WO2018193469A1 - System and method of subscriber verification and restricted communication for a subscriber identity module (sim) - Google Patents

System and method of subscriber verification and restricted communication for a subscriber identity module (sim) Download PDF

Info

Publication number
WO2018193469A1
WO2018193469A1 PCT/IN2018/050228 IN2018050228W WO2018193469A1 WO 2018193469 A1 WO2018193469 A1 WO 2018193469A1 IN 2018050228 W IN2018050228 W IN 2018050228W WO 2018193469 A1 WO2018193469 A1 WO 2018193469A1
Authority
WO
WIPO (PCT)
Prior art keywords
sim
server
user
communication
designated server
Prior art date
Application number
PCT/IN2018/050228
Other languages
French (fr)
Inventor
Janardhana Swamy
Original Assignee
Janardhana Swamy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Janardhana Swamy filed Critical Janardhana Swamy
Publication of WO2018193469A1 publication Critical patent/WO2018193469A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/76Architectures of general purpose stored program computers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/33Security of mobile devices; Security of mobile applications using wearable devices, e.g. using a smartwatch or smart-glasses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity

Definitions

  • SIM Subscriber Identity Module
  • the invention generally relates to a telecommunication system and method and more specifically relates to a system and method of verification of a user of a SIM (Subscriber Identity Module) and restricting such SIM communication with specific domain(s) / server(s).
  • SIM Subscriber Identity Module
  • a Subscriber Identity Module is understood in the telecommunications world as an integrated circuit embedded on a small size smart card (SIM card) that may be inserted in mobile devices to enable the devices to connect to the telecommunication infrastructure.
  • SIM card securely stores a subscriber identity known as International Mobile Subscriber Identity (IMSI), Integrated Circuit Card Identifier (ICCID), other key information, and variations and combinations thereof that are used to uniquely and authentically identify a subscriber for connecting to a telecommunication network.
  • IMSI International Mobile Subscriber Identity
  • ICCID Integrated Circuit Card Identifier
  • SIM card Even after all the inconvenience of standing in queues and submitting clumsy documentation to receive a SIM card, the subscriber still cannot use the SIM card immediately and has to wait for the SIM to be activated. Activation generally takes anywhere between 1 to 2 days before the SIM card can actually be used to connect to and utilize the telecom network for voice calls, Short Message Service (SMS), data connectivity, etc.
  • SMS Short Message Service
  • the principal object of this invention is to provide a new and better method for customer verification without the traditional documentation, KYC and similar means including Adhaar number, which requires cumbersome fingerprint- scanning system.
  • Another object of the invention is to enable a subscriber to use a SIM without any activation delay attributable to traditional forms of verification.
  • Yet another object of the invention is to enable a subscriber to use an existing SIM number to complete a verification process for another SIM that the subscriber purchases either standalone or as part of an loT device.
  • Yet another object of the invention is to restrict the services of a SIM incorporated in an loT device and channelize the data communication of the SIM with specific domain(s) / server(s).
  • the present invention provides a system and method for subscriber verification and restricted communication for a SIM.
  • the system consists of a designated server, a telecommunication server in communication with the designated server, a web application interface and a memory unit in communication with the designated server.
  • the telecommunication server is configured to establish a communication channel to enable the SIM to communicate with the designated server whereas the web application interface is configured to enable a user device to send verification details to the designated server through the communication channel established by the telecommunication server.
  • the designated server is configured to fetch data from the database for verification of the details sent to the designated server through the web application interface and the SIM is configured to communicate only with the designated server through the communication channel established by the telecommunication server and the telecommunication server configured to reject any other communication attempt made by the SIM.
  • FIG. 1 depicts/illustrates details of a system that shows data interactions between a user device, loT devices with pre activated SIM cards and a server, in accordance with an embodiment of the invention.
  • FIG. 2 depicts/illustrates in detail the method of activation of a SIM card based services and channelizing its services in an loT network, in accordance with an embodiment of the invention.
  • FIG. 3 depicts/illustrates in detail the components and working of the server in accordance with an embodiment of the invention. Description of Embodiments
  • pre-activated SIM in this context refers to an activated SIM that is accepted by the Telecom Service Provider (TSP) to provide a network connectivity service to specific IP/ domain(s) so that the user successfully completes a verification process to become a valid subscriber of the pre- activated SIM.
  • TSP Telecom Service Provider
  • the subscriber is only then allowed to use a set of permitted services associated with the said pre-activated SIM. Every time a service is requested using this pre-activated SIM by the subscriber, the identity and authentication is verified before servicing. Suitable login ID in combination with a password may be used to carryout identification and authentication process in combination.
  • the subscriber is now expected to be responsible for all the actions taken and the data exchanged using this pre-activated SIM over the telecom network or access with the loT device.
  • user device refers to any device, which manages and controls the activities of one or more loT devices.
