专利汇可以提供Methods and Devices for OTA Management of Mobile Stations专利检索,专利查询,专利分析的服务。并且A method for providing cellular network subscription data from an administration server to a mobile station that includes a secure element, such as a SIM or a UICC, and is configured to communicate via a cellular communications network. The method comprises the steps in the mobile station: attaching to a WLAN with a WLAN module implemented in the mobile station; establishing a communication link between the mobile station and the administration server via the WLAN the mobile station has attached to; and downloading cellular network subscription data from the administration server via the WLAN to the mobile station and storing the same within the secure element of the mobile station such that with the cellular network subscription data the mobile station can attach to a corresponding cellular communications network.,下面是Methods and Devices for OTA Management of Mobile Stations专利的具体信息内容。
The invention relates to mobile communications in general and in particular to methods and devices for over-the-air (OTA) management of mobile stations containing a secure element, such as a subscriber identity module (SIM) or a universal integrated circuit card (UICC), in a mobile communications system.
Communicating by means of a mobile phone or mobile station via a public land mobile network (PLMN; also referred to as a cellular network herein) operated by a mobile network operator (MNO) generally requires the mobile station to be equipped with a secure element for securely storing data uniquely identifying the user of the mobile station (also called subscriber or mobile user). For instance, in a mobile station configured to communicate according to the Global System for Mobile Communications (GSM), currently the world's most popular standard for mobile communications systems, the secure element is called a subscriber identity module (SIM) and is usually provided in the form of a smart card. According to the GSM standard, the technical features of which are defined by a large number of interrelated and mutually dependent specifications published by the ETSI standardization organization, the SIM contains cellular network subscription data for authenticating and identifying the user of the mobile station, including in particular an International Mobile Security Identity (IMSI) and an authentication key Ki. This cellular network specific information is generally being stored on the SIM by the SIM manufacturer or the MNO during a SIM personalization process prior to providing the user of the mobile station with his SIM. A non-personalized SIM is generally not suited for use in a mobile station, i.e. the use of the services provided by a PLNM with a non-personalized SIM is not possible.
According to the GSM standard the IMSI number allows the MNO to identify a mobile user and to provide him with exactly those services the mobile user has subscribed to. The authentication key Ki is a 128-bit data element for authenticating the SIM contained in the mobile station with respect to the PLMN. The authentication key Ki is being paired with an IMSI number generally during the SIM personalization process. For security reasons the authentication key Ki is stored only on the SIM and on a database of the PLMN called authentication center (AUC).
It is known to manage secure elements, such as SIMs, over-the-air (OTA) using standardized protocols carried over SMS (short message service) or IP (Internet protocol) communication channels using an already established connection in a cellular communications network. WO 2010/093312, for instance, describes a method for OTA activation and management of a SIM using an ODA (On Demand Activation) application adapted to activate and manage a SIM after it has been authenticated by the cellular communications network.
One particular field of application of secure elements, such as SIMs, which is expected to grow rapidly within the next couple of years is M2M (machine-to-machine), i.e. the communication between machines over a cellular communications network without human intervention, also called the Internet of things. In M2M data is automatically transmitted between many different types of machines equipped with a secure element, such as TV systems, set top boxes, vending machines, vehicles, electronic books, automatic cameras, sensor devices, and the like. It is foreseeable that at least for some of these devices it will not be possible or at least very difficult to provide the secure element beforehand with a complete set of cellular network subscription data, for instance an IMSI number. This is because in some M2M applications the secure element will be implemented in the form of an embedded or surface mounted device, which is build into a respective machine during the manufacturing process thereof without the possibility of providing the secure element with a complete set of cellular network subscription data beforehand. Consequently, once in the field, these machines and their non-personalized secure elements require the provision of cellular network subscription data over-the-air.
Thus, the problem addressed by the present invention is to provide for methods and devices that allow providing a mobile station including a secure element over-the-air with cellular network subscription data without the mobile station having an active subscription, i.e. before the mobile station can successfully attach to a cellular communications network.
The above object is achieved according to the present invention by the subject-matter of the independent claims. Preferred embodiments of the invention are defined in the dependent claims.
Generally, the present invention is based on the idea to provide a mobile station with cellular network subscription data for accessing a cellular communications network from an administration unit over-the-air (OTA) via a wireless local area network (WLAN) to which the mobile station can attach. To this end, the mobile station is equipped with a WLAN module that is configured to establish a communication link with the administration unit via the WLAN it can attach to.
