This invention is directed to a security system and a method for securing communications between a mobile communications device and one of a plurality of radio telecommunications service providers, and in particular, to a security system and a method for securing communications wherein messages from the one of the plurality of radio telecommunications service providers has a unique identification code associated therewith which is provided to the mobile communications device.
In this age of radio telecommunications, one of the most important radio telecommunications devices is the mobile or cellular phone. At the present time, it is common for cellular phone service providers or system operators to offer significant bargains on the purchase of a cellular phone to encourage customers to sign up or subscribe to their cellular phone service for a fixed period of time. For example, it is not uncommon for cellular phone service providers to offer free cellular phones to prospective subscribers.
It is therefore of significant concern to cellular phone service providers that the cellular phones which they offer as a premium not be programmable for use with a competitor""s cellular phone service until the service period of the contract has elapsed so as to allow the provider to recapture the cost of the phone. If the cellular phones could be easily reprogrammed to recognize and be used with a competitor""s service, those system operators offering no or low cost cellular phones would lose a significant economic investment to service providers who choose not to offer premium pricing on cellular phones. As a consequence, it is presently highly desirable to provide some type of security measure to prevent the reprogramming of cellular phones.
One way in which a cellular phone can be protected against reprogramming is by xe2x80x9chard-codingxe2x80x9d key or core service provider information into the cellular phone such that the phone only recognizes messages from the system operator which provides the phone, also referred to as the home system operator. Hard-coding refers to a parameter whose value is not variable, but is determined at the time a software program is written. Such hard coding would occur at the factory as the manufacture of the mobile phone is completed.
This solution is a rather extreme security measure. Hard-coding core information into a phone presents the same inflexibility to modification to the home system operator""s programmer that it would to a competitor""s programmer. To implement changes in the core information, it would be necessary to rewrite not just individual parameter values, but the software itself. This can result in significant hindrances in updating the core information.
Furthermore, it is now known in the art to provide over-the-air teleservices. An over-the-air teleservice is a service wherein the remote programming of cellular phones is achieved through the use of radio frequency messages.
There are two specific over-the-air teleservices which are coming into widespread use in the industry. The first teleservice is known as an over-the-air activation teleservice (OATS), and the second is known as an over-the-air programming teleservice (OPTS). Through OATS, a system operator can download core information to the mobile phone to configure the phone to be compatible with the system operator""s service. Through OPTS, a system operator can, for example, download information on partner, favored, and forbidden radio telecommunications systems, which information may then be used by the cellular phone in selecting a service from the radio telecommunications systems.
These over-the-air teleservices provide the radio telecommunications system operators with greater flexibility in tailoring cellular phones to meet the needs of their subscribers. It would not be possible to use these, however, if the phones had been hard-coded to prevent overwrites.
According to an aspect of the invention, a method of message management is provided for use with a mobile communications device having a core memory and a protected memory. The mobile communications device is in communication with a radio telecommunications system comprised of an authorized radio telecommunications system operator and an unauthorized radio telecommunications system operator. The authorized and unauthorized radio telecommunications system operators each have a unique identification code which is associated with messages communicated therefrom. The method of message management includes the step of storing the identification code of the authorized radio telecommunications system operator in the core memory. The method further includes the steps of receiving a message with an identification code associated therewith from the radio telecommunications system, and comparing the identification code of the message with the identification code of the authorized radio telecommunications system stored in the core memory if the message is to be stored in the protected memory. The method further includes the step of storing the message in the protected memory only if the identification code of the message matches the identification code of the authorized radio telecommunications system operator stored in the core memory.
Moreover, the method may include the step of transmitting a reject-message signal to the radio telecommunications system if the message is not stored in the protected memory.
Moreover, wherein the mobile communications device has an unprotected memory, the method may include the steps of determining if the message is to be stored in the protected memory or the unprotected memory, and storing the message in the unprotected memory if the message is to be stored in the unprotected memory. The method may also include the step of transmitting an accept-message signal to the radio telecommunications system if the message is stored either in the protected memory or the unprotected memory.
Moreover, the message may be an over-the-air-activation message and the identification code associated with the message may be a system operator code identifying an authorized or an unauthorized radio telecommunications system operator.
Moreover, the message may be an over-the-air-programming message having information regarding the bands of the authorized and unauthorized radio telecommunications service providers and the identification code associated with the message are the values of a predetermined sequence of bands representative of an authorized or an unauthorized radio telecommunications system operator.
In another aspect of the invention, a mobile communications device is provided for use with a radio telecommunications system. The radio telecommunications system includes an authorized radio telecommunications system operator and an unauthorized radio telecommunications system operator. The authorized and unauthorized radio telecommunications system operators each have a unique identification code which is associated with messages communicated therefrom. The mobile communications device includes a receiver to receive messages from a radio telecommunications network. The device also includes a core memory with an identification code stored therein, the identification code associated with an authorized radio telecommunications system operator, a protected memory, and a programmable computational apparatus coupled to the receiver and the core memory. The mobile communications device further has a message management program operating in the programmable computational apparatus, wherein the message management program controls the programmable computational apparatus to compare an identification code of a message received by the receiver with the identification code of the authorized radio telecommunications system operator stored in the core memory if the message is to be stored in the protected memory. The message management program also operates in the programmable computational apparatus to store the message in the protected memory only if the identification code of the message matches the identification code of the authorized radio telecommunications system operator stored in the core memory.
Moreover, the mobile communications device may have an unprotected memory, wherein the message management program controls the programmable computational apparatus to determine if a message is to be stored in the protected memory or the unprotected memory. The message management program also controls the programmable computational apparatus to store the message in the unprotected memory if the programmable computational apparatus determines that the message is to be stored in the unprotected memory. The mobile communications device may also have a transmitter to transmit an accept-message signal to the telecommunications system, wherein the data management program controls the programmable computational apparatus to provide an accept-message signal to the transmitter if the message is stored in either the protected or unprotected memories.
Moreover, the message may be an over-the-air-activation message. The protected memory may contain a site for storing over-the-air activation messages.
Moreover, the message may be an over-the-air-programming message having information regarding the bands of the authorized and unauthorized radio telecommunications service providers. The protected memory may contain a site for storing over-the-air programming messages.