  • the user device may be a mobile phone, computer system, tablet and the like.
  • Designated server is an application server wherein the pre-activated SIM is restricted to communicate only with the designated server.
  • the communication with the designated server may be established through a telecom server.
  • a specific URL may be provided and the SIM may be restricted to only access this URL that directs to the designated Server.
  • a telecom server is the server of the cellular network provider, which interacts with the designated server.
  • the designated server may be any server including a cloud based server, etc.
  • Fig. 1 depicts/illustrates details of a system 100 that shows data interactions between a user device 1 10, user device TSP server 1 1 1 , designated server 1 12, through Internet 1 13, loT device TSP server 1 14, loT devices 1 15 containing a pre-activated SIM 1 16.
  • a pre-activated SIM card 1 16 is embedded into an loT Device 1 15 in accordance with an embodiment of the invention.
  • the pre-activated SIM card 1 16 may have only data connectivity service pre-activated and all other services such as voice calling, SMS, etc., may remain deactivated. This can be configured by the telecom service provider in the loT device TSP server 1 14.
  • the services to loT device 1 15containing pre-activated SIM 1 16 are configured at loT device TSP server 1 14 in a manner that, the data interactions with the loT devicel 15 is restricted to a designated server.
  • a designated server there may be more than one designated server.
  • a designated server 1 12 or multiple such designated servers may be identified by an IP address or domain name.
  • the loT device 1 15 will not be accessible by the user using the user device 1 10 until and unless the user successfully completes a verification process.
  • the user creates an account with the designated server 1 12 either through the user device 1 10 or by other means available such as by visiting the website provided for this purpose.
  • a user account creation may consist of user entering a suitable unique login ID, a valid email address, a valid phone number which user already possess, and other information. Verification of the information submitted may include checking if the email address is a valid email address and is accessible by the said user. This can be achieved by sending a secret information to the specified email address and asking the user to submit the obtained secret information at the prompt during the account creation process.
  • This account creation process will also verify the submitted phone number by means of sending a secret information, generally known as One Time Password (OTP) and then expecting the user to enter the OTP when prompted by the server to establish a confirmation that the said mobile phone number is indeed valid number and is actually accessible by the user.
  • OTP One Time Password
  • the subscriber may be asked to send an OTP displayed on the screen to a specific number from the user's said mobile number for verifying the said mobile number. Once the subscriber mobile number is verified the verification process is completed.
  • the user will be able to access the designated server 1 12 using the user device 1 10 through user device TSP server 1 1 1 .
  • user can use any other device or network available to access the designated server 1 12 on the Internet 1 13.
  • connection between the user and the designated server 1 12 is established when the subscriber logs into a web application (not shown in Fig.1 ) and enters valid login details pertaining to the user account to access the services offered by the designated server 1 12.
  • the user is asked to add an loT device to the account.
  • a unique number is provided inside the package containing the loT device.
  • the web application may be configured to communicate these details to the designated server 1 12 where the verification process is initiated.
  • the designated server 1 12 When the user submits the information containing secret unique number of the loT device 1 15, the details are sent to the designated server 1 12 and the designated server 1 12 upon acquiring the details verifies if the data entered is valid. After completion of satisfactory verification, the designated server 1 12 maps the loT device 1 15 containing pre-activated SIM 1 16 with the said user account.
  • the presumption on which the aforementioned verification process works is that the subscriber can possess an already existing and active mobile phone number only if the subscriber has submitted valid KYC and/or other documentation to obtain the SIM used in the subscriber mobile phone.
  • the subscriber details are already present with the telecom service provider and may be used to track the user when required.
  • the verification process upon completion associates the embedded SIM 1 16 with the subscriber mobile number which in turn ensures that all subscriber details are present with the telecom service provider and the corresponding government telecom department / authority.
  • Fig. 1 shows one user device 1 10 and one loT device 1 15, in another embodiment there can be multiple users and multiple loT devices. Further, in another embodiment, a single user can have authorization to access multiple loT devices. Similarly, a single loT device can be accessed by multiple users.
  • the loT device 1 16 The working of the loT device 1 16 according to the user commands is explained here in an example.
  • the motor is configured to be controlled by an loT device 1 15 using services by the loT devices TSP server1 14
  • the user device 1 10 utilizes user device TSP server 1 1 1 to communicate the command to the designated server 1 12 and the designated server 1 12 propagates the command through the loT device's TSP server 1 14 to the loT device 1 15 that controls the motor.
  • the loT device 1 15 sends a status information through loT device TSP server 1 14 to the designated server 1 12 about the action taken.
  • the status information is routed through the user device TSP server 1 1 1 to the user device 1 10.
  • the loT device may be configured to send other data and details to the designated server 1 12.
