Patent Grant
8219811
Current methods for downloading software for remote execution on mobile devices do not provide the required security to prevent malicious attacks on the large networks managed by network operators. Because mobile devices often need to execute software functionality without an active connection to a secured key resource, a method that provides a secure way to distribute and execute software on devices is needed.
Current methods for downloading software from a network to a mobile device require the network to monitor the mobile device and to determine what software to transmit to the mobile device. Subscribers may be required to contact the network from the mobile device to retrieve updated mobile device configurations or settings based on input from the network itself. This may lead to increased network traffic, an increase in the amount of bandwidth used by the network, decreased connection speed to the network, and increased time it takes for a subscriber to download software from the network.
In addition, problems also exist with validating software downloaded from the network to the mobile device. Validating software through the network may create security issues. In order to validate software, the network may need to verify confidential data associated with the mobile device appropriately relates to data stored in a database on the network. This presents the danger of compromising confidential data associated with the mobile device.
The headings provided herein are for convenience only and do not necessarily affect the scope or meaning of the claimed invention.
In the drawings, the same reference numbers and acronyms identify elements or acts with the same or similar functionality for ease of understanding and convenience. To easily identify the discussion of any particular element or act, the most significant digit or digits in a reference number refer to the Figure number in which that element is first introduced.
As noted above, mobile device providers such as wireless service providers, need the ability to interact with their subscribers and their subscribers' mobile devices to provide both general and technical support services. The wireless service providers or network operators need to execute software to collect and set specific device configurations, ascertain device status, and so forth. They need to remotely execute software with a high degree of security. A concern, however, is that unauthorized software could take advantage of vulnerabilities in this system.
Certain embodiments of the invention described below provide examples of ways to overcome this problem by using, for example, a Subscriber Identification Module (“SIM”) or other device on the mobile device, to securely store a unique code or secret key and provide one-way algorithms such as hashes based on it and/or other data. The hash may also be based on other hardware specific information not normally available via network access, such as an International Mobile Equipment Identifier (IMEI), International Mobile Subscriber Identifier (IMSI), or other known unique values or data stored on mobile devices. A combination of such data stored locally on the mobile device may be combined or algorithmically modified before or after being subjected to hashing or similar processes to generate a resulting value. The value may then be used to encrypt or authenticate downloaded software, scripts or data provided to the mobile device. By so doing, every piece of software, scripts or data may be uniquely tied to a specific hardware device (mobile device or SIM), or a specific combination of hardware devices (e.g., hardware with SIM).
Thus, system as described below provide the ability to remotely execute software on mobile devices without the need for network connectivity to a key repository or for exchange of secret data over the network where it could be intercepted or compromised. The systems use device resident physical security based on a SIM or other hardware specific features, and associated secure numbers, such as the IMEI, or other numbers, such a MAC address, Universal Subscriber Identity Module (USIM), secure serial number, etc. Software and data can be authenticated or decoded only with information physically present on the target mobile device, which helps prevent the spread of malicious or unauthorized software.
The system makes it improbable or impracticable to sign scripts to authorize software or data for general (mass) distribution or make it only impractical to hack the mobile device if it can be under complete control of a hacker having malicious intent. The system is able to authenticate and secure the installation and execution of software driven activities that have been issued from a specific, authorized source.
The system can ensure that a unique key is created that requires an authorizing device (e.g., the controlling network server), computing device specific information (e.g. the mobile device's IMEI), and a subscriber (user) specific bit of information (e.g. some information that is related to the subscribers account, like the IMSI, account number, mobile device number, or user name). By using a key created of these three elements in the system, the system will only function when all three are present. In this way, the controlling server can always be assured that a competitive mobile operator cannot hijack their valuable customers/subscribers. Also, hackers can not modify scripts on one device and transport them readily to other devices for execution—cracking one key unique to one mobile device/subscriber does note give the hacker any advantage at cracking the next. Further, multiple subscribers can use a single device and each have functionality and personal information separate and secure.
The invention will now be described with respect to various embodiments. The following description provides specific details for a thorough understanding of, and enabling description for, these embodiments of the invention. However, one skilled in the art will understand that the invention may be practiced without these details. In other instances, well-known structures and functions have not been shown or described in detail to avoid unnecessarily obscuring the description of the embodiments of the invention.
