Binding mobile device secure software components to the SIM

Abstract

Various embodiments include a method for binding a secure software application to a mobile device wherein the mobile device includes a processor and a subscriber identity module (SIM) card, including transmitting, by the processor, an authentication challenge to the SIM card; receiving an authentication response from the SIM card; verifying the authentication response from the SIM card; and enabling the secure software application when the authentication response from the SIM card is verified.

Claims

1. A method comprising: receiving, at a processor of a mobile device, a cryptographic key shared with a SIM card of the mobile device; encrypting the received cryptographic key using a cryptographic function; transmitting, by the processor, an authentication challenge to the SIM card; receiving by the processor an authentication response from the SIM card; verifying the authentication response from the SIM card; and enabling a secure software application stored in a memory at the mobile device when the authentication response from the SIM card is verified, wherein enabling the secure software application includes receiving information from the SIM card that enables the operation of the secure software application.

2. The method of claim 1, wherein enabling the secure software application includes enabling secure portion of the secure software application.

3. The method of claim 1, wherein the secure software application is configured to perform cryptographic functions.

4. The method of claim 1, wherein the shared cryptographic key is the SIM key Ki.

5. The method of claim 3, wherein the cryptographic functions include one of a symmetric encryption/decryption function, an asymmetric encryption/decryption function, a hash function, and a digital signature function.

6. A method comprising: receiving at a processor of a mobile device a cryptographic key shared with a SIM card of the mobile device; encrypting in the received cryptographic key using a cryptographic function; authenticating, by the processor, a connection between the mobile device and a mobile network control server; transmitting an authentication challenge to the SIM card; receiving an authentication response from the SIM card; sending the authentication response from the SIM card to the mobile network control server; receiving from the mobile network control server a verification of the authentication response from the SIM card; and enabling a secure software application stored in a memory at the mobile device when the authentication response from the SIM card is verified by the mobile network control server, wherein enabling the secure software application includes receiving information from the SIM card that enables the operation of the secure software application.

7. The method of claim 6, wherein enabling the secure software application includes enabling secure portion of the secure software application.

8. The method of claim 6, wherein the secure software application is configured to perform cryptographic functions.

9. The method of claim 8, wherein the cryptographic functions include one of a symmetric encryption/decryption function, an asymmetric encryption/decryption function, a hash function, and a digital signature function.

10. A method for binding a secure software application to a mobile device wherein the mobile device includes a processor and a subscriber identity module (SIM) card, comprising: receiving, by a processor of a mobile device, a cryptographic key shared with a SIM card of the mobile device; encrypting the received cryptographic key using a cryptographic function; authenticating, by the processor, a connection between the mobile device and a mobile network control server; requesting from the mobile network control server a verification of the SIM card; receiving from the mobile network control server a verification of the SIM card; and enabling a secure software application stored in a memory at the mobile device when the SIM card is verified by the mobile network control server, wherein enabling the secure software application includes receiving information from the SIM card that enables the operation of the secure software application.

11. The method of claim 10, wherein enabling the secure software application includes enabling secure portion of the secure software application.

12. The method of claim 10, wherein the secure software application is configured to perform cryptographic functions.

13. The method of claim 1, wherein the shared cryptographic key is the SIM key Ki.

14. The method of claim 12, wherein the cryptographic functions include one of a symmetric encryption/decryption function, an asymmetric encryption/decryption function, a hash function, and a digital signature function.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) In order to better understand various exemplary embodiments, reference is made to the accompanying drawings, wherein:

(2) FIG. 1 illustrates a communication system including a mobile device and a mobile network;

(3) FIG. 2 illustrates a method of authenticating a secure software application running on a mobile device using a SIM card;

(4) FIG. 3 illustrates a second method of authenticating a secure software application running on a mobile device using a SIM card;

(5) FIG. 4 illustrates a third method of authenticating a secure software application running on a mobile device using a SIM card and a mobile network control server; and

(6) FIG. 5 illustrates a fourth method of authenticating a secure software application running on a mobile device using a SIM card and a mobile network control server.

(7) To facilitate understanding, identical reference numerals have been used to designate elements having substantially the same or similar structure and/or substantially the same or similar function.