  • Fig. 2 depicts/illustrates in detail the method 200 of verifying a user and restricting communication of loT device containing a pre-activated SIM only to a designated server.
  • a pre-activated SIM card is incorporated into an loT device 220.
  • the user is directed to a web application in order to complete the registration process if not already registered (if already registered, user can directly login using the login credentials and map the newly purchased loT device to the existing account).
  • the web application the user is prompted to enter a valid pre existing mobile number 230. Once the mobile number is entered, the designated server initiates the verification process.
  • the designated server sends an OTP to the pre existing mobile number of the subscriber and prompts the subscriber to enter the OTP into the web application interface 240 or user may be asked to send the displayed OTP via SMS to a designated phone number.
  • a valid account is created with a verified mobile number associated with it. Valid account may also have a verified email address. A valid account will also have necessary login credentials for a later login to account easily.
  • the user may choose to add more than one device to the account and similar verification process may be carried out for adding each device.
  • the user may remove any specific device from the account and for such removed device, the user will no longer be able to control such removed device.
  • the user may grant access of one or more devices to one or more secondary users. Such access may be granted by the user, by providing a valid phone number or email id of such secondary users.
  • the web application may be configured to send an invitation to such secondary user to accept control of the device as specified by the user.
  • the designated server may send an SMS or email to the secondary user inviting such user to register with the system and accept control of the device as specified by the user.
  • the secondary users may choose to accept or reject the invitation.
  • the user may define and choose different levels of clearance, options or privileges for different secondary users, which may range from restricted privilege of only receiving status update with respect to a device all the way to unrestricted access to completely control a device.
  • the user may also grant to any secondary user the right to add more secondary users. Any secondary user can anytime be removed by the user. However, the user cannot be removed by any secondary user. This is similar to the tried and tested and reliable administrative privileges model in any computing system.
  • the user may transfer ownership with respect to the any device to another user.
  • the difference between granting access to secondary users versus transferring ownership to another user is that in the former the user who is registered as the owner of the device continues to be responsible for any and all actions of the secondary users while in the later once the ownership is transferred the earlier user ceases to be responsible for the device.
  • the process of transferring ownership also requires the user to provide the email id or mobile number of the subsequent owner based on which the designated server sends an SMS or email invitation to the subsequent owner to accept ownership of a specific device.
  • the subsequent owner may choose to accept or reject the invitation.
  • the designated server carries out the same verification process as provided in this invention.
  • the user may choose to deregister or cancel its account made with the designated server or may choose to revoke his / her own privileges with respect to all devices listed in the account.
  • the devices listed in the users account are not associated with any user and are treated as a new device with no associated user. The intended normal function of such a device may resume only after a user completes the verification process to assume control of the device.
  • Fig.3 depicts/illustrates the details 300 of components and working of the designated server.
  • the server 1 12 consists of a processor 310, which is configured to receive device and SIM details entered by a subscriber via the web application interface and validate the device based on the data available in the device and SIM database 312.
  • the database 312 is stored in memory 314 disposed within the server. Alternatively, the server may be configured to fetch data from the database that may be stored in another server or system.
  • the processor 310 is further configured to initiate a user verification process by executing instructions provided by a verification module 316.
  • the verification module 316 may consists of an OTP generation module 318 that may generate a unique OTP for every subscriber verification.
  • the processor fetches the OTP from the OTP generation module and may display the same on the web application interface or may initiate a message to be sent to the user's pre existing mobile number for verification purposes.
  • the designated server 1 12 may be configured to utilize a communication module 320 to have a communication interface with the user device through user device TSP server (not shown in the drawing) or loT device through loT device TSP server.
  • the user with an existing SIM will be able to use the existing SIM itself to meet the KYC requirements to obtain and use another SIM or the loT device with a pre-activated SIM without having a need to go through the laborious paper work again.
  • the method and process described in this invention also overcomes the limitation of the Aaadhaar based KYC, where a fingerprint scanning device is additionally needed to use Aadhaar verification.
  • the invention disclosed in this application clearly demonstrates its superiority in terms of simplicity (just one OTP), fast (no paper work), low cost (no need of bulky and expensive fingerprint scanners), and leverages well-understood and accepted process of identification such as OTP.
  • this method also reduces the hurdles and stress involved in wide acceptance of the loT devices for various domestic, consumer, and industrial use.
  • M2M machine-to- machine
  • TSPs telecommunication service providers

