WO2001038953A1 - Procede pour proteger l'utilisation soumise a autorisation d'un appareil, module radio et terminal - Google Patents

Procede pour proteger l'utilisation soumise a autorisation d'un appareil, module radio et terminal Download PDF

Info

Publication number
WO2001038953A1
WO2001038953A1 PCT/DE2000/004122 DE0004122W WO0138953A1 WO 2001038953 A1 WO2001038953 A1 WO 2001038953A1 DE 0004122 W DE0004122 W DE 0004122W WO 0138953 A1 WO0138953 A1 WO 0138953A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
identification
module
radio
radio module
Prior art date
Application number
PCT/DE2000/004122
Other languages
German (de)
English (en)
Inventor
Rainer Volland
Jörg Siewerth
Martin Peter
Original Assignee
Siemens Aktiengesellschaft
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Aktiengesellschaft filed Critical Siemens Aktiengesellschaft
Publication of WO2001038953A1 publication Critical patent/WO2001038953A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/126Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • the invention relates to a method for securing an authorized device use, radio module and terminal device, the operation being made more difficult, in particular, by stolen terminal devices.
  • the first security mechanisms are already in place for cell phones, which are intended to make it more difficult to steal a cell phone.
  • GSM Global System for Mobil Communications
  • IMEI International Mobile Station Equipment Identity
  • the IMEI has 15 digits, which corresponds to 60 bits.
  • the IMEI includes a six-digit TAC field (TAC: Type Approval Code), a two-digit FAC field (FAC: Final Assembly Code), and a six-digit serial number. The last digit has not yet been filled.
  • a GSM radio network maintains a database EIR (EIR: Equipment Identity Register). overall
  • the EIR database habitually contains three "lists", namely a white, a gray and a black list.
  • the white list includes the areas of IMEIs dedicated to independently approved types of mobile stations. Consequently, an IMEI that is not in an area specified by the white list does not correspond to an approved mobile station type.
  • the black list includes the list of IMEIs from mobile stations that need to be blocked, either because they have been stolen or because they are seriously malfunctioning.
  • the gray list fulfills a function that lies between the functions of the white and black lists. It includes the IMEIs of faulty mobile stations, the faults of which are not important enough to justify complete blocking.
  • the gray list can also be used as a buffer before authorities confirm or impose an entry in a mobile station in the black list.
  • 1 shows a first preferred embodiment of the invention, in which, in addition to a module identification IMEI, a device identification GID is transmitted to a radio network
  • 2 shows a second preferred embodiment of the invention, in which a device identification GID is transmitted to a radio network instead of a module identification IMEI
  • FIG. 3 shows a third preferred embodiment of the invention, in which, based on a module identification IMEI and a device identification GID, a new identification ID is determined, which is then transmitted to a radio network, and
  • Fig. 4 shows an embodiment according to the GSM standard.
  • FIG. 1 shows a terminal 1 which is connected via an interface 2 to a radio module 3 via an air interface 4 to a radio network 5.
  • the terminal is, for example, a notebook, a personal intelligent agent or a terminal for a reservation or logistics system.
  • the radio module is preferably a mobile phone.
  • the air interface 4 between the radio module 3 and the radio network 5 preferably corresponds to the GSM standard or a successor standard to the GSM standard.
  • the radio module and radio network can be connected, for example, via a directional radio link as an air interface, the radio module being installed in a fixed position.
  • the interface 2 between the terminal 1 and the radio module 3 can be wired, for example an RS232 or a USB (Universal Serial Bus).
  • the interface 2 can be designed wirelessly, ie as an infrared interface or as a DECT interface (DECT: Digital Enhanced Cordless Telecommunications, an ETSI standard).
  • the terminals are preferably mobile, but can also be installed permanently.
  • a unique device identification GID is assigned by the manufacturer to valuable end devices.
  • the manufacturer also assigned a clear identification, namely the IMEI, to the radio module, which is preferably a GSM cell phone.
  • the device identification GID is transmitted to the radio network 5 in addition to the module identification IMEI.
  • a network operator of the radio network can thus identify both an individual terminal and the radio module via which the terminal is connected to the radio network. This entails a change or extension of the existing GSM standard.
  • the radio network receives the device identification GID together with the module identification IMEI, the network operator can not only exclude stolen end devices or stolen mobile telephones, which are used as radio modules, from operation by the radio network. Rather, participants can be identified who operate computers stolen on their (not stolen) mobile phones. This type of subscriber identification takes place in accordance with the GSM standard, but based on the INSI (International Mobile Subscriber Identity, GSM 03.03, 03.20) and not on the basis of the IMEI. Because of this This possibility discourages participants from using stolen devices together with their mobile phones.
  • INSI International Mobile Subscriber Identity
  • serial numbers When specifying device identifications and module identifications, care should be taken to ensure that they cannot be changed without destroying the end device or radio module. For this purpose, it is advantageous to generate the identification on the basis of serial numbers stored in integrated circuits. To do this, the serial numbers must be stored in unchangeable read-only memories (ROM: Read only Memory). For example, the Pentium III processors from Intel are supplied with such serial numbers.
