WO2010136061A1 - Mobile authentication method and device - Google Patents

Mobile authentication method and device Download PDF

Info

Publication number
WO2010136061A1
WO2010136061A1 PCT/EP2009/056427 EP2009056427W WO2010136061A1 WO 2010136061 A1 WO2010136061 A1 WO 2010136061A1 EP 2009056427 W EP2009056427 W EP 2009056427W WO 2010136061 A1 WO2010136061 A1 WO 2010136061A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile
base station
reader
mobile device
communication
Prior art date
Application number
PCT/EP2009/056427
Other languages
French (fr)
Other versions
WO2010136061A8 (en
Inventor
Jiri Petr
Original Assignee
Xintersys Ag
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xintersys Ag filed Critical Xintersys Ag
Priority to PCT/EP2009/056427 priority Critical patent/WO2010136061A1/en
Publication of WO2010136061A1 publication Critical patent/WO2010136061A1/en
Publication of WO2010136061A8 publication Critical patent/WO2010136061A8/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity

Definitions

  • the present invention relates to a method and device for authenticating or identifying a mobile communications device or its user.
  • the invention relates to a method and device for authenticating or identifying a mobile communications device or its user by remotely or wirelessly detecting unique identifying information stored in the mobile communications device.
  • Mobile phones Since many people carry mobile phones, and since mobile phones contain unique identification information, it has been proposed to use this unique identification information to authorize transactions or to provide some identification of a person carrying the mobile phone. Mobile phones are able to transmit and receive their unique identification information using standardized wireless protocols, and it has been proposed to use this feature to capture the identifying information from the mobile phone wirelessly.
  • a user identification system was proposed in which a mobile phone was inserted into a dedicated mobile phone reader device which isolates the mobile phone device from the ambient wireless (GSM) environment and substitutes its own emulated version of the GSM environment inside a shielded chamber. Following its normal mode of operation inside the chamber, the mobile phone would then continue to perform its regular communication with this emulated environment, monitoring what appears to it to be a local GSM base station and, in doing so, transmitting its unique identifier information (IMSI - International Mobile Subscriber Identity) periodically to the enclosing reader device. This identification information (IMSI) can then be verified, usually with reference to information stored on a remote server, in order to authenticate the transaction or identify the user.
  • GSM ambient wireless
  • the prior art method of capturing the IMSI from a mobile phone inside the reader relies on the mobile phone being in its "ready” state, in which it periodically signals its presence to the (emulated) local base station. If the mobile phone is in a different state, for example in a "sleep" mode, or in the process of making or receiving a call, then the user is required to take the necessary steps (eg wake the mobile phone, or end the call) and to ensure that the mobile phone is in the required "ready” state, and that it stays in this state for as long as is necessary for the mobile phone to perform at least one of its periodical "ready” state transactions with the emulated local base station.
  • the necessary steps eg wake the mobile phone, or end the call
  • the prior art method will usually involve a significant time delay before the mobile phone communicates its IMSI to the emulated local base station.
  • this delay has been found to be from 45 seconds to as much as five minutes.
  • the length of this delay means that there is an increased likelihood of the mobile phone changing from its "ready" state after it has been placed into the reader device.
  • the invention described in this application seeks to overcome the difficulties of the prior art method by stimulating the mobile device to transmit its identifying information to a reader device simply and quickly, and such that the user can be confident that the transaction will not be jeopardised by a change of state of the mobile phone, and such that the transfer of identification information can happen faster.
  • Figure 1 shows a first example application of the invention in a system of authenticating a transaction via the internet.
  • Figure 2 shows a second example application of the invention in a system of authenticating a transaction via the internet.
  • Figure 3 illustrates in schematic form a block diagram of a mobile device reader architecture according to one embodiment of the invention.
  • Figure 4 illustrates a conventional call set-up transaction sequence between a mobile phone and a GSM network.
  • Figure 5 illustrates the portion of the transaction sequence used in implementing one embodiment of the invention.
  • Figure 6 shows in schematic form the interaction between a reader terminal, a mobile phone and a public GSM network according to an embodiment of the invention.
  • FIG. 7 shows in schematic form a similar arrangement of a reader terminal comprising means for interacting with more than one local GSM base station.
  • a mobile, mobile device, mobile phone or a mobile station should be understood to include any portable wireless communications device containing unique and tamper-proof or decryption-proof identification information.
  • Such similar devices could include portable data assistants, laptop computers, portable gaming consoles, music players, satellite navigation devices or any device containing a SIM (subscriber identity module).
  • SIM subscriber identity module
  • FIG. 1 shows a typical example architecture of a transaction authentication system in which the present invention may be used.
  • a mobile device 1 communicates wirelessly (via a GSM network, for example) with both a mobile reader terminal 2 and with a common network 3 such as the internet.
  • the mobile reader terminal 2 is also referred to in this application as an mAAI (mobile Authentication via Air Interface) terminal.
  • mAAI mobile Authentication via Air Interface
  • system architecture depend on the needs of the mAAI platform provider.
  • architecture of the back end systems depends on the mAAI platform provider's infrastructure and on the use to which the platform will be put.
  • mAAI authentication server 5 may communicate with an mAAI web server 7, an mAAI SMS server 4 or with a web client 8 via the internet 3.
  • An mAAI repository 6 may also be provided to store reference information used for authenticating and/or authorising transactions. Note: authentication is taken to mean the process of verifying the identity of a user, while authorisation is the process of permitting a transaction made by the authenticated user.
  • mobile device 1 can transmit unique identifying data such as its IMSI to the mAAI terminal 2, thereby acting as a replacement for a conventional ticket, with the authentication process being controlled by mAAI authentication server 5.
  • the IMSI of the mobile station 1 is used as an example of a suitable identification information which is available to be transmitted by the mobile station.
  • the term IMSI will be used in this application for the sake of brevity. However, the invention is not limited to the use of the IMSI, and it will be understood that other available identifying information, such as the IMEI (International Mobile Equipment Identity) of the mobile phone, or other suitable identification information, could be used instead of, or as well as, the IMSI.
  • IMEI International Mobile Equipment Identity
  • the mAAI web server 7 hosts web-applications which may be used for such administrative processes as user registration, or for initiating transactions such as buying e-tickets or other services provided by the owner of the mAAI platform.
  • the mAAI terminal 2 comprises two elements - an mAAI reader, which includes the necessary functionality to communicate with the mobile communications device 2, and a network interface unit 2b (also referred to as an mAAI client) implemented in hardware and/or software local to the terminal 2.
  • the mAAI reader 2a may include hardware for communicating with the mobile by emulating a GSM base station.
  • the hardware may include Bluetooth, NFC modules or infra-red modules, or any close-range wireless communication means appropriate for the transmission medium used to convey the identication information to the mAAI terminal.
  • the example of the GSM interface will be used, however it will be understood that the invention is also realisable using the other communication methods mentioned, with the appropriate changes made to the hardware and/or software of the mAAI reader 2a.
  • the mAAI reader 2a communicates with the mobile 1 , which may be isolated from its normal GSM environment, for example by being placed in an RF shielded enclosure.
  • the mobile 1 sends its identification data (IMSI) to the mAAI reader following the same transaction sequence as if it were communicating with a standard GSM base station.
  • IMSI identification data
