Method for changing an operating mode of a mobile device

Abstract

A method for changing an operating mode of a mobile device is provided. According to the method, a request from the user of the mobile device to change from a first operating mode to a second operating mode is received. In response to the received request a credential is requested from the user. Next, the credential (RCK) is received from the user and validated. If the received credential (RCK) is valid, the second operating mode is set and an indication of the mobile device indicating that the second operating mode has been set is set. If the second operating mode has been set, a reset of the indication is prohibited.

Claims

1. A method for changing an operating mode of a mobile device, the method comprising the steps of: receiving a request from a user of the mobile device to change from a first operating mode to a second operating mode, requesting a credential from the user in response to the received request, receive the credential from the user, validating the received credential, setting the second operating mode and setting an indication of the mobile device indicating that the second operating mode has been set, and after the second operating mode has been set, prohibiting a reset of the indication indicating that the second operating mode has been set and refusing access to a hardware unique key stored on the mobile device.

2. The method according to claim 1, wherein the indication comprises a device identifier of the mobile device, and wherein the step of setting the indication comprises erasing the device identifier.

3. The method according to claim 1, wherein the indication relates to a section of a memory unit of the mobile device, and wherein the step of setting the indication comprises storing the received credential in the section of the memory unit.

4. The method according to claim 1, wherein the first operating mode comprises a user mode and the second operating mode comprises a developer mode, wherein an operation software download function and a debug function for debugging software running on the mobile device are enabled in the developer mode and disabled in the user mode, and wherein an access to user data stored in the mobile device is disabled in the developer mode and enabled in the user mode.

5. The method according to claim 1, wherein setting the second operating mode comprises erasing at least part of user data stored in the mobile device.

6. The method according to claim 1, wherein the second operating mode and the indication are not set, if a SIM lock indication of the mobile device is set, the SIM lock indication indicating that the mobile device is allowed to be operated only in connection with a specific subscriber identity module.

7. The method according to claim 1, wherein the step of validating the received credential comprises: encoding the received credential with a predetermined unidirectional encoding scheme, and comparing the encoded received credential with an encoded reference credential stored in the mobile device.

8. The method according to claim 1, wherein the credential is derived from a predetermined key information and an IMEI information of the mobile device, wherein the IMEI information comprises an international mobile equipment identity which is unique for the mobile device.

9. A mobile device, comprising: an input device for receiving input information from a user of the mobile device, an output device for outputting output information to the user, and a processing unit adapted to receive via the input device a request from the user to change from a first operating mode of the mobile device to a second operating mode of the mobile device, request a credential from the user in response to the received request, receive a credential from the user, validate the received credential, and if the received credential is valid, set the second operating mode, set an indication of the mobile device indicating that the second operating mode has been set, prohibit resetting the indication indicating that the second operating mode has been set, and refuse access to a hardware unique key stored on the mobile device.

10. The mobile device according to claim 9, wherein the mobile device comprises at least one of the group comprising a mobile phone, a personal digital assistant, a digital camera, and a navigation system.

11. The mobile device of claim 9, wherein the indication comprises a device identifier of the mobile device, and wherein the step of setting the indication comprises erasing the device identifier.

12. The mobile device of claim 9, wherein the indication relates to a section of a memory unit of the mobile device, and wherein the step of setting the indication comprises storing the received credential in the section of the memory unit.

13. The mobile device of claim 9, wherein the first operating mode comprises: a user mode and the second operating mode comprises a developer mode, wherein an operation software download function and a debug function for debugging software running on the mobile device are enabled in the developer mode and disabled in the user mode, and wherein an access to user data stored in the mobile device is disabled in the developer mode and enabled in the user mode.

14. The mobile device of claim 9, wherein setting the second operating mode comprises erasing at least part of user data stored in the mobile device.

15. The mobile device of claim 9, wherein the second operating mode and the indication are not set, if a SIM lock indication of the mobile device is set, the SIM lock indication indicating that the mobile device is allowed to be operated only in connection with a specific subscriber identity module.

16. The mobile device of claim 9, wherein the step of validating the received credential comprises: encoding the received credential with a predetermined unidirectional encoding scheme, and comparing the encoded received credential with an encoded reference credential stored in the mobile device.

17. The mobile device of claim 9, wherein the credential is derived from a predetermined key information and an IMEI information of the mobile device, wherein the IMEI information comprises an international mobile equipment identity which is unique for the mobile device.

18. A method for changing an operating mode of a mobile device, the method comprising: receiving a request from a user of the mobile device to change from a first operating mode to a second operating mode, requesting a credential from the user in response to the received request, receive the credential from the user, validating the received credential, setting the second operating mode and setting an indication of the mobile device indicating that the second operating mode has been set, wherein the indication relates to a section of a memory unit of the mobile device which has limited access, and wherein the setting the indication comprises storing the received credential in the section of the memory unit for the stored credential to serve as the indication, and after the second operating mode has been set, prohibiting a reset of the indication indicating that the second operating mode has been set and refusing access to a hardware unique key stored in the mobile device.