The term “cellular network subscription data” used herein is to be construed in a broad sense in that the cellular network subscription data uploaded from the administration unit, preferably an administration server operated by the operator of the cellular communications network the mobile station wants to attach to, can include cellular network subscription data, such as an IMSI number and/or a corresponding authentication key Ki, or alternatively a pointer to a specific set of cellular network subscription data from a list of cellular network subscription data prestored, preferably in the secure element of the mobile station.
More specifically, according to a first aspect the invention is directed to a method for providing cellular network subscription data from an administration unit, preferably an administration server, to a mobile station that includes a secure element, such as a SIM or a UICC, and is configured to communicate via a cellular communications network. The method comprises the following steps in the mobile station: attaching to a WLAN by means of a WLAN module implemented in the mobile station; establishing a communication link between the mobile station and the administration unit via the WLAN the mobile station has attached to; and downloading cellular network subscription data from the administration unit via the WLAN to the mobile station and storing the same within the secure element of the mobile station such that by means of the cellular network subscription data the mobile station can attach to a corresponding cellular communications network.
According to a second aspect the invention is directed to a method for providing cellular network subscription data from an administration unit, preferably an administration server, to a mobile station that includes a secure element, such as a SIM or a UICC, and is configured to communicate via a cellular communications network. The method comprises the following steps in the administration unit: receiving a request for cellular network subscription data from the mobile station via a WLAN to which the mobile station has attached to by means of a WLAN module implemented in the mobile station; establishing a communication link between the administration unit and the mobile station via the WLAN the mobile station has attached to; and uploading cellular network subscription data from the administration unit via the WLAN to the mobile station such that by means of the cellular network subscription data the mobile station can attach to a corresponding cellular communications network.
According to a third aspect the invention is directed to a mobile station that is configured to communicate via a cellular communications network and that includes a secure element, such as a SIM or a UICC. The mobile station is configured and/or comprises respective means for: attaching to a WLAN by means of a WLAN module implemented in the mobile station; establishing a communication link between the mobile station and an administration unit, preferably an administration server, via the WLAN the mobile station has attached to; and downloading cellular network subscription data from the administration unit via the WLAN to the mobile station and storing the same in the secure element of the mobile station such that by means of the cellular network subscription data the mobile station can attach to a corresponding cellular communications network.
According to a fourth aspect the invention is directed to an administration unit, preferably an administration server, that is configured and/or comprises respective means for: receiving a request for cellular network subscription data from a mobile station via a WLAN to which the mobile station has attached to by means of a WLAN module implemented in the mobile station; establishing a communication link between the administration unit and the mobile station via the WLAN the mobile station has attached to; and uploading cellular network subscription data from the administration unit via the WLAN to the mobile station such that by means of the cellular network subscription data the mobile station can attach to a corresponding cellular communications network.
According to preferred embodiments of the invention, the secure element can be configured to be removably inserted into the mobile station or, alternatively, embedded therein. According to preferred embodiments of the invention, the secure element is implemented as a subscriber identity module (SIM), UICC, USIM, R-UIM or ISIM.
Preferably, the WLAN module is part of the secure element of the mobile station for storing the cellular network subscription data. This embodiment is particularly advantageous, as the cellular network subscription data that is provided by the administration unit via the WLAN and transferred from the WLAN module to the secure element of the mobile station does not leave the secure element, i.e. does not have to pass through potentially insecure components of the mobile station.
According to preferred embodiments of the invention, the WLAN is established by an access point that is configured according to the standard IEEE 802.11 and/or one or more of its sub-standards, such as IEEE 802.11b, 802.11a, 802.11g, 802.11i, 802.11n, and 802.11ac (such WLANs are also known as WiFi networks). Alternatively, the WLAN could be a wireless LAN operated according to the Bluetooth standard (IEEE 802.15.1) or the WiMAX standard (IEEE 802.16).
The WLAN for establishing a communication link between the mobile station and the administration unit could be a public WLAN or a non-public WLAN requiring WLAN access data to access the non-public WLAN. Such WLAN access data can be pre-stored in the mobile station, preferably in the secure element thereof, and can include a WLAN specific identifier, such as a SSID (Service Set Identifier), as well as any data for identifying and/or authenticating the mobile station relative to the WLAN, such as a user/mobile station identification element, a user password, any secret keys and the like.