It is intended that the terminology used in the description presented below be interpreted in its broadest reasonable manner, even though it is being used in conjunction with a detailed description of certain specific embodiments of the invention. Certain terms may even be emphasized below; however, any terminology intended to be interpreted in any restricted manner will be overtly and specifically defined as such in this Detailed Description section.
Suitable System
In general,
Aspects of the invention can be embodied in a special purpose computing device or data processor that is specifically programmed, configured, or constructed to perform one or more of the computer-executable instructions explained in detail herein. Aspects of the invention may also be practiced in distributed computing environments where tasks or modules are performed by remote processing devices, which are linked through a communications network, such as a Local Area Network (LAN), Wide Area Network (WAN), or the Internet. In a distributed computing environment, program modules may be located in both local and remote memory storage devices.
Aspects of the invention may be stored or distributed on computer-readable media, including magnetically or optically readable computer discs, hard-wired or preprogrammed chips (e.g., EEPROM semiconductor chips), nanotechnology memory, biological memory, or other data storage media. Indeed, computer implemented instructions, data structures, screen displays, and other data under aspects of the invention may be distributed over the Internet or over other networks (including wireless networks), on a propagated signal on a propagation medium (e.g., an electromagnetic wave(s), a sound wave, etc.) over a period of time, or they may be provided on any analog or digital network (packet switched, circuit switched, or other scheme). Those skilled in the relevant art will recognize that portions of the invention reside on a server computer, while corresponding portions reside on a client computer such as a mobile or portable device, and thus, while certain hardware platforms are described herein, aspects of the invention are equally applicable to nodes on a network.
The mobile device 100 includes an authentication system 208 (e.g., via the SIM 122, and described below), a hardware interface 210, a report system 212, a script interface 214, a script platform 216, data 218, and scripts 220. The network-based services 204 may include a network or networks 206, mobile network services 222, a mobile network operator customer service system 224, a host information management system 226, updated scripts 228, and report data 230. The components within the mobile device 100 allow the device to integrate both handset-based services 200 and network-based services 204. The authentication system 208 can implement SIM card-based or standalone authentication to meet network requirements for desired levels of security, as described below.
The hardware interface 210 may retrieve hardware interface elements required for interfacing with network or phone-based customer support services. Examples of hardware interface elements include changing volume, changing frequency, retrieving SIM (Subscriber Identity Module) ID or other data stored on the SIM 122, connection status from the SIM or radio hardware, and others. The report system 212 may collect and forward the data reported by the mobile device to the network 206. The report system 212 can also encrypt the handset identification information and other data noted below to provide increased security. The information can be encoded so that only the host information management system 226 can decipher the handset identification information and other values described below.
The script interface 214 serves as a standard application programming interface for customer support services. More specifically, the script interface 214 provides an interface between scripts 220 and the various hardware-specific and executable, program-specific functions. The script interface 214 allows a single customer service script to be deployed across multiple operating systems and hardware configurations, but where such scripts are associated with or uniquely tied to specific handsets, as noted below. In addition, the script interface 214 includes a standard API (Application Programming Interface) for both the hardware/OS side and the script interface.
The script platform 216 can mix and match calls through the script interface to acquire information, to change or correct settings on the phone, and to perform additional functions. The script platform 216 authenticates, runs, and updates all scripts 220, manages reporting updates and changes, communicates with the host information management system 226, communicates with the GUI (Graphical User Interface), and performs functions such as managing customer surveys and queries, etc. The host information management system 226 can push a notification to the script platform 216 via USSD (Unstructured Supplementary Services Data), SMS (Short Message Service), IP (Internet Protocol), or any other network connectivity that the mobile device supports. The script platform 216 can run the scripts 220 after authentication, and the scripts 220 can be authenticated to the network 206 and/or to the mobile device.
The components within the network-based services 204 allow the mobile device 100 to communicate with and to retrieve data from the network 206. The network-based services 204 may include wired and wireless systems. The mobile network services 222 may consist of one or more systems including billing, CRM (Customer Relationship Management), provisioning, download of media (e.g. audio, images, video, games, utilities, etc.), and others. Furthermore, mobile network services 222 are able to return data calls made by mobile devices via standard network protocols (e.g., IP, DTMF (Dual-Tone Multi-Frequency), SMS, USSD, etc.).
