Controlling connectivity of an electronic device to a mobile network
11570700 · 2023-01-31
Assignee
Inventors
Cpc classification
H04W24/08
ELECTRICITY
H04W8/205
ELECTRICITY
H04W8/18
ELECTRICITY
H04W48/16
ELECTRICITY
H04W4/60
ELECTRICITY
International classification
H04W48/16
ELECTRICITY
H04W8/18
ELECTRICITY
Abstract
An approach for preventing electronic devices from repeatedly attempting to register or connect to a mobile network when they are not permitted to communicate using the mobile network. Embodiments determine whether the electronic device and/or associated SIM is permitted to communicate using the mobile network. In response to determining that the electronic device and/or SIM is not permitted to communicate using the mobile network, the contents of the SIM are modified to prevent the SIM from providing, to other components of the electronic device, communication data used to make a connection or authentication request to the mobile network.
Claims
1. A computer-implemented method of controlling an operation of a subscriber identity module (SIM) of an electronic device, wherein the SIM is configured to be able to respond to a request from a modem or processing unit of the electronic device with communication data that enables the modem or processing unit to initiate communications with a mobile network, the computer-implemented method comprising: determining whether the electronic device and/or the SIM is permitted to communicate using the mobile network, by at least: modifying a first counter value, stored by the SIM, upon each unsuccessful connection attempt of the electronic device to the mobile network; and determining that the electronic device and/or the SIM is not permitted to communicate using the mobile network in response to the first counter value reaching or breaching a first threshold counter value; in response to determining that the electronic device and/or the SIM is not permitted to communicate using the mobile network, modifying contents of the SIM to prevent the SIM from responding to a request from the modem or processing unit of the electronic device with communication data that enables the modem or processing unit to initiate a communication request to the mobile network; responding, at the SIM, to a reset communication or reset instruction from a component of the electronic device by setting the first counter value to a first predetermined value; modifying a second counter value, stored by the SIM, in response to a reset communication; and preventing the first counter value from being set to the first predetermined value in response to the second counter value reaching or breaching a predetermined threshold.
2. The computer-implemented method of claim 1, wherein the step of determining comprises using a remote system, external to the electronic device and/or the SIM, of the mobile network to determine whether the electronic device and/or the SIM is permitted to communicate using the mobile network.
3. The computer-implemented method of claim 2, wherein the step of modifying the contents of the SIM comprises: sending an over-the-air (OTA) message from the remote system of the mobile network to the SIM in response to the remote system determining that the electronic device and/or the SIM is not permitted to communicate using the mobile network; and the SIM responding to the OTA message by modifying the contents of the SIM to prevent the SIM from responding to the request from the modem or processing unit of the electronic device with communication data that enables the modem or processing unit to initiate the communication request to the mobile network.
4. The computer-implemented method of claim 3, wherein the OTA message comprises computer-implementable instructions, to be executed by the SIM, for modifying the contents of the SIM.
5. The computer-implemented method of claim 2, wherein the step of determining comprises: receiving, at the remote system, a connection request from the electronic device; determining, at the remote system, whether the electronic device and/or the SIM is permitted to connect to the mobile network in response to the connection request; modifying a third counter value, stored by the remote system, each time the electronic device and/or the SIM is not permitted to be connected on the mobile network following the connection request; and determining that the electronic device and/or the SIM is not permitted to communicate using the mobile network in response to the third counter value reaching or breaching a second threshold counter value.
6. The computer-implemented method of claim 2, wherein the remote system comprises at least a home location register (HLR).
7. The computer-implemented method of claim 1, wherein the step of determining is performed by the SIM monitoring connection attempts of the electronic device to the mobile network.
8. The computer-implemented method of claim 1, further comprising a step of resetting the first counter value to a second predetermined value in response to the electronic device successfully connecting to the mobile network.
9. The computer-implemented method of claim 1, wherein the reset communication is provided by the component during an authenticated communication session, between the SIM and the component, initiated only when the component provides a secret key to the SIM.
10. The computer-implemented method of claim 1, wherein the step of modifying the contents of the SIM comprises performing one or more of the following steps: destroying data of the SIM required for providing a valid response to the modem or processing unit for enabling the modem or processing unit to initiate a communication request to the mobile network; rewriting data of the SIM, required for providing the valid response to the modem or processing unit for enabling the modem or processing unit to initiate the communication request to the mobile network, with invalid values; and/or adjusting an access permission of the SIM to prevent the SIM from providing the valid response to the modem or processing unit for enabling the modem or processing unit to initiate the communication request to the mobile network.
11. The computer-implemented method of claim 1, further comprising resetting the second counter value in response to the electronic device successfully connecting to the mobile network.
