WO2001038953A1 - Procede pour proteger l'utilisation soumise a autorisation d'un appareil, module radio et terminal - Google Patents
Procede pour proteger l'utilisation soumise a autorisation d'un appareil, module radio et terminal Download PDFInfo
- Publication number
- WO2001038953A1 WO2001038953A1 PCT/DE2000/004122 DE0004122W WO0138953A1 WO 2001038953 A1 WO2001038953 A1 WO 2001038953A1 DE 0004122 W DE0004122 W DE 0004122W WO 0138953 A1 WO0138953 A1 WO 0138953A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- terminal
- identification
- module
- radio
- radio module
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/126—Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
Definitions
- the invention relates to a method for securing an authorized device use, radio module and terminal device, the operation being made more difficult, in particular, by stolen terminal devices.
- the first security mechanisms are already in place for cell phones, which are intended to make it more difficult to steal a cell phone.
- GSM Global System for Mobil Communications
- IMEI International Mobile Station Equipment Identity
- the IMEI has 15 digits, which corresponds to 60 bits.
- the IMEI includes a six-digit TAC field (TAC: Type Approval Code), a two-digit FAC field (FAC: Final Assembly Code), and a six-digit serial number. The last digit has not yet been filled.
- a GSM radio network maintains a database EIR (EIR: Equipment Identity Register). overall
- the EIR database habitually contains three "lists", namely a white, a gray and a black list.
- the white list includes the areas of IMEIs dedicated to independently approved types of mobile stations. Consequently, an IMEI that is not in an area specified by the white list does not correspond to an approved mobile station type.
- the black list includes the list of IMEIs from mobile stations that need to be blocked, either because they have been stolen or because they are seriously malfunctioning.
- the gray list fulfills a function that lies between the functions of the white and black lists. It includes the IMEIs of faulty mobile stations, the faults of which are not important enough to justify complete blocking.
- the gray list can also be used as a buffer before authorities confirm or impose an entry in a mobile station in the black list.
- 1 shows a first preferred embodiment of the invention, in which, in addition to a module identification IMEI, a device identification GID is transmitted to a radio network
- 2 shows a second preferred embodiment of the invention, in which a device identification GID is transmitted to a radio network instead of a module identification IMEI
- FIG. 3 shows a third preferred embodiment of the invention, in which, based on a module identification IMEI and a device identification GID, a new identification ID is determined, which is then transmitted to a radio network, and
- Fig. 4 shows an embodiment according to the GSM standard.
- FIG. 1 shows a terminal 1 which is connected via an interface 2 to a radio module 3 via an air interface 4 to a radio network 5.
- the terminal is, for example, a notebook, a personal intelligent agent or a terminal for a reservation or logistics system.
- the radio module is preferably a mobile phone.
- the air interface 4 between the radio module 3 and the radio network 5 preferably corresponds to the GSM standard or a successor standard to the GSM standard.
- the radio module and radio network can be connected, for example, via a directional radio link as an air interface, the radio module being installed in a fixed position.
- the interface 2 between the terminal 1 and the radio module 3 can be wired, for example an RS232 or a USB (Universal Serial Bus).
- the interface 2 can be designed wirelessly, ie as an infrared interface or as a DECT interface (DECT: Digital Enhanced Cordless Telecommunications, an ETSI standard).
- the terminals are preferably mobile, but can also be installed permanently.
- a unique device identification GID is assigned by the manufacturer to valuable end devices.
- the manufacturer also assigned a clear identification, namely the IMEI, to the radio module, which is preferably a GSM cell phone.
- the device identification GID is transmitted to the radio network 5 in addition to the module identification IMEI.
- a network operator of the radio network can thus identify both an individual terminal and the radio module via which the terminal is connected to the radio network. This entails a change or extension of the existing GSM standard.