Preferably, the mobile station and the administration unit are configured to implement an end-to-end security mechanism ensuring that the cellular network subscription data is transported from the administration unit to the secure element in a safe manner. To this end, at least one shared secret key could be pre-stored in the secure element of the mobile station and the administration unit. Once the administration unit has uniquely identified and authenticated the secure element, this secret key can be used to secure the communication between the administration unit and the secure element. This encryption can be used in addition to any encryption mechanisms provided by an access point to secure the communication over the air interface between the access point and the WLAN module of the mobile station, such as by means of the WEP, WAP or WAP2 protocols.
According to preferred embodiments of the invention, the administration unit is configured such that before uploading cellular network subscription data to the mobile station, the mobile station has to authenticate itself relative to the administration unit. Preferably, the data necessary for authenticating the mobile station relative to the administration unit, such as an identification element, password, secret key or the like, is pre-stored in the secure element of the mobile station, for instance during the manufacturing and/or personalization process thereof.
Preferably, the downloading of cellular network subscription data by the mobile station is triggered by specific events. Such events are preferably monitored by an application that runs on the secure element of the mobile station and is configured to trigger the OTA download of cellular network subscription data to the mobile station. The application can be configured to trigger the OTA download of cellular network subscription data in response to specific events, such as power on of the mobile station, cellular network authentication failure and/or scheduled timers.
Alternatively or additionally, the application, preferably implemented on the secure element of the mobile station, can be configured to trigger the retrieval of cellular network subscription data in response to the discovery of a specific predefined WLAN by the WLAN module of the mobile station. For instance, it is conceivable that a MNO that operates several WLANs for providing cellular network subscription data to non-personalised secure elements of mobile stations of his subscribers stores the respective WLAN specific identifiers as well as any WLAN access data that is required to attach to one of these WLANs in a respective mobile station such that the application implemented on the secure element of the mobile station can trigger the download of cellular network subscription data, as soon as the mobile station discovers one of the WLANs operated by the MNO. Such WLANs could be installed, for instance, at respective points of sale, where a mobile user can acquire a new mobile station and/or a new secure element.
As the WLAN module of the mobile station preferably communicates with the administration unit via the Internet, in order to correctly address the request for downloading cellular network subscription data an address for locating the administration unit, such as an IP address of the administration unit, can be pre-stored in the secure element of the mobile station.
According to preferred embodiments of the invention, the administration unit, when providing cellular network subscription data to the mobile station, creates an association between these cellular network subscription data and the identity of the user of the mobile station. To this end, the cellular network subscription data, such as an IMSI number and/or a corresponding authentication key Ki, provided to the mobile station can be associated with a unique identification element of the secure element, such as a ICCID, and/or the mobile station, such as the International Mobile Equipment Identity (IMEI). Alternatively, a unique identification element for identifying the user of the mobile station can be pre-provisioned, preferably, on the secure element thereof.
Preferably, the administration unit is in communication with an authentication unit as part of the PLMN that is used for authenticating the secure element when trying to access the PLMN using the cellular network subscription data provided by the administration unit. In addition to providing the mobile station with cellular network subscription data the administration unit is preferably configured to provide this cellular network subscription data to the authentication unit of the PLMN, preferably along with information about the identity of the user of the mobile station to which the cellular network subscription data has been provided to. For instance, in the context of a cellular communications network configured according to the GSM standard the role of the authentication unit is taken by the Home Location Register (HLR) in combination with the Authentication Center (AUC).
The administration unit can be a dedicated stand-alone unit, e.g. an administration server, or implemented, for instance, in the context of a cellular communications network configured according to the GSM standard implemented as part of a HLR, an AUC or a combination thereof.
According to preferred embodiments of the invention, the administration unit can be configured to provide cellular network subscription data to the mobile station on the basis of information about the location of the mobile station. For instance, the administration unit could be configured to provide cellular network subscription data in form of an IMSI number from a specific range of IMSI numbers to the mobile station on the basis of information about which country the mobile station is located in. This information about the location of the mobile station could be provided, for instance, by a GPS module implemented on the mobile station or derived from information about the WLAN the mobile station uses for communicating with the administration unit.
These and other features, characteristics, advantages, and objects of the invention will be clear from the following detailed description of preferred embodiments, given as a non-restrictive example, under reference to the attached drawings. The person skilled in the art will appreciate, in particular, that the above preferred embodiments can be combined in several ways, which will result in additional advantageous embodiments that are explicitly supported and covered by the present invention. In particular, the person skilled in the art will appreciate that the above described preferred embodiments can be implemented in the context of the first, second, third and fourth aspect of the invention.
