ES2351907B1 - SECURE MOBILE PHONE COMMUNICATIONS SYSTEM. - Google Patents

Abstract

Secure mobile telephony communications system. # Communication system between mobile telephony terminals, comprising: a mobile telephony terminal sender, and a mobile telephony terminal receiver, with a user interface for displaying mobile telephony messages, in the that the mobile telephone terminal emits a message consisting of a body of the message and a header with metadata comprising at least one metadata field, characterized in that the sending terminal or the receiving terminal proceeds to alter the content or the body of the message or that of at least one field of the header, before being shown in the mentioned interface.

Description

Secure mobile phone communications system.

The present invention refers to a mobile telephone communications system.

In particular, the present invention refers to a communications system especially aimed at maintaining privacy in telephone messaging communications, although the present invention is not necessarily limited to said application.

Security, and you will go in particular, the privacy of communications, is one of the problems that communications present through mobile telephone networks through mobile messaging protocols. Indeed, in the communications by mobile messaging, the following events occur:

-

The terminal (usually a mobile phone) receives the message without user control.

-

The terminal issues a message message received, which is reflected in the user interface (screen) of the mobile terminal.

-

The terminal physically stores the message received on its memory device.

As a consequence, any third party that accesses the user's terminal will know if there are new messages and will be able to access the messages stored in the memory device, among which are new messages not yet read by the user.

In fact, several studies conclude that most of the couple's disabilities are discovered through mobile phones.

The present invention discloses new technical means that allow to maintain the privacy of mobile phone messages.

In the field of IP communications, the alteration of the header data of the email messages by intermediate servers between the sender and the receiver is known. These alterations are intended to record the message path or to hide the identity of the sender.

Also in this field of email communication it is known how to present the content of a message depending on the type of content and its danger (possible existence of viruses), but without altering the value of the message content.

EP 1788771A discloses a system and method for the management of electronic messages. The sending devices encrypt the messages and are received by a server. The server applies a series of security procedures that determine whether or not the message received is sent to the end user.

WO 2007/107554 discloses a method for controlling users through a communication system that includes a server and a communication device (for example, a mobile) that communicates through a communication network. In this case, the server meets the objective of maintaining a database that includes data for the control of the communication device, which allows to verify the secret personal codes and identity of a user, based on the message received and the control data .

EP 1921792 discloses a communication system that allows data communication between a first and a second terminal device based on a key shared between these terminal devices. This system is characterized in that said first terminal device informs by means of an initiator ("trigger") of the start of the data communication to the other terminal, through a communication channel and by means of a communication method. In response to the transmission and reception of the data communication initiator, a communication channel is formed using a second communication method between the device and a relay server that forwards the encrypted key, performs the communication channel change of the first channel of communication to the second communication channel that uses a second communication means between the second device and a second relay server that forwards the encrypted key, makes the change from the communication channel to the communication channel of the second method and through the channel it is shared said encrypted key between the terminal devices.

A problem not satisfactorily solved in the field of secure messaging in mobile telephony is the fact that it prevents a third party from knowing the existence of protected messages in a variable architecture.

The present invention aims to make known a system (combination of technical means with their interrelationships between them) that allows to preserve privacy without using encryptions or storing messages in the terminal (although it does not exclude such possibilities), and which prevents a third party from even knowing the existence of a private communication.

In addition, the present invention discloses a system that has the advantage of being able to be implemented on different types of mobile architecture, allowing both direct connection between mobiles and otherwise.

Additionally, the invention discloses a system with added advantages that allow, for example, to avoid telephone spam at the receiving mobile terminal level.

The telephony messages referred to in the present invention are basically composed of two parts, a header and a message body. The body of the message (“Pay load”) contains the data of the message while the header contains “metadata”, that is, not the data of the message itself but messages that refer to them. Thus, typically, the header contains:

-

an identifier field "Id", with, for example, a unique nucleus that distinguishes each message uniquely

-

a “Sent” field that describes the temporary detection (for example, key, time) in which the message was sent

-

a “Sent by” field containing the alias or phone number of the sending user

-

an "App Version" field that describes the application error through which the message is sent

-

a "Body size" field that contains the number of bytes occupied by the message body

-

a “Type” field that describes the type of message (for example, text, sheet, video, microcode)

-

an empty field (reserved for future use).