12. A subscriber identity module (SIM) for an electronic device, wherein the SIM is configured to be able to respond to a request from a modem or processing unit of the electronic device with communication data that enables the modem or processing unit to initiate communications with a mobile network, the SIM being adapted to: determine whether the electronic device and/or the SIM is permitted to communicate using the mobile network, by at least: modifying a first counter value, stored by the SIM, upon each unsuccessful connection attempt of the electronic device to the mobile network; and determining that the electronic device and/or the SIM is not permitted to communicate using the mobile network in response to the first counter value reaching or breaching a first threshold counter value; and in response to determining that the electronic device and/or the SIM is not permitted to communicate using the mobile network, modify contents of the SIM to prevent the SIM from responding to a request from the modem or processing unit of the electronic device with communication data that enables the modem or processing unit to initiate a communication request to the mobile network; respond to a reset communication or reset instruction from a component of the electronic device by setting the first counter value to a first predetermined value; modify a second counter value, stored by the SIM, in response to a reset communication; and prevent the first counter value from being set to the first predetermined value in response to the second counter value reaching or breaching a predetermined threshold.
13. One or more non-transitory computer-readable storage devices comprising computer-executable instructions that, when executed by one or more computer systems, cause the one or more computer systems to perform operations comprising: determining whether an electronic device and/or a subscriber identity module (SIM) of the electronic device is permitted to communicate using a mobile network, the SIM being configured to be able to response to a request from a modem or processing unit of the electronic device with communication data that enables the modem or processing unit to initiate communications with a mobile network, by at least: modifying a first counter value, stored by the SIM, upon each unsuccessful connection attempt of the electronic device to the mobile network; and determining that the electronic device and/or SIM is not permitted to communicate using the mobile network in response to the first counter value reaching or breaching a first threshold counter value; in response to determining that the electronic device and/or SIM is not permitted to communicate using the mobile network, modifying contents of the SIM to prevent the SIM from responding to a request from the modem or processing unit of the electronic device with communication data that enables the modem or processing unit to initiate a communication request to the mobile network; responding, at the SIM, to a reset communication or reset instruction from a component of the electronic device by setting the first counter value to a first predetermined value; modifying a second counter value, stored by the SIM, in response to a reset communication; and preventing the first counter value from being set to the first predetermined value in response to the second counter value reaching or breaching a predetermined threshold.
14. The one or more non-transitory computer-readable storage devices of claim 13, wherein the step of determining comprises using a remote system, external to the electronic device and/or SIM, of the mobile network to determine whether the electronic device and/or SIM is permitted to communicate using the mobile network.
15. The one or more non-transitory computer-readable storage devices of claim 14, wherein modifying the contents of the SIM further comprises: sending an over-the-air (OTA) message from the remote system of the mobile network to the SIM in response to the remote system determining that the electronic device and/or SIM is not permitted to communicate using the mobile network; and the SIM responding to the OTA message by modifying the contents of the SIM to prevent the SIM from responding to the request from the modem or processing unit of the electronic device with communication data that enables the modem or processing unit to initiate the communication request to the mobile network.
16. The one or more non-transitory computer-readable storage devices of claim 15, wherein the OTA message comprises computer-implementable instructions, to be executed by the SIM, for modifying the contents of the SIM.
17. The one or more non-transitory computer-readable storage devices of claim 14, wherein the step of determining further comprises: receiving, at the remote system, a connection request from the electronic device; determining, at the remote system, whether the electronic device and/or SIM is permitted to connect to the mobile network in response to the connection request; modifying a third counter value, stored by the remote system, each time the electronic device and/or SIM is not permitted to be connected on the mobile network following the connection request; and determining that the electronic device and/or SIM is not permitted to communicate using the mobile network in response to the third counter value reaching or breaching a second threshold counter value.
18. The one or more non-transitory computer-readable storage devices of claim 14, wherein the remote system comprises at least a home location register (HLR).
Description
BRIEF DESCRIPTION OF THE DRAWINGS
(1) For a better understanding of the invention, and to show more clearly how it may be carried into effect, reference will now be made, by way of example only, to the accompanying drawings, in which:
(2)
(3)
(4)
(5)
DETAILED DESCRIPTION OF THE EMBODIMENTS
(6) The invention will be described with reference to the Figures.
(7) It should be understood that the detailed description and specific examples, while indicating exemplary embodiments of the apparatus, systems and methods, are intended for purposes of illustration only and are not intended to limit the scope of the invention. These and other features, aspects, and advantages of the apparatus, systems and methods of the present invention will become better understood from the following description, appended claims, and accompanying drawings. It should be understood that the Figures are merely schematic and are not drawn to scale. It should also be understood that the same reference numerals are used throughout the Figures to indicate the same or similar parts.
