1. Field of the Invention
The present invention generally relates to a method and apparatus for preventing unauthorized use of a mobile terminal. In particular, the present invention relates to a method and apparatus for preventing unauthorized use of its equipment number of a mobile terminal through user authentication.
2. Description of the Related Art
Mobile communications through mobile terminals have significantly affected our society in several different ways. Over the past few years, the number of mobile phone subscribers has increased exponentially and mobile terminals are now a necessity in every day life of ordinary people.
In a cellular mobile communication system being a major one of current mobile communication systems, a system operator provides voice and data service to mobile subscribers by installing Base Stations (BSs, i.e., cells) with certain coverage areas. A mobile terminal needs storage for storing data and codes. Major storage devices are Electrically Erasable Programmable Read Only Memory (EEPROM), flash Erasable Programmable Read Only Memory (EPROM), and Random Access Memory (RAM). Typically, storage of the mobile terminal stores a unique number allocated to the mobile terminal. The unique number is an Equipment Serial Number (ESN) in a synchronous cellular mobile communication system and an International Mobile Equipment Identifier (IMEI) in an asynchronous cellular mobile communication system. Hereinbelow, both ESN and IMEI are called “equipment number” commonly.
As described above, a mobile terminal has its unique equipment number. Every mobile communication provider can track a lost or stolen mobile terminal by its equipment number.
Despite the significance of the equipment number, there were no specified protections of the equipment numbers of mobile terminals in their early stage of development. As unauthorized users can store illegally acquired equipment numbers in lost or stolen mobile terminals, it is difficult to track the lost or stolen mobile terminals. As a result, the lost or stolen mobile terminals can be used for illegitimate purposes.
To prevent unauthorized change of equipment numbers, mobile terminal manufacturers encrypt the equipment numbers in hardware to make it impossible for unauthorized users to assign new equipment numbers to mobile terminals. Although it is regulated that an equipment number be written only once in a mobile terminal, the validity of an equipment number is not verified and equipment number-based software execution codes within a mobile terminal is not protected. Thus, a mobile terminal is vulnerable to an unauthorized use through hacking of the software execution codes.
With reference to FIG. 1, a conventional user authentication process for a mobile terminal will be described. The mobile terminal decrypts encrypted authentication information (e.g. an equipment number) during software execution in step 101 and compares current authentication information (i.e., authentication information decrypted and stored during system initialization) with the decrypted authentication information in step 102. When the current authentication information is identical to the decrypted authentication information in step 103, the mobile terminal executes an authentication information-based software execution code in step 104. When the current authentication information is different from the decrypted authentication information, the mobile terminal is locked by disabling the execution of the software execution code, thereby prohibiting an unauthorized user from using the mobile terminal in step 105.
When the malicious user nullifies step 103 by unlawfully modifying software of the mobile terminal to proceed the authentication procedure from step 102 directly to step 104, efforts to encrypt authentication information are useless.
Accordingly, authentication information-based software as well as a storage having authentication information for mobile terminal authentication should be protected against unauthorized use of a mobile terminal.
However, the conventional authentication technology illustrated in FIG. 1 simply encrypts the equipment number of a mobile terminal such as an IMEI or an ESN, without protecting software execution codes associated with encryption and change of authentication information required for mobile terminal authentication. Therefore, nullification of a software execution code that compares encryption keys by hacking leads to unauthorized use of the mobile terminal.