- the radio network receives the device identification GID together with the module identification IMEI, the network operator can not only exclude stolen end devices or stolen mobile telephones, which are used as radio modules, from operation by the radio network. Rather, participants can be identified who operate computers stolen on their (not stolen) mobile phones. This type of subscriber identification takes place in accordance with the GSM standard, but based on the INSI (International Mobile Subscriber Identity, GSM 03.03, 03.20) and not on the basis of the IMEI. Because of this This possibility discourages participants from using stolen devices together with their mobile phones.
- INSI International Mobile Subscriber Identity
- serial numbers When specifying device identifications and module identifications, care should be taken to ensure that they cannot be changed without destroying the end device or radio module. For this purpose, it is advantageous to generate the identification on the basis of serial numbers stored in integrated circuits. To do this, the serial numbers must be stored in unchangeable read-only memories (ROM: Read only Memory). For example, the Pentium III processors from Intel are supplied with such serial numbers.
- ROM Read only Memory
- a radio module is uniquely linked to the terminal during installation.
- This link can be checked in the terminal, with the radio module communicating its module identification IMEI to the terminal in this embodiment.
- the link can be checked in the radio module, the radio module being able to compare the device identification GID received from the terminal with a stored value.
- this link can be communicated to the mobile radio network, so that the radio network checks whether the received module identification IMEI is linked to the device identification GID.
- This unique link should only be changed by the owner. This can be ensured by the owner entering a password or a PIN (Personal Identification Number) either into the terminal or into the radio module.
- the second preferred embodiment of the invention is shown graphically in FIG.
- a terminal 11 is connected via an interface 12 to a radio module 13, which in turn is connected to a radio network 15 via an air interface 14.
- the second preferred embodiment differs from the first preferred embodiment in that the radio module does not transmit its own module identification IMEI to the radio network 15.
- the radio module 13 is preferably formed by a GSM mobile phone, so that the air interface 14 and the radio network also correspond to the GSM standard.
- An IMEI-analog number is assigned to the terminal 11 by the manufacturer as the device identification GID. This means that the device identification also consists of 15 digits, i.e. 60 bits, as well as a six-digit TAC field, a two-digit FAC field, a six-digit serial number and a one-digit reserve field.
- the radio module receives the device identification GID from the terminal and transmits it to the radio network 15 instead of its own module identification IMEI.
- the device identification GID thus replaces the module identification IMEI in the communication between the radio module and the radio network. Therefore, this embodiment allows theft protection without changing or expanding the existing GSM standard.
- the network operator can only exclude undesired, for example stolen, end devices from operation on the basis of the GID. However, he can also identify the subscriber based on the INSI according to the GSM standard, so that the subscriber runs a high risk of discovery when using stolen devices. Since the IMSI is stored on a SIM card (SIM: Subscriber Identity Module) that is inserted into a mobile phone, the network operator cannot determine whether the mobile phone in which a valid SIM card is inserted is excluded from operation shall be.
- the radio module 23 calculates a new identification ID based on a unique device identification GID of a terminal 21 and its own unique module identification IMEI.
- the new identification of ID is then transmitted from the radio module 23 to a radio network 25 via an air interface 24.
- the radio module is preferably formed by a cell phone, cell phones, air interface and radio network conforming to the GSM standard.
- the new identification replaces the module identification IMEI.
- the radio network 25 refuses to set up a communication path between a radio module and the terminal if the new identification ID is not permitted or is not in a permitted range.
- the terminal 21 is uniquely linked to the radio module 23 by calculating the new identification ID.
- the new identification ID is preferably structured similarly to an IMEI.
- it has the same length as an IMEI, i.e. 60 bits. Consequently, the new identification ID can also be transmitted instead of the IMEI transmitted according to the GSM standard.
- This embodiment can therefore also be implemented without changing or expanding the existing GSM standard.
- An advantage of the third embodiment is that the radio network only serves predefined combinations of terminals and radio modules. This means that radio modules and end devices cannot be regrouped at will. A single end device loses value because it is not served by a radio network in connection with other radio modules.