(8) The invention provides an approach for preventing electronic devices from repeatedly attempting to register or connect to a mobile network when they are not permitted to communicate using the mobile network. Embodiments determine whether the electronic device and/or associated SIM is permitted to communicate using the mobile network. In response to determining that the electronic device and/or SIM is not permitted to communicate using the mobile network, the contents of the SIM are modified to prevent the SIM from providing, to other components of the electronic device, communication data used to make a connection or authentication request to the mobile network.
(9) The present invention relies upon the recognition that an operator of a mobile network can exert a level of control over the operation of a SIM, e.g. using OTA processes or by virtue of manufacturing the SIM, so that it is able to prevent unruly devices from repeatedly attempting to communicate on the mobile network when they are no longer permitted to do so. This reduces an amount of (signaling) traffic on the mobile network.
(10) Embodiments of the invention may be employed in any (e.g. subscriber-based) mobile network, in which it would be desirable for electronic devices or SIMs to be deprovisioned with respect to the mobile network.
(11)
(12) The electronic device 100 is adapted to wirelessly communicate with one or more other devices (such as an end server 95 and/or device connected to an external network 96) using a mobile network 99. The mobile network 99 may, for example, enable the electronic device 100 to communicate with the one or more other devices via one or more access points 99A.
(13) The electronic device 100 is adapted to wirelessly communicate with the mobile network via an antenna system 102, which is controlled by a modem 101. The modem may itself be controlled by a (central) processing unit/module 103 of the electronic device. Methods of communicating using a mobile network would be readily apparent to the skilled person.
(14) However, in order to communicate with other devices, such as the end server(s) and/or external network(s), the electronic device 100 needs to be registered or otherwise authenticated to the mobile network. In other words, the electronic device 100 must be permitted to communicate using the mobile network. The mobile network 99 may be adapted to deny communication request from the electronic device 100 if it is not permitted to communicate (with the other devices) using the mobile network.
(15) In order to check whether the electronic device 100 is permitted to communicate using the mobile network 99, a remote system 150 may be used. The remote system 150 processes communication data provided by the electronic device 100 to establish whether the electronic device 100 is permitted to communicate (e.g. with other devices) using the mobile network 99, e.g. by consulting a database and/or initiating an authentication process. Determining whether an electronic device 100 is permitted to communicate using the mobile network 99 may be functionally equivalent to a process of authenticating/registering the electronic device on the mobile network.
(16) In other words, in at least one embodiment, the concept of being “permitted to communicate using the mobile network” is functionally equivalent to a concept of being “authenticated on the mobile network” or “registered on the mobile network”, so that these terms may be used interchangeably.
(17) The remote system 150 may comprise any unit suitable for establishing, deciding or determining whether the electronic device and/or SIM is permitted to communicate (e.g. with other devices) using the mobile network 99. Suitable units include a home location register (HLR) 150A, a visitor location register (VLR) 150B, a Central Equipment Identity Register (CEIR) 150C and so on. The remote system 150 may comprise any combination of these and/or other units that would be suitably known to the skilled person.
(18) The remote system 150 may, for example, be connected to elements of the backbone of the network 99, e.g. a mobile switching center (MSC) or the like. Similarly, the mobile network 99 may comprise other backbone modules, such as a base station (subsystem) and the like. The skilled person would readily understand the structure of a mobile network.
(19) Methods of authenticating an electronic device 100 on a mobile network 99 are well known to the skilled person, e.g. by employing any of the CDMA, TDMA and/or GSM standard protocols.
(20) The communication data used to authenticate the electronic device on the mobile network 99 is provided by a subscriber identity module (SIM) 110, which is either fixed within or removable from the electronic device 100. The SIM 110 comprises a (central) processing unit 115 and a memory 111. The processing unit 111 responds to instructions or requests passed to it by the modem 101 of the electronic device 100, e.g. by executing code 113 stored in the memory 111.
(21) The SIM can provide identifying information (or other communication data) to other components of the electronic device, such as the modem 101, which can form part of the overall communication data used to authenticate the electronic device. In particular, the modem 101 may attempt to connect or register on the mobile network 99, and may contact the SIM to obtain identifying information for registering on the mobile network.
(22) Other examples of communication data that could be provided by a SIM, in addition or in place of identifying information, may include security keys (e.g. required for encrypting a communication over the mobile network) and/or configuration data (e.g. for configuring how to communicate data over the mobile network).
(23) The SIM 110 can also be used during an authentication method initiated by the (home location register of) the remote system 150, e.g. by executing code 113.
(24) Typically, the SIM provides at least a SIM identifier (such as an international mobile subscriber identity (IMSI), Integrated Circuit Card Identifier (ICCI) and/or Embedded Identity Document (EID)) 112, which is passed to the (HLR of the) remote system 150. The remote system 150 compares the identifier to a database, to determine whether the mobile phone 100 having the SIM 110 is permitted to communicate using the mobile network 99.
