(19)
(11)EP 1 092 331 B1

(12)EUROPEAN PATENT SPECIFICATION

(45)Mention of the grant of the patent:
06.10.2004 Bulletin 2004/41

(21)Application number: 99936462.3

(22)Date of filing:  28.06.1999
(51)International Patent Classification (IPC)7H04Q 7/32, H04Q 7/22
(86)International application number:
PCT/EP1999/004467
(87)International publication number:
WO 2000/001180 (06.01.2000 Gazette  2000/01)

(54)

AUTHORIZATION METHOD FOR OPERATIONAL CHANGES ON A MOBILE PHONE

BERECHTIGUNGSVERFAHREN FÜR BETRIEBSVERÄNDERUNGEN IN EINEM MOBILTELEFON

PROCEDE SERVANT A AUTORISER DES MODIFICATIONS OPERATIONNELLES DANS UN TELEPHONE MOBILE


(84)Designated Contracting States:
BE DE DK ES FI FR GR IT NL PT SE

(30)Priority: 30.06.1998 GB 9814146

(43)Date of publication of application:
18.04.2001 Bulletin 2001/16

(73)Proprietor: Telefonaktiebolaget LM Ericsson (publ)
164 83 Stockholm (SE)

(72)Inventor:
  • HOLMES, Gary
    Southampton, Hampshire SO30 2XJ (GB)

(74)Representative: Vigars, Christopher Ian 
HASELTINE LAKE, Redcliff Quay, 120 Redcliff Street
Bristol BS1 6HU
Bristol BS1 6HU (GB)


(56)References cited: : 
EP-A- 0 562 890
US-A- 5 673 317
EP-A- 0 789 500
  
      
    Note: Within nine months from the publication of the mention of the grant of the European patent, any person may give notice to the European Patent Office of opposition to the European patent granted. Notice of opposition shall be filed in a written reasoned statement. It shall not be deemed to have been filed until the opposition fee has been paid. (Art. 99(1) European Patent Convention).


    Description


    [0001] The present invention relates to mobile telephones and, in particular but not exclusively, to mobile telephones which are able to send and receive short text messages using the short message service provided by GSM Mobile Telephone Standards.

    DESCRIPTION OF THE RELATED ART



    [0002] The GSM short message service (SMS) can be used by base stations and mobile units within a network to interrogate and gain information from a target mobile unit, and can be used to change operational settings of the mobile unit.

    [0003] Such information could be related to the geographical position of the mobile station, or details of the current cell site in which the mobile station is operating. Some operational settings which may be modified could include details of closed user group numbers, call forwarding or barring details etc.

    [0004] It. is therefore desirable to provide a system in which short messages (SMs), that are intended to make operational changes or request information from a mobile unit are encoded to prevent fraudulent use. One such method is disclosed in European Patent Application No. 97250018.5 (EP 0789500). However, such a system does not provide adequate security for the user.

    SUMMARY OF THE PRESENT INVENTION



    [0005] According to one aspect of the present invention, there is provided a method of operating a mobile telephone comprising:

    receiving message data at a mobile telephone from a caller, the message data including key data and instruction data; and

    processing the instruction data in dependence upon the key data,

       characterised in that the message data includes identity data relating to the caller and the key data relates to the called unit, and
       characterised by the steps of:

    combining the identity data and the key data to produce received security data;

    obtaining stored security data a memory of the mobile telephone on the basis of the received identity data;

    comparing the received security data with the stored security data; and

    processing the instruction data if the received security data is equivalent to the stored security data, or rejecting the instruction data if the received and stored security data are not equivalent.



    [0006] According to another aspect of the present invention, there is provided a mobile telephone comprising:

    reception means for receiving message data including key data and instruction data from a caller,

    instruction processing means operable to process the instruction data in dependence upon the key data,

       characterised in that the reception means is operable to receive message data that includes identity data, the identity data relating to the caller and the key data relating to the mobile telephone; and
       characterised by:

    memory means operable to store caller identity data and associated stored security data;

    data processing means operable to combine received identity data and received key data to produce received security data; and

    comparison means operable to compare the received security data with stored security data relating to the received identity data, the instruction processing means being operable to process the instruction data if the received security data is equivalent to the stored security data, or operable to reject the instruction data if the received and stored security data are not equivalent.


    BRIEF SUMMARY OF THE DRAWINGS



    [0007] 

    Figure 1 shows a schematic view of a mobile telephone;

    Figure 2 shows a block diagram of parts of a mobile telephone embodying the present invention;

    Figures 3 and 4 illustrate a stored data entry and a short message respectively; and

    Figure 5 is a flow chart illustrating steps in a method embodying the present invention.


    DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT



    [0008] A mobile telephone 1 is shown in Figure 1 and includes a display 2 and a keypad 3. As is well known, the GSM mobile telecommunications standard provides for the transmission and reception of short text messages (short message SM) between stations in the mobile network using the short message service (SMS). Short messages can be used to obtain information regarding a mobile station and can be used to change operational settings of a mobile station.

    [0009] With reference to Figure 2, a mobile telephone 1 includes a display 2, a keypad 3, and an antenna 4. The antenna 4 is connected to transmit/receive means 5 which operate to send and receive signals via the mobile telephone network. A micro-processor 6 controls the functions of the mobile telephone, and is connected to receive and transmit signals via the transmit/receive means 5. In addition, the mobile telephone incorporates a memory 7 which is used to store phone book entries for the user of the telephone. A typical entry in the phone book memory 7 comprises a person's telephone number combined with the name of that person.

    [0010] In an embodiment of the present invention, a security number (SN) is stored in the phone book memory 7. The security number is associated with the number of a caller who is entitled to interrogate the mobile station. This phone book entry is shown schematically in Figure 3, where the calling party's number is shown as CLI (calling line identifier) and the security number as SN.

    [0011] In systems operated in accordance with the present invention, when a station within the mobile network wishes to interrogate another station by way of the short message service (SMS), a short message (SM) is sent from that station to the station of interest. The contents of the short message are shown schematically in Figure 4. The short message comprises a portion indicating the number of the calling station, a personal identification code which is unique to the station being called, and a message 13. As will be described below, the calling station's number 11 is used in combination with the personal identification code 12 to determine a received security number. This received security number is then compared with the stored security number associated in the phone book of the called station with the caller's number in order to determine whether the message 13 can be processed by the mobile unit.

    [0012] For example, the algorithm combines the personal identity code (PIC) (eg. a four digit number), with the international telephone number of the requesting station. Such an international telephone number is usually 13 or 14 digits long. The algorithm produces a security number which can contain letters and numbers. The algorithm preferably operates in a similar way to known automatic password generators.

    [0013] With reference to Figure 5, the mobile unit 1 receives a short message (20) including the caller's number and the mobile unit's personal identity code. The calling line identity number and personal identity code (PIC) are combined using an algorithm known only to the mobile unit concerned, to produce a so-called received security number. The calling line identity number 11 of the incoming message is used to identify an entry in the phone book memory 7, and that phone book entry is used to provide the stored security number for the particular calling station.

    [0014] The PIC is selected by the user in a preferred embodiment of the present invention, and is therefore unique to each mobile telephone. The algorithm used to combine the PIC and the incoming calling line identity number would preferably be determined by the manufacturer, and so would not necessarily be unique to each phone. However, increased security would be provided by an algorithm which is unique to each phone.

    [0015] The received security number is then compared with the stored security number and if these numbers are not equivalent to one another, the incoming message is rejected. However, if the two numbers are equivalent, then the message is accepted, and processed by the mobile telephone.

    [0016] Accordingly, embodiments of the present invention can provide a mobile telephone which can enable secure access to information provided by the mobile telephone, by storing a security number for a particular calling station in a telephone book entry in the phone book memory of the telephone. Since the combining algorithm and the security number are confidential to the mobile telephone user, heightened security is possible.


    Claims

    1. A method of operating a mobile telephone comprising:

    receiving (step 20) message data (10) at a mobile telephone (1) from a caller, the message data including key data (12) and instruction data (13); and

    processing (step 27) the instruction data (13) in dependence upon the key data (12),

       wherein the message data (10) includes identity data (11) relating to the caller and the key data (12) relates to the called unit (1), and
       characterised by the steps of:

    combining (step 21) the identity data (11) and the key data (12) to produce received security data (SNIN);

    obtaining (step 22) stored security data (SNSTORED) from a memory (7) of the mobile telephone (1) on the basis of the received identity data (11);

    comparing (step 24) the received security data (SNIN) with the stored security data (SNSTORED); and

    processing (step 27) the instruction data if the received security data is equivalent to the stored security data, or rejecting (step 25) the instruction data if the received and stored security data are not equivalent.


     
    2. A method as claimed in claim 1, wherein the message data (10) is in the form of a GSM short message and the stored security data is stored in a user accessible storage area (7) of the mobile telephone (1).
     
    3. A method as claimed in claim 2, wherein the storage area (17) is a telephone book memory (7) for storing caller identity data and associated stored security data.
     
    4. A method as claimed in claim 1, 2, or 3,
    wherein the identity data (11) and the key data (12) are combined by the use of an algorithm (AX) uniquely associated with the mobile telephone.
     
    5. A mobile telephone (1) comprising:

    reception means (5) for receiving message data (10) including key data (12) and instruction data (13) from a caller,

    instruction processing means (6) operable to process the instruction data (13) in dependence upon the key data (12),

    wherein the reception means (5) is operable to receive message data (10) that includes identity data (11) , the identity data (11) relating to the caller and the key data (12) relating to the mobile telephone (1); and
       characterised by:

    memory means (7) operable to store caller identity data and associated stored security data;

    data processing means (6) operable to combine received identity data (11) and received key data (12) to produce received security data (SNIN); and

    comparison means (6) operable to compare the received security data (SNIN) with stored security data (SNSTORED) relating to the received identity data (11), the instruction processing means (6) being operable to process the instruction data (13) if the received security data (SNIN) is equivalent to the stored security data (SNSTORED), or operable to reject the instruction data (13) if the received and stored security data are not equivalent.


     
    6. A mobile telephone (1) as claimed in claim 5, wherein the message data (13) is in the form of a GSM short message and the stored security data (SNSTORED) is stored in a user accessible storage area (7).
     
    7. A mobile telephone (1) as claimed in claim 6, wherein the storage area is a telephone book memory (7) of the mobile telephone, the telephone book memory (7) being adapted to store caller identity data (11) and associated stored security data (SNSTORED).
     
    8. A mobile telephone as claimed in claim 6 or 7, wherein the data processing means (6) is adapted to operate in accordance with an algorithm (AX) uniquely associated with the mobile telephone (1).
     


    Ansprüche

    1. Verfahren des Betreibens eines Mobiltelefons, umfassend:

    Empfangen (Schritt 20) von Nachrichtendaten (10) von einem Rufenden bei einem Mobiltelefon (1), wobei die Nachrichtendaten Schlüsseldaten (12) einschließen und Anweisungsdaten (13); und

    Verarbeiten (Schritt 27) der Anweisungsdaten (13) abhängig von den Schlüsseldaten (12),

    wobei die Nachrichtendaten (10) sich auf den Rufenden beziehende Identitätsdaten (11) einschließen und sich auf die gerufene Einheit (1) beziehende Schlüsseldaten (12), und

    gekennzeichnet durch die Schritte:

    Kombinieren (Schritt 21) der Identitätsdaten (11) und der Schlüsseldaten (12) zum Erzeugen empfangener Sicherheitsdaten (SNIN) ;

    Erhalten (Schritt 22) gespeicherter Sicherheitsdaten (SNSTORED) von einem Speichers (7) des Mobiltelefons (1) basierend auf den empfangenen Identitätsdaten (11);

    Vergleichen (Schritt 24) der empfangenen Sicherheitsdaten (SNIN) mit den gespeicherten Sicherheitsdaten (SNSTORED) ; und

    Verarbeiten (Schritt 27) der Anweisungsdaten, wenn die empfangenen Sicherheitsdaten äquivalent zu den gespeicherten Sicherheitsdaten sind, oder Zurückweisen (schritt 25) der Anweisungsdaten, wenn die empfangenen und gespeicherten Sicherheitsdaten nicht äquivalent sind.


     
    2. Verfahren nach Anspruch 1, wobei die Nachrichtendaten (10) in Form einer GSM-Kurznachricht vorliegen und die gespeicherten Sicherheitsdaten in einem für den Benutzer zugänglichen Speicherbereich (7) des Mobiltelefons (1) gespeichert sind.
     
    3. Verfahren nach Anspruch 2. wobei der Speicherbereich (17) ein Telefonbuchspeicher (7) zum Speichern von Identitätsdaten von rufenden und zugeordneten gespeicherten Sicherheitsdaten ist.
     
    4. Verfahren nach Anspruch 1, 2 oder 3, wobei die Identitätsdaten (11) und die Schlüsseldaten (12) kombiniert werden unter Verwendung eines Algorithmus (AX), der einzigartig dem Mobiltelefon zugeordnet ist.
     
    5. Mobiltelefon (1) umfassend:

    eine Empfangsvorrichtung (5) zum Empfangen von Nachrichtendaten (10) einschließlich Schlüsseldaten (12) und Anweisungsdaten (13) von einem Rufenden,

    eine Anweisungsverarbeitungsvorrichtung (6), betreibbar zum Verarbeiten der Anweisungsdaten (13) in Abhängigkeit von den Schlüsseldaten (12),

    wobei die Empfangsvorrichtung (5) betreibbar ist zum Empfangen von Nachrichtendaten (10), die Identitätsdaten (11) einschließen, wobei die Identitätsdaten (11) sich auf den Rufenden beziehen und die Schlüsseldaten (12) sich auf das Mobiltelefon (1) beziehen; und

    gekennzeichnet durch:

    eine Speichervorrichtung (7), betreibbar zum Speichern von Rufenden-Identitätsdaten und zugeordneten gespeicherte Sicherheitsdaten;

    eine Datenverarbeitungsvorrichtung (6), betreibbar zum Kombinieren empfangener Identitätsdaten (11) und empfangener Schlüsseldaten (12) zum Erzeugen von empfangenen Sicherheitsdaten (SNIN) ; und

    eine Vergleichsvorrichtung (6), betreibbar zum Vergleichen der empfangenen Sicherheitsdaten (SNIN) mit gespeicherten Sicherheitsdaten (SNSTORED) die sich auf die empfangenen Identitätsdaten (11) beziehen, wobei die Anweisungsverarbeitungsvorrichtung (6) betreibbar ist zum Verarbeiten der Anweisungsdaten (13), wenn die empfangenen Sicherheitsdaten (SNIN) äquivalent den gespeicherten Sicherheitsdaten (SNSTORED) sind, oder betreibbar ist zum Zurückweisen der Anweisungsdaten (13), wenn die empfangenen und gespeicherten Sicherheitsdaten nicht äquivalent sind.


     
    6. Mobiltelefon (1) nach Anspruch 5, wobei die Nachrichtendaten (13) in Form einer GSM-Kurznachricht vorliegen und die gespeicherten Sicherheitsdaten (SNSTORED) in einem benutzerzugreifbaren Speicherbereich (7) gespeichert sind.
     
    7. Mobiltelefon (1) nach Anspruch 6, wobei der Speicherbereich ein Telefonbuchspeicher (7) des Mobiltelefons ist und wobei der Telefonbuchspeicher (7) eingerichtet ist zum Speichern von Rufenden-Identitätsdaten (11) und zugeordneten gespeicherten Sicherheitsdaten (SNSTORED).
     
    8. Mobiltelefon nach Anspruch 6 oder 7, wobei die Datenverarbeitungsvorrichtung (6) eingerichtet um in Übereinstimmung mit einem Algorithmus (AX) betrieben zu werden, der einzigartig dem Mobiltelefon (1) zugeordnet ist.
     


    Revendications

    1. Procédé pour faire fonctionner un téléphone mobile, comprenant :

    la réception (étape 20) de données (10) de message à un téléphone mobile (1) provenant d'un demandeur, les données de message comprenant des données (12) de clé et des données (13) d'instruction ; et

    le traitement (étape 27) des données (13) d'instruction en fonction des données (12) de clé,

    dans lequel les données (10) de message comprennent des données (11) d'identité concernant le demandeur et les données (12) de clé concernent l'unité demandée (1), et

       caractérisé par les étapes qui consistent :

    à combiner (étape 21) les données (11) d'identité et les données (12) de clé pour produire des données de sécurité reçues (SNIN) ;

    à obtenir (étape 22) des données de sécurité stockées (SNSTORED) à partir d'une mémoire (7) du téléphone mobile (1) sur la base des données d'identité reçues (11) ;

    à comparer (étape 24) les données de sécurité reçues (SNIN) aux données de sécurité stockées (SNSTORED) ; et

    à traiter (étape 27) les données d'instruction si les données de sécurité reçues sont équivalentes aux données de sécurité stockées, ou à rejeter (étape 25) les données d'instruction si les données de sécurité reçues et stockées ne sont pas équivalentes.


     
    2. Procédé selon la revendication 1, dans lequel les données (10) de message se présentent sous la forme d'un message GSM court et les données de sécurité stockées sont stockées dans une zone (7) de stockage accessible par l'utilisateur du téléphone mobile (1).
     
    3. Procédé selon la revendication 2, dans lequel la zone de stockage (17) est une mémoire (7) d'annuaire téléphonique destinée à stocker des données d'identité de demandeur et des données de sécurité stockées associées.
     
    4. Procédé selon la revendication 1, 2 ou 3, dans lequel les données d'identité (11) et les données de clé (12) sont combinées par l'utilisation d'un algorithme (AX) associé uniquement au téléphone mobile.
     
    5. Téléphone mobile (1) comportant :

    un moyen (5) de réception destiné à recevoir des données de message (10) comprenant des données de clé (12) et des données d'instruction (13) provenant d'un demandeur,

    un moyen (6) de traitement d'instruction pouvant fonctionner pour traiter les données d'instruction (13) en fonction des données de clé (12),

    dans lequel le moyen de réception (5) peut fonctionner de façon à recevoir des données de message (10) qui comprennent des données d'identité (11), des données d'identité (11) concernant le demandeur et les données de clé (12) concernant le téléphone mobile (1) ; et

       caractérisé par :

    un moyen à mémoire (7) pouvant fonctionner de façon à stocker des données d'identité de demandeur et des données de sécurité stockées associées ;

    un moyen (6) de traitement de données pouvant fonctionner de façon à combiner des données d'identité reçues (11) et des données de clé reçues (12) pour produire des données de sécurité reçues (SNIN) ; et

    un moyen de comparaison (6) pouvant fonctionner de façon à comparer les données de sécurité reçues (SNIN) aux données de sécurité stockées (SNSTORED) concernant les données d'identité reçues (11), le moyen (6) de traitement d'instruction pouvant fonctionner de façon à traiter les données d'instruction (13) si les données de sécurité reçues (SNIN) sont équivalentes aux données de sécurité stockées (SNSTORED), ou pouvant fonctionner de façon à rejeter les données d'instruction (13) si les données de sécurité reçues et stockées ne sont pas équivalentes.


     
    6. Téléphone mobile (1) selon la revendication 5, dans lequel les données de message (13) se présentent sous la forme d'un message court GSM, et les données de sécurité stockées (SNSTORED) sont stockées dans une zone de stockage (7) accessible à l'utilisateur.
     
    7. Téléphone mobile (1) selon la revendication 6, dans lequel la zone de stockage est une mémoire (7) d'annuaire de téléphone du téléphone mobile, la mémoire (7) d'annuaire de téléphone étant conçue pour stocker des données (11) d'identité de demandeur et des données de sécurité stockées (SNSTORED) associées.
     
    8. Téléphone mobile selon la revendication 6 ou 7, dans lequel le moyen (6) de traitement de données est conçu pour fonctionner conformément à un algorithme (AX) associé uniquement au téléphone mobile (1).
     




    Drawing