Method for protecting electronic device, and electronic device

US 8,296,575 B2
Filed: 06/21/2002
Issued: 10/23/2012
Est. Priority Date: 06/29/2001
Status: Active Grant

First Claim

Patent Images

1. A method for protecting, an electronic communication device having an operational unit and a user-specific module, comprisingstoring, at a time prior to a first use of the electronic communication device by a user associated with the user-specific module, a checking program for checking the user-specific module in the operational unit, the checking program being used to check compatibility of the user-specific module with the operational unit;

protecting, at the time prior to the first use of the device, the checking program with a key of an encryption method for use by a protection performer; and

storing, at the time prior to the first use of the device, in the operational unit, a verification key of the encryption method used by the protection performer for verifying the authenticity of the checking program so that the authenticity of the checking program can be verified before being used for checking the compatibility of the user-specific module with the operational unit making altering of the checking program and unauthorized use of the electronic communication device more difficult.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to an electronic device, which comprises an operational unit and a user-specific module. Data in the device, necessary for checking the user-specific module, is protected with a key of the encryption method employed by the device manufacturer. A verification key of the encryption method employed by the electronic device manufacturer is stored in the operational unit, by means of which verification key the data necessary for checking the user-specific module is verified.

31 Citations

37 Claims

1. A method for protecting, an electronic communication device having an operational unit and a user-specific module, comprisingstoring, at a time prior to a first use of the electronic communication device by a user associated with the user-specific module, a checking program for checking the user-specific module in the operational unit, the checking program being used to check compatibility of the user-specific module with the operational unit;
- protecting, at the time prior to the first use of the device, the checking program with a key of an encryption method for use by a protection performer; and
  
  storing, at the time prior to the first use of the device, in the operational unit, a verification key of the encryption method used by the protection performer for verifying the authenticity of the checking program so that the authenticity of the checking program can be verified before being used for checking the compatibility of the user-specific module with the operational unit making altering of the checking program and unauthorized use of the electronic communication device more difficult.
- View Dependent Claims (2, 3, 4, 5, 6, 20, 37)
- - 2. The method according to claim 1, further comprising:
    - performing the protection of the checking program with a secret key of a public key encryption method used by the protection performer; and
      
      storing the public key of the public key encryption method in the operational unit to serve as the verification key.
  - 3. The method according to claim 1, further comprisingperforming the protection of the checking program by signing the checking program by a public key encryption method using a secret key of the protection performer;
    - andstoring in the operational unit of the electronic device the public key of the public key encryption method employed by the protection performer for verifying the signature of the checking program to serve as the verification key.
  - 4. The method according to claim 1, further comprisingperforming the protecting of the checking program by encrypting the checking program by a public key encryption method using a secret key of the protection performer;
    - andstoring in the operational unit of the electronic device the public key of the public key encryption system employed by the protection performer for decrypting the checking data to serve as the verification key.
  - 5. The method according to claim 1, further comprising protecting of the checking program by a MAC encryption method, and storing a key of the MAC encryption method in the operational unit for verifying the checking program to serve as the verification key.
  - 6. The method according to claim 1, wherein the user-specific module is a SIM module, andwherein the checking program is stored in a security state of the electronic communication device in the encrypted form, andwherein the verification key of the encryption method is stored in the security state of the electronic device for verifying the checking program.
  - 20. The method according to claim 1 wherein the protection performer is the electronic device manufacturer.
  - 37. A computer program product stored in the memory of an electronic communication device comprising computer readable code that, when executed in the electronic communication device, performs the method according to claim 1.

7. A method for checking an electronic communication device having an operational unit and a user-specific module wherein a checking program is stored in the operational unit for checking the user-specific module, the checking program being stored in the operational unit at a time prior to a first use of the electronic communication device by a user associated with the user-specific module, the checking program being used to check compatibility of the user-specific module with the operational unit and wherein the checking program is encrypted, at the time prior to the first use of the electronic communication device, with a key of an encryption method for use by a protection performer, and further wherein a verification key of the encryption method is stored in the operational unit for use by the protection performer for verifying the checking program, the verification key being stored in the operational unit at the time prior to the first use of the electronic communication device;
- the method further comprising;
  
  verifying the correctness of the checking program by using the verification key of the encryption method so that the authenticity of the checking program can be verified before being used for checking the compatibility of the user-specific module with the operational unit making altering of the checking program and unauthorized use of the electronic communication device more difficult, and if the verification fails, at least preventing the electronic communication device from being connected to a radio network;
  
  if the verification is successful, checking the user-specific module by means of the checking program; and
  