DETAILED DESCRIPTION

(8) The description and drawings illustrate the principles of the invention. It will thus be appreciated that those skilled in the art will be able to devise various arrangements that, although not explicitly described or shown herein, embody the principles of the invention and are included within its scope. Furthermore, all examples recited herein are principally intended expressly to be for pedagogical purposes to aid the reader in understanding the principles of the invention and the concepts contributed by the inventor(s) to furthering the art, and are to be construed as being without limitation to such specifically recited examples and conditions. Additionally, the term, or, as used herein, refers to a non-exclusive or (i.e., and/or), unless otherwise indicated (e.g., or else or or in the alternative). Also, the various embodiments described herein are not necessarily mutually exclusive, as some embodiments can be combined with one or more other embodiments to form new embodiments.

(9) As described above secure software applications may be used to carry out various functions. In certain situations it is desirable to bind a secure software application to a specific device such as a mobile device. Such binding can prevent an attacker from simply copying the secure software to another device and using it in an unauthorized manner. Below embodiments are described that bind a secure software application to a specific mobile device using a subscriber identity module (SIM) card.

(10) FIG. 1 illustrates a communication system including a mobile device and a mobile network. The mobile network 110 may include mobile network control server 112, a back haul network 114, and a base station 116. The mobile network 110 may communicate with a mobile device 120.

(11) The base station 116 communicates with the mobile device 120 using a wireless channel and protocol. A mobile network 110 will have a plurality of base stations 116 to provide mobile service coverage over a desired geographic region. The base station 116 includes antennas to communicate wirelessly with the mobile devices 120. Receivers in the base station 116 down convert, demodulate, and detect the wireless signal received from the mobile device 120 via the antennas. Also, the base station 116 includes transmitters that modulate and transmit a wireless signal to the mobile device 120. The base station 116 converts the received wireless signal into a data stream that is then transmitted to the back haul network 114. The base station 116 may connect to the back haul network 114 using any known connection type and any known communication protocol. Typically, the connection between the base station 116 and the back haul network 114 will be via a wide bandwidth electrical or optical cable connection. In certain remote installations or other difficult to reach locations, the back haul connection may also be wireless.

(12) The back haul network 114 provides connectivity between the base station 116 and the mobile network control server 112. Also, the back haul network 114 may be connected to other networks to provide network connectivity such as to the internet.

(13) The network control server 112 provides control of the mobile network 110. One aspect of this control is the authentication of mobile devices 120 to the mobile network. When a mobile device 120 accesses the mobile network 110, the mobile subscriber must be authenticated in order to use the network. This authentication will be described below in more detail.

(14) The mobile device 120 may be a mobile telephone, smart phone, tablet, mobile hotspot, or any other device that is capable of accessing the mobile network 110. The mobile device 120 may include a wireless interface 122, antenna 124, a processor 126, a SIM card 128, and a data storage 130. The antenna 124 may receive and transmit wireless signals in order to communication with the mobile network 110. The wireless interface 122 may include transmitters and receivers connected to the processor 126. The transmitters receive data from the processor 126 that is modulated and transmitted to the mobile network. The receivers receive a wireless signal from the mobile network and demodulate the signal into data to be sent to the processor 126.

(15) The processor 126 controls the operation of the mobile device 120. The processor 126 may execute software instructions stored in the data storage 130. The data storage 130 may be any data storage used in conjunction with the processor 126 and may include both volatile and non-volatile storage including, for example, disk drives, optical drives, random access memory (RAM), flash memory, etc. The data storage may also store data (not shown) used by the mobile device 120 and its applications.

(16) Various types of software instructions may be stored in the data storage 130, including for example, operating system 132, applications 134, and secure software application 136. The operating system 130 may be any of numerous operating systems that may be implemented in the mobile device 120. The operating system may provide the user interface and provide various services such as running applications, accessing stored data, and controlling various hardware functions such as controlling the wireless interface 122. Applications 134 may be any applications installed on the mobile device 120 that may be run by the user of the mobile device 120.

(17) The secure software application 136 (as described above) may be an application designed to securely perform various general functions as well as cryptographic functions such as decryption, encryption, digital signature, etc. In spite of the fact that an attacker of the mobile device 120 may have complete control over the mobile device 120 including altering the secure software application, tracking each step of the secure software application, accessing memory during operation of the secure software application, etc. Various techniques may be used to implement the secure software application 136 as described above.