  • the mAAI Reader receives the IMSI obtained from the mobile phone 1 and passes it to the mAAI Client 2b.
  • the mAAI client 2b evaluates these identification data and performs a user authentication procedure which may involve, for example, checking the identification data against data cached in the mAAI terminal 2.
  • the authorisation issued by the mAAI client 2b then enables the user to proceed with the transaction.
  • the authentication data cached in mAAI client 2b may be retrieved via a mobile, wireless or wired networked interface 3 from a backend system, including an mAAI authentication server 5.
  • the data caching transactions may be achieved via secure HTTP over TCP/IP, for example.
  • a prior registration procedure of the user may initially involve the user communicating with an mAAI SMS server 4 using the mobile device.
  • the mAAI SMS server 4 receives an SMS message bearing the IMSI of the mobile devices, and responds with a confirmation message.
  • User data provided at registration may then be stored in the mAAI repository 6.
  • FIG 2 An alternative embodiment of the invention is shown in figure 2.
  • the mAAI reader 2a is implemented as a separate unit communicating with the mobile and with the mAAI terminal via the internet (for example using TCP/IP).
  • the mAAI reader is not required to be in the immediate vicinity of the mAAI terminal 2.
  • the mobile 1 transmits its IMSI wirelessly to the mAAI reader 2a - in this case via TCP/IP over the GSM network and the internet.
  • the authentication method requires the mobile also to transmit information identifying which mAAI terminal requires the authentication.
  • This information can be as simple as a number or code or barcode displayed at the mAAI terminal, and which can be typed or scanned or photographed into the mobile.
  • the terminal identification information can be transmitted wirelessly from the mAAI terminal to the mobile by any standard close-range wireless transmission means such as Bluetooth, NFC or infra-red.
  • This variant of the invention is particularly suited to be combined with embodiment, described later, in which a predetermined function is run in the mobile, the predetermined function including steps to fetch the terminal identification information from the mAAI terminal, or to interact with a transmitting unit in the mAAI terminal, stimulating the transmitting unit to send the terminal identification information to the mobile, upon which the mobile can send the terminal identification information to the remote mAAI reader 2a.
  • FIG. 3 shows in block form the principal functional elements of the mAAI Terminal 2 mentioned above, in the embodiment in which the terminal includes both the reader 2a and the internet interface 2b.
  • Functional blocks 21 and 22 represent two GSM tranceivers arranged to communicate via an aerial or other wireless interface with mobile device 1 (which may be inside an RF shielded compartment 20), in such a way as to emulate the signals of one or more GSM networks.
  • mobile device 1 which may be inside an RF shielded compartment 20
  • a door 25 allowing a user to insert the mobile device into the RF shielded compartment 20.
  • the shielded compartment serves to prevent communication between the mobile device and wireless networks outside the shielded compartment 20, and also to prevent communication between the GSM transceivers 21 , 22 inside the compartment 20 and any mobile devices outside the compartment 20.
  • GSM transceivers Although two GSM transceivers are illustrated, it will be readily understood that a different number may be required, dependent on how many GSM networks are to be emulated.
  • Block 23 represents the Base Station Controller, which manages the emulation and the communication transactions between the mAAI terminal 2 and the mobile 1.
  • Block 24 is a Client Interface element which manages communication between the Base Station Controller 23 and the mAAI client 2b.
  • a user In order to authenticate himself or herself using the IMSI of his or her mobile and the mAAI terminal illustrated in figure 3, a user first initiates an IMSI transmitting process on the mobile 1. This may be a call set-up or a text message set-up to an existing or fictitious number, or it may be a special process such as a Java ® application. In the case of a call set-up or a text- message set-up, the user then places the mobile 1 within range of the mAAI terminal 2 (and, if available, into the shielded compartment 20).
  • the mobile 1 will continue the call/SMS set-up process, and the GSM transceivers 21 , 22, by emulating the behaviour of a local GSM network, continue the standard sequence of GSM transaction signals and thereby cause the mobile 1 to transmit its IMSI.
  • the IMSI is then received by the mAAI reader 2 and authenticated in the manner described above.
  • the base station controller 23 may then disable the GSM transceivers and/or send a signal to the mobile 1 to indicate the successful receipt of the IMSI and/or that the mobile may terminate its call set-up or other IMSI transmitting process.
  • the IMSI transmitting process may be instigated when the user initiates a special process such as a Java ® application to run on the mobile.
  • This special process includes functions which cause the mobile to transmit its unique identification information to the mAAI terminal.
  • This transmission may occur via GSM protocols, as described above for a call set-up, or it may be implemented via Bluetooth ® , near-field communication (NFC), infra-red or other wireless or wired communication between the mobile and the mAAI terminal.
  • the terminal is correspondingly equipped with the appropriate hardware and/or software necessary to communicate with the mobile.
  • element 1 represents a mobile communication device, such as a mobile phone, having a unique, permanent identifier stored within it in such a manner as to be unalterable.
  • element 16 represents a local base station of a wireless network such as a GSM network, and the various arrows labeled 15-1 to 15-7 represent signals transmitted by the mobile device to the base station, while the arrows labeled 16-1 to 16-7 represent signals transmitted by the network's base station 16 and received by the mobile device 1.
  • the temporal sequence of the signals runs from top to bottom of figure 4 as follows:
  • the mobile device 1 sends a signal to the base station 16 requesting a wireless communication channel. This request is made over a channel known as the Random Access Channel (RACH).
  • RACH Random Access Channel
  • the base station 16 assigns a channel to be used for the rest of the call setup procedure, and communicates information about this channel to the mobile phone 1.
  • the mobile phone 1 tells the network what sort of service it requires, and also sends an identifier, usually a temporary identifier (TIMSI) or sometimes its IMSI, to the base station 16.
  • TIMSI temporary identifier
  • IMSI IMSI
  • the base station 16-2 Identity Request.
  • the base station 16 sends a request for authentication to the mobile phone 1.
  • the signal contains information specifying which type of Identity Information is requested.
  • the IMSI the IMEI
  • the IMEISV IMEI plus software version
  • a TIMSI a TIMSI.
  • 15-3 Authentication Response.
  • the mobile device 1 transmits authentication information to the base station 16.
  • the authentication information includes the requested identity information of the mobile device 1.
  • Ciphering Code Command If authentication is successful, then the base station 16 issues a Ciphering Code command instructing the mobile phone 1 which ciphering mode to use for the call.
  • Ciphering Mode Complete The mobile phone 1 indicates to the base station 16 that it has adopted the prescribed ciphering mode. The base station waits for a call set-up instruction.
  • the network 16-5 Assignment Command.
  • the network 16 assigns a traffic channel (TCH) and this is sent by the base station 16 to the mobile device 1.
  • TCH traffic channel
  • 16-6, 16-7 Alerting and Connect.
  • the network 16 confirms the call and initiates the connection over the assigned channel.
  • FIG 4 shows in schematic form the modular structure of a device capable of carrying out a method according to an embodiment of the invention.
  • mobile device 1 may be inserted into a shielded enclosure which blocks communication between the mobile device and the ambient wireless (eg GSM, GPRS) environment.
  • the shielded enclosure may form part of a reader terminal, equipped to emulate the wireless interaction which the mobile device would expect to have with the local wireless environment and in particular the local GSM network base station.
  • the reader terminal can be constructed along the lines indicated in figure 6, although other architectures and functional elements are also conceivable without departing from the scope of the invention.
  • Elements 12 and 13 in figure 5 represent communication modules within a terminal reader, and represent an improved, modular architecture of the mAAI terminal described above with reference to figure 3.
  • Figure 5 also shows the same typical sequence of transactions as in figure 4, including the authentication transactions for a mobile-originated call setup.
