1. Field of the Invention
Aspects of the present invention relate to protection against an unauthorized terminal use and, in particular, a method and system for protecting against the unauthorized use of a mobile terminal operating with a subscriber identity module (SIM) card.
2. Discussion of the Background
Typically, asynchronous communication systems including Global System for Mobile Communication (GSM) as a second generation (2G) system, Universal Mobile Telecommunications System (UMTS) as a third generation (3G) system, and General Packet Radio Services (GPRS) as an intermediate generation between the 2G GSM and the 3G UMTS technologies use a subscriber identity module (SIM) or Universal SIM (USIM) in the form of a chip.
The SIM or USIM chip is provided in the form of a card (hereinafter called a SIM card) that stores information for identifying a subscriber such that, when a mobile terminal equipped with the SIM card attempts to access a service provided by a communication system network, the network identifies the subscriber with the information provided by the SIM card.
The subscriber identity information stored in the SIM card includes a unique International Mobile Subscriber Identity (IMSI), and a Temporary Mobile Subscriber Identity (TMSI) and a Packet-Temporary Mobile Subscriber Identity (P-TMSI) allocated by the network.
Unlike the unique IMSI, the TMSI and P-TMSI are allocated by the network and used for subsequently requesting registration with the network once the subscriber is identified to the network by the IMSI instead of by continued use of the IMSI. That is, the IMSI is used in the initial network registration, and the TMSI and P-TMSI are used for receiving Circuit Switched and Packet Switched service respectively after completing the initial network registration.
The TMSI or P-TMSI is allocated to the subscriber from the network which authenticated the subscriber. Accordingly, once the TMSI or P-TMSI is allocated and stored in the SIM card through a normal registration process, the mobile terminal equipped with the SIM card can access the service provided by the network using the TMSI or P-TMSI. That is, the IMSI is used in the authentication process of the initial registration, and the TMSI or P-TMSI is used for accessing the service without additional subscriber identification verification after the initial registration.
However, the SIM card that stores the TMSI or P-TMSI allocated through the normal registration process may be modified, e.g., hacked or tampered, for unauthorized (e.g., illegal) use.
In the case of a specific carrier-dedicated mobile terminal that allows access only to the carrier's network, the mobile terminal checks the network code of the IMSI and, when the network code of the IMSI stored in the SIM card is not identical to the carrier's network code, restricts the access to the network. The network code can be a carrier code such as a Mobile Network Code (MNC) constituting a portion of the IMSI. Also, the Public Land Mobile Network (PLMN) code can be used. That is, the mobile terminal identifies the PLMN code constituting a portion of the IMSI stored in the SIM card and the PLMN code received from the network and, when the PLMN codes are identical to each other, continues its normal power-on procedure. Otherwise, the mobile terminal restricts access to the network.
Normally, the specific carrier-dedicated mobile terminal only allows unrestricted access to the network when the network code of the IMSI stored in the SIM card is identical to the carrier's network code. However, when the network identity code of the IMSI stored in the SIM card has been tampered with (unauthorized modification), the mobile terminal attached to the SIM card storing the tampered IMSI can be used without authorization (e.g., illegally) on the dedicated carrier's network, normally without restriction.