  if the user-specific module check succeeds, starting the electronic communication device or if the user-specific module check fails at least preventing the electronic communication device from being connected to the radio network.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 8. The method according to claim 7, wherein the checking program is protected by a public key encryption method using a secret key of the protection performer, and further wherein the public key of the public key encryption method is stored in the operational unit of the electronic device for verifying the checking program;
    - the method comprisingverifying the checking program by using the public key of the public key encryption method.
  - 9. The method according to claim 8, wherein the checking program, is protected with a signature that is provided by the public key encryption method using the secret key of the protection performer, and whereinthe checking program is verified by checking the signature using the public key of the public key method.
  - 10. The method according to claim 8, wherein the checking program, is encrypted by the public key encryption method using the secret key of the protection performer, and further whereinthe checking program is verified by decrypting the checking program necessary for checking the user-specific module by means of the public key of the public key method.
  - 11. The method according to claim 7, wherein the checking program, is protected by a MAC encryption method, and wherein;
    - the program is verified with a key of the MAC encryption method.
  - 12. The method according to claim 7, wherein the user specific module is a SIM module, and the checking program is used for checking the SIM module, wherein the checking program is stored in a security state of the electronic communication device for verifying the checking program, and further wherein the verification of the checking program is performed in the security state.
  - 13. The method according to claim 7, wherein the user-specific module is a SIM module, and the checking program checks the checking program and checks for an operator identifier.
  - 14. The method according to claim 9, wherein the user-specific module is checked by comparing a signature check sum with a program check sum;
    - andif the check sums tally, the electronic device is started, or if the check sums do not tally, at least the connection of the electronic device to the radio network is blocked.
  - 15. The method according to claim 7, wherein the user-specific module is a SIM module, and the electronic communication device includes a verification key of an encryption method of an operator, said verification key being protected with a key used by the protection performer, the method comprising:
    - starting the terminal equipment irrespective of the SIM module check comprises the steps of;
      
      receiving a signal which comprises a SIM-module-check-OK parameter, which is protected with a key of the encryption method employed by the operator and which controls the terminal equipment to start irrespective of the SIM module check result;
      
      verifying the parameter by using a verification key; and
      
      storing the SIM-module-check-OK parameter in the mobile equipment.
  - 16. The method according to claim 15, wherein the parameter is protected by signing it with a secret key of the encryption method employed by the operator, the method comprising verifying the correctness of the parameter by checking the signature with a public key of the encryption method.
  - 17. The method according to claim 15, wherein the parameter is protected by encrypting it with a secret key of the encryption method employed by the operator, the method comprising verifying the correctness of the parameter by decrypting it with a public key of the encryption method.
  - 18. The method according to claim 15, further comprising performing the protection by a MAC encryption method, and verifying the parameter with a key of the MAC encryption method.
  - 19. The method according to claim 15, further comprising checking the SIM-module-check-OK parameter for the terminal equipment start-up.

21. An electronic communication device, having an operational unit and a user-specific module comprising:
- a checking program adapted to cause the operational unit to check the user-specific module, the checking program being stored in the operational unit at a time prior to a first use of the electronic communication device by a user associated with the user-specific module, the checking program being used to check compatibility of the user-specific module with the operational unit, wherein the checking program is protected, at the time prior to the first use of the electronic communication device, with a key of an encryption method employed by a protection performer, and wherein a verification key of the encryption method is stored in the operational unit for verifying the checking program, the verification key being stored in the operational unit at the time prior to the first use of the electronic communication device, and wherein the operational unit is further caused;
  
  to verify the correctness of the checking program by using the verification key of the encryption method so that the authenticity of the checking program can be verified before being used for checking the compatibility of the user-specific module with the operational unit making altering of the checking program and unauthorized use of the electronic communication device more difficult, and if the verification fails, to restrict its operation at least by not connecting to the radio network; and
  
  if the verification is successful, to check the user-specific module by means of the checking program; and
  