(25) Other data can be used to decide whether an electronic device 100 is permitted to communicate using the mobile network 99. For example, an electronic device is commonly associated with a device identifier, such as an International Mobile Equipment Identity (IMEI) or Mobile equipment identifier (MEI), which may be stored in storage unit 105. The device identifier may be communicated to the remote system by the electronic device 100, and could be used to determine whether the electronic device 100 is permitted to communicate using the mobile network, e.g. by a CIER 150C—which may be integrated into the HLR 150 or provided as a separate element.
(26) Thus, one or more units of a remote system (connected to the mobile network 99), such as the home location register 150A or (central) equipment identity register 150C (CIER), may be used to control whether or not the electronic device 100 is permitted to communicate using the mobile network 99.
(27) Presently, electronic devices 100 can be configured to repeatedly or iteratively attempt to connect to a mobile network, even if they are not permitted to communicate using the mobile network, e.g. if they have been deprovisioned by the HLR.
(28) The process of attempting to connect to a mobile network typically comprises the modem 101 (and/or processing unit 103) requesting communication data from the SIM, such as the IMSI. This information is required in standard authentication protocols to authenticate the electronic device 100 on the network.
(29) The present invention recognizes that repeated attempts to connect to a mobile network by a device (not permitted to communicate using the mobile network) can significantly increase signaling traffic to the mobile network. The present invention proposes to exploit the standard authentication process to prevent an electronic device from being able to repeatedly attempt to connect to a mobile network, by modifying the contents of the SIM.
(30)
(31) The method 200 comprises a step 201 of determining whether the electronic device and/or SIM is permitted to communicate using the mobile network. Various embodiments for this process will be described later.
(32) The method 200 further comprises a step 202 of, in response to determining that the electronic device and/or SIM is not permitted to communicate using the mobile network, modifying the contents of the SIM to prevent the SIM from responding to a request from the modem or processing unit of the electronic device with communication data that enables the modem or processing unit to initiate a communication request to the mobile network.
(33) Step 202 may comprise, for example, controlling the SIM to rewrite a stored SIM identifier (e.g. IMSI) with non-valid values, e.g. all ‘0’ or ‘F’. This will invalidate the SIM identifier, so that a request to the SIM (e.g. from the modem or processing module) will prevent the SIM from responding with appropriate communication data.
(34) In another example, step 202 may comprise destroying or deleting data of the SIM required for providing a valid response, e.g. deleting the SIM identifier or deleting code required to validly respond to a request for an SIM identifier (e.g. from the modem or processing module of the mobile).
(35) In another example, code of the SIM may be activated so that it responds to a request for an SIM identifier with invalid data, or other information such as “Not Ready” or “Access Denied” to prevent the SIM identifier from being passed back in response to the request.
(36) In yet another example, security requirements for accessing a SIM may be changed or altered, e.g. by modifying a password or code required to validly access the SIM or cause the SIM to perform desired actions. Thus, step 202 may comprise adjusting an access permission of the SIM to prevent the SIM from providing a valid response to the modem or processing unit for enabling the modem or processing unit to initiate a communication request to the mobile network.
(37) Various other methods for modifying a SIM to prevent it responding to a request with valid communication data will be apparent to the skilled person.
(38)
(39) The method 300 comprises a step 301 of determining whether a SIM, associated with an electronic device, or the electronic device itself is not permitted to communicate using the mobile network.
(40) Step 301 may comprise a step 301A of receiving a connection request from the electronic device, which connection request may comprise a SIM identifier (e.g. IMSI) and/or a device identifier (e.g. IMEI). Of course, other communication data may be contained in the connection request. The connection request may, for example, be an authentication request for requesting authentication of the electronic device on the mobile network.
(41) Of course, the method 300 may idle at step 301A until a connection or communication request is received from the electronic device.
(42) Continuing step 301, the remote system may then perform a step 301B of processing the connection request to determine whether or not the electronic device and/or SIM (associated with the electronic device) is permitted to communicate using the mobile network.
(43) In some examples, step 301B may comprise (a computer/processor in the remote system) comparing the SIM/device identifier to one or more databases that identify whether the SIM and/or mobile is permitted to communicate using the mobile network. For example, the remote system may use a subscription database that details which SIMs (i.e. SIM identifiers) are permitted to communicate using the mobile network (e.g. if a subscription to a mobile network for the SIM has been kept up to date). As another example, the remote system may use a blacklist database to process a device identifier to identify whether a device has been blacklisted (e.g. marked as stolen) to determine whether the electronic device is permitted to communicate using the mobile network.
(44) Other methods and databases for use in determining whether a SIM and/or electronic device is permitted to communicate using a mobile network, in response to a connection request, will be apparent to the skilled person, and could be used in step 301B.
(45) In response to determining that an electronic device and/or SIM associated with the electronic device is not permitted to communicate using the mobile network, the method 300 moves to a step 302.