An exemplary mobile station 12 is shown in
The mobile station 12 is configured to communicate via the air interface (or radio link) with a cellular communications network or Public Land Mobile Network (PLMN) 40, preferably operated by a Mobile Network Operator (MNO) according to the GSM standard. In the following, preferred embodiments of the invention will be described in the context of a cellular communications network according to the standards of the Global System for Mobile communication (GSM), as specified in a number of specifications provided by ETSI. However, the person skilled in the art will appreciate that the present invention may be advantageously applied in connection with other cellular communications systems as well. Such systems include third-generation cellular communications systems (3GPP), such as the Universal Mobile Telecommunications System (UMTS), and next generation or fourth-generation mobile networks (4G), such as Long Term Evolution (LTE), as well as other cellular communications systems, such as CDMA, GPRS (General Packet Radio Service) and CAMEL (Customised Applications for Mobile network Enhanced Logic).
As is well known to the person skilled in the art, the PLMN 40 configured according to the GSM standard generally comprises a base station subsystem consisting of one or more base transceiver stations that define respective cells of the PLMN 40 and are connected to a base station controller. Generally, the base station controller is one of several base station controllers that communicate with a mobile switching center (MSC). Often, a local database called Visitor Location Register (VLR) for keeping track of the mobile users currently located within the cells covered by a MSC (i.e. the MSC service area) is incorporated in the MSC. The MSC provides essentially the same functionality as a central office switch in a public-switched telephone network and is additionally responsible for call processing, mobility management, and radio resource management. The MSC is further in communication with a home location register (HLR), which is the primary database of the PLMN 40 that stores information about its mobile users required for authentication. To this end, the HLR generally is in communication with an authentication center (AUC).
As is known to the person skilled in the art, the communication means between the above described different components of the PLMN 40 may be proprietary or may use open standards. The protocols may be SS7 or IP-based. SS7 is a global standard for telecommunications defined by the International Telecommunication Union (ITU) Telecommunication Standardization Sector (ITU-T). The standard defines the procedures and the protocol by which network elements in the public switched telephone network (PSTN) exchange information over a digital signaling network to effect wireless (cellular) and wired call setup, routing and control. The SS7 network and protocol are used for e.g. basic call setup, management, wireless services, wireless roaming, and mobile subscriber authentication, i.e. enhanced call features providing for efficient and secure worldwide telecommunications. The physical elements by which the elements are grouped or left separate and the interfaces—whether proprietary or open—are left to the MNO, i.e. the operator of the PLMN 40.
As can be taken from the enlarged view of the secure element 20 in
Preferably, the secure element 20 furthermore comprises a WLAN module 26 in communication with the CPU 22 of the secure element 20. The WLAN module 26 is configured to establish a communication link between the secure element 20 and an access point (also called base station) of a WLAN, for instance, the WLAN 30 established by the access point 32. A secure element 20 containing a WLAN module 26 that could be advantageously employed according to the present invention is disclosed in WO 2006/137740. Although not preferred from a security standpoint, it is also conceivable that the WLAN module 26 is not part of the secure element 20, as shown in
Preferably, the WLAN 30 established by the access point 32 is an IEEE 802.11 WLAN, i.e. a WLAN configured according to the standard IEEE 802.11 and/or one or more of its sub-standards, such as IEEE 802.11b, 802.11a, 802.11g, 802.11i, 802.11n, and 802.11ac (such WLANs are also known as WiFi networks). Alternatively, the WLAN 30 could be a wireless LAN operated according to the Bluetooth standard (IEEE 802.15.1) or the WiMAX standard (IEEE 802.16).