  • the transactions 15-1 to 15-7 take place between the mobile phone 1 and the emulated base station realized by the mAAI terminal elements 12 and 13.
  • Figure 5 also indicates two points (14a, 14b) in the transaction sequence where the sequence can be stopped once the appropriate identification information (IMSI) has been conveyed.
  • IMSI identification information
  • the mAAI terminal issues an Identity Request signal at step 16-2, containing information specifying which type of Identity Information is requested.
  • the mAAI terminal is adapted to request the IMSI and/or the IMEI, depending on the type of authentication required for the transaction being performed.
  • the mobile device 1 duly responds with the requested information.
  • the mobile may at step 15-2 send its IMSI 9 instead of a TIMSI 10 in response to the Immediate Assignment signal 16-1.
  • the mAAI terminal may be adapted to recognize that the IMSI has been received, and halt the sequence after step 15-2.
  • the mAAI terminal may comprise a means for assessing, after each receipt of a signal from the mobile, whether the signal contained a valid IMSI.
  • the call set-up or other process initiated by the user can be immediately halted, the mobile can be removed from the enclosure, and the mobile will return to the normal public network with the indication of a call to a bad number (if the user had dialed a fictitious number to initiate the transaction sequence).
  • Figure 6 shows a simplified block diagram of a further embodiment of the invention, in which the base station emulation function provided by the mAAI terminal is able to detect parameters of a local GSM network and adapt the transaction behaviour of the mAAI terminal to suit mobile devices subscribed to the particular local GSM network concerned.
  • the mAAI terminal architecture depicted in figure 6 comprises three modules: a Public Network Synch Unit 11 , the random access channel (RACH) Receiver Unit 12 and the mAAI main unit 13.
  • the Public Network Synch Unit 11 is a GSM module which receives the broadcast control channel (BBCH) of the public network 16. Its task, as with every GSM mobile device, is to receive system Information messages from the network and decode the the communication parameters included in this system information.
  • the communication parameters required by the mAAI terminal may include:
  • the RACH Receiver Unit 12 is the GSM Signaling Receiver capable to receive a Random Access Channel (RACH) burst transmitted by a user's mobile phone 1.
  • RACH Random Access Channel
  • This receiver operates on the uplink frequency band of GSM, the same as receivers on GSM base station.
  • RACH bursts carry an Access Burst of data which is shorter than all other bursts used in GSM, carrying only one byte of data.
  • the RACH Receiver Unit is configured so that it can listen to all possible RACH bursts and detect the logical channel organization being used at a given time on a given network.
  • GSM systems allow the use of seven different logical channel organizations. However, because it cannot know which channel the mobile phone will use for sending its initial RACH Access Burst, the mAAI Terminal must listen on all possible channels in order to be sure of receiving the RACH burst from the mobile phone.
  • the mAAI Main Unit 13 is capable of transmitting on the GSM downlink frequency band and receiving on the uplink frequency band, in the same manner as a standard GSM base station.
  • the unit is synchronized to the GSM network being used by the mobile phone, using information passed from the Public Network Synch Unit, and is thereby able to send and receive data to and from the mobile phone 1.
  • the mAAI Main Unit uses the uplink Common Control Channel (CCCH) and the Slow Dedicated Control Channel (SDCCH) to receive CM_CONN_REQ and AUTHENTICATION RESPONSE messages, and the downlink Access Grant Channel (AGCH) and Slow Dedicated Control Channel (SDCCH) to send IMMEDIATE ASSIGNMENT and AUTHENTICATION REQUEST messages.
  • CCCH Common Control Channel
  • SDCCH Slow Dedicated Control Channel
  • AGCH downlink Access Grant Channel
  • SDCCH Slow Dedicated Control Channel
  • the mAAI Main Unit 13 may also be configured to perform standard GSM coding and decoding in both uplink and downlink data.
  • the mAAI Main Unit 13 does not know the Paging Group of the user's mobile 1. This group determines when a user's mobile will be listening to the Access Grant Channel (AGCH) for the IMMEDIATE ASSIGNEMENT message. Because of this, the mAAI Main Unit may be configured to send the IMMEDIATE ASSIGNMENT message on all possible paging groups for the given logical channel organization on a given network.
  • AGCH Access Grant Channel
  • Terminal Main Unit is configured such that the mAAI terminal acts as though it were a GSM base station serving a number of mobiles, but with only one mobile actually communicating with it.
  • the mobile At the moment when the user initiates the IMSI transmission process, for example by dialing a fictitious number and pressing the SEND key of the mobile, the mobile will be camped on to its usual network.
  • the mAAI terminal is able to copy all the relevant information required to emulate the network responses (logical channel structure, Frame Number etc.) from the local GSM Network in order to enable the mAAI emulation means to emulate enough of the responses of a base station on the network to cause the mobile to transmit its IMSI.
  • the emulation means is prepared to issue the responses rapidly, as soon as the IMSI transmission process (call set-up etc) is initiated, thus eliminating any delay.
  • the mAAI is emulating the same local mobile network on to which the mobile is already camped, with the result that the mobile phone is immediately able to "connect" to the mAAI terminal without first going through the sequence of identifying and camping on to the emulated network, as it would have to if the emulated network base station had appeared different from the network base station on to which it is currently camped. In this manner, the mobile can immediately execute a call set-up sequence, and thereby transmit its IMSI without delay when a call set-up instruction is initiated by the user.
  • one or more of the real local networks may also capture the CHANNEL REQUEST signal sent by mobile.
  • This is Random Access Channel (RACH) burst sent with maximum RF power of 2 Watts according to the GSM Protocol.
  • RACH Random Access Channel
  • the mAAI Terminal Cell has a much stronger RF field in the close environment, the mobile phone will continue call establishment process too the mAAI Terminal instead of the real Network.
  • the mAAI terminal is designed so that, at short range, its RF field is significantly stronger than that of local GSM networks. For most transaction authentication situations, short range means within one or two metres.
  • a shielded compartment as described with reference to figure 3, or a larger shielded volume, through which mobile phone users may pass, or in which users are in any case.
  • a shielded volume may be implemented as a special booth, or as a pre-existing room, or as part (or all) of a train carriage, for example.
  • FIG. 7 shows a further embodiment of the invention, in which the mAAI terminal architecture of figure 6 is replicated for a number (three are illustrated) of GSM networks.
  • the three antennae illustrated in figure 6 (one each on each of modules 11 , 12 and 13) do not however need to be replicated, as each the antenna on module 11 may also be used by modules 11 ' and 11 ".
  • the antennae on module 12 and is shared by modules 12' and 12". There is no problem sharing antennae on these modules, since they are only used for receiving
  • the antenna for the mAAI Terminal Main Unit 13 illustrated in figure 7 can also be shared by all the units 13', 13 and 13" etc, even though these units are required to both receive and transmit. This because the mAAI terminal is only required to serve one customer at a time, meaning only one complete unit is active and it corresponds to GSM Network used by the customer.
  • the mAAI terminal "slices”, each consisting of a Public Network Synch Unit 11 , a RACH Receiver Unit 12 and an mAAI Main Unit 13, may be implemented as independent modules, with at least the mAAI Main Units having separate antennae.
  • a control means may be provided which automatically analyses the local GSM network environment and either selects the most popular networks (referring to a table of data of network popularity, for example), or controls the mAAI terminal modules such that the network emulations they perform are switched, alternated or time-multiplexed, so that all, or at least more, of the local networks may be emulated, even if only for part of the time.
  • the mAAI terminal may be sited where reception for some or all of the public networks is either poor or non-existent.
  • the mAAI terminal may be provided with a communication parameter storage unit, in which are stored appropriate parameters required to characterize the base station responses of the unavailable network or networks.
  • the required parameters are passed to the respective RACH Receiver Unit 12 and an mAAI Main Unit 13 from the parameter storage unit instead of the Public Network Synch Unit 11.