  start the electronic communication device, if the user-specific module check succeeds, or to restrict its operation at least by not connecting to the radio network, if the user-specific module check fails.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 22. The device according to claim 21, wherein the checking program is protected by a public key encryption method using a secret key of the protection performer, and a public key of the public key encryption method employed by the protection performer is stored in the operational unit of the electronic device for verifying the checking program;
    - andthe electronic communication device is arranged to verify the checking program by using the public key of the public key encryption method.
  - 23. The device according to claim 22, wherein the checking program, is protected by a signature, which is provided by the public key encryption method using the secret key of the protection performer;
    - andthe electronic communication device is arranged to verify the checking program by checking the signature with the public key of the public key method.
  - 24. The device according to claim 22, wherein the checking program, is encrypted by the public key encryption method, using the secret key of the protection performer, andthe electronic communication device is arranged to verify the program necessary for checking the user-specific module by decrypting the checking program by means of the public key of the public key encryption method.
  - 25. The device according to claim 21, wherein the program in the electronic device, necessary for checking the user-specific module is protected by a MAC encryption method, andthe electronic communication device is arranged to verify the program necessary for checking the user-specific module with a key of the MAC encryption method.
  - 26. The device according to claim 21, wherein the user-specific module is a SIM module, and the checking program and a key of the encryption method are stored in a security state of the electronic communication device;
    - andthe operational unit is arranged to verify the checking program in the security state.
  - 27. The device according to claim 21, wherein the user-specific module is a SIM module, and the checking program checks the user-specific module and an operator identifier.
  - 28. The device according to claim 23, wherein the operational unit is arranged to check the user-specific module by comparing a check sum of the signature with a check sum of the checking program;
    - andif the check sums tally, the electronic communication device is arranged to continue the check, or if the check sum do not tally, the electronic device is arranged to restrict its operation at least by not connecting to the radio network.
  - 29. The device according to claim 21, wherein the user-specific module is a SIM module, and the operating unit includes a verification key of an encryption method employed by an operator, which operator verification key is protected with a key of the encryption method employed by the protection performer, andwherein the SIM module check is ignored if the operational unit is arranged to receive a signal which comprises a SIM-module-check-OK parameter, which is protected with the key of the encryption method of the operator and which allows the operational unit to start irrespective of the SIM module check result;
    - the operational unit is arranged to verify the parameter by using the operator verification key; and
      
      the operational unit is arranged to store the parameter in the electronic communication device.
  - 30. The device according to claim 29, wherein the parameter is protected by signing the parameter with a secret key of the encryption method employed by the operator, and the operational unit is arranged to verify the parameter by checking the signature using a public key of the encryption method.
  - 31. The device according to claim 29, wherein the parameter is protected by encrypting the parameter with a secret key of the encryption method employed by the operator, and the operational unit is arranged to verify the parameter by decryption with a public key of the encryption method.
  - 32. The device according to claim 29, wherein the protection is performed by a MAC encryption method, andthe operational unit is arranged to verify the parameter with a key of the MAC encryption method.
  - 33. The device according to claim 29, wherein the operational unit is arranged to check the SIM-module-check-OK parameter for the mobile equipment start-up.
  - 34. The device according to claim 21, wherein the protection performer is an electronic communication device manufacturer.

35. An apparatus comprising:
- an operational unit and a user-specific module, configured to communicate with a radio network; and
  
  wherein data used to check compatibility of the user-specific module with the operational unit is stored in the operational unit at a time prior to the first use of the apparatus by a user associated with the user-specific module, the data being protected, at the time prior to the first use of the apparatus, with a key of an encryption method employed by a protection performer;
  
  a verification key of the encryption method employed by the protection performer is stored in the operational unit of the user equipment for verifying the correctness of the data in the operational unit necessary for checking the user-specific module, the verification key being stored in the operational unit at the time prior to the first use of the apparatus;
  
  the apparatus is configured to verify the data necessary for checking the user-specific module by using the verification key of the encryption method so that the authenticity of the checking program can be verified before being used for checking the compatibility of the user-specific module with the operational unit making altering of the checking program and unauthorized use of the apparatus more difficult;
  
  if the verification fails, to restrict operation of the apparatus, at least by not connecting to the radio network;
  
  if the verification is successful, to check the user-specific module by means of the data necessary for checking the user-specific module; and
  
  to start the apparatus, if the user-specific module check succeeds, or to restrict its operation at least by not connecting to the radio network if the user-specific module check fails.
- View Dependent Claims (36)
- - 36. The apparatus according to claim 35, wherein the user-specific module is a SIM module, and the checking program and a key of the encryption method are stored in a security state of the apparatus;
    - and the operational unit is arranged to verify the checking program in the security state.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Kiiveri, Antti
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
AVERY, JEREMIAH L

Application Number

US10/176,727
Publication Number

US 20030009680A1
Time in Patent Office

3,777 Days
Field of Search

713/192, 713/194, 713/189
US Class Current

713/189
CPC Class Codes

H04W 12/08 Access security

H04W 12/48 using secure binding, e.g. ...

Method for protecting electronic device, and electronic device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Method for protecting electronic device, and electronic device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links