However, the specific fields that make up the header may be variable for the purposes of the present invention.

In particular, the present invention consists of a communication system between mobile telephone terminals, comprising:

-

a sending mobile telephone terminal, and

-

a mobile phone terminal receiver, with a user interface to display mobile phone messages,

in which the mobile telephone terminal emits a message consisting of a body of the message and a header with metadata comprising at least one metadata field,

characterized in that the sending terminal or the receiving terminal proceeds to alter the content of either the body of the message or that of at least one field of the header, before being shown in said interface.

In the present invention, by "alteration of the content", it should be understood as alteration of the value of the data or of the content, not including operations that do not affect said value such as a change of order, change of format or an encryption or its format of representation.

The alteration may be made at the sending mobile telephone terminal, at the receiving mobile telephone terminal, although you will advantageously go to the receiving terminal.

Preferably, the alteration will comprise an alteration in at least one field of the header and / or the body of the message. The alteration will include the alteration of an identifier field of the sender belonging to the message header.

Even more preferably, the aforementioned alteration will be carried out by a fi lter. Advantageously, the fi lter may alter the message or not depending on the sender, and / or the receiver.

The present invention is based on the paradoxical fact of altering an essential part of the message. However, in a secure telephony context, this has numerous advantages. For example, the message can be deleted by the server

or by the receiver, which apparently never reaches a recipient. Or the identifier of the sender can be altered and the content replaced by a standard content, which preserves security. The receiving user, however, knows the existence of a message, the content of which may be requested later by another means. In this case, the message can also be deleted and the receiving terminal can proceed to send an SMS. In general, the present invention also provides that the receiving terminal has modules for operating on the resources of the communications receiver device, said sub-modules comprising an interface sub-module for graphically drawing the message on the screen, and a non-volatile memory control sub-module

of the communications receiving device, such that the private message is not stored in an accessible way in the non-volatile memory of the communications receiving device.

In a preferred embodiment, the memory control module deletes the information relating to the private part once the interface sub-module has represented it graphically on the screen.

According to a further and preferred aspect of the present invention, said alteration comprises the inclusion in the message of an order for the receiving mobile device. Advantageously for the security of communications, said order will be an order to delete the message, which may be included in the body of the message or in a field of the message header.

According to another preferred aspect of the present invention, the mobile receiving device has means for discerning the parts in the message body and processing means for treating said parts according to different privacy policies.

According to another preferred aspect of the present invention, the sending device issues an order to delete a message sent for the modules of the receiving device to erase it.

According to another aspect, the present invention also consists of a communication procedure between mobile telephone terminals, characterized in that it comprises a step of altering the content of the body or at least one metadata field of the message header by the sending mobile device or of the receiving mobile device, this alteration step occurring before the message is displayed on the interface of the receiving mobile device.

Particular embodiments of the process according to the present invention comprise the procedures performed by the elements of the system object of the present invention in the different embodiments and preferred aspects thereof.

For better understanding, some drawings of preferred embodiments of the present invention are attached by way of explanatory but not limiting example.

Figure 1 schematically shows an example of filter architecture of a possible embodiment of a system according to the present invention.

Figure 2 shows a first embodiment of a system according to the present invention.

Figure 3 schematically shows modules for processing an altered message according to the present invention in a mobile receiver terminal.

In Figure 1 a communication system according to the present invention is shown in which there is a direct communication between secure mobile with secret messages.

The system comprises a sending mobile telephone device (1) and receiving mobile telephone device (2). Both devices (1), (2) have a communications model (11), (21) that keeps the device's IP updated according to a dynamic DNS over a planned subdomain.

The communications module (11) of the sender (1) makes a DNS request (41) through a Peer) discovery

(4) and get the last IP address of the receiver (2) (Dynamic IP Update -43-, Peer IP -42-).