As can be taken from
In step S1 of
By means of the appropriate WLAN access data, preferably stored within the secure element 20, the mobile station 12 can be authenticated by the access point 32 (step S2 of
Once the communication link between the mobile station 12 and the access point 32 is established, i.e. once the mobile station 12 has attached to the access point 32 in step S2 of
Preferably, the administration server 42 is configured such that before uploading cellular network subscription data to the mobile station 12, the mobile station 12 has to authenticate itself relative to the administration server 42 (see step S3 of
After the mobile station 12 (or rather its secure element 20) has been successfully authenticated by the administration server 42 in step S3 of
While or after compiling appropriate cellular network subscription data for the mobile station 12 in response to its request for cellular network subscription data (step S4 of
Preferably, the administration server 42 is in communication with an authentication unit of the PLMN 40 that is used for authenticating the mobile station 12 (or more specifically its secure element 20) when trying to access the PLMN 40 using the cellular network subscription data provided by the administration server 42. In addition to providing the mobile station 12 with cellular network subscription data the administration server 42 is preferably configured to provide this cellular network subscription data to the authentication unit of the PLMN 40. Moreover, the administration server 42 is, preferably, configured to inform the authentication unit of the PLMN 40 about the association between the cellular network subscription data and the identity of the user and/or the secure element 20 of the mobile station 12 so that the authentication unit of the PLMN 40 can associate the cellular network subscription data with a mobile user/station identity. For instance, in the context of the PLMN 40 being configured according to the GSM standard the role of the authentication unit is taken by the Home Location Register (HLR) in combination with the Authentication Center (AUC). In this context the administration unit according to the present invention can be implemented as part of the HLR, the AUC or a combination thereof of the PLMN 40.
Preferably, the mobile station 12 and the administration server 42 are configured to implement an end-to-end security mechanism ensuring that the cellular network subscription data is downloaded from the administration server 42 to the mobile station 12 (and more specifically its secure element 20) in a safe manner in step S5 of
Once the mobile station 12 has downloaded the cellular network subscription data from the administration server 42 in step S5 of
Preferably, the application 24 running on the CPU 22 of the secure element 20 of the mobile station 12 controls and coordinates the steps described in the context of
According to preferred embodiments of the invention, the administration server can be configured to provide the cellular network subscription data to the mobile station 12 on the basis of information about the location of the mobile station 12. For instance, the administration server 42 could be configured to provide cellular network subscription data in form of an IMSI number from a specific range of IMSI numbers to the mobile station 12 on the basis of information about which country the mobile station 12 is located in. This information about the location of the mobile station 12 could be provided, for instance, in step S3 of
The present invention has been described in the context of some advantageous embodiments implemented in the context of a GSM network. However, this is not to be understood to restrict the invention to the details of these embodiments, which are presented for illustrative purposes only, as the general idea of the present invention could equally be implemented in the context of cellular communications systems other than GSM. The person skilled in the art will appreciate that that present invention can be applied to any type of mobile station configured to communicate via a cellular communications network and a WLAN. For instance, in the sense of the present invention a mobile station could be a car equipped with a secure element for communicating via a cellular communications network and a WLAN. Moreover, in light of the above detailed description the person skilled in the art will appreciate that modifications and/or additions can be made to the methods and devices as described heretofore, which are to be considered to remain within the scope of the present invention as defined by the appended claims.
标题 | 发布/更新时间 | 阅读量 |
---|---|---|
一种编码速率的调整方法及终端 | 2020-08-02 | 1 |
具有多个空中无人机的动态无线通信网络 | 2020-08-17 | 3 |
一种多媒体信息发布系统、方法及设备 | 2024-02-20 | 2 |
基于RFID和国密模块的电力交互式移动巡检系统 | 2020-07-23 | 1 |
移动发送方控制的数据访问和数据删除方法和系统 | 2021-11-06 | 0 |
METHOD OF ACCESS PROVISION | 2021-03-20 | 1 |
Apparatus and method for performing an uplink random access procedure | 2021-06-24 | 2 |
Methods and Devices for OTA Management of Mobile Stations | 2022-05-25 | 2 |
Method and System for Providing an Uplink Structure and Minimizing Pilot Signal Overhead in a Wireless Communication Network | 2022-11-25 | 2 |
공유자 무선단말을 이용한 역방향 파커 공유 방법 | 2020-10-18 | 1 |
高效检索全球专利专利汇是专利免费检索,专利查询,专利分析-国家发明专利查询检索分析平台,是提供专利分析,专利查询,专利检索等数据服务功能的知识产权数据服务商。
我们的产品包含105个国家的1.26亿组数据,免费查、免费专利分析。
专利汇分析报告产品可以对行业情报数据进行梳理分析,涉及维度包括行业专利基本状况分析、地域分析、技术分析、发明人分析、申请人分析、专利权人分析、失效分析、核心专利分析、法律分析、研发重点分析、企业专利处境分析、技术处境分析、专利寿命分析、企业定位分析、引证分析等超过60个分析角度,系统通过AI智能系统对图表进行解读,只需1分钟,一键生成行业专利分析报告。