The mobile network operator customer service system 224 may also consist of one or more systems relating to customer service, including billing, CRM, provisioning, downloading of media (e.g. audio, video, games, utilities, etc.), and others. The host information management system 226 controls interactions between the mobile device and the host customer support system. The host information management system 226 can transmit updates to the mobile device. The mobile device typically employs a unique handset ID or serial number, a mobile phone number, and other data noted herein. The report data 230 provides storage for report information gathered from the mobile device. The updated scripts 228 consist of scripts that the host customer support system provides to the mobile device. The updated scripts 228 can be managed and versioned as desired by the host information management system 226, can be targeted at specific subscribers/handsets or groups of subscribers, can include requests for reports and customer interview surveys, and so forth. Further details regarding the system at
Depicted Security Processes
Referring to
Under block 304, the network generates a globally unique identifier (GUID) using an appropriate number generator, such as a pseudo-random number generator. This is then stored as a unique license number Lx 306 in a database associated with the network. The number Lx is stored as a record or other data structure associated with the mobile device 100 (e.g. associated with the mobile phone number for the mobile device). The network forwards this number Lx to the mobile device, which may optionally be sent over a secure network 308. The number Lx may be included with other information, or in lieu of other information, such as an account type, special Universal Resource Locator (URL), APN or electronic address for home server access, etc.
The mobile device remotely receives the GUID Lx (block 310) and creates a new “public key” for proving that the mobile device or SIM 122, has an unknown secret key Ki. Under block 311, the mobile device employs some secret key Ki 312 with the remotely received GUID Lx using an appropriate algorithm 314, such as an appropriate hashing algorithm (shown as A3 algorithm in
The generated value Kx can be created by the mobile device using a locally stored value employed to algorithmically render Lx into the value Kx where any third party could not discern the locally stored data on the mobile device based simply on the value Kx. As noted herein, the mobile device may use any locally stored and secure data, such as the USIM, IMEI, IMSI, or other values or combinations of these values. Thus, Kx is based on Lx and one or more values associated with this subscriber or the mobile device, where it is infeasible for a third party to discern these values based only on Kx.
Under block 318, the mobile device returns the value Kx to the server, which again may be optionally transmitted over the secure network 308. The value Kx is not stored in permanent memory within the mobile device, and is flushed from temporary memory after being generated and used. Upon receiving the value Kx, the network stores this value in a license key database (block 322), while the mobile device stores the Lx number in a number database (block 320).
To improve security, the mobile device can optionally obfuscate the Kx value by using a two-way encryption function before, such as and encryption functioned based on Lx, returning the Kx value to the server, such as via an SMS message. The Kx encrypting key can be anything including the IMEI or other information on the handset, or provided by the subscriber, such as a pin or password. This pin or password then can be communicated to the network server or wireless service provider via an alternate channel, such as via a telephone call or website.
Further, while one embodiment of the invention combines the GUID Lx from the server with the IMEI, which is then hashed by the SIM to create Kx, other combinations are possible. For example, another embodiment of the invention could combine the GUID with the IMEI and the IMSI, which would then be hashed using a basic hashing function. As another alternative, the GUID may be combined with the IMEI and the phone number for the mobile device, which would then be hashed, or simply Lx could be hashed by the SIM, with or without a subscriber ID value. In general, any combination of subscriber specific, device specific, and/or carrier specific information may be used to create an encryption/authentication key set that uniquely limits the authentication from working on any device other that the specific subscriber-device-carrier (or any combination) from working. (In general, the terms “operator”, “carrier” and “service provider” are used interchangeably herein.)
In general, while use of the SIM 122 is described above, any secure memory of the mobile device may be employed. Use of the SIM's logic is helpful because of its inherent security features, although many other devices may be employed, such as smart cards, tamper-resistant or tamper-proof memory, and so forth. While a secret key Ki is shown in
Referring to
Note also that the network server may employ Kx, or create Kx or a related value based on data previously received from the mobile device (blocks 318, 322) and one or more pieces of locally stored data at the network server based on an algorithm known to both the mobile device and the network server. An electronic signature may be added to the header for each file sent to the specific mobile device. This will ensure that the files will only be able to be run or accessed by the specific mobile device.