The sending device (1) tries to connect by sending a ping packet. If the receiving device (2) is not online, the SAF (13) of the sending device (1) is responsible for storing and retrying the shipment. The receiving mobile (2) may have the sender blocked, in which case it responds with a blocked ping response. If it is not blocked, it will respond with an accepted ping. In this case, the sender (1) issues a con fi guration requirement to the receiver (1), and subsequently stores said con fi guration in a cache (12) to improve efficiency.

The type of message referred to in the present invention is composed of a header and a message body. As an example, its structure could be as follows:

Usually, the user of the mobile device (1), (2) only provides the body of the message, the rest of the data provided by a message composing module (14), (24).

In accordance with the present invention, the system has a fi lter or fi lters (15), (25) that alter the value of the content of at least one field of the header or body of the message before the message is displayed on the interface of the mobile receiver (2).

In the example in Figure 1, the sending mobile (1) has a fi lter (15) that alters the content of the issued message. Depending on the application or the circumstances, the message may be sent altered, without further ado, or two shipments may occur (101), (102). For example, the first (101) contains the altered message. The second (102) occurs only later, at the request of the receiver (2) and contains the unaltered information (for example, it may include deleted part).

The fi lter (25) may also be located in the receiver (2). In this case, the filter alters the message, creating an altered message (104) which is the one that communicates through the interface. For example, the entire message can be deleted (to avoid spam), the sender's identification can be deleted or modified, or the message body can be deleted or replaced. To preserve the information, the information (103) that has been discarded can be automatically sent by the sender (2) to a server (5), who responds, for example, with an SMS (105) to the receiver (2) as a warning. Or the information is stored in the transmitter (2) but not accessible from the standard interface of the same (that is, it is not saved as a message).

In this way, the invention has several utilities, the alteration of the messages can be used to send secure messages, to avoid telephone spam or to hide the identity.

Figure 2 shows a diagram of the operation of the fi lters (15), (25) of the sender (1) and the receiver (2), for the alteration of a message (110). The fi lter has recognition means (151) of the header and body of the message. It also has means to alter the header and / or body of the message. The fi lter acts according to rules or preferences. There are two types of preferences, general preferences (152), which apply to all messages (110) and premises (153) that depend on the identity of the user who receives (2) or sends (1) the message.

In turn, each of these alterations can refer to the content (1521), (1522), (1531), (1532) or the header (1523), (1524), (1533), (1534), and either general type (1521), (1531), (1523), (1533) or content dependent (1522), (1532), (1524), (1534). This creates a message (111) that is altered and passes the filter (25) of the receiver, which also has global preferences (252), (253), which can generate a series of alterations and transformations (2521) , (2522), (2523), (2524), (2531), (2532), (2533), (2534) of a similar nature to those effective for fi lter (15) of the issuer. The fi lter also has a composer (254) to generate the message (112) that will be shown, for example, on the screen of the receiving mobile.

As noted, the present invention also provides that the system operates on the resources of the receiving mobile telephone device (2) to ensure the security of communications.

Figure 3 shows an example of receiver architecture (2) aimed at preserving the security of the private part of the message.

The messages are processed by different modules (301), (302), (303) of an application (35) The modules will be interchangeable in nature (plug-in) to meet the different nature and type of the messages. A text message like this properly processed by the corresponding plug-in (301) that will draw the text on screen (341). Similarly, it will be done if the message has a different nature (for example, image and / or video). A microcode module (302) will contain a series of instructions that will allow operating on the resources of the communications receiving device (2) (non-volatile memory (33), interface screen (341), interface keyboard (342), etc. ), which together will allow them to operate on them. This will allow you to draw the screen, request data from the user, modify message fields, delete it, create it, request or send additional information to the server, among others. In particular, sub-modules may make determinations on the management of memory devices (33) to prevent the storage of private parts of messages, unless explicitly ordered by the user against them. In this way, it is avoided that a third party (3), accessing the mobile phone, can know that there are stored private messages to which it cannot access.

