The subscriber identity module, such as a SIM card, is subscriber specific, which means that subscriber equipment, i.e., the actual radio devices, are not confined to a specific subscriber. The subscriber identity module, such as a SIM card or a GSM card, is a functional card or a smart card which is placed in the mobile equipment and contains information required to identify a subscriber and to encrypt radio traffic. In this application, a subscriber identity module, such as a SIM card, refers to a functional card that can be removed from a mobile equipment and by means of which a subscriber is able to use a card controlled mobile equipment.
Consequently, the user does not need a mobile equipment of his own, only a subscriber identity module issued to him by the operator of the mobile communication system. Such a subscriber identity module can be, for example, a SIM card (Subscriber Identity Module), which is, in a way, a phone card by means of which the subscriber can make (and receive) calls from any mobile equipment of the system.
As the subscriber identity module, a smart card can be used which has approximately the same dimensions as most credit cards. An alternative implementation of a SIM card in hand-held phones is a plug-in-SIM. A plug-in-SIM is a coin-sized part containing the electronics of a credit card sized SIM card and is placed in a phone so that the user is not able to replace it with ease. The phone may also have an incorporated plug-in-SIM and a card reader. If the card reader contains a card, the phone is identified based on the external card. Otherwise, the phone is identified based on the incorporated plug-in-SIM. In this application, the term subscriber identity module, such as a SIM card, refers to both the plug-in-SIM and the smart card SIM.
On a general level, the function of a SIM card is specified in the GSM recommendation 02.17, Subscriber Identity Modules, ETSI, of the GSM mobile communication system. It defines the terms associated with a SIM card, sets the requirements for the security of a SIM card, sets the functions of the highest level, and defines the tasks for the network operator and the information to be stored in a SIM card. It also specifies the minimum requirements for a SIM card of a user interface of a phone, such as a mobile equipment, concerning, for example, the input and change of a user's Personal Identification Number (PIN).
In addition, the GSM recommendation 11.11, SIM Application Protocol, ETSI, defines more specifically the issues specified by the aforementioned GSM recommendation 02.17 by defining the protocols between a SIM card and a mobile equipment (ME =Mobile Equipment), the contents and length of the data fields of the SIM card, and matters related to mechanical and electrical connections. The GSM recommendation 11.11 is a documentation based on which engineers are expected to be able to provide the software and hardware implementation of a SIM interface.
As far as mobile communication systems are concerned, it is known that the mobile subscriber has an identity by means of which the subscriber equipment can be identified, and which indicates, for example, the manufacturer of the subscriber equipment. Mobile communication networks have a facility by which the equipment identity of the subscriber, in the GSM system, the subscriber MEI, i.e., International Mobile Equipment Identity, is checked by requesting the equipment identity from the user. The equipment identity of the subscriber is checked, for example, when it is to be ensured that the subscriber equipment may be used in the network without it causing interference therein, i.e., that the particular equipment is not stolen or indicated as faulty. The detailed structure of a subscriber equipment identity in connection with the GSM system is described in the GSM standard 03.03, Numbering, Addressing and Identification, version 3.5.0, January 1991, ETSI. The subscriber equipment identity can typically be requested from the subscriber for example whenever the subscriber equipment has established a connection with the mobile telephone exchange. One manner of requesting the subscriber equipment identity of the subscriber is described in the GSM standard 09.02, Mobile Application Part Specification version 3.8.0, January 1991, ETSI, item 5.9.1, FIG. 5.9.1. GSM standard 09.02, item 5.9.1 also describes how the subscriber equipment identity is then transmitted to the equipment identity register (EIR) that checks whether the subscriber equipment concerned has the right to use the services of the mobile communication system, i.e., the register checks the access right of the subscriber equipment. The connection from the EIR to the mobile telephone exchange via an F interface is described in item 5.1 of GSM standard 09.02, especially in FIG. 5. 1.1.
The EIR or some other part of the mobile telephone network has lists according to, for example, the GSM standard 02.16 (International MS Equipment Identities version 3.0.1, 1992, ETSI). The lists contain subscriber equipment identities or series of subscriber equipment identities and have list identifiers. The standard uses colors that naturally signify, for example, numerical identifiers, as list identifiers. White or a white identifier is the list identifier of the list consisting of all numerical series containing the equipment identities that have been allocated by the operators using the same mobile telephone system, i.e., in this case, the GSM system, to the subscriber equipments that can be used in the networks concerned. These numerical series are set forth by only indicating the first and last numbers of the series, i.e. not by listing the identities of individual subscriber equipments. A list marked with black or a black list identifier contains the identities of all the subscriber equipments that must be denied access to the mobile network or to the mobile equipment, for example, because the subscriber equipment concerned is faulty and might cause interference in the mobile system itself or because the equipment has been stolen.
When the use of a subscriber equipment is to be prevented in the mobile network or when, for example, a disabling signal is to be transmitted to a subscriber equipment, the access right of the subscriber equipment must be checked, for example, in the above-described manner. A typical situation requiring prevention of use of a subscriber equipment or disabling of the equipment occurs when the subscriber or terminal equipment has been stolen and its use is to be prevented. In such a case, a disabling message must be transmitted to the unauthorized subscriber equipment or the equipment must be rendered inoperative in some other manner.
As described above, it is known in the GSM mobile system that the mobile network checks the access right of a subscriber equipment by randomly requesting the identity data of the subscriber equipment from the equipment and by examining from its own equipment identity register (EIR) by means of the data whether the use of the subscriber equipment concerned is allowed in the network. However, the equipment identity of a subscriber equipment is not necessarily requested, nor is the aforementioned checking performed in connection with each registration. Therefore, there may be long periods during which the access right of the subscriber equipment is not checked. On the other hand, it is possible in the GSM system to request the identity of the subscriber equipment, and thus, to check the access right of the equipment randomly, at random intervals.
If the checks are random, the checks load the radio path, the equipments on the path, and the data links between the exchange concerned and the equipment database, even though there were no reason to suspect that the equipment of the subscriber is on the black list of the EIR.
Random checkings do not prevent the use of a stolen equipment, if is no checking. This problem can be fixed by performing checks more often, but this in turn loads the connections and equipments even more.
Another alternative for checking the access right of-a subscriber equipment is to perform the checking by means of the subscriber equipment identity in the EIR in connection with each registration.
Such transmission of the equipment data and the checking of the data in the EIR performed in connection with each registration loads the equipment and the system considerably, as this takes up a lot of system internal data transmission capacity, and a lot of processing capacity in the equipment identity register itself.