(18) For example, the secure software application may provide a secure environment for the use of digital rights management (DRM) software by decrypting encrypted media content. Also, the secure software application may be used to implement a digital signature protocol for use by the mobile device 120 to digitally sign messages.

(19) The mobile device 128 also includes a SIM. The SIM is an integrated circuit that securely stores the international mobile subscriber identity (IMSI) and the related key used to identify and authenticate a subscriber on the mobile device 120 to the mobile network 110. Typically, a SIM circuit is embedded into a removable plastic card. This plastic card is called a SIM card 128 and can be transferred between different mobile devices.

(20) A SIM card 128 contains its unique serial number (ICCID), international mobile subscriber identity (IMSI), security authentication and ciphering information, temporary information related to the local network, a list of the services the user has access to and two passwords: a personal identification number (PIN) for ordinary use and a personal unblocking code (PUK) for PIN unlocking.

(21) Each SIM holds a unique key K.sub.i assigned to it by the operator during the personalization process. The K.sub.i is also stored in a database on mobile network control server 112. K.sub.i is a 128-bit value used in authenticating the SIMs on the mobile network 110. Further, additional keys may be shared and stored that are derived from K.sub.i and/or that may have the same characteristics as K.sub.i.

(22) The SIM card is designed not to allow the K.sub.i to be obtained using the smart-card interface. Instead, the SIM card provides a function, Run GSM Algorithm, that allows the phone to pass data to the SIM card to be signed with the K.sub.i. This, by design, makes usage of the SIM card mandatory unless the K.sub.i can be extracted from the SIM card, or the carrier is willing to reveal the K.sub.i.

(23) K.sub.i is used to authenticate a mobile device 120 to the mobile network 110. When the mobile device 120 starts up, it obtains the International Mobile Subscriber Identity (IMSI) from the SIM card 128, and passes this to the mobile network control server 112 requesting access and authentication. The device 120 may have to pass a PIN to the SIM card 128 before the SIM card 128 will reveal this information. The mobile network control server 112 searches its database for the incoming IMSI and its associated K.sub.i. The mobile network control server 112 then generates a random number and signs it with the K.sub.i associated with the IMSI and stored on the SIM card 128, computing another number known as signed response 1 (SRES_1). The mobile network control server 112 then sends the random number to the mobile device 120, which passes it to the SIM card 128. The SIM card 128 signs it with its K.sub.i producing signed response 2 (SRES_2), which it provides to the mobile device 120 along with encryption key K.sub.c. The mobile device transmits SRES_2 to the mobile network 110. The mobile network 110 then compares its computed SRES_1 with the computed SRES_2 that the mobile device 120 returned. If the two numbers match, the SIM is authenticated and the mobile device 120 is granted access to the mobile network 120. K is used to encrypt all further communications between the mobile device 120 and the mobile network 120.

(24) As described above, in order to prevent an attacker from moving the secure software application 136 from one authorized mobile device to another unauthorized mobile device, the secure software application 136 may be bound to the SIM card in the mobile device 120. A first method of binding the secure software application to the SIM card includes sharing secret information between the SIM card and the secure software application. FIG. 2 illustrates a method of authenticating a secure software application running on a mobile device using a SIM card. The secure software application may initially be disabled or have specific portions of the application disabled. The method 200 begins at 205. First, the secure software application 136 may receive secret information from the SIM card 210. Next, the secure software application 136 may verify the secret information received from the SIM card 215. Then the secure software application 136 enables the secure software operation or enables operation of secure portions of the secure software application 220 if the secret information from the SIM card 128 is verified. The method 200 then ends at 225. This approach is susceptible to an attacker intercepting the secret information transmitted from the SIM card 128 to the secure software application 136. In order to minimize the likelihood of intercept, the secure software application 136 and the SIM card may initiate a number of different transfers of data, and only one of them contains the actual secret information. Also, the authentication may only occur once when the secure software application is first initialized. Also, if the secret information is not verified, the secure software application 136 may completely disable itself, preventing further operation of the secure software application 136. Also, there may be situations where certain portions of the secure software are allowed to operate even if the software is not verified.

(25) Another approach may be used to authenticate the mobile device 120 to the secure software application 136 that improves upon the previous approach. This second embodiment uses an authentication protocol between the SIM card 128 and the secure software application 136. FIG. 3 illustrates a second method of authenticating a secure software application running on a mobile device using a SIM card. The secure software application may initially be disabled or have specific portions of the application disabled. The method 300 begins at 305. Next, the secure software application 136 transmits an authentication challenge 310 to the SIM card 128. Then the secure software application 136 receives an authentication response 315 from the SIM card 128. Next, the secure software application 136 verifies the authentication response 320 from the SIM card 128. If the authentication response from the SIM card 128 is verified, then the secure software application 136 or secure portions of the secure software application are enabled 325. If not, then the secure software application is not enabled. Alternatively, there may be situations where certain portions of the secure software are allowed to operate even if the software is not verified. The method then ends at 330. The authentication protocol described in steps 310, 315, and 320 may include additional steps and may implement any known authentication protocol. Such protocols may take advantage of the secure key K.sub.i stored on the SIM card 128 and any keys securely stored on the secure software application 136. If the mobile network provider has control of the implementation of the secure software application 136, it is even possible that an encrypted copy of key K.sub.i may be stored in the secure software application 136. For example, a portion of the secure software application 136 may implement a block cipher, for example the advanced encryption standard (AES), which may be used to encrypt keys stored with and for use by the secure software application. Such keys may include symmetric and asymmetric keys. Also, another portion of the secure software application 136 may implement digital signatures in order to authenticate messages from the secure software application 136. The specific instance of the secure software application 136 installed on the mobile device 120 may be customized with keys and other information needed to be able to authenticate the associated SIM card 128 in the mobile device 120. Also, an authentication protocol like that used when the mobile device 120 seeks access to the mobile network 110 may be used. In addition, the capabilities of the standard SIM card 128 may be expanded in order to carry out an authentication protocol with the secure software application 136.

(26) Yet another approach may be used to authenticate the mobile device 120 to the secure software application 136 that improves upon the previous approaches. This third embodiment uses an authentication protocol between the SIM card 128 and the secure software application 136 but also uses the mobile network control server 112 in the protocol. FIG. 4 illustrates a third method of authenticating a secure software application running on a mobile device using a SIM card and a mobile network control server. The secure software application may initially be disabled or have specific portions of the application disabled. The method 400 begins at 405. Then the secure software application performs an authentication protocol 410 with the mobile network control server 112 in order to authenticate a connection to the network control server 112. Any known authentication protocol may be used to authenticate this connection. Such protocol may include the private and secure sharing of information between the mobile network control server 112 and the secure software application 136 before the secure software application 136 is installed on the mobile device 136. Next, the secure software application 136 transmits an authentication challenge 415 to the SIM card 128. Then the secure software application 136 receives an authentication response 420 from the SIM card 128. Next, the secure software application 136 sends the authentication response 425 from the SIM card 128 to the mobile network control server 112. The mobile network control server 112 then verifies the authentication response from the SIM card 128. The secure software application 136 then receives a verification of the SIM card challenge response 430 from the mobile network control server 112. If the authentication response from the SIM card 128 is verified by the mobile network control server 112, then the secure software application 136 or secure portions of the secure software application are enabled 435. If not, then the secure software application is not enabled. Alternatively, there may be situations where certain portions of the secure software are allowed to operate even if the software is not verified. The method then ends at 440.

(27) The authentication protocol described in steps 415, 420, 425, and 430 may include additional steps and may implement any known authentication protocol. Such protocols may take advantage of the secure key K.sub.i stored on the SIM card 128 and any keys securely stored on the secure software application. For example, a portion of the secure software application 136 may implement a block cipher, for example the advanced encryption standard (AES), which may be used to encrypt keys stored with and for use by the secure software application. Such keys may include symmetric and asymmetric keys. Also, another portion of the secure software application 136 may implement digital signatures in order to authenticate messages from the secure software application 136. The specific instance of the secure software application 136 installed on the mobile device 120 may be customized with keys and other information needed to be able to authenticate the associated SIM card 128 in the mobile device 120. Also, an authentication protocol like that used when the mobile device 120 seeks access to the mobile network 110 may be used. In addition, the capabilities of the standard SIM card 128 may be expanded in order to carry out an authentication protocol with the secure software application 136 and the mobile network control server 112. This third method has the benefit of an attacker needing to spoof two connections of the secure software application 136. Also, the mobile network control server 112 operates in a black box environment, meaning it would be very hard for an attacker to successfully break the security of the mobile network control server 112.

(28) Yet another approach may be used to authenticate the mobile device 120 to the secure software application 136. This fourth embodiment uses an authentication protocol between the SIM card 128 and the mobile network control server 112 to verify the SIM card and enable to secure software application 136. FIG. 5 illustrates a fourth method of authenticating a secure software application running on a mobile device using a SIM card and a mobile network control server. The secure software application may initially be disabled or have specific portions of the application disabled. The method 500 begins at 505. Next, the mobile network control server 112 authenticates 510 the SIM card 128. An example of such an authentication protocol was described above. It is also possible that such authentication may include additional steps or that a different authentication protocol may be used to achieve a more secure authentication of the SIM card 128 when seeking to validate a SIM card 128 for use with a secure software application 136. Then the secure software application performs an authentication protocol 515 with the mobile network control server 112 in order to authenticate a connection to the network control server 112. Any known authentication protocol may be used to authenticate this connection. Such protocol may include the private and secure sharing of information between the mobile network control server 112 and the secure software application 136 before the secure software application 136 is installed on the mobile device 136. Next, the secure software application 136 requests 520 that the mobile network control server authenticate the SIM card 128. Then the secure software application 136 receives 525 from the mobile network control server 112 a verification of the SIM card 128. If the SIM card 128 is verified by the mobile network control server 112, then the secure software application 136 or secure portions of the secure software application are enabled 530. If not, then the secure software application is not enabled. Alternatively, there may be situations where certain portions of the secure software are allowed to operate even if the software is not verified. The method then ends at 535.

(29) In the various embodiments described above, the secure software or portions of the secure software may be enabled upon authentication or verification of the SIM card 128. This enablement may also take to form or receiving information from the SIM card 128 needed for the operation of the secure software application 136. For example, specific parameters or even a section of code. Such information may be encrypted by the SIM card before being sent to the secure software application 136. Such a provision may provide an additional layer of protection in binding the secure software application 136 to a specific SIM card 128.

(30) It should be appreciated by those skilled in the art that any block diagrams herein represent conceptual views of illustrative circuitry embodying the principles of the invention.

(31) Although the various exemplary embodiments have been described in detail with particular reference to certain exemplary aspects thereof, it should be understood that the invention is capable of other embodiments and its details are capable of modifications in various obvious respects. As is readily apparent to those skilled in the art, variations and modifications can be effected while remaining within the spirit and scope of the invention. Accordingly, the foregoing disclosure, description, and figures are for illustrative purposes only and do not in any way limit the invention, which is defined only by the claims.

Binding mobile device secure software components to the SIM

Assignee

Inventors

Cpc classification

Classification Explorer

H04W12/48

ELECTRICITY

Classification Explorer

H04W12/06

ELECTRICITY

Classification Explorer

H04L63/045

ELECTRICITY

Classification Explorer

H04L2463/101

ELECTRICITY

Classification Explorer

H04L9/3271

ELECTRICITY

Classification Explorer

H04W12/08

ELECTRICITY

Classification Explorer

H04W12/04

ELECTRICITY

Classification Explorer

H04L2209/80

ELECTRICITY

Classification Explorer

H04L2209/16

ELECTRICITY

Classification Explorer

H04W12/37

ELECTRICITY

Classification Explorer

H04L63/0853

ELECTRICITY

Classification Explorer

H04L63/0876

ELECTRICITY

International classification

Classification Explorer

H04L29/06

ELECTRICITY

Classification Explorer

H04W12/06

ELECTRICITY

Classification Explorer

H04W12/08

ELECTRICITY

Classification Explorer

H04W12/04

ELECTRICITY

Classification Explorer

H04L9/32

ELECTRICITY

Abstract

Claims

Description