These modules and submodules can belong to an application dedicated by the receiving device or to a combination of a dedicated application with pre-existing standard modules in the mobile.

According to one aspect of the present invention, an order by the receiving mobile device may be included in the message. This order will be executed by the dedicated application modules mentioned above. Typically to improve security, it can refer to a message deletion order. For example, a deletion order on a certain date, or after an event occurs, for example, its reading.

Said order can be included in any part of the message, you will advantageously be included in a field of the message header, for example, in the "Reserved" field.

According to another aspect of the present invention, the aforementioned dedicated application may have means to discern two parts in the message body and processing means to treat said parts according to different privacy policies. This allows part of the message of free access and restricted access to be included in the message body. Thus, the free access part can be treated as a standard type message, while the restricted access part is treated according to communications security policies other than those applied to standard messages (deletion of the restricted access part, addition of identification requirements for access, etc.).

Finally, the existence of a dedicated application on the receiving device allows the issuer to issue an independent order to delete a message that has previously been issued by the sending device and stored by the receiving device, which obviously results in Communications security.

While the invention has been described with respect to examples of preferred embodiments, these should not be considered as limiting the invention, which will be defined by the broad interpretation of the following claims.

Claims (30)

1. Communication system between mobile telephony terminals, comprising:

-

a sending mobile telephone terminal, and

-

a mobile phone terminal receiver, with a user interface to display mobile phone messages,

in which the mobile telephone terminal emits a message consisting of a body of the message and a header with metadata comprising at least one metadata field, characterized in that the terminating sender or the receiving terminal proceeds to alter the content or the body of the message or that of at least one field of the header, before being shown in the mentioned interface.

2.

System according to claim 1, characterized in that the alteration is carried out by the receiving mobile terminal.

3.

System according to claim 1 or 2, characterized in that the alteration is carried out by the sending mobile device.

Four.

System according to any one of claims 1 to 3, characterized in that the alteration comprises an alteration of an identifier field of the sender belonging to the message header.

5.

System according to any of claims 1 to 4, characterized in that the alteration comprises an alteration of the message body.

6.

System according to any of claims 1 to 5, characterized in that the alteration is carried out by a filter.

7. System, according to claim 6, decision to alter or not the message, depending on the sender and / or the receiver.

8.

System according to any of claims 1 to 7, characterized in that the mobile receiving device has modules for operating on the resources of the communications receiving device, said modules comprising an interface module for graphically drawing the message on the screen, and a control module of the non-volatile memory of the communications receiving device, such that the private message is not stored in an accessible way in the non-volatile memory of the communications receiving device.

9.

System according to any one of claims 1-8, characterized in that the memory control module deletes at least a part of the message body once the interface sub-module has represented it graphically on the screen.

10.

System according to any one of claims 1 to 9, characterized in that the alteration comprises the inclusion in the message of an order for the receiving mobile device.

11. System according to claim 10, characterized in that said order is an order to delete the message.

12.

System according to claim 10 or 11, characterized in that said order is included in a field of the message header.

13.

System according to claim 10 or 11, characterized in that said order is included in the body of the message.

14.

System according to any one of claims 1 to 13, characterized in that the receiving device has means for discerning two parts in the message body and processing means for treating said parts according to different privacy policies.

fifteen.

System, according to any of claims 8 to 14, characterized in that the sending device has means for sending a separate order for the modules belonging to the receiving device to delete a message previously sent by the sending device.

16.

Communication procedure between mobile telephone terminals, characterized in that it comprises a step of altering the content of the body or at least one metadata field of the message header by the sending mobile device or the receiving mobile device, this alteration step occurring before the message is displayed on the interface of the receiving mobile device.

17.

Method according to claim 15, characterized in that the alteration is carried out by the receiving mobile terminal.

18.

Method according to any of claims 16 or 17, characterized in that the alteration is carried out by the mobile sending device.

19.

Method, according to any of claims 16 to 18, characterized in that the alteration comprises an alteration of an identifier field of the sender belonging to the message header.

twenty.

Method according to any one of claims 15 to 19, characterized in that the alteration comprises an alteration of the message body.

twenty-one.

Method according to any of claims 16 to 20, characterized in that the alteration is carried out by a filter.

22

Method according to claim 21, characterized in that the alteration occurs or not, depending on the identity of the sender and / or the receiver.

2. 3.

Method according to any one of claims 16 to 22, characterized in that the receiving mobile device does not proceed to the storage of the message.

24.

Method according to any one of claims 16 to 23, characterized in that the memory control module deletes at least a part of the message body once the interface sub-module has represented it on the screen.

25.

Method according to any one of claims 16 to 24, characterized in that the alteration comprises the inclusion in the message of an order for the receiving mobile device.

26.

Method according to claim 25, characterized in that said order is an order to delete the message.

27.

Method, according to any of claims 25 to 26, characterized in that said order is included in a field of the message header.

28.

Method according to any of claims 25 to 26, characterized in that said order is included in the body of the message.

29.

Method according to any one of claims 16 to 28, characterized in that it comprises an emission phase by the mobile device issuing a deletion order to the mobile device receiving a message previously sent by the sending mobile device.

8 9 10 11 SPANISH PATENTS AND BRANDS OFFICE Application no .: 200930363 SPAIN Date of submission of the application: 06.26.2009

REPORT ON THE STATE OF THE TECHNIQUE

Priority Date: 00-00-0000 00-00-0000 00-00-0000

51 Int. Cl.:

H04W 12/04 (2009.01)

H04W 4/12 (2009.01)

 RELEVANT DOCUMENTS  

Category

56 Documents cited Claims Affected

X

EP 1772997 A2 (LG ELECTRONICS INC) 11.04.2007, the whole document. 1-14,

16-28

Y

15.29

Y

US 2005124360 A1 (SAMSUNG ELECTRONICS CO., LTD) 09.06.2005, the whole document. 15.29

X

US 2006259543 A1 (TINDALL et al.) 16.11.2006, the whole document. 1-7,16-22

X

US 2009 042588 A1 (FRANCE TELECOM) 12.02.2009, the whole document. 1,10-14,

16.25-28

AND

WO 2010026540 A1 (NOKIA CORP; BHEEMANNA SUDHA) 11.03.2010, 1-14,

whole document.

16-28

Category of the documents cited X: of particular relevance Y: of particular relevance combined with other / s of the same category A: reflects the state of the art O: refers to unwritten disclosure P: published between the priority date and the date of priority submission of the application E: previous document, but published after the date of submission of the application

This report has been prepared • for all claims • for claims no:

Date of realization of the report 30.09.2010

Examiner M. Rivas Sáiz Page 1/5

Application number: 200930363 REPORT ON THE STATE OF THE TECHNIQUE Minimum documentation sought (classification system followed by classification symbols) H04W Electronic databases consulted during the search (name of the database and, if possible, search terms used) INVENES, EPODOC, WPI, INSPEC  WRITTEN OPINION Application number: 200930363 Date of Written Opinion: 30.09.2010

Statement

Novelty (Art. 6.1 LP 11/1986)

Claims 9, 11-15, 24, 26-29 Claims 1-8, 10, 16-23, 25 IF NOT

Inventive activity

Claims _____________________________________ YES

(Art. 8.1 LP11 / 1986)

Claims 9, 11-15, 24, 26-29 NO

The application is considered to comply with the industrial application requirement. This requirement was evaluated during the formal and technical examination phase of the application (Article 31.2 Law 11/1986).  Opinion Base.- This opinion has been made on the basis of the patent application as published.  WRITTEN OPINION Application number: 200930363 1. Documents considered.- The documents belonging to the state of the art taken into consideration for the realization of this opinion are listed below.

Document

Publication or Identification Number publication date

D01

EP 1772997 A2 04/11/2007

D02

US 2005124360 A1 06.09.2005

2. Statement motivated according to articles 29.6 and 29.7 of the Regulations for the execution of Law 11/1986, of March 20, on Patents on novelty and inventive activity; quotes and explanations in support of this statement Document D01 is considered the closest state of the art document to the requested invention. D01 describes a method and apparatus for transmitting and receiving messages in a secure manner. In relation to claim 1, document D01 describes a communication system between mobile telephony terminals (fig 1), comprising: -a sender mobile telephony terminal, -a receiver mobile telephony terminal (fig. 5). The user interface for displaying mobile telephony messages is implicit in D01 The message consists of a body and a header with metadata (figure 3) characterized in that the receiving terminal or sender proceeds to alter the content or the body of the message or of at least one header field, before being shown to the user (paragraph 0008 and paragraph 0033). In view of the above, it is concluded that claim 1 is not new (Article 6 LP.). In relation to claims 2 and 3, in D01 the alteration of the message is carried out by the receiver or the sender and therefore, claims 2 and 3 are also not new (Article 6 LP.). In D01 the alternation can be performed in the message header (paragraph 0008, hiding the sender) or in the body (paragraph 0033, deleting the message). Therefore, claims 4 and 5 also do not meet the requirement of novelty (Article 6 LP.). As indicated in paragraphs 0032 and 0033 of D01 the alteration is carried out by a filter depending on the emitter. Therefore claims 6 and 7 are not new (Article 6 LP.). Two modules are included in claim 8, one for managing the graphical interface of the terminal and another for storing the message. It has been previously stated that in D01 the terminal's graphical interface is not mentioned and therefore its management module is not mentioned, but they are implicit elements in the terminal described in D01. Regarding message storage, document D01 allows access control for messages, authentication, for messages with sensitive content (paragraph 0036). Therefore, claim 8 is not new (Article 6 LP.). Claim 9 does not imply inventive activity (Article 8 LP.). He proposes to present the message on the screen and then later deletes a part of the body. They are considered to be particular alternatives that do not contribute to the result of the invention. Claim 10 is anticipated in D01 since it allows an order to be included in the message for the receiving device (for example avoiding the retransmission of the message). Therefore, claim 10 is not new (Article 6 LP.). The fact that the order is deleted (claim 11) is not described in D01 but is a mere selection of the type of order that does not contribute to the result of the invention. Claim 11 does not imply inventive activity. Including the order in the body of the message or in the header are different embodiments that do not contribute to the result of the invention, so claims 12 and 13 do not imply inventive activity (Article 8 LP.). In document D01 the message is divided into a header and a body. Different privacy policies are applied in the body and in the header (paragraph 0008). Therefore document D01 incorporates means to discern between two parts of the message and means to apply different privacy policies. However, in D01 the whole body of the message is treated with the same privacy policy. The fact of using the means to discern and to apply different privacy policies in parts of the body of the message as opposed to using it in the header and body is a solution within the reach of the person skilled in the art. Therefore, claim 14 does not imply inventive activity (Article 8 LP.). Report on the State of the Art (Written Opinion) Page 4/5  WRITTEN OPINION Application number: 200930363 Additional sheet In relation to claim 15, it is indicated that the deletion order is sent in a different message. This fact is not described in D01, in D01 the orders are sent on the message itself. This difference has the technical effect of identifying previously sent messages and acting on them. The objective technical problem is how to identify previously sent messages and act on them. This problem is not raised or resolved in D01. Document D02 describes a system for the sender to send a message that deletes a message already received by the receiver. Accordingly, one skilled in the art would combine the characteristics mentioned in D01 with the system described in D02 to obtain the characteristics of claim 15 without the aid of the inventive activity. Accordingly, claim 15 does not imply inventive activity (Article 8 LP.). Claims 16 to 29 correspond to procedural claims. Since the system has been described as a function of functional characteristics for carrying out the procedure, it is concluded by applying the same previous reasoning that claims 16 to 23 and 25 are not new (Article 6 LP.) And claims 24 and 26 to 29, although they meet the requirement of novelty, they do not imply inventive activity (Article 8 LP.). Report on the State of the Art (Written Opinion additional sheet) Page 5/5