Abstract

The invention relates to a system and method of verification of a user of a SIM (Subscriber Identity Module) and restricting such SIM communication with specific domain(s) / server(s). The method involves, embedding a pre-activated SIM card in an IoT device, verifying a user based on another pre-existing mobile number of the user and requesting the IoT device TSP server to enable a restricted data or other communication for the pre-activated SIM in the IoT device based on such verification.

Description

Description
Title of Invention : System and Method of Subscriber
Verification and Restricted Communication for a
Subscriber Identity Module (SIM)
Technical Field
[1 ] The invention generally relates to a telecommunication system and method and more specifically relates to a system and method of verification of a user of a SIM (Subscriber Identity Module) and restricting such SIM communication with specific domain(s) / server(s).
Background Art
[2] A Subscriber Identity Module is understood in the telecommunications world as an integrated circuit embedded on a small size smart card (SIM card) that may be inserted in mobile devices to enable the devices to connect to the telecommunication infrastructure. A SIM card securely stores a subscriber identity known as International Mobile Subscriber Identity (IMSI), Integrated Circuit Card Identifier (ICCID), other key information, and variations and combinations thereof that are used to uniquely and authentically identify a subscriber for connecting to a telecommunication network.
[3] Traditionally, telecommunication policies in many countries mandate that specific documentation should be collected from the subscriber including identification, address proof, age proof, etc., before a SIM card is handed over to the subscriber. For example, the Department of Telecommunication (DOT) in India specifies certain Know Your Customer (KYC) norms for telecom companies based on which it is mandatory for these telecom companies to collect an identification and address proof from subscribers before a SIM card is issued to them. Sometimes the subscribers have to stand in long queues to get a SIM card. Even the subscribers who have gone through the documentation submission process once to obtain a SIM card have to go through the process all over again if they need another SIM card.
[4] Further, even after all the inconvenience of standing in queues and submitting clumsy documentation to receive a SIM card, the subscriber still cannot use the SIM card immediately and has to wait for the SIM to be activated. Activation generally takes anywhere between 1 to 2 days before the SIM card can actually be used to connect to and utilize the telecom network for voice calls, Short Message Service (SMS), data connectivity, etc.
[5] The problem gets compounded further if the SIM is sold to subscribers as part of loT (Internet of Things) and other devices through retail stores where such devices are sold have to then ensure that they adhere to all documentation collection norms before such devices are given out to customers. These policy bottlenecks not only cause extreme inconvenience to the customers but also make the retail stores less likely to carry such useful and life changing loT devices.
[6] It is the need of the hour to have a new system that not only is capable of verifying subscribers without the inconvenience of submitting physical documentation but also provides them with SIM cards that are ready to use without waiting for activation. The present invention aims at providing such a system and method.
Object of Invention
[7] The principal object of this invention is to provide a new and better method for customer verification without the traditional documentation, KYC and similar means including Adhaar number, which requires cumbersome fingerprint- scanning system.
[8] Another object of the invention is to enable a subscriber to use a SIM without any activation delay attributable to traditional forms of verification.
[9] Yet another object of the invention is to enable a subscriber to use an existing SIM number to complete a verification process for another SIM that the subscriber purchases either standalone or as part of an loT device.
[10] Yet another object of the invention is to restrict the services of a SIM incorporated in an loT device and channelize the data communication of the SIM with specific domain(s) / server(s).
Summary of Invention [1 1 ] The present invention provides a system and method for subscriber verification and restricted communication for a SIM. The system consists of a designated server, a telecommunication server in communication with the designated server, a web application interface and a memory unit in communication with the designated server. The telecommunication server is configured to establish a communication channel to enable the SIM to communicate with the designated server whereas the web application interface is configured to enable a user device to send verification details to the designated server through the communication channel established by the telecommunication server.
[12] Further, there is a database disposed within the memory unit, the designated server is configured to fetch data from the database for verification of the details sent to the designated server through the web application interface and the SIM is configured to communicate only with the designated server through the communication channel established by the telecommunication server and the telecommunication server configured to reject any other communication attempt made by the SIM.
Brief Description of Drawings
[13] This invention is illustrated in the accompanying drawings, throughout which, like reference letters indicate corresponding parts in the various figures.
[14] The embodiments herein will be better understood from the following description with reference to the drawings, in which:
[15] Fig. 1 depicts/illustrates details of a system that shows data interactions between a user device, loT devices with pre activated SIM cards and a server, in accordance with an embodiment of the invention.
[16] Fig. 2 depicts/illustrates in detail the method of activation of a SIM card based services and channelizing its services in an loT network, in accordance with an embodiment of the invention.
[17] Fig. 3 depicts/illustrates in detail the components and working of the server in accordance with an embodiment of the invention. Description of Embodiments
[18] The embodiments herein, the various features and advantageous details thereof are explained more fully with reference to the non-limiting embodiments that are illustrated in the accompanying drawings and / or detailed in the following description. Descriptions of well-known components and processing techniques are omitted so as to not unnecessarily obscure the embodiments herein. The examples used herein are intended merely to facilitate an understanding of ways in which the embodiments herein may be practiced and to further enable those of skill in the art to practice the embodiments herein. Accordingly, the examples should not be construed as limiting the scope of the embodiments herein.
[19] The present invention discloses by way of an illustrative embodiment a pre- activated SIM card incorporated in an loT device. According to the current invention, pre-activated SIM in this context refers to an activated SIM that is accepted by the Telecom Service Provider (TSP) to provide a network connectivity service to specific IP/ domain(s) so that the user successfully completes a verification process to become a valid subscriber of the pre- activated SIM. Once the verification process is complete and the validity of subscriber is established for the pre-activated SIM, the subscriber is only then allowed to use a set of permitted services associated with the said pre-activated SIM. Every time a service is requested using this pre-activated SIM by the subscriber, the identity and authentication is verified before servicing. Suitable login ID in combination with a password may be used to carryout identification and authentication process in combination. However, the subscriber is now expected to be responsible for all the actions taken and the data exchanged using this pre-activated SIM over the telecom network or access with the loT device.
[20] In this invention, user device refers to any device, which manages and controls the activities of one or more loT devices. The user device may be a mobile phone, computer system, tablet and the like. Designated server is an application server wherein the pre-activated SIM is restricted to communicate only with the designated server. The communication with the designated server may be established through a telecom server. In an exemplary embodiment a specific URL may be provided and the SIM may be restricted to only access this URL that directs to the designated Server. A telecom server is the server of the cellular network provider, which interacts with the designated server. The designated server may be any server including a cloud based server, etc.
[21 ] Throughout this description, method and system for user verification and restrictions on the communication using the pre-activated SIM have been explained with the help of an exemplary embodiment of an embedded pre- activated SIM in an loT device. This exemplary embodiment should not be read as a limitation of this invention and the scope of this description covers other embodiments wherein the disclosed system and method of user verification and SIM communication restriction may be utilized.
[22] Referring now to the drawings, where similar reference characters denote corresponding features consistently throughout the figures, there are shown preferred embodiments.
[23] Fig. 1 depicts/illustrates details of a system 100 that shows data interactions between a user device 1 10, user device TSP server 1 1 1 , designated server 1 12, through Internet 1 13, loT device TSP server 1 14, loT devices 1 15 containing a pre-activated SIM 1 16. A pre-activated SIM card 1 16 is embedded into an loT Device 1 15 in accordance with an embodiment of the invention. In a preferred embodiment, the pre-activated SIM card 1 16 may have only data connectivity service pre-activated and all other services such as voice calling, SMS, etc., may remain deactivated. This can be configured by the telecom service provider in the loT device TSP server 1 14.
[24] Further, in the present invention, the services to loT device 1 15containing pre-activated SIM 1 16 are configured at loT device TSP server 1 14 in a manner that, the data interactions with the loT devicel 15 is restricted to a designated server. In an alternate embodiment there may be more than one designated server. A designated server 1 12 or multiple such designated servers may be identified by an IP address or domain name.
[25] The loT device 1 15 will not be accessible by the user using the user device 1 10 until and unless the user successfully completes a verification process. [26] In one embodiment, the user creates an account with the designated server 1 12 either through the user device 1 10 or by other means available such as by visiting the website provided for this purpose. A user account creation may consist of user entering a suitable unique login ID, a valid email address, a valid phone number which user already possess, and other information. Verification of the information submitted may include checking if the email address is a valid email address and is accessible by the said user. This can be achieved by sending a secret information to the specified email address and asking the user to submit the obtained secret information at the prompt during the account creation process. This account creation process will also verify the submitted phone number by means of sending a secret information, generally known as One Time Password (OTP) and then expecting the user to enter the OTP when prompted by the server to establish a confirmation that the said mobile phone number is indeed valid number and is actually accessible by the user.
[27] In an alternate embodiment, the subscriber may be asked to send an OTP displayed on the screen to a specific number from the user's said mobile number for verifying the said mobile number. Once the subscriber mobile number is verified the verification process is completed.
[28] In one embodiment, after the account creation process is complete, the user will be able to access the designated server 1 12 using the user device 1 10 through user device TSP server 1 1 1 . In another embodiment, user can use any other device or network available to access the designated server 1 12 on the Internet 1 13.
[29] The connection between the user and the designated server 1 12 is established when the subscriber logs into a web application (not shown in Fig.1 ) and enters valid login details pertaining to the user account to access the services offered by the designated server 1 12.
[30] In one embodiment, once the login process is successfully completed by the user, then the user is asked to add an loT device to the account. Usually, a unique number is provided inside the package containing the loT device. The web application may be configured to communicate these details to the designated server 1 12 where the verification process is initiated. [31 ] When the user submits the information containing secret unique number of the loT device 1 15, the details are sent to the designated server 1 12 and the designated server 1 12 upon acquiring the details verifies if the data entered is valid. After completion of satisfactory verification, the designated server 1 12 maps the loT device 1 15 containing pre-activated SIM 1 16 with the said user account.
[32] The presumption on which the aforementioned verification process works is that the subscriber can possess an already existing and active mobile phone number only if the subscriber has submitted valid KYC and/or other documentation to obtain the SIM used in the subscriber mobile phone. The subscriber details are already present with the telecom service provider and may be used to track the user when required. The verification process upon completion associates the embedded SIM 1 16 with the subscriber mobile number which in turn ensures that all subscriber details are present with the telecom service provider and the corresponding government telecom department / authority.
[33] Once the process of mapping an loT device is completed with an user whose valid mobile number is now known, the designated server 1 12 allows the user to access to the loT device 1 15.
[34] Although Fig. 1 shows one user device 1 10 and one loT device 1 15, in another embodiment there can be multiple users and multiple loT devices. Further, in another embodiment, a single user can have authorization to access multiple loT devices. Similarly, a single loT device can be accessed by multiple users.
[35] The working of the loT device 1 16 according to the user commands is explained here in an example. Consider for an instance that the user wants to control a motor at another location. If the motor is configured to be controlled by an loT device 1 15 using services by the loT devices TSP server1 14, the user device 1 10 utilizes user device TSP server 1 1 1 to communicate the command to the designated server 1 12 and the designated server 1 12 propagates the command through the loT device's TSP server 1 14 to the loT device 1 15 that controls the motor. Now the loT device 1 15 sends a status information through loT device TSP server 1 14 to the designated server 1 12 about the action taken. The status information is routed through the user device TSP server 1 1 1 to the user device 1 10. Similarly, the loT device may be configured to send other data and details to the designated server 1 12.
[36] Fig. 2 depicts/illustrates in detail the method 200 of verifying a user and restricting communication of loT device containing a pre-activated SIM only to a designated server. A pre-activated SIM card is incorporated into an loT device 220. Once a user purchases an loT device with an embedded SIM, the user is directed to a web application in order to complete the registration process if not already registered (if already registered, user can directly login using the login credentials and map the newly purchased loT device to the existing account). At the web application the user is prompted to enter a valid pre existing mobile number 230. Once the mobile number is entered, the designated server initiates the verification process. The designated server sends an OTP to the pre existing mobile number of the subscriber and prompts the subscriber to enter the OTP into the web application interface 240 or user may be asked to send the displayed OTP via SMS to a designated phone number. Once the user mobile verification is completed in either way, a valid account is created with a verified mobile number associated with it. Valid account may also have a verified email address. A valid account will also have necessary login credentials for a later login to account easily.
[37] Once a valid account is created or user is logged into an existing valid account, the user may be prompted to enter the loT device details in possession 250.
[38] Upon verification of the loT device information, access to the loT device containing an embedded SIM is permitted to the said user 260 and the device gets listed in the user's account. Further the user may not be asked to verify the pre-existing mobile number of the user again and again as the user may choose to create a password to access the account in the future.
[39] The user may choose to add more than one device to the account and similar verification process may be carried out for adding each device. The user may remove any specific device from the account and for such removed device, the user will no longer be able to control such removed device.
[40] In one embodiment, the user may grant access of one or more devices to one or more secondary users. Such access may be granted by the user, by providing a valid phone number or email id of such secondary users. If a particular secondary user is registered with the system and already has an account, the web application may be configured to send an invitation to such secondary user to accept control of the device as specified by the user. In case the secondary user is not registered with the system, the designated server may send an SMS or email to the secondary user inviting such user to register with the system and accept control of the device as specified by the user. The secondary users may choose to accept or reject the invitation. The user may define and choose different levels of clearance, options or privileges for different secondary users, which may range from restricted privilege of only receiving status update with respect to a device all the way to unrestricted access to completely control a device. The user may also grant to any secondary user the right to add more secondary users. Any secondary user can anytime be removed by the user. However, the user cannot be removed by any secondary user. This is similar to the tried and tested and reliable administrative privileges model in any computing system.
[41 ] In one embodiment, the user may transfer ownership with respect to the any device to another user. The difference between granting access to secondary users versus transferring ownership to another user is that in the former the user who is registered as the owner of the device continues to be responsible for any and all actions of the secondary users while in the later once the ownership is transferred the earlier user ceases to be responsible for the device. The process of transferring ownership also requires the user to provide the email id or mobile number of the subsequent owner based on which the designated server sends an SMS or email invitation to the subsequent owner to accept ownership of a specific device. The subsequent owner may choose to accept or reject the invitation. Once the subsequent owner accepts the invitation, the designated server carries out the same verification process as provided in this invention. Upon verification of the subsequent owner all the administrator privileges get transferred from the user to the subsequent owner and any secondary users created by the user may or may not lose any and all control over the transferred device based on subsequent owner's discretion. This method not only ensures traceability of primary user of the IOT device but also helps in manufacture and testing, quality check or certification of loT devices containing pre activated SIMs. The individual or company carrying out the manufacturing or testing activity may create account with designated server for such temporary usage of functionality of loT device for such manufacturing or testing purposes.
[42] In one embodiment the user may choose to deregister or cancel its account made with the designated server or may choose to revoke his / her own privileges with respect to all devices listed in the account. In such a scenario, the devices listed in the users account are not associated with any user and are treated as a new device with no associated user. The intended normal function of such a device may resume only after a user completes the verification process to assume control of the device.
[43] Fig.3 depicts/illustrates the details 300 of components and working of the designated server. The server 1 12 consists of a processor 310, which is configured to receive device and SIM details entered by a subscriber via the web application interface and validate the device based on the data available in the device and SIM database 312. The database 312 is stored in memory 314 disposed within the server. Alternatively, the server may be configured to fetch data from the database that may be stored in another server or system. The processor 310 is further configured to initiate a user verification process by executing instructions provided by a verification module 316. The verification module 316 may consists of an OTP generation module 318 that may generate a unique OTP for every subscriber verification. The processor fetches the OTP from the OTP generation module and may display the same on the web application interface or may initiate a message to be sent to the user's pre existing mobile number for verification purposes.
[44] The designated server 1 12 may be configured to utilize a communication module 320 to have a communication interface with the user device through user device TSP server (not shown in the drawing) or loT device through loT device TSP server.
[45] From this new method and process, the user with an existing SIM will be able to use the existing SIM itself to meet the KYC requirements to obtain and use another SIM or the loT device with a pre-activated SIM without having a need to go through the laborious paper work again. The method and process described in this invention also overcomes the limitation of the Aaadhaar based KYC, where a fingerprint scanning device is additionally needed to use Aadhaar verification. The invention disclosed in this application clearly demonstrates its superiority in terms of simplicity (just one OTP), fast (no paper work), low cost (no need of bulky and expensive fingerprint scanners), and leverages well-understood and accepted process of identification such as OTP. More importantly, this method also reduces the hurdles and stress involved in wide acceptance of the loT devices for various domestic, consumer, and industrial use. With the simple and very effective way described in this invention to establish KYC, the machine-to- machine (M2M) system integrators, loT device makers, telecommunication service providers (TSPs) will benefit greatly.
[46] The foregoing description of the specific embodiments will so fully reveal the general nature of the embodiments herein that others can, by applying current knowledge, readily modify and/or adapt for various applications such specific embodiments without departing from the generic concept, and, therefore, such adaptations and modifications should and are intended to be comprehended within the meaning and range of equivalents of the disclosed embodiments. It is to be understood that the phraseology or terminology employed herein is for the purpose of description and not of limitation. Therefore, while the embodiments herein have been described in terms of preferred embodiments, those skilled in the art will recognize that the embodiments herein can be practiced with modification within the scope of the embodiments as described herein.