(46) Step 302 comprises using the remote system to instruct the SIM to modify its contents to prevent the SIM from responding to a request from the modem or processing unit of the electronic device with communication data that enables the modem or processing unit to initiate a communication request to the mobile network.
(47) For example, step 302 may comprise sending an over-the-air, OTA, message from the remote system of the mobile network to the SIM in response to the remote system determining that the electronic device and/or SIM is not permitted to communicate using the mobile network.
(48) Over-the-air (OTA) is a well-known platform by which a mobile network operator, e.g. the operator of the remote system, and send and receive services to and from a SIM. The OTA platform is commonly used for providing software updates, configuration settings and/or encryption keys to a SIM. The proposed embodiments suggest to utilize this platform to control the SIM to prevent or forbid it from providing communication data in response to a request from a modem or processing unit (or processing module controlling the modem or processing unit).
(49) In an embodiment, the SIM may respond to the OTA message by modifying the contents of the SIM to prevent the SIM from responding to a request from the modem or processing unit of the electronic device with communication data that enables the modem or processing unit to initiate a communication request to the mobile network. Another possible response by the SIM will be described later.
(50) In some embodiments, the OTA message comprises computer-implementable instructions, to be executed by the SIM, for modifying the contents of the SIM. In other embodiments, the OTA message comprises a request for the SIM to modify its contents (of the SIM), where the SIM itself stores the appropriate instructions for modifying the contents in response to the request.
(51) Other methods of controlling a SIM using a remote system will be apparent to the skilled person, e.g. including an instruction or trigger code in place of the “random number” (RAND) that would typically be sent to a permitted SIM in response to an connection request by an electronic device.
(52) In some examples, step 302 may comprise the remote system temporarily permitting the SIM or electronic device to communicate using the wireless network (e.g. temporarily acquiescing to a registration/authentication request), to enable the OTA (or other format) message to be sent to the SIM. After the OTA message has been sent to the SIM or electronic device, the remote system may revoke the SIM or electronic devices permission to communicate using the wireless network, e.g. de-authenticate the SIM or electronic device.
(53) Some embodiments may comprise a further step 303, which is performed after determining that the SIM or electronic device is not permitted to communicate using the mobile network. The step 303 effectively comprises counting a number of times that a connection request fails, e.g. the number of times it is determined that the electronic device and/or SIM is not permitted to connect to the mobile network. When this number of times reaches a predetermined value, then step 302 is performed. Otherwise, the method reverts back to step 301 (i.e. waiting for a connection or communication request).
(54) Step 303 helps ensure that should a termination process (i.e. a SIM or electronic device be erroneously identified as being not permitted to communicate using the mobile network) be executed in error, there are a ‘grace’ number of authentication attempts remaining.
(55) Step 303 may also help ensure that an operator of the electronic device is given a grace period to attend to any problems with their subscription to the mobile network, e.g. paying any relevant subscription fees.
(56) Step 303 may comprise a step 303A of modifying a first counter value, stored by the remote system, each time the electronic device and/or SIM is not permitted to be connected on the mobile network following the connection request. The first counter value may be an incremental or decremental counter. In other words, modifying the first counter value may comprise incrementing the counter value (e.g. by 1) or decrementing the counter value (e.g. by 1).
(57) Step 303 may also comprise a step 303B of comparing the first counter value to a first threshold counter value to determine whether or not the electronic device is not permitted to communicate using the mobile network. If the first counter value has reached and/or breached the first threshold counter value, then the method moves to step 302.
(58) Step 303B may comprise determining if the first counter value is greater than (and optionally equal to) the first threshold counter value. This embodiment may be used where the modification to the first counter value in step 303A is to increment the first counter value.
(59) Step 303B may comprise determining if the first counter value is less than (and optionally equal to) the first threshold counter value (which, in this example, may be equal to 0). This embodiment may be used where the modification to the first counter value in step 303A is to decrement the first counter value.
(60) The first counter value may be initialized to a predetermined value (e.g. 0 for an incremental counter or a predetermined non-zero number for a decremental counter).
(61) In some embodiments, the first counter value is reset to the predetermined/initialized value in response to the electronic device successfully connecting to the mobile network.
(62) Method 300 may therefore comprise an additional step 304 of resetting the first counter value to the predetermined/initialized value in response to determining (in step 301) that the SIM and/or mobile device is permitted to communicate using the mobile network.
(63) The size of the first threshold value and/or predetermined/initialized value (depending on whether an incremental or decremented counter is used) may be calculated or estimated to give an expected time before the counter expires. For example, 1 month based on the electronic device's normal behavior. This can be calculated based on the frequency and/or number of requests made by the electronic device to communicate using the mobile network, which could be monitored for a predetermined period of time before initiating the method 300.
