous spread, especially after the introduction of second-generation mobile cellular networks, and particularly digital mobile cellular networks such as those complying with the Global System for Mobile communications (GSM) standard (and its United States and Japanese counterparts).
Mobile telephony networks were initially conceived for enabling voice communications, similarly to the wired, Public Switched Telephone Networks (PSTNs), but between mobile users. The services offered by these networks, especially the digital ones, in addition to plain voice communications have however rapidly increased in number and quality.
In particular, a very popular service offered by GSM networks is the Short Message Service (SMS). This service offers to the users of a GSM network the possibility of exchanging short messages.
An SMS message normally includes a payload field, whose maximum length is relatively small, typically 140 Bytes. The SMS message can be a text message, or a data message. A text SMS message is an SMS message that carries, in the payload field, a string of alphanumeric characters; adopting an eight-bits coding for the alphanumeric characters, a string of 140 characters can be sent in a single message, whereas by coding the alphanumeric characters over 7 bits, text messages of up to 160 characters can be sent. A data SMS message is an SMS message that carries data for, e.g., a software application resident in the intended destination mobile phone, such as the WAP browser or the ringing tone player; network operators use for example data SMS messages to deliver data for specific applications running in the mobile phones of the subscribers.
In very general terms, the SMS operates in the following way: the SMS message is sent, from the mobile station (i.e., the mobile phone) of the user originating the message, to a SMS center, which manages the delivery of the SMS message to the intended destination user. To perform this task, the SMS center works in a “store & forward” way: in case the SMS message received from the origin mobile station cannot be delivered to the intended destination mobile station, for example because the latter is temporarily unavailable, e.g. because switched off or out of coverage, the SMS message is stored at the SMS center, which retries to deliver the SMS message at a later time, typically as soon as the destination mobile station becomes available.
This conventional implementation of the SMS is affected by some problems, relating to security issues, which make the SMS messaging unsuitable for specific applications, such as for example electronic commerce (“e-commerce”) via mobile phones (when for example sensitive data such as credit card numbers need to be provided by the users), or, simply, when there is the need to guarantee an adequate level of privacy of the text messages exchanged between different users.
Under this respect, a point of real weakness in the system is represented by the storage of the messages at the SMS center.
Another weak point resides in the fact that the plain text of the SMS message travels along the telecommunications network, the information traveling in encrypted form only through the wireless path (“airlink”) between the sender/receiver mobile station and the competent Base Transceiver Station (BTS) of the GSM network; thus, unauthorized third parties, using relatively simple equipment such as a digital receiver, may read the message content when this travels in the ground GSM network.
In the art, the problem of messaging security has already been recognized and faced.
For example, in the International application No. WO 00/48416, the problem of how to produce a secure and encrypted message traffic between applications on the SIM (Subscriber Identity Module) of the mobile telephone and service provider applications is recognized, and a method and system making possible to implement secure message communication with a mobile station are disclosed. In particular, a distinct SIM space is set apart for storage of the keys needed for the encryption/decryption and/or signature of messages, and new encryption keys can be loaded into such a SIM space via an “On The Air” (OTA) interface. As stated in that document, the OTA interface makes it considerably easier to set new encryption/decryption keys on the SIM.
As another example, the International application No. WO 99/04583 discloses a method providing a functionality that allows mobile stations of users having certain access rights to display in intelligible form messages (short messages) broadcast on a common channel in a cell. The messages, before being broadcast, are encrypted using a predefined encryption key, and the mobile stations having a corresponding access right are provisioned with the corresponding decryption key. The decryption keys are transmitted to the mobile stations using a point-to-point data transfer protocol; in particular, in order to provision the mobile stations with the decryption key, a remote provisioning procedure is used, involving a remote SIM updating message being transmitted to the mobile station, or using the “data download via SMS-PP” data download procedure. In order to ensure long-term security of the encryption method, the encryption keys used to encrypt the message texts are periodically changed.