The Global System for Mobile Communications (GSM) is the world's most popular standard for mobile communications systems. The technical features of GSM are defined by a large number of interrelated and mutually dependent specifications published by the ETSI standardization organization. Generally, for communicating with a mobile station (also referred to as a mobile or cellular phone) via a public land mobile network (PLMN) implemented according to the GSM specifications requires a secure identification element called subscriber identity module (SIM), usually in the form of a smart card. The SIM contains subscription data for authenticating and identifying the subscriber of the PLMN, including in particular the International Mobile Security Identity (IMSI) and the authentication key Ki. This network-specific information is generally stored on the SIM by the PLMN operator or the SIM manufacturer during a SIM personalization process prior to providing the subscriber with his SIM. A nonpersonalized SIM is generally not suited for use in a mobile phone, i.e. the use of the services provided by a PLNM with a nonpersonalized SIM is not possible.
According to the GSM standard the IMSI stored on the SIM is a number with up to 15 digits that allows for an internationally unique identification of the subscriber. The first 3 digits of the IMSI number represent the Mobile Country Code (MCC), the next 2 or 3 digits represent the Mobile Network Code (MNC), and the remaining digits (up to 10) represent the mobile station identification number (MSIN) assigned by the PLMN operator. The IMSI number allows the operator of the PLMN to identify a subscriber and to provide the subscriber with those services he has subscribed to.
The authentication key Ki is a 128-bit data element for authenticating the SIM contained in a mobile phone with respect to the PLMN. The authentication key Ki is paired with a specific IMSI number during the SIM personalization process. For security reasons the authentication key Ki is only stored on the SIM and on a database of the PLMN called authentication center (AUC).
The GSM authentication procedure, described in the following, is an implementation of a general challenge-response authentication procedure, in which one party, i.e. the PLMN, presents a challenge and another party, i.e. the mobile phone, must provide a valid response to be authenticated. When a mobile phone starts up, it retrieves the IMSI number from its SIM. The user of the mobile phone generally has to enter a PIN before the SIM will grant access to the IMSI number. The mobile phone sends the IMSI number via the air interface and the base station subsystem (BSS) to the mobile switching center (MSC) of a PLMN. The MSC forwards the IMSI to the home location register (HLR) and requests authentication triplets. When the HLR receives the IMSI number and the request for authentication triplets, it first checks its database to make sure the IMSI number is valid and belongs to the network. Once it has accomplished this, it forwards the IMSI number and request for authentication triplets to the AUC. The AUC uses the IMSI to look up the authentication key Ki associated with that IMSI. The AUC will also generate a 128-bit random number called RAND, which together with the authentication key Ki is fed into the A3 encryption algorithm. The output of the A3 encryption algorithm is a 32-bit number called Signed Response (SRES).
The RAND number and the authentication key Ki are moreover fed into the A8 encryption algorithm. The output is a 64-bit number called Kc. The Kc is the ciphering key that is used in the A5 encryption algorithm to encipher and decipher the data that is being transmitted over the air interface between the mobile phone and the PLMN.
The RAND number, the SRES, and the ciphering key Kc form an authentication triplet that is unique to the IMSI number used for creating this triplet. Once the AUC has generated such an authentication triplet, it forwards it to the HLR, which, in turn, sends it to the requesting MSC. The MSC stores the ciphering key Kc and the SRES but forwards the RAND number as the challenge of the GSM challenge-response authentication procedure to the mobile station and requests authentication.
The authentication key Ki is securely stored on the SIM of the mobile phone. The A3 and A8 encryption algorithms also reside on the SIM. The RAND number received from the MSC via the air interface and the authentication key Ki are fed into the A3 and A8 encryption algorithms to generate another signed response SRES* and the ciphering key Kc, respectively. The mobile phone stores the ciphering key Kc on the SIM and sends the generated signed response SRES* as the response of the GSM challenge-response authentication procedure back to the mobile network. The MSC receives the signed response SRES* generated by the mobile phone and compares it with the signed response SRES generated by the AUC. If they match, the SIM of the mobile phone is authenticated.
It is known to manage SIMs or devices equipped with such SIMs over-the-air (OTA) using standardized protocols carried over SMS (short message service) or IP (Internet protocol) communication channels using an already established connection in a mobile communications system. WO 2010/093312, for instance, describes a method for OTA activation and management of a SIM using an ODA (On Demand Activation) application. The method described in WO 2010/093312 is adapted to activate and manage a SIM after it has authenticated itself relative to the PLMN according to the above described GSM challenge-response authentication procedure.
One particular field of application of SIMs which is expected to grow rapidly within the next couple of years is M2M, i.e. the communication between machines over a mobile communications network without human intervention, also called the Internet of things. In M2M data is automatically transmitted between many different types of machines equipped with a SIM, such as TV systems, set top boxes, vending machines, vehicles, electronic books, automatic cameras, sensor devices, and the like. It is foreseeable that at least for some of these devices it will not be possible or at least very difficult to provide the SIM beforehand with a complete subscription data set, for instance an IMSI number. This is because in some M2M applications the SIM can be a surface mounted device, which has to be embedded within the respective machine during the manufacturing process thereof without the possibility of providing the SIM with complete subscription data beforehand. Consequently, once in the field, these machines require the provision of subscription data over-the-air.
US 2009/0217038 discloses a method for a wireless device to obtain the IP address of a data server in a wireless network for downloading subscription data. The wireless device derives the data server address from an authentication challenge value send by the wireless network in response to the wireless device's authentication request. According to the method disclosed in US 2009/217038 any subscription data is downloaded from the data server defined by the address derived from the authentication challenge value or has to be present on the wireless device in the first place, such as the secret authentication key Ki.
The problem addressed by the present invention is to provide for methods and devices that allow providing a mobile phone including a secure identification element, such as a SIM, over-the-air with subscription data that allow even a mobile phone having practically no subscription data in the first place to attach to a PLMN.