- the function for calculating the new identification ID preferably consists in an addition of device identification GID and module identification IMEI, with a carry over remains considered (addition modulo 2 60 ).
- the device identification GID and the module identification IMEI are linked by an exclusive-OR operation.
- the device identification GID has a length of, for example, 60 bits.
- the link between a terminal and a radio module is preferably password-protected or PIN-protected so that it can only be carried out by the owner.
- the resulting new identification ID is essentially registered with the radio network 25.
- the terminal In order to effectively prevent the operation of a terminal by an unauthorized user, in all of the above embodiments it is possible to provide for the terminal to be forced to log on via the radio module when the terminal is switched on.
- the compulsory login can be carried out every nth (n> 2) switch-on of the terminal.
- the login can be repeated after a predetermined operating time.
- this operating time can be set again and again by a random generator.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
L'invention concerne un terminal relié à un réseau hertzien par un module radio, terminal qui, pour être protégé du vol, transmet l'identification de l'appareil clairement définie au module radio. Selon l'invention, le module radio reçoit du terminal une identification de l'appareil clairement définie et transmet une identification au réseau hertzien, de telle sorte que ce dernier puisse vérifier à l'aide d'une banque de données si l'autorisation d'utilisation peut être ou non donnée au terminal.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE19956851.0 | 1999-11-25 | ||
DE19956851A DE19956851A1 (de) | 1999-11-25 | 1999-11-25 | Verfahren zur Sicherung einer autorisierten Gerätebenutzung, Funkmodul und Endgerät |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2001038953A1 true WO2001038953A1 (fr) | 2001-05-31 |
Family
ID=7930360
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/DE2000/004122 WO2001038953A1 (fr) | 1999-11-25 | 2000-11-22 | Procede pour proteger l'utilisation soumise a autorisation d'un appareil, module radio et terminal |
Country Status (2)
Country | Link |
---|---|
DE (1) | DE19956851A1 (fr) |
WO (1) | WO2001038953A1 (fr) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009047167A1 (fr) * | 2007-10-05 | 2009-04-16 | Robert Bosch Gmbh | Dispositif de sécurisation d'appareils mobiles, et procédé correspondant |
CN105072596A (zh) * | 2015-07-02 | 2015-11-18 | 上海与德通讯技术有限公司 | 移动终端的隐私保护方法 |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2003009621A1 (fr) * | 2001-07-18 | 2003-01-30 | Miata Limited | Protection de dispositifs |
DE10215222A1 (de) * | 2002-04-06 | 2003-10-23 | Harman Becker Automotive Sys | Technisches Gerät mit Positionserfassungsmodul und Verfahren zum Lokalisieren eines solchen Gerätes |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5748084A (en) * | 1996-11-18 | 1998-05-05 | Isikoff; Jeremy M. | Device security system |
DE19717149A1 (de) * | 1997-04-23 | 1998-10-29 | Siemens Ag | Lizenzüberwachung für Call-SW per Telefon |
WO2000045243A1 (fr) * | 1999-01-29 | 2000-08-03 | Telia Ab (Publ) | Systeme de protection contre le vol d'assistants numeriques personnels |
-
1999
- 1999-11-25 DE DE19956851A patent/DE19956851A1/de not_active Withdrawn
-
2000
- 2000-11-22 WO PCT/DE2000/004122 patent/WO2001038953A1/fr active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5748084A (en) * | 1996-11-18 | 1998-05-05 | Isikoff; Jeremy M. | Device security system |
DE19717149A1 (de) * | 1997-04-23 | 1998-10-29 | Siemens Ag | Lizenzüberwachung für Call-SW per Telefon |