  • ROM Read only Memory
  • a radio module is uniquely linked to the terminal during installation.
  • This link can be checked in the terminal, with the radio module communicating its module identification IMEI to the terminal in this embodiment.
  • the link can be checked in the radio module, the radio module being able to compare the device identification GID received from the terminal with a stored value.
  • this link can be communicated to the mobile radio network, so that the radio network checks whether the received module identification IMEI is linked to the device identification GID.
  • This unique link should only be changed by the owner. This can be ensured by the owner entering a password or a PIN (Personal Identification Number) either into the terminal or into the radio module.
  • the second preferred embodiment of the invention is shown graphically in FIG.
  • a terminal 11 is connected via an interface 12 to a radio module 13, which in turn is connected to a radio network 15 via an air interface 14.
  • the second preferred embodiment differs from the first preferred embodiment in that the radio module does not transmit its own module identification IMEI to the radio network 15.
  • the radio module 13 is preferably formed by a GSM mobile phone, so that the air interface 14 and the radio network also correspond to the GSM standard.
  • An IMEI-analog number is assigned to the terminal 11 by the manufacturer as the device identification GID. This means that the device identification also consists of 15 digits, i.e. 60 bits, as well as a six-digit TAC field, a two-digit FAC field, a six-digit serial number and a one-digit reserve field.
  • the radio module receives the device identification GID from the terminal and transmits it to the radio network 15 instead of its own module identification IMEI.
  • the device identification GID thus replaces the module identification IMEI in the communication between the radio module and the radio network. Therefore, this embodiment allows theft protection without changing or expanding the existing GSM standard.
  • the network operator can only exclude undesired, for example stolen, end devices from operation on the basis of the GID. However, he can also identify the subscriber based on the INSI according to the GSM standard, so that the subscriber runs a high risk of discovery when using stolen devices. Since the IMSI is stored on a SIM card (SIM: Subscriber Identity Module) that is inserted into a mobile phone, the network operator cannot determine whether the mobile phone in which a valid SIM card is inserted is excluded from operation shall be.
  • the radio module 23 calculates a new identification ID based on a unique device identification GID of a terminal 21 and its own unique module identification IMEI.
  • the new identification of ID is then transmitted from the radio module 23 to a radio network 25 via an air interface 24.
  • the radio module is preferably formed by a cell phone, cell phones, air interface and radio network conforming to the GSM standard.
  • the new identification replaces the module identification IMEI.
  • the radio network 25 refuses to set up a communication path between a radio module and the terminal if the new identification ID is not permitted or is not in a permitted range.
  • the terminal 21 is uniquely linked to the radio module 23 by calculating the new identification ID.
  • the new identification ID is preferably structured similarly to an IMEI.
  • it has the same length as an IMEI, i.e. 60 bits. Consequently, the new identification ID can also be transmitted instead of the IMEI transmitted according to the GSM standard.
  • This embodiment can therefore also be implemented without changing or expanding the existing GSM standard.
  • An advantage of the third embodiment is that the radio network only serves predefined combinations of terminals and radio modules. This means that radio modules and end devices cannot be regrouped at will. A single end device loses value because it is not served by a radio network in connection with other radio modules.
  • the function for calculating the new identification ID preferably consists in an addition of device identification GID and module identification IMEI, with a carry over remains considered (addition modulo 2 60 ).
  • the device identification GID and the module identification IMEI are linked by an exclusive-OR operation.
  • the device identification GID has a length of, for example, 60 bits.
  • the link between a terminal and a radio module is preferably password-protected or PIN-protected so that it can only be carried out by the owner.
  • the resulting new identification ID is essentially registered with the radio network 25.
  • the terminal In order to effectively prevent the operation of a terminal by an unauthorized user, in all of the above embodiments it is possible to provide for the terminal to be forced to log on via the radio module when the terminal is switched on.
  • the compulsory login can be carried out every nth (n> 2) switch-on of the terminal.
  • the login can be repeated after a predetermined operating time.
  • this operating time can be set again and again by a random generator.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un terminal relié à un réseau hertzien par un module radio, terminal qui, pour être protégé du vol, transmet l'identification de l'appareil clairement définie au module radio. Selon l'invention, le module radio reçoit du terminal une identification de l'appareil clairement définie et transmet une identification au réseau hertzien, de telle sorte que ce dernier puisse vérifier à l'aide d'une banque de données si l'autorisation d'utilisation peut être ou non donnée au terminal.
PCT/DE2000/004122 1999-11-25 2000-11-22 Procede pour proteger l'utilisation soumise a autorisation d'un appareil, module radio et terminal WO2001038953A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE19956851.0 1999-11-25
DE19956851A DE19956851A1 (de) 1999-11-25 1999-11-25 Verfahren zur Sicherung einer autorisierten Gerätebenutzung, Funkmodul und Endgerät