(64) In other words, a method according to an embodiment may comprise calculating a number of unsuccessful connection/authentication requests permitted before executing the method 300. The calculating may be based on an average frequency of requests made by the electronic device (e.g. a number of requests made within a predetermined period of time), and may be performed so that the electronic device is permitted to make communication requests for a predetermined period of time, e.g. a week, a month, two months and so on.
(65) In other words, the number of ‘grace’ connection/authentication attempts configured can be controlled.
(66) In another method, rather than using a counter in step 303, a timer may be used. Step 303 may comprise triggering a timer in response to an unsuccessful communication request from the SIM and/or electronic device, and moving to step 302 when the timer reaches a predetermined value.
(67) Of course, if a successful communication request from the SIM and/or electronic device is made whilst the timer is running, then the timer can be stopped and reset (e.g. in place of step 304).
(68) Of course, some embodiments may comprise using both a timer and a counter.
(69) The described step 301 is only one embodiment for the enabling the remote system to determine whether a SIM, associated with an electronic device, or the electronic device itself is not permitted to communicate using the mobile network. In another example, a termination request is received from an external device (e.g. a controller of the mobile network) for terminating the registration of the SIM or electronic device on the mobile network. In this example, step 301 may comprise determining that the SIM or electronic device is not permitted to communicate using the mobile network in response to this termination request.
(70) Typically, in response to such a termination request, a home location register processes the termination request to deprovision the SIM or electronic device on the mobile network. In preferred embodiments, the step 302 is performed before the home location register processes the termination request.
(71) This process could be combined and/or performed in parallel to step 301 described in
(72)
(73) However, in some embodiments, the SIM itself may be adapted to decide and control whether the electronic device is able to initiate a communication request with the mobile network. This may be performed in addition to or instead of the process taking place with the remote system.
(74)
(75) The method 400 comprises a step 401 of determining whether (or not) the electronic device and/or SIM is permitted to communicate using the mobile network. Step 401 could be performed in a number of ways.
(76) In some embodiments, step 401 comprises inferring that an electronic device and/or SIM is not permitted to communicate using the mobile network by the number of requests, e.g. within a predetermined period of time, for communication data (from the SIM) made by the modem and/or processing module controlling the modem. For example, if multiple requests for communication data (such as an IMSI) are made within a predetermined time period, e.g. one hour, then it can be inferred that the electronic device and/or SIM is not permitted to communicate using the mobile network.
(77) In preferable embodiments, step 401 may comprise receiving a communication from the remote system that the electronic device and/or SIM is not permitted to communicate using the mobile network, e.g. in the form of an OTA communication or the like. In other words, step 401 may comprise determining whether the electronic device and/or SIM has been explicitly rejected (i.e. registration denied) from the network. This embodiment is particularly useful if method 300, described with reference to
(78) The method 400 may assume (i.e. by default) that the electronic device and/or SIM is permitted to communicate using the mobile network if there is no indication to the contrary. Thus, the method 400 may effectively idle at step 401 until it is determined that the electronic device and/or SIM is not permitted to communicate using the mobile network.
(79) The method 400 comprises a step 402 which is performed in response to step 401 determining that the electronic device and/or SIM is not permitted to communicate using the mobile network.
(80) Step 402 comprises modifying the contents of the SIM to prevent the SIM from responding to a request from the modem or processing unit of the electronic device with communication data that enables the modem or processing unit to initiate a communication request to the mobile network. Suitable methods of modifying the contents of the SIM have been previously described with reference to
(81) In some further embodiments, the method 400 may comprise a further step 403 that enables an operator of the electronic device to be given a grace period to attend to any problems with their subscription to the mobile network, e.g. paying any relevant subscription fees. Step 403 is analogous to step 303 of method 300.
(82) In particular examples, step 403 may comprise a step 403A of modifying a second counter value, stored by the SIM, upon each unsuccessful connection attempt of the electronic device to the mobile network. Step 403A may comprise incrementing (e.g. by 1) the second counter value or decrementing (e.g. by 1) the second counter value.
(83) The second counter values is labelled as the “second” counter value to distinguish it from the “first counter value” introduced in method 300. It is not essential for the first counter value to exist in some embodiments, and the skilled person would be able to relabel the second counter value accordingly.
(84) In other words, step 403A may be performed in response to step 401 determining that the electronic device and/or SIM is not permitted to communicate using the mobile network.
(85) Step 403 may further comprise a step 403B of determining whether the second counter value has reached or breached a second threshold counter value. In response to the second counter value reaching or breaching a second threshold counter value, the method moves to step 402, otherwise the method reverts back to step 401.
(86) Step 403B may comprise determining if the second counter value is greater than (and optionally equal to) the second threshold counter value. This embodiment may be used where the modification to the second counter value in step 403A is to increment the second counter value.
(87) Step 403B may comprise determining if the second counter value is less than (and optionally equal to) the second threshold counter value (which, in this example, may be equal to 0). This embodiment may be used where the modification to the second counter value in step 403A is to decrement the second counter value.