Abstract

Method and device for identifying a user or authenticating a transaction by transmitting unique identification information, such as an IMSI stored in a mobile phone (1), to an authentication terminal device (2). In one embodiment the authentication terminal device (2) comprises one or more sets of GSM transceivers and elements (2a) capable of emulating the wireless signals of a GSM base station. The authentication process is initiated by the user, using controls provided on the mobile phone (1).

Description

Mobile Authentication Method and Device
The present invention relates to a method and device for authenticating or identifying a mobile communications device or its user. In particular, but not exclusively, the invention relates to a method and device for authenticating or identifying a mobile communications device or its user by remotely or wirelessly detecting unique identifying information stored in the mobile communications device.
Many commercial transactions, for example the purchase of goods or services, are performed remotely or electronically, and such transactions often require secure identification of the purchaser or user. Commercial organizations issue proprietary security information and materials, such as passwords, pass codes, "chip and pin" cards or card reader devices, and users are required to memorise these codes and to have the appropriate codes, cards and/or devices to hand whenever the vendor or service provider wishes to authenticate a transaction or identify the user. Services or goods ordered online may require a recipient to identify him or herself upon receipt of those goods or services. A rail or concert ticket, for example, may be booked in advance, and the train manager or the venue admissions staff may need to verify that the passenger or concert-goer is indeed the person for whom the ticket was purchased.
Since many people carry mobile phones, and since mobile phones contain unique identification information, it has been proposed to use this unique identification information to authorize transactions or to provide some identification of a person carrying the mobile phone. Mobile phones are able to transmit and receive their unique identification information using standardized wireless protocols, and it has been proposed to use this feature to capture the identifying information from the mobile phone wirelessly.
In European Patent Application EP1424861 , for example, a user identification system was proposed in which a mobile phone was inserted into a dedicated mobile phone reader device which isolates the mobile phone device from the ambient wireless (GSM) environment and substitutes its own emulated version of the GSM environment inside a shielded chamber. Following its normal mode of operation inside the chamber, the mobile phone would then continue to perform its regular communication with this emulated environment, monitoring what appears to it to be a local GSM base station and, in doing so, transmitting its unique identifier information (IMSI - International Mobile Subscriber Identity) periodically to the enclosing reader device. This identification information (IMSI) can then be verified, usually with reference to information stored on a remote server, in order to authenticate the transaction or identify the user.
The prior art method of capturing the IMSI from a mobile phone inside the reader relies on the mobile phone being in its "ready" state, in which it periodically signals its presence to the (emulated) local base station. If the mobile phone is in a different state, for example in a "sleep" mode, or in the process of making or receiving a call, then the user is required to take the necessary steps (eg wake the mobile phone, or end the call) and to ensure that the mobile phone is in the required "ready" state, and that it stays in this state for as long as is necessary for the mobile phone to perform at least one of its periodical "ready" state transactions with the emulated local base station.
Furthermore, the prior art method will usually involve a significant time delay before the mobile phone communicates its IMSI to the emulated local base station. In practice, this delay has been found to be from 45 seconds to as much as five minutes. The length of this delay means that there is an increased likelihood of the mobile phone changing from its "ready" state after it has been placed into the reader device. The length of this delay, and the uncertainty over whether the mobile phone will still be in the required state at the instant when the mobile phone should broadcast its IMSI, means that the prior art method is unacceptable to customers and inefficient for merchants.
The invention described in this application seeks to overcome the difficulties of the prior art method by stimulating the mobile device to transmit its identifying information to a reader device simply and quickly, and such that the user can be confident that the transaction will not be jeopardised by a change of state of the mobile phone, and such that the transfer of identification information can happen faster.
The invention is set out in the appended claims 1 and 8. Variants of the invention are also described in the dependent claims 2-7 and 9-15.
The invention and its advantages will become apparent in the following description, together with illustrations of example embodiments and implementations given in the accompanying drawings. The drawings are intended merely as illustrations of the present invention, and are not to be construed as limiting the scope of the invention.
Figure 1 shows a first example application of the invention in a system of authenticating a transaction via the internet.
Figure 2 shows a second example application of the invention in a system of authenticating a transaction via the internet. Figure 3 illustrates in schematic form a block diagram of a mobile device reader architecture according to one embodiment of the invention.
Figure 4 illustrates a conventional call set-up transaction sequence between a mobile phone and a GSM network.
Figure 5 illustrates the portion of the transaction sequence used in implementing one embodiment of the invention.
Figure 6 shows in schematic form the interaction between a reader terminal, a mobile phone and a public GSM network according to an embodiment of the invention.
Figure 7 shows in schematic form a similar arrangement of a reader terminal comprising means for interacting with more than one local GSM base station. The invention will now be described in detail with reference to the drawings. In the context of this application, references to a mobile, mobile device, mobile phone or a mobile station should be understood to include any portable wireless communications device containing unique and tamper-proof or decryption-proof identification information. Such similar devices could include portable data assistants, laptop computers, portable gaming consoles, music players, satellite navigation devices or any device containing a SIM (subscriber identity module).
Figure 1 shows a typical example architecture of a transaction authentication system in which the present invention may be used. In the illustrated system, a mobile device 1 communicates wirelessly (via a GSM network, for example) with both a mobile reader terminal 2 and with a common network 3 such as the internet. The mobile reader terminal 2 is also referred to in this application as an mAAI (mobile Authentication via Air Interface) terminal.
The specific implementation details of the system architecture depend on the needs of the mAAI platform provider. In particular, the architecture of the back end systems depends on the mAAI platform provider's infrastructure and on the use to which the platform will be put.
In the system shown in figure 1 , mAAI authentication server 5 may communicate with an mAAI web server 7, an mAAI SMS server 4 or with a web client 8 via the internet 3. An mAAI repository 6 may also be provided to store reference information used for authenticating and/or authorising transactions. Note: authentication is taken to mean the process of verifying the identity of a user, while authorisation is the process of permitting a transaction made by the authenticated user.