Referring to
In block 508, the mobile device retrieves the encrypted/digitally signed data it received under block 408, and executes a decryption algorithm to decrypt the file. Under block 512, if the decryption is successful, the mobile device runs the decrypted software in memory on the device. In other words, if the files include a digital signature, then the mobile device checks the signature received with a file based on a signature generated using the recalculated Kx.
Note that the mobile device can execute the encrypted/digitally signed software or access encrypted/signed data without further network access. The mobile device will only execute software code, scripts, or data that can be decrypted/authenticated with the proper combination of data noted above. Before executing any code or scripts, digital signatures associated with the files may be authenticated with the specific combination of data defined during the registration process noted above under
Since the mobile device initiates connection to the network, potential hackers may not alter a command unless they know this and a secret key on the mobile device itself. Potential hackers may not push commands to the mobile device because they do not have the secret key for the SIM on the mobile device. The random number is hashed against a secret key, the output of the hash is stored in the system so that the secret key can be re-created when combined with the license number database 618. This creates greater security.
Further, multiple subscribers can use a single device and each have functionality and personal information separate and secure. In other words, different values of Kx may be created based on the same values stored in the SIM for a given the mobile device, but based on different values of Lx, subscriber IDs, or other of values associated with individual subscribers.
The above system provides a very high degree of protection by requiring a very significant amount of work to attack even a single subscriber, thus preventing a wide-spread attack using the scripting environment noted above. Under the above system, there is no single key to break. An attack on one device does not shorten or reduce the effort to attack another device.
The network or service provider owning the SIM may link files to a specific server. The mobile device will only take instructions from the server linked to the mobile operator owning the SIM while the SIM is installed. Thus, one server can not change files or codes for another server. Files from a server are allowed only to execute while the specific SIM linked to that server is inserted in the particular mobile device. This helps to ensure that only one service provider can create files or code for a particular mobile device. Thus, mobile devices will only run code created in conjunction with the SIM card inserted in the device at the time of code execution, preventing other mobile operators from altering codes for that operator (and visa versa).
Conclusion
Unless the context clearly requires otherwise, throughout the description and the claims, the words “comprise,” “comprising,” and the like are to be construed in an inclusive sense, as opposed to an exclusive or exhaustive sense; that is to say, in the sense of “including, but not limited to.” As used herein, the terms “connected,” “coupled,” or any variant thereof, means any connection or coupling, either direct or indirect, between two or more elements; the coupling of connection between the elements can be physical, logical, or a combination thereof. Additionally, the words “herein,” “above,” “below,” and words of similar import, when used in this application, shall refer to this application as a whole and not to any particular portions of this application. Where the context permits, words in the above Detailed Description using the singular or plural number may also include the plural or singular number respectively. The word “or,” in reference to a list of two or more items, covers all of the following interpretations of the word: any of the items in the list, all of the items in the list, and any combination of the items in the list.
The above detailed description of embodiments of the invention is not intended to be exhaustive or to limit the invention to the precise form disclosed above. While specific embodiments of, and examples for, the invention are described above for illustrative purposes, various equivalent modifications are possible within the scope of the invention, as those skilled in the relevant art will recognize. For example, while processes or blocks are presented in a given order, alternative embodiments may perform routines having steps, or employ systems having blocks, in a different order, and some processes or blocks may be deleted, moved, added, subdivided, combined, and/or modified. Each of these processes or blocks may be implemented in a variety of different ways. Also, while processes or blocks are at times shown as being performed in series, these processes or blocks may instead be performed in parallel, or may be performed at different times.
The teachings of the invention provided herein can be applied to other systems, not necessarily the system described above. The elements and acts of the various embodiments described above can be combined to provide further embodiments. For example, while the system is generally described below as encrypting or authenticating files sent from the network server to the mobile device, the process may be reversed so that the processes performed by the network server are performed instead by the mobile device, and vice versa. Further, keys can be periodically changed. For example, the server may periodically send a new value Lx to the mobile device, which in turn generates a new hash value Kx.
All of the above patents and applications and other references, including any that may be listed in accompanying filing papers, are incorporated herein by reference. Aspects of the invention can be modified, if necessary, to employ the systems, functions, and concepts of the various references described above to provide yet further embodiments of the invention.
These and other changes can be made to the invention in light of the above Detailed Description. While the above description details certain embodiments of the invention and describes the best mode contemplated, no matter how detailed the above appears in text, the invention can be practiced in many ways. Details of the security system may vary considerably in its implementation details, while still being encompassed by the invention disclosed herein. As noted above, particular terminology used when describing certain features or aspects of the invention should not be taken to imply that the terminology is being redefined herein to be restricted to any specific characteristics, features, or aspects of the invention with which that terminology is associated. In general, the terms used in the following claims should not be construed to limit the invention to the specific embodiments disclosed in the specification, unless the above Detailed Description section explicitly defines such terms. Accordingly, the actual scope of the invention encompasses not only the disclosed embodiments, but also all equivalent ways of practicing or implementing the invention under the claims.
While certain aspects of the invention are presented below in certain claim forms, the inventors contemplate the various aspects of the invention in any number of claim forms. For example, while only one aspect of the invention is recited as embodied in a computer-readable medium, other aspects may likewise be embodied in a computer-readable medium. Accordingly, the inventors reserve the right to add additional claims after filing the application to pursue such additional claim forms for other aspects of the invention.
This application claims the benefit of U.S. Provisional Patent Application 60/611,607, filed Sep. 21, 2004, entitled SECURE MOBILE DEVICE SOFTWARE EXECUTION, HELP-SUPPORT-CARE INITIATION FOR MOBILE DEVICES, AND SMART NETWORK CONFIGURATION SELECTION FOR MOBILE DEVICES, and U.S. Provisional Patent Application No. 60/652,144, filed Feb. 11, 2005, entitled CALL INTERCEPT METHODS, SUCH AS FOR CUSTOMER SELF-SUPPORT ON A MOBILE DEVICE.
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/US2005/033973 | 9/21/2005 | WO | 00 | 12/28/2007 |
| Publishing Document | Publishing Date | Country | Kind |
|---|---|---|---|
| WO2006/034399 | 3/30/2006 | WO | A |
| Number | Name | Date | Kind |
|---|---|---|---|
| 5404580 | Simpson et al. | Apr 1995 | A |
| 5475735 | Williams et al. | Dec 1995 | A |
| 5675628 | Hokkanen | Oct 1997 | A |
| 5790798 | Beckett, II et al. | Aug 1998 | A |
| 5845211 | Roach, Jr. | Dec 1998 | A |
| 6031467 | Hymel et al. | Feb 2000 | A |
| 6199045 | Giniger et al. | Mar 2001 | B1 |
| 6219047 | Bell | Apr 2001 | B1 |
| 6246756 | Borland | Jun 2001 | B1 |
| 6301480 | Kennedy, III et al. | Oct 2001 | B1 |
| 6368205 | Frank et al. | Apr 2002 | B1 |
| 6370399 | Phillips | Apr 2002 | B1 |
| 6389278 | Singh | May 2002 | B1 |
| 6424945 | Sorsa et al. | Jul 2002 | B1 |
| 6430407 | Turtiainen et al. | Aug 2002 | B1 |
| 6496979 | Chen et al. | Dec 2002 | B1 |
| 6591229 | Pattinson et al. | Jul 2003 | B1 |
| 6615038 | Moles et al. | Sep 2003 | B1 |
| 6618478 | Stuckman et al. | Sep 2003 | B1 |
| 6646570 | Yamada et al. | Nov 2003 | B1 |
| 6654594 | Hughes et al. | Nov 2003 | B1 |
| 6668169 | Burgan et al. | Dec 2003 | B2 |
| 6766017 | Yang et al. | Jul 2004 | B1 |
| 6792280 | Hori et al. | Sep 2004 | B1 |
| 6909910 | Pappalardo et al. | Jun 2005 | B2 |
| 6922721 | Minborg et al. | Jul 2005 | B1 |
| 6940844 | Purkayastha et al. | Sep 2005 | B2 |
| 6944447 | Portman et al. | Sep 2005 | B2 |
| 6961587 | Vilppula et al. | Nov 2005 | B1 |
| 6970698 | Majmundar et al. | Nov 2005 | B2 |
| 7177665 | Ishigaki | Feb 2007 | B2 |
| 7194257 | House et al. | Mar 2007 | B2 |
| 7218912 | Erskine et al. | May 2007 | B2 |
| 7353016 | Roundtree et al. | Apr 2008 | B2 |
| 7359706 | Zhao | Apr 2008 | B2 |
| 7539484 | Roundtree | May 2009 | B2 |
| 20010014615 | Dahm et al. | Aug 2001 | A1 |
| 20020034940 | Takae et al. | Mar 2002 | A1 |
| 20020065109 | Mansikkaniemi et al. | May 2002 | A1 |
| 20020112172 | Simmons | Aug 2002 | A1 |
| 20020115476 | Padawer | Aug 2002 | A1 |
| 20020128036 | Yach et al. | Sep 2002 | A1 |
| 20020152229 | Peng | Oct 2002 | A1 |
| 20030039948 | Donahue | Feb 2003 | A1 |
| 20030053615 | Anderson et al. | Mar 2003 | A1 |
| 20030112931 | Brown et al. | Jun 2003 | A1 |
| 20030188174 | Zisowski | Oct 2003 | A1 |
| 20030191945 | Keech | Oct 2003 | A1 |
| 20030204725 | Itoi et al. | Oct 2003 | A1 |
| 20040005051 | Wheeler et al. | Jan 2004 | A1 |
| 20040078798 | Kelly et al. | Apr 2004 | A1 |
| 20040132431 | Vandermeijden et al. | Jul 2004 | A1 |
| 20040142720 | Smethers | Jul 2004 | A1 |
| 20040152455 | Herle | Aug 2004 | A1 |
| 20040171375 | Chow-Toun | Sep 2004 | A1 |
| 20040172561 | Iga | Sep 2004 | A1 |
| 20040193444 | Hufford et al. | Sep 2004 | A1 |
| 20040249846 | Randall et al. | Dec 2004 | A1 |
| 20050004875 | Kontio et al. | Jan 2005 | A1 |
| 20050071657 | Ryan | Mar 2005 | A1 |
| 20050233733 | Roundtree et al. | Oct 2005 | A1 |
| 20060003758 | Bishop et al. | Jan 2006 | A1 |
| 20060053308 | Zimmerman | Mar 2006 | A1 |
| 20060121882 | Zhao et al. | Jun 2006 | A1 |
| 20060158436 | LaPointe | Jul 2006 | A1 |
| 20060245391 | Vaidya et al. | Nov 2006 | A1 |
| 20070005967 | Mister et al. | Jan 2007 | A1 |
| 20070173237 | Roundtree | Jul 2007 | A1 |
| 20070207795 | Roundtree | Sep 2007 | A1 |
| 20070293199 | Roundtree et al. | Dec 2007 | A1 |
| 20070293200 | Roundtree et al. | Dec 2007 | A1 |
| 20080194296 | Roundtree | Aug 2008 | A1 |
| 20080256447 | Roundtree | Oct 2008 | A1 |
| 20080280588 | Roundtree et al. | Nov 2008 | A1 |
| 20090124271 | Roundtree et al. | May 2009 | A1 |
| Number | Date | Country |
|---|---|---|
| 2454334 | Feb 2003 | CA |
| 2478292 | Feb 2002 | CN |
| 1361995 | Jul 2002 | CN |
| 1611087 | Apr 2005 | CN |
| 1387241 | Feb 2004 | EP |
| 2340344 | Feb 2000 | GB |
| 2365711 | Feb 2002 | GB |
| 10084404 | Mar 1989 | JP |
| 11259199 | Sep 1999 | JP |
| 2003067334 | Mar 2003 | JP |
| 2004021580 | Jan 2004 | JP |
| WO-9707641 | Feb 1997 | WO |
| WO-0070888 | Nov 2000 | WO |
| WO-0186472 | Nov 2001 | WO |
| WO-2005081852 | Sep 2005 | WO |
| WO-2005083996 | Sep 2005 | WO |
| WO-2006034399 | Mar 2006 | WO |
| WO-2007002499 | Jan 2007 | WO |
| WO-2008042989 | Apr 2008 | WO |
| WO-2008101135 | Aug 2008 | WO |
| Number | Date | Country | |
|---|---|---|---|
| 20080189550 A1 | Aug 2008 | US |
| Number | Date | Country | |
|---|---|---|---|
| 60611607 | Sep 2004 | US | |
| 60652144 | Feb 2005 | US |