(88) The second counter value may be initialized to a second predetermined value (e.g. 0 for an incremental counter or a predetermined non-zero number for a decremental counter).
(89) In some embodiments, the second counter value is reset to the predetermined/initialized value in response to the electronic device successfully connecting to the mobile network.
(90) Method 400 may therefore comprise an additional step 404 of resetting the second counter value to the predetermined/initialized value in response to determining (in step 401) that the SIM and/or electronic device is permitted to communicate using the mobile network.
(91) The size of the second threshold value and/or predetermined/initialized value (depending on whether an incremental or decremented counter is used) may be calculated or estimated to give an expected time before the counter expires. For example, 1 month based on the electronic device's normal behavior. This can be calculated based on the frequency and/or number of requests made by the electronic device to communicate using the mobile network, which could be monitored for a predetermined period of time before initiating the method 400.
(92) In other words, a method according to an embodiment may comprise calculating a number of unsuccessful connection/authentication requests permitted before executing the method 300. The calculating may be based on an average frequency of requests made by the electronic device (e.g. a number of requests made within a predetermined period of time), and may be performed so that the electronic device is permitted to make communication requests for a predetermined period of time, e.g. a week, a month, two months and so on.
(93) In other words, the number of ‘grace’ connection/authentication attempts configured can be controlled.
(94) In another method, rather than using a counter in step 403, a timer may be used. Step 403 may comprise triggering a timer in response to determining whether (or not) the electronic device and/or SIM is permitted to communicate using the mobile network and moving to step 402 when the timer reaches a predetermined value.
(95) Of course, if a successful communication request from the SIM and/or electronic device is made whilst the timer is running, then the timer can be stopped and reset (e.g. in place of step 404).
(96) Of course, some embodiments may comprise using both a timer and a counter, and these embodiments may be integrated accordingly.
(97) The SIM may be further adapted to permit a limited boost to the second counter value, e.g. to enable a user or the electronic device to manually configure the SIM to permit at least some further authentication requests to be made by the electronic device. This may give the electronic device the opportunity to reconnect to the mobile network some time (i.e. a period of time) after it has been deprovisioned (e.g. if an operator of the electronic device decides to re-initiate their subscription).
(98) This effectively provides a recovery or “reserve tank” mechanism for the SIM.
(99) This process may be performed after step 402 has been performed, e.g. when the SIM has already been configured to prevent the SIM from responding to a request for communication data with communication data that enables an authentication/connection request to be made by the modem (or processing module controlling said modem). Alternatively, this process may be performed completely separately to the method 400 (e.g. in parallel thereto).
(100) The method 400 may therefore further comprise a step 405 of determining whether a reset instruction/communication has been received from a local interface (e.g. of the electronic device, such as the modem and/or the processing module controlling the modem). If no reset communication is received, then the method may simply repeat step 405, i.e. idle at step 405, until a reset instruction is received.
(101) If a reset communication is received, then the method may move to a step 406 of responding, at the SIM to a reset communication or reset instruction from a component of the electronic device by setting the second counter value to a third predetermined value.
(102) The third predetermined value may be different or the same as the second predetermined value. Preferably, the third predetermined value is configured so that the electronic device is permitted fewer authentication/connection requests than if the second predetermined value were used instead. The precise value will depend upon the type of modification made to the second counter value (e.g. incremental or decremental).
(103) In some embodiments, the reset instruction and/or communication will only be acted upon if an authenticated communication session exists between the SIM and the component providing the instruction/communication. This authenticated communication session may be initiated only when the component provides a secret key, such as an administrative key (e.g. ADM1), to the SIM. This may help avoid a badly behaved or malicious user/application from successfully boosting the second counter value without express permission from the mobile network operator, who would be required to disclose or provide a secret/administrative key at the point the user/application needs to use the reserve tank.
(104) In some embodiments, the method is adapted so that the reset communication/instruction can only be sent a maximum number of times, e.g. without the electronic device being authenticated on the mobile network. This effectively limits the number of times the “reserve tank” can be used. This process may be performed in a step 407, which is logically located between steps 405 and 406.
(105) Thus, in some embodiments, the method comprises a step 407A of modifying a reset counter value (stored in the SIM) in response to receiving a reset communication/instruction, and determining in a step 407B whether (or not) the reset counter value has reached or breached a predetermined reset counter threshold. If the reset counter value has reached or breached a predetermined reset counter threshold, the method ends (i.e. and no modification is made to the second counter value. Otherwise, the method moves to step 406.
(106) The reset counter value may be relabeled the “third counter value”.
(107) The reset counter value may be reset to an initialized reset counter value in response to the electronic device successfully connecting to the mobile network, i.e. in response to the SIM/mobile being permitted to communicate using the mobile network (step 404).
