Systems and methods for providing security to different functions

US 20060089124A1
Filed: 08/30/2005
Published: 04/27/2006
Est. Priority Date: 10/22/2004
Status: Active Grant

First Claim

Patent Images

1. A communication system for providing secure mobile terminal functions, the system comprising:

a mobile network;

a mobile terminal coupled to the mobile network;

a function capsule including a first function; and

a smartcard coupled to the mobile terminal, the smartcard having a first key and a second key;

wherein the first key is used to authenticate an intended user of the mobile terminal to the mobile network and to download the function capsule from the mobile network to the mobile terminal; and

wherein the second key is used to authenticate the intended user to the function capsule on the mobile terminal.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are provided that use smartcards, such as subscriber identity module (SIM) cards to provide secure functions for a mobile client. One embodiment of the invention provides a mobile communication network system that includes a mobile network, a mobile terminal, a server coupled to the mobile terminal via the mobile network, and a subscriber identity module (SIM) card coupled to the mobile terminal. The SIM card includes a first key and a second key. The first key is used to authenticate an intended user of the mobile terminal to the mobile network. Upon successful authentication of the intended user to the mobile network, the mobile terminal downloads a function offered from the server through the mobile network. The second key is then used by the mobile terminal to authenticate the intended user to the downloaded function so that the intended user can utilize the function.

Citations

29 Claims

1. A communication system for providing secure mobile terminal functions, the system comprising:
- a mobile network;
  
  a mobile terminal coupled to the mobile network;
  
  a function capsule including a first function; and
  
  a smartcard coupled to the mobile terminal, the smartcard having a first key and a second key;
  
  wherein the first key is used to authenticate an intended user of the mobile terminal to the mobile network and to download the function capsule from the mobile network to the mobile terminal; and
  
  wherein the second key is used to authenticate the intended user to the function capsule on the mobile terminal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The communication system of claim 1, wherein the mobile network includes a copy of the first key to authenticate the intended user to the mobile network and wherein the function capsule includes a copy of the second key to authenticate the intended user to the function capsule.
  - 3. The communication system of claim 1, wherein the downloaded function capsule from the mobile network is encrypted and wherein the smartcard includes a third key for decrypting the downloaded function capsule.
  - 4. The communication system of claim 1, wherein the first function provides a call waiting service to the mobile terminal.
  - 5. The communication system of claim 1, wherein the first function provides an e-mailing service to the mobile terminal.
  - 6. The communication system of claim 1, wherein the first function provides a financial data service to the mobile terminal.
  - 7. The communication system of claim 1, wherein the smartcard includes a third key and wherein the third key authenticates the intended user to utilize the first function of the function capsule after the second key has authenticated the intended user to the function capsule.
  - 8. The communication system of claim 7, wherein the smartcard includes a fourth key, wherein the functional capsule comprises a second function, and wherein the fourth key authenticates the intended user to utilize the second function of the function capsule.
  - 9. The communication system of claim 8, wherein the fourth key authenticates the intended user to utilize the second function of the function capsule after the third key has authenticated the intended user to utilize the first function of the function capsule.
  - 10. The communication system of claim 9, wherein the first function provides an e-mailing service to the mobile terminal and wherein the second function provides a financial data e-mailing service to the mobile terminal.
  - 11. The communication system of claim 8, wherein the third key does not authenticate the intended user to utilize the second function of the function capsule.
  - 12. The communication system of claim 7, wherein the function capsule comprises an authentication module and wherein the authentication module includes a copy of the second key to authenticate the intended user to the function capsule and a copy of the third key to authenticate the intended user to utilize the first function of the function capsule.
  - 13. The communication system of claim 1, further comprising a second network, an authentication server, and a key writing site coupled to the authentication server via the second network, wherein the key writing site is used to write the second key into the smartcard at a time when the intended user desires to utilize the first function of the function capsule and wherein the second key is provided from the authentication server to the key writing site.
  - 14. The communication system of claim 13, wherein the authentication server includes a third key to revoke the second key written into the smartcard of the intended user.
  - 15. The communication system of claim 14, wherein the second key is wirelessly revoked by the authentication server via the mobile network.
  - 16. The communication system of claim 1, further comprising a server coupled to the mobile terminal via the mobile network, wherein the function capsule is downloaded over the mobile network from the server.
  - 17. The communication system of claim 16, wherein the server includes a third key to revoke the second key of the smartcard.
  - 18. The communication system of claim 17, wherein the second key of the smartcard is remotely revoked by the server via the mobile network.
  - 19. The communication system of claim 1, further comprising a key writing site, wherein the key writing site is used to write the second key into the smartcard at a time when the intended user has purchased the first function of the function capsule.
  - 20. The communication system of claim 1, wherein at least one of the first and second keys comprises a private key and a public key and wherein only a copy of the public key is available outside the smartcard to authenticate the intended user.
  - 21. The communication system of claim 1, further comprising a server coupled to the mobile terminal via the mobile network, wherein the function capsule is downloaded over the mobile network from the server and wherein the smartcard includes a third key to authenticate the intended user to access the server.
  - 22. The communication system of claim 21, wherein the server includes a fourth key to revoke one or both of the second and third keys of the smartcard.
  - 23. The communication system of claim 1, wherein the smartcard comprises a subscriber identity module (SIM) card.
  - 24. The communication system of claim 1, further comprising a stateless module coupled to the smartcard and for securely receiving and using keys.
  - 25. The communication system of claim 24, wherein the stateless module provides a secure usage environment for receiving and using keys that is remotely separated from and cryptographically secured to the smartcard.

26. A method for providing secure functions to a mobile client, the method comprising:
- transmitting a first random number from within a mobile network to a mobile client;
  
  using a first key in the mobile client to compute a first response based on the transmitted first random number;
  
  transmitting the first response to the mobile network;
  
  using a copy of the first key in the mobile network to calculate a first value based on the first random number;
  
  determining whether the first response agrees with the first value;
  
  terminating access of the mobile client to the mobile network if the first response does not agree with the first value;
  
  downloading a function capsule from the mobile network to the mobile client if the first response agrees with the first value;
  
  providing a second random number from the downloaded function capsule to the mobile client;
  
  using a second key in the mobile client to compute a second response based on the second random number;
  
  using a copy of the second key in the downloaded function capsule to calculate a second value based on the second random number;
  
  determining whether the second response agrees with the second value;
  
  denying access of the mobile client to the downloaded function capsule if the second response does not agree with the second value; and
  
  granting access of the mobile client to the downloaded function capsule if the second response agrees with the second value.
- View Dependent Claims (27, 28, 29)
- - 27. The method of claim 26, wherein mobile client comprises a subscriber identity module (SIM) card and wherein the first and second keys are located within the SIM card.
  - 28. The method of claim 26, wherein mobile client comprises a smartcard, wherein the first and second keys are stored within the smartcard, and wherein the smartcard is coupled to a stateless module for securely receiving and using keys.
  - 29. The method of claim 28, wherein the stateless module provides a secure usage environment for receiving and using keys that is remotely separated from and cryptographically secured to the smartcard.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NXP B.V. (NXP Semiconductors NV)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Buer, Mark, Frank, Edward H., Karoguz, Jeyhan

Granted Patent

US 7,644,272 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

G06Q 20/3229   Use of the SIM of a M-devic...

G06Q 20/3829   involving key management

H04B 1/3816   Mechanical arrangements for...

H04L 63/0853   using an additional device,...

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

H04W 12/06   Authentication

H04W 4/12   Messaging; Mailboxes; Annou...

Systems and methods for providing security to different functions

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for providing security to different functions

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links