The present invention relates to mobile communication, in particular security solutions for mobile terminals using USSD (Unstructured Supplementary Service Data).
For mobile terminals not supporting WAP, e.g. most mobile phones at the moment, there exist the possibility of viewing WAP pages through USSD. In other words, a simulation of a WAP (Wireless Application Protocol) information dialogue can be made by using the USSD capabilities of a Mobile Terminal. The WAP WML (Wireless Markup Language) is browsed in a proxy in the network, and the display of the terminal is made for showing the correct message by sending the equivalent of a xe2x80x9cscreen dumpxe2x80x9d. WML responses are put together by the proxy from the characters entered by the user on the keypad of the Mobile Terminal. This is summarised in FIG. 1 as follows:
1. The WML server sends the content of a WML page to the Proxy
2. The Proxy decomposes the WML page onto USSD (Unstructured Supplementary Service Data) and sends the data to the ME (Mobile Equipment)
3. The ME sends the received data to the display, which presents said data to the user
4. If an answer from the user is requested, then the user can enter it to the keypad, which forwards the answer to the ME
5. The ME sends the input to the proxy
6. The proxy assembles the received input into WML format and delivers it to the WML server
No security feature except for unencrypted passwords is available in this solution. It is not possible to have a secure transaction, i.e. encrypted message exchange in this architecture.
As mentioned above, the only security feature that exists is the unencrypted passwords. This security feature is implemented in the SAT applications, which implement the information browsing.
The problem with USSD based browsing as described above, is that the level of security is too low for higher values. As the password is communicated unencrypted, it can be discovered during the transfer. Another problem is that the system is awkward in use. Each time a secure transaction is to be performed, the WML server prompts the user for a password, which password has to be entered manually. The password has to be remembered by the user, possibly in addition to a number of passwords for other applications.
It is therefore an object of the present invention to provide a method for USSD based browsing, which allows transactions to be performed at a security level hitherto unknown. It is another object of the present invention that said transactions should be easy to perform from the users point of view, and if desired, made fully transparent to the user.
These objects are satisfied in a method as specified in the appended patent claims.