(108) Step 402 may be appropriately configured to enable this “reserve tank” process to take place.
(109) For example, where step 402 comprises overwriting a stored IMSI (or other SIM identifier) with invalid information, the originally stored IMSI (or other SIM identifier) may be securely stored elsewhere in the SIM, and only made accessible to the SIM itself (e.g. using appropriate security settings).
(110) Of course, if present, steps 405, 406 and 407 (if present) may be performed in a separate parallel process (e.g. rather than being integrated into the method 400 as illustrated).
(111) To increase a level of control over the mobile network system, any of the aforementioned counter values, predetermined values, thresholds or timers (where appropriate) may be updated or modified by an operator of the mobile network. This could, for example, allow a first counter value stored and used by the remote system to be reset by a network operator (e.g. to override an accidental de-provisioning of the electronic device).
(112) Counter values, thresholds and timers stored on the SIM may be updated using an over-the-air process.
(113) This process may be particularly useful to enable an operator of the remote system to directly set the second counter value stored at a SIM to be such that the second counter value reaches or breaches the second threshold value for that SIM. This can be used to effectively instruct the SIM to prevent communication data from being passed to the modem and/or processing module of the electronic device. This effectively enables the standard process performed by the SIM to be bypassed (e.g. if the electronic device is behaving badly on the network, e.g. repeatedly sending a substantial number of requests).
(114) Where appropriate, the term “mobile network” may be replaced by the term “cellular network”, as the two terms are considered to be semantically identical. Suitable examples of electronic devices include mobile devices, as well as fixed devices that use a mobile/cellular network to communicate (such as a remote monitoring device).
(115) Ordinal numbers (e.g. “first”, “second” and so on) have been used purely to distinguish different elements from one another for the sake of clarity, and reference to a non-“first” (e.g. “second” or “third”) element does not necessitate that a “first” element be present. The skilled person would be capable of relabeling any such elements as appropriate (e.g. relabeling a “second” element as a “first” element if only the second element is present).
(116) Reference to the phrase “whether a SIM is permitted to connect to a network” (or semantically similar) is intended to be synonymous with the phrase “whether an electronic device that uses the SIM is permitted to connect to a network”. In the context of the present invention “permitted to communicate using a mobile network” is considered synonymous with the phrases “authorized on the mobile network”, “provisioned by the mobile network”, “registered on the mobile network” and so on.
(117) The skilled person would be readily capable of developing a processing system for carrying out any herein described method. Thus, each step of the flow chart may represent a different action performed by a processing system, and may be performed by a respective module of the processing system.
(118) Embodiments may therefore make use of a processing system. The processing system can be implemented in numerous ways, with software and/or hardware, to perform the various functions required. A processor is one example of a processing system which employs one or more microprocessors that may be programmed using software (e.g., microcode) to perform the required functions. A processing system may however be implemented with or without employing a processor, and also may be implemented as a combination of dedicated hardware to perform some functions and a processor (e.g., one or more programmed microprocessors and associated circuitry) to perform other functions.
(119) Examples of processing system components that may be employed in various embodiments of the present disclosure include, but are not limited to, conventional microprocessors, application specific integrated circuits (ASICs), and field-programmable gate arrays (FPGAs).
(120) In various implementations, a processor or processing system may be associated with one or more storage media such as volatile and non-volatile computer memory such as RAM, PROM, EPROM, and EEPROM. The storage media may be encoded with one or more programs that, when executed on one or more processors and/or processing systems, perform the required functions. Thus, there is provided a computer program product comprising computer program code that, when executed on a computing device having a processing system, cause the processing system to perform all of the steps of any herein described method. The computer program may be stored on a non-transitory computer readable medium. Various storage media may be fixed within a processor or processing system or may be transportable, such that the one or more programs stored thereon can be loaded into a processor or processing system.
(121) It will be understood that disclosed methods are preferably computer-implemented methods. As such, there is also proposed the concept of computer program comprising code means for implementing any described method when said program is run on a processing system, such as a computer. Thus, different portions, lines or blocks of code of a computer program according to an embodiment may be executed by a processing system or computer to perform any herein described method. In some alternative implementations, the functions noted in the block diagram(s) or flow chart(s) may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
(122) Variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed invention, from a study of the drawings, the disclosure and the appended claims. In the claims, the word “comprising” does not exclude other elements or steps, and the indefinite article “a” or “an” does not exclude a plurality. A single processor or other unit may fulfill the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage. If a computer program is discussed above, it may be stored/distributed on a suitable medium, such as an optical storage medium or a solid-state medium supplied together with or as part of other hardware, but may also be distributed in other forms, such as via the Internet or other wired or wireless telecommunication systems. If the term “adapted to” is used in the claims or description, it is noted the term “adapted to” is intended to be equivalent to the term “configured to”. Any reference signs in the claims should not be construed as limiting the scope.