WO2000045243A1 (fr) * | 1999-01-29 | 2000-08-03 | Telia Ab (Publ) | Systeme de protection contre le vol d'assistants numeriques personnels |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009047167A1 (fr) * | 2007-10-05 | 2009-04-16 | Robert Bosch Gmbh | Dispositif de sécurisation d'appareils mobiles, et procédé correspondant |
CN105072596A (zh) * | 2015-07-02 | 2015-11-18 | 上海与德通讯技术有限公司 | 移动终端的隐私保护方法 |
Also Published As
Publication number | Publication date |
---|---|
DE19956851A1 (de) | 2001-05-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE69637053T2 (de) | Personalisierung von Teilnehmeridentifikationsmodulen für Mobiltelefone über Funk | |
DE69631653T2 (de) | Überprüfung des zugangrechtes eines teilnehmergerätes | |
DE69736384T2 (de) | Verwaltung von authentifizierungsschlüsseln in einem mobilen kommunikationssystem | |
EP0689368B1 (fr) | Dispositif de transmission de messages dans un réseau de communication mobile | |
DE19680636C1 (de) | Verfahren und Vorrichtung zur Durchführung einer Authentisierung | |
DE69108762T2 (de) | Verfahren zur Durchführung einer Authentifizierung zwischen einer Basisstation und einer mobilen Station. | |
EP0641137A2 (fr) | Méthode et dispositif de restriction d'accès à un système radio mobile | |
EP1602258B1 (fr) | Procede pour mettre a disposition des cartes a inserer dotees d'une marque d'identification, dans un terminal mobile | |
DE69839090T2 (de) | Verfahren um einen service in einem daten-kommunikations-system in anspruch zu nehmen und daten-kommunikations-system | |
DE19718827C2 (de) | Verfahren und Vorrichtung zum Authentisieren von Mobilfunkteilnehmern | |
EP0203424A2 (fr) | Procédé et circuit pour la vérification de l'autorisation d'accès à un système de traitement de signaux | |
AT505078B9 (de) | Verfahren und system zum auslesen von daten aus einem speicher eines fernen geräts durch einen server | |
DE69737526T2 (de) | Gebrauch einer mobilstation als schnurloses telefon | |
WO1998018274A2 (fr) | Procede de connexion, en fonction du lieu, d'un terminal mobile | |
DE19955096A1 (de) | Verfahren zur Authentifikation eines Funk-Kommunikationsnetzes gegenüber einer Mobilstation sowie ein Funk-Kommunikationsnetz und eine Mobilstation | |
DE19729933B4 (de) | Verfahren zur Konfigurierung, insbesondere Freischaltung eines Endgerätes, Endgerät, Dienstleistungszentrale und Datenerfassungsgerät | |
DE19911221B4 (de) | Verfahren zur Verteilung von Schlüsseln an Teilnehmer von Kommunikationsnetzen | |
WO2001038953A1 (fr) | Procede pour proteger l'utilisation soumise a autorisation d'un appareil, module radio et terminal | |
DE10128948A1 (de) | Verfahren zum Freischalten oder Sperren von Funktionen eines Mobilfunkendgeräts | |
DE60320511T2 (de) | Verfahren, Vorrichtung und System zur Behandlung von einem Authentifizierungsfehler von einem zwischen einem GSM-Netz und einem WLAN-Netz umherstreifenden Teilnehmer | |
WO2005071990A1 (fr) | Synchronisation de donnees dans au moins deux cartes d'abonne pour le fonctionnement d'un terminal mobile | |
DE3441724A1 (de) | Verfahren zur missbrauchsverhinderung in fernmeldenetzen, insbesondere mobilfunknetzen | |
EP1001640A1 (fr) | Sécuriser les stations mobiles d'un système de communication radio | |
EP1643782A1 (fr) | Procédé pour fournir des identifications de dispositif dans un dispositif mobile pour reconnaitre ledit dispositif mobile dans un réseau mobile | |
EP0847656B1 (fr) | Systeme de transmission avec des unites sans fil reliees a un reseau de transmission |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): CN HU US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
122 | Ep: pct application non-entry in european phase |