Publications (1)

Publication Number Publication Date
WO2001038953A1 true WO2001038953A1 (fr) 2001-05-31

Family

ID=7930360

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/DE2000/004122 WO2001038953A1 (fr) 1999-11-25 2000-11-22 Procede pour proteger l'utilisation soumise a autorisation d'un appareil, module radio et terminal

Country Status (2)

Country Link
DE (1) DE19956851A1 (fr)
WO (1) WO2001038953A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009047167A1 (fr) * 2007-10-05 2009-04-16 Robert Bosch Gmbh Dispositif de sécurisation d'appareils mobiles, et procédé correspondant
CN105072596A (zh) * 2015-07-02 2015-11-18 上海与德通讯技术有限公司 移动终端的隐私保护方法

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003009621A1 (fr) * 2001-07-18 2003-01-30 Miata Limited Protection de dispositifs
DE10215222A1 (de) * 2002-04-06 2003-10-23 Harman Becker Automotive Sys Technisches Gerät mit Positionserfassungsmodul und Verfahren zum Lokalisieren eines solchen Gerätes

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5748084A (en) * 1996-11-18 1998-05-05 Isikoff; Jeremy M. Device security system
DE19717149A1 (de) * 1997-04-23 1998-10-29 Siemens Ag Lizenzüberwachung für Call-SW per Telefon
WO2000045243A1 (fr) * 1999-01-29 2000-08-03 Telia Ab (Publ) Systeme de protection contre le vol d'assistants numeriques personnels

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5748084A (en) * 1996-11-18 1998-05-05 Isikoff; Jeremy M. Device security system
DE19717149A1 (de) * 1997-04-23 1998-10-29 Siemens Ag Lizenzüberwachung für Call-SW per Telefon
WO2000045243A1 (fr) * 1999-01-29 2000-08-03 Telia Ab (Publ) Systeme de protection contre le vol d'assistants numeriques personnels