In the system of figure 1 , mobile device 1 can transmit unique identifying data such as its IMSI to the mAAI terminal 2, thereby acting as a replacement for a conventional ticket, with the authentication process being controlled by mAAI authentication server 5. Note that in the context of the present invention, the IMSI of the mobile station 1 is used as an example of a suitable identification information which is available to be transmitted by the mobile station. The term IMSI will be used in this application for the sake of brevity. However, the invention is not limited to the use of the IMSI, and it will be understood that other available identifying information, such as the IMEI (International Mobile Equipment Identity) of the mobile phone, or other suitable identification information, could be used instead of, or as well as, the IMSI.
The mAAI web server 7 hosts web-applications which may be used for such administrative processes as user registration, or for initiating transactions such as buying e-tickets or other services provided by the owner of the mAAI platform.
The mAAI terminal 2 comprises two elements - an mAAI reader, which includes the necessary functionality to communicate with the mobile communications device 2, and a network interface unit 2b (also referred to as an mAAI client) implemented in hardware and/or software local to the terminal 2. In one embodiment of the invention, the mAAI reader 2a may include hardware for communicating with the mobile by emulating a GSM base station. Alternatively, the hardware may include Bluetooth, NFC modules or infra-red modules, or any close-range wireless communication means appropriate for the transmission medium used to convey the identication information to the mAAI terminal. In the following description, the example of the GSM interface will be used, however it will be understood that the invention is also realisable using the other communication methods mentioned, with the appropriate changes made to the hardware and/or software of the mAAI reader 2a.
In the example shown in figure 1 , the mAAI reader 2a communicates with the mobile 1 , which may be isolated from its normal GSM environment, for example by being placed in an RF shielded enclosure. During this communication between the mAAI reader 2a and the mobile 1 , the mobile 1 sends its identification data (IMSI) to the mAAI reader following the same transaction sequence as if it were communicating with a standard GSM base station. The mAAI Reader receives the IMSI obtained from the mobile phone 1 and passes it to the mAAI Client 2b. The mAAI client 2b evaluates these identification data and performs a user authentication procedure which may involve, for example, checking the identification data against data cached in the mAAI terminal 2. The authorisation issued by the mAAI client 2b then enables the user to proceed with the transaction.
The authentication data cached in mAAI client 2b may be retrieved via a mobile, wireless or wired networked interface 3 from a backend system, including an mAAI authentication server 5. The data caching transactions may be achieved via secure HTTP over TCP/IP, for example.
A prior registration procedure of the user may initially involve the user communicating with an mAAI SMS server 4 using the mobile device. The mAAI SMS server 4 receives an SMS message bearing the IMSI of the mobile devices, and responds with a confirmation message. User data provided at registration may then be stored in the mAAI repository 6.
An alternative embodiment of the invention is shown in figure 2. In figure 2, the mAAI reader 2a is implemented as a separate unit communicating with the mobile and with the mAAI terminal via the internet (for example using TCP/IP). In such a variant, the mAAI reader is not required to be in the immediate vicinity of the mAAI terminal 2. As with the other embodiments of the invention, the mobile 1 transmits its IMSI wirelessly to the mAAI reader 2a - in this case via TCP/IP over the GSM network and the internet. However, in the case where the mAAI reader 2a is remote from the mAAI terminal, the authentication method requires the mobile also to transmit information identifying which mAAI terminal requires the authentication. This information can be as simple as a number or code or barcode displayed at the mAAI terminal, and which can be typed or scanned or photographed into the mobile. Or the terminal identification information can be transmitted wirelessly from the mAAI terminal to the mobile by any standard close-range wireless transmission means such as Bluetooth, NFC or infra-red. This variant of the invention is particularly suited to be combined with embodiment, described later, in which a predetermined function is run in the mobile, the predetermined function including steps to fetch the terminal identification information from the mAAI terminal, or to interact with a transmitting unit in the mAAI terminal, stimulating the transmitting unit to send the terminal identification information to the mobile, upon which the mobile can send the terminal identification information to the remote mAAI reader 2a.
Note that the example systems shown in figures 1 and 2 are illustrated as using particular communications protocols (https, RMI, JDBC, GSM) between the various elements of the systems. It will however be understood that these communication protocols are shown by way of example only, and that other protocols could be substituted without departing from the spirit of the invention.
Figure 3 shows in block form the principal functional elements of the mAAI Terminal 2 mentioned above, in the embodiment in which the terminal includes both the reader 2a and the internet interface 2b. Functional blocks 21 and 22 represent two GSM tranceivers arranged to communicate via an aerial or other wireless interface with mobile device 1 (which may be inside an RF shielded compartment 20), in such a way as to emulate the signals of one or more GSM networks. Also illustrated is a door 25 allowing a user to insert the mobile device into the RF shielded compartment 20. The shielded compartment serves to prevent communication between the mobile device and wireless networks outside the shielded compartment 20, and also to prevent communication between the GSM transceivers 21 , 22 inside the compartment 20 and any mobile devices outside the compartment 20.
Although two GSM transceivers are illustrated, it will be readily understood that a different number may be required, dependent on how many GSM networks are to be emulated.
Most countries have two or more public mobile phone networks (domestic networks), and the international GSM Specification states that there must be no roaming possibility inside one country. This means that, in a given country, a mobile phone equipped with a SIM card for a first provider is not able to use it to connect to the network of a second provider (except for emergency calls). It is therefore not possible for the mAAI terminal 2 to emulate a common domestic network for all users.
Block 23 represents the Base Station Controller, which manages the emulation and the communication transactions between the mAAI terminal 2 and the mobile 1.
Block 24 is a Client Interface element which manages communication between the Base Station Controller 23 and the mAAI client 2b.
In order to authenticate himself or herself using the IMSI of his or her mobile and the mAAI terminal illustrated in figure 3, a user first initiates an IMSI transmitting process on the mobile 1. This may be a call set-up or a text message set-up to an existing or fictitious number, or it may be a special process such as a Java® application. In the case of a call set-up or a text- message set-up, the user then places the mobile 1 within range of the mAAI terminal 2 (and, if available, into the shielded compartment 20). The mobile 1 will continue the call/SMS set-up process, and the GSM transceivers 21 , 22, by emulating the behaviour of a local GSM network, continue the standard sequence of GSM transaction signals and thereby cause the mobile 1 to transmit its IMSI. The IMSI is then received by the mAAI reader 2 and authenticated in the manner described above. After receiving the IMSI, the base station controller 23 may then disable the GSM transceivers and/or send a signal to the mobile 1 to indicate the successful receipt of the IMSI and/or that the mobile may terminate its call set-up or other IMSI transmitting process.
In an alternative embodiment of the invention, the IMSI transmitting process may be instigated when the user initiates a special process such as a Java® application to run on the mobile. This special process includes functions which cause the mobile to transmit its unique identification information to the mAAI terminal. This transmission may occur via GSM protocols, as described above for a call set-up, or it may be implemented via Bluetooth®, near-field communication (NFC), infra-red or other wireless or wired communication between the mobile and the mAAI terminal. In such an embodiment, the terminal is correspondingly equipped with the appropriate hardware and/or software necessary to communicate with the mobile.
In figure 4, the various transactions are described which are involved in a typical call-set up routine performed by a mobile phone when making an outgoing ("mobile originated", or MO) call. These transactions are described in the internationally recognized standards for GSM systems. In figure 4, element 1 represents a mobile communication device, such as a mobile phone, having a unique, permanent identifier stored within it in such a manner as to be unalterable. Element 16 represents a local base station of a wireless network such as a GSM network, and the various arrows labeled 15-1 to 15-7 represent signals transmitted by the mobile device to the base station, while the arrows labeled 16-1 to 16-7 represent signals transmitted by the network's base station 16 and received by the mobile device 1. The temporal sequence of the signals runs from top to bottom of figure 4 as follows:
15-1 : Channel request. The mobile device 1 sends a signal to the base station 16 requesting a wireless communication channel. This request is made over a channel known as the Random Access Channel (RACH).
16-1 : Immediate Assignment. The base station 16 assigns a channel to be used for the rest of the call setup procedure, and communicates information about this channel to the mobile phone 1.
15-2: Connection Management Service Request. The mobile phone 1 tells the network what sort of service it requires, and also sends an identifier, usually a temporary identifier (TIMSI) or sometimes its IMSI, to the base station 16.
16-2: Identity Request. The base station 16 sends a request for authentication to the mobile phone 1. The signal contains information specifying which type of Identity Information is requested. In the standard GSM Identity Request message, there are four possible Identities which may be specified: the IMSI, the IMEI, the IMEISV (IMEI plus software version), or a TIMSI. 15-3: Authentication Response. The mobile device 1 transmits authentication information to the base station 16. The authentication information includes the requested identity information of the mobile device 1.
16-3: Ciphering Code Command. If authentication is successful, then the base station 16 issues a Ciphering Code command instructing the mobile phone 1 which ciphering mode to use for the call.
15-4: Ciphering Mode Complete. The mobile phone 1 indicates to the base station 16 that it has adopted the prescribed ciphering mode. The base station waits for a call set-up instruction.
15-5: Setup: The mobile phone 1 requests a call to be set up by the base station 16 via the network to which the base station is connected.
16-4: Call proceeding: The base station 16 informs the mobile phone 1 that its request is being processed.
16-5: Assignment Command. The network 16 assigns a traffic channel (TCH) and this is sent by the base station 16 to the mobile device 1.
15-6: Assignment Complete. The mobile device 1 acknowledges the channel assignment and switches to the assigned channel.
16-6, 16-7: Alerting and Connect. The network 16 confirms the call and initiates the connection over the assigned channel.
15-7: Connect Acknowledge: The mobile device 1 acknowledges the connection, and the call proceeds.
The sequence of transactions described in figure 4 relates to the setting up of a voice call, however a similar set of authentication transactions is involved in setting up other kinds of connection between the mobile device 1 and a network 16, such as WAP, SMS or MMS. Figure 5 shows in schematic form the modular structure of a device capable of carrying out a method according to an embodiment of the invention. As described with reference to figure 3, mobile device 1 may be inserted into a shielded enclosure which blocks communication between the mobile device and the ambient wireless (eg GSM, GPRS) environment. The shielded enclosure may form part of a reader terminal, equipped to emulate the wireless interaction which the mobile device would expect to have with the local wireless environment and in particular the local GSM network base station. The reader terminal can be constructed along the lines indicated in figure 6, although other architectures and functional elements are also conceivable without departing from the scope of the invention. Elements 12 and 13 in figure 5 represent communication modules within a terminal reader, and represent an improved, modular architecture of the mAAI terminal described above with reference to figure 3.
Figure 5 also shows the same typical sequence of transactions as in figure 4, including the authentication transactions for a mobile-originated call setup. However, in the case of figure 5, the transactions 15-1 to 15-7 take place between the mobile phone 1 and the emulated base station realized by the mAAI terminal elements 12 and 13. Figure 5 also indicates two points (14a, 14b) in the transaction sequence where the sequence can be stopped once the appropriate identification information (IMSI) has been conveyed. As described above in relation to figure 4, in the typical MO call set-up sequence, the mAAI terminal issues an Identity Request signal at step 16-2, containing information specifying which type of Identity Information is requested. The mAAI terminal is adapted to request the IMSI and/or the IMEI, depending on the type of authentication required for the transaction being performed. Then, in step 15-3, the mobile device 1 duly responds with the requested information.
In some cases, the mobile may at step 15-2 send its IMSI 9 instead of a TIMSI 10 in response to the Immediate Assignment signal 16-1. In this case, the mAAI terminal may be adapted to recognize that the IMSI has been received, and halt the sequence after step 15-2. To this end, the mAAI terminal may comprise a means for assessing, after each receipt of a signal from the mobile, whether the signal contained a valid IMSI. Following the successful transmission of the IMSI information, the call set-up or other process initiated by the user can be immediately halted, the mobile can be removed from the enclosure, and the mobile will return to the normal public network with the indication of a call to a bad number (if the user had dialed a fictitious number to initiate the transaction sequence).
Figure 6 shows a simplified block diagram of a further embodiment of the invention, in which the base station emulation function provided by the mAAI terminal is able to detect parameters of a local GSM network and adapt the transaction behaviour of the mAAI terminal to suit mobile devices subscribed to the particular local GSM network concerned.
The mAAI terminal architecture depicted in figure 6 comprises three modules: a Public Network Synch Unit 11 , the random access channel (RACH) Receiver Unit 12 and the mAAI main unit 13.
The Public Network Synch Unit 11 is a GSM module which receives the broadcast control channel (BBCH) of the public network 16. Its task, as with every GSM mobile device, is to receive system Information messages from the network and decode the the communication parameters included in this system information. The communication parameters required by the mAAI terminal may include:
- network frame number and synchronization, both frequency and timing to be able to determine start of every burst with jitter less than 1 bit
- information describing current BCCH structure to determine the moment when information about the RACH can be received
This information, and the precise network synchronization details received and decoded in real time by the Public network Synchronization Unit 11 , are passed to the RACH Receiver Unit 12 and the mAAI main unit 13.
The RACH Receiver Unit 12 is the GSM Signaling Receiver capable to receive a Random Access Channel (RACH) burst transmitted by a user's mobile phone 1. This receiver operates on the uplink frequency band of GSM, the same as receivers on GSM base station. RACH bursts carry an Access Burst of data which is shorter than all other bursts used in GSM, carrying only one byte of data. The RACH Receiver Unit is configured so that it can listen to all possible RACH bursts and detect the logical channel organization being used at a given time on a given network. GSM systems allow the use of seven different logical channel organizations. However, because it cannot know which channel the mobile phone will use for sending its initial RACH Access Burst, the mAAI Terminal must listen on all possible channels in order to be sure of receiving the RACH burst from the mobile phone.
The mAAI Main Unit 13 is capable of transmitting on the GSM downlink frequency band and receiving on the uplink frequency band, in the same manner as a standard GSM base station. The unit is synchronized to the GSM network being used by the mobile phone, using information passed from the Public Network Synch Unit, and is thereby able to send and receive data to and from the mobile phone 1. In particular, the mAAI Main Unit uses the uplink Common Control Channel (CCCH) and the Slow Dedicated Control Channel (SDCCH) to receive CM_CONN_REQ and AUTHENTICATION RESPONSE messages, and the downlink Access Grant Channel (AGCH) and Slow Dedicated Control Channel (SDCCH) to send IMMEDIATE ASSIGNMENT and AUTHENTICATION REQUEST messages.
The mAAI Main Unit 13 may also be configured to perform standard GSM coding and decoding in both uplink and downlink data.
The mAAI Main Unit 13 does not know the Paging Group of the user's mobile 1. This group determines when a user's mobile will be listening to the Access Grant Channel (AGCH) for the IMMEDIATE ASSIGNEMENT message. Because of this, the mAAI Main Unit may be configured to send the IMMEDIATE ASSIGNMENT message on all possible paging groups for the given logical channel organization on a given network.
In this embodiment, therefore, the software controlling the mAAI
Terminal Main Unit is configured such that the mAAI terminal acts as though it were a GSM base station serving a number of mobiles, but with only one mobile actually communicating with it.
At the moment when the user initiates the IMSI transmission process, for example by dialing a fictitious number and pressing the SEND key of the mobile, the mobile will be camped on to its usual network.
The mAAI terminal is able to copy all the relevant information required to emulate the network responses (logical channel structure, Frame Number etc.) from the local GSM Network in order to enable the mAAI emulation means to emulate enough of the responses of a base station on the network to cause the mobile to transmit its IMSI.
The fact that the parameters are detected and analysed beforehand means that the emulation means is prepared to issue the responses rapidly, as soon as the IMSI transmission process (call set-up etc) is initiated, thus eliminating any delay. In other words, the mAAI is emulating the same local mobile network on to which the mobile is already camped, with the result that the mobile phone is immediately able to "connect" to the mAAI terminal without first going through the sequence of identifying and camping on to the emulated network, as it would have to if the emulated network base station had appeared different from the network base station on to which it is currently camped. In this manner, the mobile can immediately execute a call set-up sequence, and thereby transmit its IMSI without delay when a call set-up instruction is initiated by the user.
There is a possibility that one or more of the real local networks may also capture the CHANNEL REQUEST signal sent by mobile. This is Random Access Channel (RACH) burst sent with maximum RF power of 2 Watts according to the GSM Protocol. If the mAAI Terminal Cell has a much stronger RF field in the close environment, the mobile phone will continue call establishment process too the mAAI Terminal instead of the real Network. To this end, the mAAI terminal is designed so that, at short range, its RF field is significantly stronger than that of local GSM networks. For most transaction authentication situations, short range means within one or two metres. It is possible to reduce the chances of interaction with local GSM networks by using a shielded compartment as described with reference to figure 3, or a larger shielded volume, through which mobile phone users may pass, or in which users are in any case. Such a shielded volume may be implemented as a special booth, or as a pre-existing room, or as part (or all) of a train carriage, for example.
Note that, even if the CHANNEL REQUEST signal is picked up by a local GSM network, the call will be dropped by the mAAI Terminal as soon as the mobile has sent its IMSI, and before any call is set up. The transaction would have no consequences and would not attract any charges from the public network.
As mentioned above, the mAAI Terminal needs to be capable of communicating with more than one mobile phone, camped on to any GSM network in the area where the terminal is in operation. Figure 7 shows a further embodiment of the invention, in which the mAAI terminal architecture of figure 6 is replicated for a number (three are illustrated) of GSM networks. The three antennae illustrated in figure 6 (one each on each of modules 11 , 12 and 13) do not however need to be replicated, as each the antenna on module 11 may also be used by modules 11 ' and 11 ". Similarly the antennae on module 12 and is shared by modules 12' and 12". There is no problem sharing antennae on these modules, since they are only used for receiving
The antenna for the mAAI Terminal Main Unit 13 illustrated in figure 7 can also be shared by all the units 13', 13 and 13" etc, even though these units are required to both receive and transmit. This because the mAAI terminal is only required to serve one customer at a time, meaning only one complete unit is active and it corresponds to GSM Network used by the customer.
However, in order to cope with more than one customer at a time, the mAAI terminal "slices", each consisting of a Public Network Synch Unit 11 , a RACH Receiver Unit 12 and an mAAI Main Unit 13, may be implemented as independent modules, with at least the mAAI Main Units having separate antennae. In some situations, there may be more local GSM networks than there are module "slices" in the mAAI terminal. In this case, the unit is only be able to communicate with a subset of the mobile phones which may be presented in its vicinity. In a further variant of the invention, therefore, a control means may be provided which automatically analyses the local GSM network environment and either selects the most popular networks (referring to a table of data of network popularity, for example), or controls the mAAI terminal modules such that the network emulations they perform are switched, alternated or time-multiplexed, so that all, or at least more, of the local networks may be emulated, even if only for part of the time.
In other situations, the mAAI terminal may be sited where reception for some or all of the public networks is either poor or non-existent. In such a case, the mAAI terminal may be provided with a communication parameter storage unit, in which are stored appropriate parameters required to characterize the base station responses of the unavailable network or networks. In this case, the required parameters are passed to the respective RACH Receiver Unit 12 and an mAAI Main Unit 13 from the parameter storage unit instead of the Public Network Synch Unit 11.

Claims

Claims
1. Method of authenticating a transaction or identifying a user, by transmitting unique identification information stored in a mobile electronic communication device, hereafter referred to as a mobile device 1 , from the mobile device 1 to an apparatus for receiving identification information from the mobile device 1 , the apparatus being hereafter referred to as the mobile ID reader 2,
the unique identification information, referred to hereafter as the mobile ID, uniquely identifying the mobile device 1 and/or a network subscriber identification module installed in the mobile device 1 ,
the method comprising
a first step of bringing the mobile device 1 within a short communication range of the mobile reader 2
a second second step of stimulating the mobile device 1 to transmit its mobile ID to the mobile ID reader 2,
the second step being initiated by a user of the mobile device 1 , using controls provided on the mobile device 1.
2. Method according to claim 1 , in which the second step comprises the step of initiating an outgoing call setup sequence or a message sending sequence of the mobile device 1.
3. Method according to claim 1 or 2, the mobile device 1 being for communicating with a local base station of a wireless communications network, and the method comprising emulation steps of emulating, in the mobile ID reader 2, response signals from the local base station.
4. Method according to claim 1 , the mobile device 1 being for communicating with one or more local base stations of one or more wireless Communications network, and the method comprising emulation steps of emulating, in the mobile ID reader 2, response signals from the or each local base station.
5. Method according to claim 4, in which the emulation steps comprising the steps of
adapting one or more emulation means to emulate communication signals from the or each local base stations of the one or more wireless communication networks,
determining communication configuration parameters used by the or each local base station by receiving signals from the or each local base station and detecting elements of the signals required to communicate with the or each base station,
using the communication configuration parameters to adapt the or each emulation means so as to enable the emulation means to emulate response signals from the or each base station.
6. Method according to any of the preceding claims, in which the said controls include at least one alphanumeric key or command key on the mobile device 1.
7. Method according to any of the preceding claims, in which the said controls include at least one sound-activated function of the mobile device 1.
8. Method according to any of the preceding claims, further comprising the step of, upon receipt of the mobile ID from the mobile device 1 by the mobile ID reader 2, halting communication between the mobile ID reader 2 and the mobile device 1.
9. Apparatus for receiving identification information from a mobile communication device 1 , the apparatus being henceforth referred to as a mobile ID reader 2, the said mobile communication device 1 being for wireless communication with at least one base station of a local wireless network 16,
the mobile ID reader 2 comprising:
at least one base station emulation means for receiving signals from the mobile communication device 1 and for transmitting emulated base station response signals to the mobile communication device 1 ,
the or each base station emulation means being adapted to, upon receiving a predetermined link set-up signal from the mobile communication device 1 initiated by a user of the mobile communication device 1 using controls provided on the mobile communication device 1 , emulate base station response signals of the pre-determined sequence of link set-up transactions, the pre-determined sequence of link set-up transactions including the transmission by the mobile communication device of a signal containing the identification information (9) of the mobile communication device 1.
10. Mobile ID reader 2 according to claim 8, in which the predetermined link set-up signal is a channel request signal or a message sending setup signal.
11. Mobile ID reader 2 according to one of claims 9 or 10, in which the or each base station emulation means is adapted to, upon receipt of the identification information from the mobile communication device 1 , transmit a signal indicating the termination of the pre-determined sequence of link set-up transactions, and/or halt emulation of the base station signals of the pre- determined sequence of link set-up transactions.
12. Mobile ID reader 2 according to one of claims 9 to 11 , comprising: configuration parameter detector means for detecting communication configuration parameters of the one or more base stations in the vicinity of the mobile ID reader 2,
wherein the or each base station emulation means is adapted to, using the characteristics detected by the configuration parameter detector means, emulate response signals from the one of the base stations.
13. Mobile ID reader 2 according to one of claims 9 to 12, further comprising means for shielding wireless communication between the mobile device 2 and the one or more base stations at least while the mobile device communicates with the mobile ID reader.
14. Mobile ID reader 2 according to one of claims 9 to 13, further comprising network parameter storage means for storing predetermined communication configuration parameters characteristic of a plurality of wireless networks, and for passing communication configuration parameters relating to a particular wireless network if the configuration parameter detector means is unable to detect communication configuration parameters from a base station, of the particular wireless network.
PCT/EP2009/056427 2009-05-27 2009-05-27 Mobile authentication method and device WO2010136061A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2009/056427 WO2010136061A1 (en) 2009-05-27 2009-05-27 Mobile authentication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2009/056427 WO2010136061A1 (en) 2009-05-27 2009-05-27 Mobile authentication method and device

Publications (2)

Publication Number Publication Date
WO2010136061A1 true WO2010136061A1 (en) 2010-12-02
WO2010136061A8 WO2010136061A8 (en) 2011-02-24

Family

ID=41571403

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2009/056427 WO2010136061A1 (en) 2009-05-27 2009-05-27 Mobile authentication method and device

Country Status (1)

Country Link
WO (1) WO2010136061A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030162529A1 (en) * 2000-05-26 2003-08-28 Gerard Noblins Method and interactive exchange between a subscriber identification module co-operating with a terminal in a radiotelephone, and a local device
WO2007010223A1 (en) * 2005-07-22 2007-01-25 M.M.I. Research Limited Acquiring identity parameters by emulating base stations
WO2007022811A1 (en) * 2005-08-23 2007-03-01 Thales Defence Deutschland Gmbh Method and device for identifying a mobile terminal in a digital cellular mobile radio network
US20090098825A1 (en) * 2005-03-07 2009-04-16 Heikki Huomo Method and mobile terminal device including smartcard module and near field communications

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030162529A1 (en) * 2000-05-26 2003-08-28 Gerard Noblins Method and interactive exchange between a subscriber identification module co-operating with a terminal in a radiotelephone, and a local device
US20090098825A1 (en) * 2005-03-07 2009-04-16 Heikki Huomo Method and mobile terminal device including smartcard module and near field communications
WO2007010223A1 (en) * 2005-07-22 2007-01-25 M.M.I. Research Limited Acquiring identity parameters by emulating base stations
WO2007022811A1 (en) * 2005-08-23 2007-03-01 Thales Defence Deutschland Gmbh Method and device for identifying a mobile terminal in a digital cellular mobile radio network

Also Published As

Publication number Publication date
WO2010136061A8 (en) 2011-02-24

Similar Documents

Publication Publication Date Title
EP2248322B1 (en) Methods and apparatus for wireless device registration
US6405030B1 (en) System for interception of digital cellular phone communication
CN102843682B (en) Access point authorizing method, device and system
CN102550062B (en) Method and system for user authentication by means of a cellular mobile radio network
US10970951B2 (en) Data management method, apparatus, device, system and storage medium for smart lock
CN104735027B (en) A kind of safety certifying method and authentication server
US9788202B2 (en) Method of accessing a WLAN access point
EP3675541B1 (en) Authentication method and device
CN108886674A (en) Pass through the system and method for relay in telecommunication network data
US10382961B2 (en) System and method of preventing unauthorized SIM card usage
JP2019525549A (en) Method for remote provisioning of user equipment in a cellular network
CN108605277B (en) Method and device for establishing wireless local area network connection
CN108093089A (en) Page monitoring method, apparatus, system and storage medium
EP2480042B1 (en) Mainboard, method and mobile terminal for realizing network locking/card locking function
CN106954213A (en) A kind of system of real name wireless authentication cut-in method and system
CN109660982B (en) Method and device for acquiring identification
KR101692161B1 (en) System and method for authorization using beacon transmitter and one-time password
WO2010136061A1 (en) Mobile authentication method and device
WO2011127724A1 (en) Method and system for controlling signaling or data transmission of machine type communication equipment
EP2683128A1 (en) A method for communicating data between a first device and a second device, corresponding second device and system
CN103582078A (en) Method and device for access control of machine communication
CN103108317A (en) Method of safe writing card
KR100787415B1 (en) Apparatus and method for authentification in mobile communication system
KR101828684B1 (en) Method for Automating Login Coupled with Medium
CN114040323B (en) Control method and device of equipment, storage medium and electronic device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09779555

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09779555

Country of ref document: EP

Kind code of ref document: A1