Claims

Claims
[Claim 1 ] A system for subscriber verification and restricted communication for a SIM, the system comprising: a designated server; a telecommunication server in communication with the designated server, the telecommunication server configured to establish a communication channel to enable the SIM to communicate with the designated server; a web application interface configured to enable a user device to send verification details to the designated server through the communication channel established by the telecommunication server; a memory unit in communication with the designated server; a database disposed within the memory unit wherein the designated server is configured to fetch data from the database for verification of the details sent to the designated server through the web application interface; and the SIM configured to communicate only with the designated server through the communication channel established by the telecommunication server and the telecommunication server configured to reject any other communication attempt made by the SIM.
[Claim 2] The system as claimed in claim 1 further comprising the designated server configured to be accessed only through a predefined URL and the SIM being permitted to communicate with the designated server only by accessing the predefined URL.
[Claim 3] The system as claimed in claim 1 further comprising the SIM being pre-activated at the time of purchase by the user.
[Claim 4] The system as claimed in claim 1 further comprising the SIM embedded in an loT device.
[Claim 5] The system as claimed in claim 4 further comprising the designated server configured to establish a two way communication with the SIM embedded in the loT device.
[Claim 6] The system as claimed in claim 1 further comprising the designated server being a cloud server.
[Claim 7] The system as claimed in claim 1 further comprising the telecommunication server configured to only permit a specific type of communication like data communication for the SIM and disable all other forms of communication.
[Claim 8] The system as claimed in claim 1 further comprising the verification details being chosen from a group consisting of KYC details, Aadhar, Biometric, Demographic, Password and pre existing valid mobile number owned by the user.
[Claim 9] The system as claimed in claim 1 further comprising the designated server configured to display an OTP on the web application interface and prompting the user to send the OTP to a designated number from a pre existing valid mobile number.
[Claim 10] A method for subscriber verification and restricted communication for a SIM, the method comprising: a telecommunication server establishing a communication channel for the SIM to communicate with a designated server; permitting the SIM to communicate only with the designated server; sending verification details to the designated server through a web application interface; the designated server fetching data from a database disposed within a memory unit that is in communication with the designated server; the designated server verifying the details received through the web application interface based on the data fetched from the database; the telecommunication server rejecting any communication attempted by the SIM other than communication with the designated server.
[Claim 1 1 ] The method as claimed in claim 10 further comprising permitting the SIM to access the designated server only through a predefined URL.
[Claim 12] The method as claimed in claim 10 further comprising pre activating the SIM before the SIM being purchased by the user.
[Claim 13] The method as claimed in claim 10 further comprising the designated server establishing a two way communication with an loT device in which the SIM is embedded.
[Claim 14] The method as claimed in claim 10 further comprising the telecommunication server permitting only a specific type of communication like data communication by the SIM and rejecting all other forms of communication.
[Claim 15] The method as claimed in claim 10 further comprising the verification details sent to the designated server being chosen from a group consisting of KYC details, Aadhar, Biometric, Demographic, Password and pre existing valid mobile number owned by the user.
[Claim 16] The method as claimed in claim 10 further comprising prompting the user to send an OTP displayed on the web application interface to a designated number from a pre existing valid mobile number owned by the user.
PCT/IN2018/050228 2017-04-18 2018-04-18 System and method of subscriber verification and restricted communication for a subscriber identity module (sim) WO2018193469A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN201741013821 2017-04-18
IN201741013821 2017-04-18

Publications (1)

Publication Number Publication Date
WO2018193469A1 true WO2018193469A1 (en) 2018-10-25

Family

ID=63857045

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IN2018/050228 WO2018193469A1 (en) 2017-04-18 2018-04-18 System and method of subscriber verification and restricted communication for a subscriber identity module (sim)

Country Status (1)

Country Link
WO (1) WO2018193469A1 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9210192B1 (en) * 2014-09-08 2015-12-08 Belkin International Inc. Setup of multiple IOT devices

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9210192B1 (en) * 2014-09-08 2015-12-08 Belkin International Inc. Setup of multiple IOT devices

Similar Documents

Publication Publication Date Title
US10412575B2 (en) System and method for virtual SIM card
KR101611773B1 (en) Methods, apparatuses and computer program products for identity management in a multi-network system
JP5654642B1 (en) Authentication system and program
US8887232B2 (en) Central biometric verification service
EP3433994B1 (en) Methods and apparatus for sim-based authentication of non-sim devices
US20150172922A1 (en) Method, system and relevant device for realizing virtual sim card
CN106105091A (en) Identification and Access Management Access
JP2009515403A (en) Remote activation of user accounts in telecommunications networks
WO2012100615A1 (en) System, server, and method for disabling associated application of mobile terminal to remember password
CN104159225A (en) Wireless network based real-name registration system management method and system
US11165768B2 (en) Technique for connecting to a service
WO2019056971A1 (en) Authentication method and device
US11601807B2 (en) Mobile device authentication using different channels
US10951616B2 (en) Proximity-based device authentication
KR20220100886A (en) A method for authenticating users on a network slice
CN105812314B (en) A kind of user logs in the method and unification authentication platform of internet application
CN105409259B (en) Telephone service is provided by WIFI for non-cellular
US20190306673A1 (en) Automated activation and onboarding of connected devices
GB2547231A (en) Apparatus, method and computer program product for use in authenticating a user
WO2018193469A1 (en) System and method of subscriber verification and restricted communication for a subscriber identity module (sim)
AU2019270881B2 (en) Automatic communication device onboarding
WO2017109652A1 (en) Associating a token identifier with a user accessible data record
JP2021158551A (en) Information processing device, information processing program, and information processing method
US8424070B1 (en) Dynamic network-centric generation of public service access identification
US11968531B2 (en) Token, particularly OTP, based authentication system and method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18787956

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18787956

Country of ref document: EP

Kind code of ref document: A1