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009047167A1 (fr) * 2007-10-05 2009-04-16 Robert Bosch Gmbh Dispositif de sécurisation d'appareils mobiles, et procédé correspondant
CN105072596A (zh) * 2015-07-02 2015-11-18 上海与德通讯技术有限公司 移动终端的隐私保护方法

Also Published As

Publication number Publication date
DE19956851A1 (de) 2001-05-31

Similar Documents

Publication Publication Date Title
DE69637053T2 (de) Personalisierung von Teilnehmeridentifikationsmodulen für Mobiltelefone über Funk
DE69631653T2 (de) Überprüfung des zugangrechtes eines teilnehmergerätes
DE69736384T2 (de) Verwaltung von authentifizierungsschlüsseln in einem mobilen kommunikationssystem
EP0689368B1 (fr) Dispositif de transmission de messages dans un réseau de communication mobile
DE19680636C1 (de) Verfahren und Vorrichtung zur Durchführung einer Authentisierung
DE69108762T2 (de) Verfahren zur Durchführung einer Authentifizierung zwischen einer Basisstation und einer mobilen Station.
EP0641137A2 (fr) Méthode et dispositif de restriction d'accès à un système radio mobile
EP1602258B1 (fr) Procede pour mettre a disposition des cartes a inserer dotees d'une marque d'identification, dans un terminal mobile
DE69839090T2 (de) Verfahren um einen service in einem daten-kommunikations-system in anspruch zu nehmen und daten-kommunikations-system
DE19718827C2 (de) Verfahren und Vorrichtung zum Authentisieren von Mobilfunkteilnehmern
EP0203424A2 (fr) Procédé et circuit pour la vérification de l'autorisation d'accès à un système de traitement de signaux
AT505078B9 (de) Verfahren und system zum auslesen von daten aus einem speicher eines fernen geräts durch einen server
DE69737526T2 (de) Gebrauch einer mobilstation als schnurloses telefon
WO1998018274A2 (fr) Procede de connexion, en fonction du lieu, d'un terminal mobile
DE19955096A1 (de) Verfahren zur Authentifikation eines Funk-Kommunikationsnetzes gegenüber einer Mobilstation sowie ein Funk-Kommunikationsnetz und eine Mobilstation
DE19729933B4 (de) Verfahren zur Konfigurierung, insbesondere Freischaltung eines Endgerätes, Endgerät, Dienstleistungszentrale und Datenerfassungsgerät
DE19911221B4 (de) Verfahren zur Verteilung von Schlüsseln an Teilnehmer von Kommunikationsnetzen
WO2001038953A1 (fr) Procede pour proteger l'utilisation soumise a autorisation d'un appareil, module radio et terminal
DE10128948A1 (de) Verfahren zum Freischalten oder Sperren von Funktionen eines Mobilfunkendgeräts
DE60320511T2 (de) Verfahren, Vorrichtung und System zur Behandlung von einem Authentifizierungsfehler von einem zwischen einem GSM-Netz und einem WLAN-Netz umherstreifenden Teilnehmer
WO2005071990A1 (fr) Synchronisation de donnees dans au moins deux cartes d'abonne pour le fonctionnement d'un terminal mobile
DE3441724A1 (de) Verfahren zur missbrauchsverhinderung in fernmeldenetzen, insbesondere mobilfunknetzen
EP1001640A1 (fr) Sécuriser les stations mobiles d'un système de communication radio
EP1643782A1 (fr) Procédé pour fournir des identifications de dispositif dans un dispositif mobile pour reconnaitre ledit dispositif mobile dans un réseau mobile
EP0847656B1 (fr) Systeme de transmission avec des unites sans fil reliees a un reseau de transmission

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): CN HU US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase