Patent Application
20120171996
The present technology pertains in general to operation of a wireless modem configured for operation with a Subscriber Identity Module (SIM). Specifically the present technology pertains to a method for enabling operation of a wireless modem in combination with predetermined characteristics associated with a user session on a user device.
Wireless modems, also sometimes referred to as wireless wide area network (WWAN) modems, cellular modems and other names, communicate with a WWAN communication system such as a cellular communication system and provide packet data services to user devices. Wireless modems exchange data with user devices using a Universal Serial Bus (USB), PC Card, CardBus, Ethernet, WiFi, Bluetooth or other interface, for example. Wireless modems typically include a WWAN transceiver such as a cellular transceiver for exchanging data with the WWAN communication system. The WWAN communication system is connected to a public switching system such as a public switched telephone network (PSTN) and/or the Internet. The wireless modem performs the necessary timing and translation functions to provide data packet services between the user device and the WWAN communication system.
A conventional wireless modem is configured to communicate with a WWAN communication system using a Subscriber Identity Module (SIM), which is typically provided on a SIM card. While the SIM can be configured to require a personal identification number (PIN) before it releases data that is required for enabling access to the WWAN communication system, operation of a conventional wireless modem is typically not otherwise restricted. As such wireless modems may be operated in many ways beyond intended uses and the cost for operation of wireless modems can be poorly controlled by non-user subscribers. For example, control of operating cost beyond the intended use of wireless modems may be of importance to corporate subscribers providing their staff with wireless modems.
Accordingly, there is a need for a method for locking/restricting operation of a wireless modem.
This background information is provided to reveal information believed by the applicant to be of possible relevance to the present invention. No admission is necessarily intended, nor should be construed, that any of the preceding information constitutes prior art against the present invention.
An object of the present technology is to provide a method for enabling operation of a wireless modem. In accordance with one aspect of the present technology, there is provided a method for enabling operation of a wireless modem, the wireless modem configured for operation with a Subscriber Identity Module (SIM), the method comprising: determining a personal identification number (PIN) based at least in part on a predetermined network domain; configuring the SIM to release wireless network access data only upon providing the PIN; determining a network domain of a user session on a user device, the user device operatively connected to the wireless modem; determining a SIM-unlock code based at least in part on the network domain associated with the user device; providing the SIM-unlock code to the SIM; and comparing the SIM-unlock code to the PIN; whereby wireless network access is enabled only if at least the network domain associated with a user device corresponds with the predetermined network domain.
In accordance with another aspect of the present technology, there is provided a method for operating a wireless modem, the wireless modem configured for operation with a Subscriber Identity Module (SIM), the SIM configured to release wireless network access data only upon providing a personal identification number (PIN) based at least in part on the predetermined network domain; the method comprising: determining a network domain associated with a user session on a user device, the user device operatively connected to the wireless modem; determining a SIM-unlock code based at least in part on the network domain associated with the user device; providing the SIM-unlock code to the SIM; and comparing the SIM-unlock code to the PIN; whereby wireless network access is enabled only if at least the network domain associated with a user device corresponds with the predetermined network domain.
In accordance with another aspect of the present technology, there is provided a method for configuring a Subscriber Identity Module (SIM) for use with a wireless modem configured for use with the SIM, the SIM intended for use with a predetermined network domain, the method comprising: determining a personal identification number (PIN) based at least in part on the predetermined network domain; and configuring the SIM to enable wireless network access only upon providing the PIN.
As used herein, the term “about” refers to a +/−10% variation from the nominal value. It is to be understood that such a variation is always included in a given value provided herein, whether or not it is specifically referred to.
As used herein, the term “network domain” may refer to a collection of associated elements such as computing devices or the designation, identification or name used to refer to these associated elements, as the case may be. A network domain can refer to a group of computing devices that are associated via one or more organizational aspects such as user account information and/or one or more security policies, for example. For this purpose, a network domain may include one or more domain controllers that manage the organizational aspects for the computing devices and/or users that are members of the network domain. A network domain can be a Microsoft Windows™ or other network domain. A Windows™ network domain may include one or more Windows™ domain controllers, for example.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
The instant technology provides a method for enabling operation of a wireless modem when the wireless modem is used in combination with a user device that is associated with one or more predetermined aspects of a user session. For example, predetermined aspects of a user session may be characterized by a predetermined network domain or other predetermined aspects that are associated with the user session as described herein.
Some or all of the wireless network access data may be used to identify the SIM within the WWAN communication system and associate the SIM with a specific subscriber account. The WWAN communication system uses some or all of this information to track communications to and/or from the wireless modem and determine cost associated therewith. Ways for performing cost accounting can be performed by WWAN communication systems and corresponding specifications are well documented and readily available to a person skilled in the art.
According to embodiments of the instant technology, the SIM is configured to release the wireless network access data only upon providing a personal identification number (PIN). According to embodiments, the PIN is kept hidden from ordinary users who are not authorized to change the PIN, and changing the PIN is reserved to authorized administrators of systems that employ the instant technology. Depending on the embodiment, systems that employ the instant technology may or may not be configured to reveal PINs to administrators.
Depending on the embodiment, the PIN may include a predetermined number of digits. For example, the PIN may have four to twelve digits. Depending on the embodiment, each digit may comprise numerical or alphanumerical characters from a predetermined alphabet or set of characters.
The user device 110 can be a notebook, laptop, desktop, tablet, handheld or other computing device that can be operatively coupled via an interconnect system 115 to the wireless modem 120. The interconnect system 115 can a USB, PC Card, CardBus. Ethernet or other wired or wireless interconnect system. The user device 110 and wireless modem 120 may also be provided in an integrated manner such as in the form of a personal digital assistant (PDA), smartphone, notebook with integrated wireless modem or other integrated computing device, for example. The SIM 130 may be inserted in the wireless modem 120 or, if the user device and the wireless modem are provided in one integrated device, directly in the integrated device, for example.
The following, as illustrated in
According to embodiments of the instant technology, the PIN is determined using the outcome of a predetermined key-generating function, such as a formula and/or algorithm. Accordingly the outcome of the key-generating function is used as the PIN for locking the SIM, that is, the PIN is used to encode some or all of the wireless network access data stored in the SIM. According to embodiments of the instant technology, the same key-generating function is (later) used to process actual aspects of a specific user session. For example, the user device and/or the wireless modem compute an outcome of the key-generating function based on the actual aspects of the specific user session that is then used as a SIM-unlock code, as described below with reference to the second stage.
According to an embodiment, the key-generating function is configured to accept the predetermined network domain as a network-domain parameter (not illustrated). Depending on the embodiment, the key-generating function can be injective or non-injective with respect to the relationship between, for example the network-domain parameter, and the PIN. Again, it is noted, that the key-generating function may be configured to use other or additional aspects of the user session as a parameter/parameters.
In step 220 the SIM 130 is then configured to release the wireless network access data only upon providing the PIN, that is, the wireless network access data stored in the SIM can only be accessed when the SIM is unlocked with the PIN. This configuration of the SIM 130 may be referred to as SIM-locked. In other words, when the key-generating function is applied to a network-domain parameter that is different from the predetermined network domain, the SIM cannot be unlocked with the result generated by the key-generating function if the key-generating function is injective or more or less unlikely be unlocked with the result generated by the key-generating function when the key-generating function is non-injective.
Optionally the system may be configured to take into account additional aspects regarding a specific user session of the user device. For example, the key-generating function for determining the PIN may be configured to additionally accept one of more of the following parameters: the ICC-ID, type and/or serial number of the SIM and/or the wireless modem, and/or other characteristics of the wireless modem, the SIM, the WWAN communication system and/or information associated with the user within the network domain. Accordingly, the PEN may be configured so that the SIM can be unlocked only if all predetermined aspects regarding a user session meet their predetermined values. Accordingly, these aspects can go beyond matching the network domain associated with a user session with a predetermined network domain. According to an embodiment, the key-generating function is configured to accept the predetermined network domain as a network domain parameter, the type of the wireless modem and the ICC-ID of the SIM. Accordingly, the outcome of the respective key-generating function when used as a PIN for unlocking the SIM, can only be reproduced, when the type of wireless modem, the SIM and the network domain each match their predetermined value.
When the SIM is locked with a PIN that is determined based on one or more aspects associated with a user session as described herein, the wireless modem can be enabled/activated to access the WWAN communication system provided the SIM is unlocked with the correct SIM-unlock code, that is the SIM-unlock code has to correspond with the PIN that was used to lock the SIM. According to embodiments of the instant technology, the SIM-unlock code is determined using the same key-generating function that is used to generate the SIM's PIN. For this purpose, the outcome of the key-generating function will unlock the SIM, when the characteristics of the user session which are provided as parameters to the key-generating function meet the characteristics that were used to generate the PIN. Depending on the embodiment, one or more of the network domain, the ICC-ID, the wireless modem type and/or other aspects associated with the user session are be the same as those used during PIN generation.
Steps 230 and onwards of the flow diagram as illustrated in
Step 230 comprises determining the network domain with which the user session is associated. For example, the user session may be defined, at least in part, by the account that the user has invoked when logging into the operating system of the user device. Next follows step 240 which comprises determining a SIM-unlock code based on the network domain determined in step 230. As described, the SIM-unlock code is determined based upon the key-generating function and corresponds with the outcome thereof. Following in step 250, the SIM-unlock code is provided to the SIM. The SIM is configured to determine in step 260, if the provided SIM-unlock code is correct, that is, whether it corresponds with the PIN of the SIM. If the SIM-unlock code corresponds with the PIN, the SIM will release, in step 270, wireless network access data that is required to establish an operative connection between the wireless modem and the WWAN communication system.
Details of how and in which components processes involved in steps 260 and 270 are invoked, may depend on the specific type of SIM. Depending on the SIM, corresponding processes may be performed by the SIM entirely independently with or without use of or in combination with other components. Such processes may involve use of one or more authentication keys and/or generation of one or more encryption keys. Authentication keys and/or encryption keys may be used to encode data communicated wirelessly between the wireless modem and the WWAN. Encryption keys may be generated through one or more communications of data between the wireless device and the WWAN. For this purpose and according to some embodiments, processes may be employed that are well documented and readily known in the art.
It will be appreciated that, although specific embodiments have been described herein for purposes of illustration, various modifications may be made without departing from the spirit and scope of the invention. In particular, it is within the scope of the invention to provide a computer program product or program element, or a program storage or memory device such as a transmission medium, magnetic or optical wire, tape or disc, or the like, for storing signals readable by a machine, for controlling the operation of a computer according to the method of the invention and/or to structure its components in accordance with the system of the invention.
Further, each step of the methods may be executed on a general computer, such as a personal computer, server or the like and pursuant to one or more, or a part of one or more, program elements, modules or objects generated from any programming language, such as C, C++, Java, Perl, PL/l, or the like. In addition, each step, or a file or object or the like implementing each said step, may be executed by special purpose hardware or a circuit module designed for that purpose.
It is obvious that the foregoing embodiments are examples and can be varied in many ways. Such present or future variations are not to be regarded as a departure from the spirit and scope of the invention, and all such modifications as would be obvious to one skilled in the art are intended to be included within the scope of the following claims.
