Mobile communication device

Abstract

A method of accessing a partition on a mobile communication device may include the steps of receiving data specifying a partition, receiving an identification code from an identification module in or associated with the device, determining, based on both the data specifying a partition and the identification code, whether access to the specified partition is to be allowed, and allowing or denying access to the specified partition accordingly.

Claims

1. A method of accessing a partition from a plurality of partitions, wherein each of the plurality of partitions is a separate memory area, wherein the partition is accessed from a mobile communication device comprising an identification module, wherein the mobile communication device is used by a user, the method comprising: receiving a passcode at the mobile communication device, wherein the passcode is entered by the user; verifying the passcode in the identification module; in response to determining that verification of the passcode by the identification module is positive, sending data specifying the partition and an identification code from the identification module to a partition entry module, wherein the identification code corresponds to or is based on identification data of the identification module; receiving, by the partition entry module, the data specifying the partition, from the identification module; receiving, by the partition entry module, the identification code, from the identification module; determining, by the partition entry module, whether access to the partition is to be allowed or denied, by verifying the identification code received from the identification module and the data specifying the partition received from the identification module; and wherein the partition entry module allows access to the partition in response to determining that verification of the identification code and the data specifying the partition is positive, and denies access to the partition in response to determining that verification of the identification code and the data specifying the partition is not positive.

2. A method as claimed in claim 1, wherein the identification module is or comprises a removable identification module, a remote identification module, a SIM card, hardware, a secure element, a trusted execution environment, or a software SIM.

3. A method as claimed in claim 1, further comprising generating the identification code in the identification module based on the data specifying the partition.

4. A method as claimed in claim 1, wherein the identification code is a certificate generated from identification data of the identification module.

5. A method as claimed in claim 1, wherein the identification code is received from and corresponds to a SIM card in the mobile communication device.

6. A method as claimed in claim 1, wherein the mobile communication device comprises keys and/or a touch-sensitive screen, and the passcode is received when a user presses the keys and/or the touch-sensitive screen so as to enter the passcode.

7. A method as claimed in claim 1, wherein the identification code is generated by passing the passcode through an algorithm to create a hash.

8. A method as claimed in claim 7, wherein the algorithm comprises an encryption algorithm.

9. A method as claimed in claim 8, wherein the encryption algorithm is a PKI encryption algorithm.

10. A method as claimed in claim 7, wherein the hash is compared with a predefined hash for the partition and access to the partition is allowed only upon determining that the two hashes match.

11. A method as claimed in claim 1, wherein the data specifying the partition is received from a signal-emitting device.

12. A method as claimed in claim 11, wherein the signal-emitting device comprises a NFC tag.

13. A method as claimed in claim 1, comprising decrypting any encrypted content stored in an accessed partition.

14. A method as claimed in claim 1, further comprising sending or displaying a message indicating that access to the partition specified by the data is not allowed when access to the partition specified by the data is not allowed.

15. A method as claimed in claim 1, wherein the data specifying the partition and the identification code are sent from the identification module to the partition entry module via a secure channel therebetween.

16. A method as claimed in claim 15, wherein the secure channel is created by a mutual authentication process between the identification module and the partition entry module.

17. A method as claimed in claim 1, further comprising encrypting the data specifying the partition and/or the identification code before sending the data specifying the partition and/or the identification code to the partition entry module.

18. A method as claimed in claim 1, further comprising switching partition automatically at a predefined time.

19. A method as claimed in claim 1, wherein different telephone numbers are associated with different partitions on a single mobile communication device.

20. A system comprising a mobile communication device comprising an identification module and a server comprising a partition entry module for controlling entry to a plurality of partitions, wherein each of the plurality of partitions is a separate memory area, wherein the mobile communication device is used by a user, wherein the identification module is arranged to: receive a passcode, wherein the passcode is entered by a user; verify the passcode, and, in response to determining that verification of the passcode is positive, send data specifying a partition and an identification code to the partition entry module, wherein the identification code corresponds to or is based on identification data of the identification module; wherein the partition entry module is arranged to: receive the data specifying the partition from the identification module associated with the mobile communication device; receive the identification code from the identification module associated with the mobile communication device; determine whether access to the partition is to be allowed or denied by verifying the identification code received from the identification module and the data specifying the partition received from the identification module; and allow access to the partition in response to determining that verification of the identification code and the data specifying the partition is positive, and deny access to the partition in response to determining that verification of the identification code and the data specifying the partition is not positive.

21. A system as claimed in claim 20, wherein the identification module is or comprises a removable identification module, a remote identification module, a SIM card, hardware, a secure element, a trusted execution environment, or a software SIM.

22. A system as claimed in claim 20, wherein the identification module is arranged to verify the data specifying the partition and the identification code to determine whether access to the partition specified by the data is to be allowed.

23. A system as claimed in claim 20, wherein the identification module is arranged to generate the identification code based on the data specifying the partition.

24. A system as claimed in claim 20, wherein the identification code is a certificate generated from identification data of the identification module.

25. A system as claimed in claim 20, wherein the identification code is received from and corresponds to a SIM card in the mobile communication device.

26. A system as claimed in claim 20, wherein the mobile communication device comprises keys and/or a touch-sensitive screen, and the partition entry module and/or the identification module is arranged to receive the passcode when a user presses the keys and/or the touch-sensitive screen so as to enter the passcode.

27. A system as claimed in claim 20, wherein the partition entry module and/or the identification module comprises a hash creation module, the hash creation module being arranged to pass the identification code and the passcode through an algorithm to create a hash.

28. A system as claimed in claim 27, wherein the algorithm comprises an encryption algorithm.

29. A system as claimed in claim 28, wherein the encryption algorithm is a PKI encryption algorithm.

30. A system as claimed in claim 27, wherein the partition entry module comprises a verification module arranged to compare the hash with a predefined hash for the partition, and to allow access to the partition upon determining that the two hashes match.

31. A system as claimed in claim 20, wherein the mobile communication device comprises a receiver arranged to receive the data specifying the partition from a signal-emitting device.

32. A system as claimed in claim 31, wherein the signal-emitting device comprises a NFC tag.

33. A system as claimed in claim 20, wherein the mobile communication device comprises decryption means for decrypting any encrypted content of an accessed partition.

34. A system as claimed in claim 20, wherein the mobile communication device is arranged to send or display a message indicating that access to the specified partition is not allowed when access to the partition specified by the data is not allowed.

35. A system as claimed in claim 20, wherein the identification module is arranged to send the data specifying the partition and the identification code to the partition entry module via a secure channel.

36. A system as claimed in claim 35, wherein the secure channel is created by a mutual authentication process between the identification module and the partition entry module.

37. A system as claimed in claim 20, further comprising means for encrypting the data specifying the partition and/or the identification code before sending the data specifying the partition and/or the identification code to the partition entry module.

Description

(1) Preferred embodiments of the invention will now be described by way of example only and with reference to the accompanying drawings in which:

(2) These and other features and improvements of the present application and the resultant patent will become apparent to one of ordinary skill in the art upon review of the following detailed description when taken in conjunction with the several drawings and the appended claims.

BRIEF DESCRIPTION OF THE DRAWINGS

(3) FIG. 1 shows an embodiment of the basic security architecture on a mobile phone;

(4) FIG. 2 shows a schematic diagram of an embodiment of the basic security architecture on a mobile phone with NFC communication;

(5) FIG. 3 is an illustration of an embodiment using NFC tags; and

(6) FIG. 4 is an illustration of an embodiment where partition data is stored in a cloud.

DETAILED DESCRIPTION

(7) FIG. 1 shows a preferred embodiment of the basic architecture of a mobile phone with n partitions (domains).

(8) The SIM card is a JavaCard with n applets, one for each partition. Applet 0 is labelled “Master key” and is the applet for the “Administrator partition” described above, from which all the other partitions can be managed.

(9) The phone also has a main processor where encryption and decryption are performed and access to a partition is checked and allowed or denied.

(10) The data partition memory of the mobile phone is divided into n partitions. Access to each partition is controlled by an applet inside the SIM module. An applet is provided for each partition. The main function of each applet n is to control access to the partition n and to provide the appropriate key to the main processor to perform encryption/decryption of the data on the respective partition.

(11) Access to each partition is protected by the SIM. A user must enter the correct passcode to access a given partition and for the encrypted data inside that partition to be decrypted.

(12) When a user wishes to enter a particular partition then enter the passcode or PIN for that partition by typing on the keypad or touch-sensitive screen of the mobile phone. The entered passcode is then passed to the SIM where it is received by the corresponding applet and passed through a PKI encryption algorithm combining it with the SIM identifier to create a hash.

(13) This is illustrated in the following table:

(14) TABLE-US-00001 Pass code Input # × Pass code 2.sup.128(PKI) × Partition number SIM/IMEA Hash Answer Work Up to 9 digits Run Algorithm Secure Answer Home Up to 9 digits Run Algorithm Secure Answer Children Up to 9 digits Run Algorithm Secure Answer Travel Up to 9 digits Run Algorithm Secure Answer Social Up to 9 digits Run Algorithm Secure Answer

(15) The hash is then passed to a main processor on the mobile phone where it is decrypted to extract the PIN and identify which partition the user is seeking to access. Then, if the hash correspond to a hash already stored in the phone's memory for that partition (or stored remotely, such as in a cloud or external memory storage device), access to the requested partition is allowed and the phone enters that partition.

(16) The content accessible in each partition is encrypted, so when access to a particular partition is allowed, the content of that partition is decrypted using the passcode for the partition and SIM identifier. The content is stored in a database which is either stored in the device itself or remotely, such as in a cloud or internal hardware device. Separate data domains or a single database with partition flags could be used. The flags in such a database can indicate which data is accessible to which partition.

(17) When a partition has been entered and its content decrypted, the content can be viewed on the phone's screen and the phone has the configuration or set-up (functionality) corresponding to that partition.

(18) As the data are encrypted, a direct access to the memory will deliver encrypted data. So no sensitive information will be available by these means.

(19) The SIM module is based on a JavaCard. This offers the possibility to manage different applets with independent security features. If the SIM used for this function is also the phone operator SIM, the master key of the SIM will allow controlling the SIM and the telecom connection with a master PIN. This means that first the SIM needs to be unlocked before one of the encrypted partitions can be unlocked (as is the case in a basic mobile phone).

(20) On the other hand, if the SIM used for partition memory partitioning control is not the operator SIM but a second secure element in the phone, a master key is not needed.

(21) In order to manage the content and functionality of each partition, a user has to enter the administrator or master partition. From here, all the other partitions can be managed and the user can set what content is visible and what functionality is available as well as other phone settings such as volume, vibrate and call divert.

(22) When, for example, a photo or video is taken with a camera in the phone, that photo or video is automatically accessible when in the partition in which the phone was when the photo or video was taken. As a default setting, it is not available in any other partitions except the administrator partition. If a user wants to make that photo or video available in a different or other partitions, he/she can manage this in the administrator partition.

(23) The domains 1-n could be data keys which specify data flags held in a single database against content or functionality.

(24) FIG. 2 shows an embodiment of the architecture of a mobile phone with n partitions (domains) which is configured to access the partitions using NFC tags.

(25) This embodiment is similar to that of FIG. 1 except that the phone additionally comprises an NFC front end which can send signals to NFC tags and receive signals from NFC tags.

(26) This embodiment works in the same way as that of FIG. 1 except that the passcode for a particular partition is received from an NFC tag, rather than being input by a user.

(27) In addition, the phone can receive a signal from an NFC tag instructing it to set up and enter a new partition on the phone with a configuration defined in the signal received from the tag. Alternatively, the signal could comprise a unique and secure path to data specifying a partition stored on a server or in a cloud, which the phone accesses after it has received the path from the NFC tag. If the tag sends a signal to enter an “open” partition, then the phone enters that partition automatically. However, if the tag sends a signal to enter a “closed” partition, then the user has to enter the correct code or password for the partition before they can enter it on their phone.

(28) In one example, when the phone of FIG. 2 is held near an NFC tag, the following steps are performed: the phone receives a signal from the tag, the signal containing data comprising a passcode for a partition and also identification information relating to the tag the passcode is extracted from the received signal by a specific applet provided in the SIM card of the device the environment/location is determined from the received signal either from a certificate or encrypted passcode contained in the signal, or from the identification information relating to the tag additional information (such as a “post-it” containing information form previous users of the tag) can also be received from the tag the tag is updated by updating a certificate if, for security reasons, it is valid just for one session/use, and/or by erasing any additional information such as a “post-it” if it has been downloaded into the mobile device

(29) FIG. 3 shows a mobile phone in communication with an “Office desk” tag, where the phone has entered the “Office desk” partition with the set-up shown in the figure. In this case, the tag simply sent the phone a passcode to enter the “Office desk” partition, which already existed on the mobile phone.

(30) A specific application of the present invention will now be described.

(31) In schools, a big problem can be how to control the use of mobile phones (or other mobile communication devices) to protect children against spam or SMS/MMS messages in the classroom, which could disrupt lessons, to avoid the use of such devices during exams, and to filter/control internet access such that certain, e.g. undesirable, websites are not accessible.

(32) By using the present invention, pupils can configure their mobile phones to enter a commonly agreed mode (or partition) when they enter the school premises or a classroom by holding their phones next to an NFC tag sending a signal for the phone to enter a “school” partition whose configuration (i.e. accessible content and available functionality) is set by the school. For example, a pupil's phone could switch between the following partitions during a school day:

(33) At home—device is in “home” partition where:

(34) SMS/MMS: allowed Phone directory/contacts: fully accessible Accessible content: “home” data Internet access: freely allowed or under parental control
At school—device is held by an NFC tag such that it enters a “school” partition where: SMS/MMS: blocked Phone directory/contacts: only parents/doctor/urgent contact accessible Accessible content: “school” data with free access such that teachers can control this content Internet access: blocked or filtered such that only certain websites can be viewed
In an exam room—device is held by an NFC tag such that it enters an “exam” partition where: SMS/MMS: blocked Phone directory: only parents/doctor/urgency Data partition: Blocked Internet access: Blocked

(35) The “school” partition (or any other partition) could have time-dependent functionality. For example, SMS/MMS/call functionality could be available only at certain pre-defined times of the day, corresponding to break and lunch times, for example. At other times, SMS/MMS/call functionality could be disabled or only allowed to a specified list of “emergency” numbers (e.g. home, parents, carer).

(36) FIG. 4 illustrates an embodiment where partition data is stored remotely in a cloud accessed via a modem.

(37) Here, the same data partitions are provided on the cloud as on the mobile phone. This means that data stored in partitions on a mobile phone are replicated on a cloud and can be retrieved from the cloud in the case, for example, that the mobile phone is lost or stolen.

(38) As well as providing a replication of partition data, the cloud provides data banks which can store more (additional) data than is stored or storable on the mobile device with its limited memory size. The additional data that is stored in the cloud, but not on the mobile, can be downloaded to the mobile phone in each respective partition when required by a user.

(39) The security of the partitions in the cloud is managed the same way as on the mobile phone and is based on the same encryption and preferably also on the same passcodes to access the encrypted areas. This means that the access to the encrypted area of a given partition on the cloud is managed from the SIM of the mobile phone.

(40) The process is as follows: when the mobile phone is connected to the cloud, a mutual authentication process is managed between the mobile phone SIM and the SAM or virtual SAM on the Cloud server. Then, if the correct PIN N is entered into the mobile phone, access will be granted both to the partition N inside the mobile phone memory and to partition N inside the cloud. This allows, for example, synchronisation between the partition on the mobile phone and the corresponding partition on the cloud (or synchronisation of particular areas of the partitions). Data transfer can be performed securely via a secure data channel created following a successful mutual authentication process.

(41) A Trusted Services Manager (TSM) can be used to manage this process securely.

(42) A TSM is an Over The Air (OTA) trusted service which controls the management of secure elements, keys and applications for mobile phones. An NFC mobile phone based on a JavaCard SIM makes it possible to download cardlets securely and the associated security elements Over the Air.

(43) A TSM system could include, for example, the capability to perform the following steps:

(44) TABLE-US-00002 CASSIS solution Step Customer experience features Service The mobile phone user/customer Auto-provisioning enrollment triggers with a single click on their platform phone the downloading of NFC Download Manager applications onto the phone Application Installation follow- up Handset feedback (push-registry) Payment Customer uses their phone to pay: it is Off-line counter fast, convenient and it fits the modern reset lifestyle Smart MIDlet Mifare and Calypso OTA provisioning Transit Customer uses phone for transit and Top-up gateway for top-up over the air when the value runs OTA stored value low top-up Tag reading user interface Rewards Customer accesses customized Customised tag information and personalized offers campaigns through interactive billboards management Coupons download, store & redeem mechanism Over-The-Air immediate blocking S.O.S When customer loses their mobile Routing messages phone, NFC applications are to parties immediately blocked OTA. The same Re-issuance applications can be easily management re-downloaded on a new device. Life cycle management

(45) In the case of the present invention, TSM features can include the downloading of specific applications to manage the environments related to each partition. This means the keys and the access rights for each partition. A TSM will handle also the NFC application which allows the automatic switching from one partition to another when a mobile phone receives a signal from a NFC tag. A TSM will also manage, over the air, the life cycle of the NFC mobile to support enrolment, downloads, updates, lost devices, end of life.

(46) It should be apparent that the foregoing relates only to the preferred embodiments of the present application and the resultant patent. Numerous changes and modification may be made herein by one of ordinary skill in the art without departing from the general spirit and scope of the invention as defined by the following claims and the equivalents thereof

Mobile communication device

Assignee

Inventors

Cpc classification

Classification Explorer

H04W12/06

ELECTRICITY

Classification Explorer

H04W12/08

ELECTRICITY

Classification Explorer

H04L51/224

ELECTRICITY

Classification Explorer

H04L9/3242

ELECTRICITY

Classification Explorer

H04W4/14

ELECTRICITY

Classification Explorer

H04W88/06

ELECTRICITY

Classification Explorer

H04M1/673

ELECTRICITY

Classification Explorer

H04M1/724631

ELECTRICITY

Classification Explorer

H04W8/18

ELECTRICITY

Classification Explorer

H04L2209/24

ELECTRICITY

Classification Explorer

H04L49/252

ELECTRICITY

Classification Explorer

H04L9/3263

ELECTRICITY

Classification Explorer

H04W8/183

ELECTRICITY

International classification

Classification Explorer

H04K1/00

ELECTRICITY

Classification Explorer

H04M1/673

ELECTRICITY

Classification Explorer

H04L9/32

ELECTRICITY

Classification Explorer

H04W12/06

ELECTRICITY

Classification Explorer

H04W4/14

ELECTRICITY

Classification Explorer

H04M1/725

ELECTRICITY

Classification Explorer

H04W8/18

ELECTRICITY

Classification Explorer

H04W12/08

ELECTRICITY

Classification Explorer

H04L12/947

ELECTRICITY

Classification Explorer

H04L12/58

ELECTRICITY

Abstract

Claims

Description