19. A mobile device, comprising: an input device for receiving input information from a user of the mobile device, an output device for outputting output information to the user, and a processing unit adapted to: receive via the input device a request from the user to change from a first operating mode of the mobile device to a second operating mode of the mobile device, request a credential from the user in response to the received request, receive a credential from the user, validate the received credential, and if the received credential is valid: set the second operating mode, set an indication of the mobile device indicating that the second operating mode has been set, wherein the indication relates to a section of a memory unit of the mobile device which has limited access, and wherein setting the indication comprises storing the received credential in the section of the memory unit for the stored credential to serve as the indication, and after the second operating mode has been set, prohibit resetting the indication indicating that the second operating mode has been set and refuse access to a hardware unique key stored in the mobile device.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) The invention will now be described in more detail with reference to the accompanying drawings.

(2) FIG. 1 shows a block diagram of a mobile device according to an embodiment of the present invention.

(3) FIG. 2 shows a flow chart for changing an operating mode of a mobile device according to an embodiment of the present invention.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

(4) In the following, exemplary embodiments of the present invention will be described in more detail. It has to be understood that the following description is given only for the purpose of illustrating the principles of the invention and is not to be taken in a limiting sense. Rather, the scope of the invention is defined only by the appended claims and not intended to be limited by the exemplary embodiments herein after.

(5) It is to be understood that the features of the various exemplary embodiments described herein may be combined with each other unless specifically noted otherwise. Same reference signs in the various instances of the drawings refer to similar or identical components.

(6) FIG. 1 schematically shows a mobile device 10, for example a mobile phone. The mobile device 10 comprises a processing unit 11, a memory unit 12, an input device 13, a display 14, a radio frequency unit 15, an antenna 16, and a subscriber identity module (SIM) card 17. The display 14 may comprise for example a liquid crystal display adapted to display a graphical user interface. The input device 13 may comprise a plurality of push buttons and a touch sensitive surface which may be arranged on a surface of the display 14 thus composing a so-called touch screen. The radio frequency unit 15 may be adapted to receive and transmit data, especially voice data. The SIM card 17 may provide information to identify the subscriber on the mobile telephonic device to get access to a mobile communication network. The mobile device 10 furthermore comprises a connector 18 for coupling the mobile device to a computer for a data exchange. The connector 18 may comprise for example an USB connector. However, the connector 18 may also comprise a unit for providing a wireless connection to the computer, for example via a wireless local area network or a wireless short range radio frequency connection.

(7) In the memory unit 12 an operating software, an application software, data of the operating software, data of the application software and user data may be stored. In more detail, the software and data stored in the memory unit 12 may comprise for example a boot software, a so-called S1 boot software, a software for a digital signal processor of the mobile device 10, a file system and a software for a modem of the mobile device 10, a file system for the operating system, a file system for the user data, a recovery area, an operating system kernel, a trusted computing base access (TCB) to a hardware unique key (HUK), SIM lock data, keys for a digital rights management, and data of a credential manager. Some of the data, especially the SIM lock data and the data of the credential manager may be stored in a so-called trim area (TA) which is accessible by a specific application program interface.

(8) In connection with FIG. 2 will be described in the following a method to gain an extended access, a so-called root access, to the mobile device 10. Getting root access to the device will also be called “rooting”. Rooting means allowing root access to the environment of the operating system, effectively allowing a user of the mobile device 10 to do nearly anything with the device. However, rooting shall only be allowed on devices that are not SIM locked. Therefore, the presence of a corresponding tag in the SIM lock data shall indicate if rooting is allowed.

(9) FIG. 2 shows the interaction between the boot software 21, the trim area 22 and a computer 23 connected to the mobile device 10 via the connector 18. First, the boot software reads the SIM lock data from the trim area 22 (step 24). In step 25 a signature of the SIM lock data is verified to check, if the values in the SIM lock data can be trusted. If the verification fails, the root mode cannot be entered (step 26). If the verification is positive, the tag indicating if rooting is allowed is checked (step 27). If rooting is not allowed, the process is ended (step 26). If it is determined in step 27 that rooting is allowed, a rooting control key (RCK) is received from the computer 23 (step 28). In step 29 the received rooting control key is compared to a reference rooting control key (RCK_H) of the mobile device 10. If there is a mismatch between the received rooting control key and the reference rooting control key of the mobile device the process is ended at step 26. Otherwise a device key (Dk) of the mobile device is deleted in step 30 and the received rooting control key (RCK) is stored in the trim area 22 in step 31. In more detail, the reference rooting control key RCK_H of the mobile device may be a hash coded credential which is derived from a master key and an international mobile equipment identity (IMEI). Therefore, the reference rooting control key (RCK) received from the computer 23 has to be hash coded before being compared to the rooting control key RCK_H of the mobile device 10.

(10) The device key Dk is erased when the correct rooting control key RCK is received, i.e. before the plain text RCK is written to the trim area 22 to indicate that the mobile device has been rooted. The rooting control key RCK may be distributed by several means, for example via the internet to the computer 23 or as a written note in a selling box of the mobile device 10 which has to be entered into the computer 23.

(11) When the root mode of the mobile device 10 is entered all sensitive material stored on the mobile device shall be unusable. This relates especially to the hardware unique key HUK, the SIM lock data, the digital rights management keys (DRM) and the data stored by the credential manager. To refuse the use of the hardware unique key HUK, the trusted computing base TCB shall refuse access to the HUK on a rooted device.

(12) On the other hand, in the root mode downloading of new application software and parts of the operating system as well as enabling a debug mode of the mobile device 10 is enabled.

(13) While exemplary embodiments have been described above, various modifications may be implemented in other embodiments. Furthermore, it is to be understood that all the embodiments described above are considered to be comprised by the present invention as it is defined by the appended claims.