Subscriber Identification Module and Application Executable on a Subscriber Identification Module
20170353471 · 2017-12-07
Inventors
Cpc classification
H04W12/30
ELECTRICITY
H04L63/0428
ELECTRICITY
H04L63/107
ELECTRICITY
H04W12/02
ELECTRICITY
H04W12/67
ELECTRICITY
International classification
H04W4/00
ELECTRICITY
Abstract
A subscriber identity module for employment in a mobile device has a processor, a storage as well as a location determining device. The location determining device is adapted to determine a location of the subscriber identity module. The subscriber identity module makes a plurality of functions available.
Claims
1-12. (canceled)
13. A subscriber identity module for employment in a mobile device, having: a processor, a storage, a location determining device which is adapted to determine a location of the subscriber identity module, wherein the subscriber identity module is adapted to make available a plurality of functions, wherein the subscriber identity module makes at least a part of the functions available in a restricted manner or not at all in dependence on the determined location, wherein the function is the functional range of an encryption algorithm and/or wherein the function is the access to data and/or applications.
14. The subscriber identity module according to claim 13, wherein the storage has a volatile storage area and a non-volatile storage area.
15. The subscriber identity module according to claim 13, wherein the location determining device is adapted to determine the location with the help of a mobile radio cell which the subscriber identity module is registered with.
16. The subscriber identity module according to claim 13, wherein the location determining device, for determining the location, is adapted to employ a position detection module, wherein the position detection module can be integrated into the mobile device and/or the subscriber identity module.
17. The subscriber identity module according to claim 16, wherein the position detection module is adapted to process GPS and/or GLONASS information.
18. The subscriber identity module according to claim 13, wherein the location comprises at least one information item as to the country the subscriber identity module is located in.
19. The subscriber identity module according to claim 13, wherein the subscriber identity module is a SIM card, an UICC and/or an eUICC.
20. The subscriber identity module according to claim 13, wherein the functions available in dependence on the determined location are stored in a whitelist.
21. The subscriber identity module according to claim 13, wherein the functions not available in dependence on the determined location are stored in a blacklist.
22. The subscriber identity module according to claim 13, wherein the function is the key length of a cryptographic algorithm, in particular a signature and/or hash algorithm.
23. The subscriber identity module according to claim 13, wherein the subscriber identity module makes at least a part of the functions available in a restricted manner or not at all, in dependence on the mobile network operator to which the subscriber identity module is connected.
24. An application executable on a subscriber identity module, which is adapted to make available in dependence on the determined location at least a part of the functions in a restricted manner or not at all, wherein the application is adapted to determine the location of the subscriber identity module while employing a location determining device.
Description
BRIEF DESCRIPTION OF THE DRAWING
[0022]
DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS OF THE INVENTION
[0023] A subscriber identity module according to the invention as well as an application executable on a subscriber identity module according to the invention are described hereinafter with reference to the embodiment shown by way of example in
[0024]
[0025] The mobile device 20 is equipped with a subscriber identity module 10 as shown in
[0026] The subscriber identity module 10 known in the prior art serves for identifying the user vis-à-vis the mobile network operator. In the subscriber identity module a processor 12 as well as a storage 14 are configured. The storage 14 can be divided into a volatile and a non-volatile storage, in particular the storage can be divided into a ROM region, a RAM region and an EEPROM region. The operating system as a rule is deposited in the ROM region. There, different properties can further be stored for different mobile network operators.
[0027] Further stored in the storage 14 is the IMSI (International Mobile Subscriber Identity). This serves the unambiguous identification of the user vis-à-vis the mobile network operator. For further details on the subscriber identity module 10 as well as on the IMSI, reference is made to the prior art which is hereby explicitly enclosed.
[0028] In dependence on the country which the subscriber identity module is supplied to, there are rules or restrictions which decree which functions the subscriber identity module 10 may make available in the corresponding country. The following functions are stated by way of example: cryptographic algorithms or key lengths for cryptographic algorithms, licenses for applications/data or accesses to these (e.g. media files, database accesses), access to applications (for example payment/banking applications). Correspondingly, according to a restriction e.g. the length of a key for a cryptographic algorithm could be shortened. Alternatively, the access to certain applications can be restricted or prohibited in dependence on the location.
[0029] The manufacturers of subscriber identity modules 10 thus face the problem that in dependence on the countries which a subscriber identity module is to be supplied to, a plurality of subscriber identity modules 10 must be kept available in dependence on the range of functions permissible in the respective countries.
[0030] This is where the present invention sets in. The subscriber identity module 10 according to the invention additionally has a location determining device 16. The location determining device 16 is configured to determine a location of the subscriber identity module (10). The location determining device 16 can determine the location, for example, by querying location data from a mobile radio cell which the subscriber identity module 10 is registered with, i.e. which the subscriber identity module 10 is communicating with, and with the help of this location data said device determines which country the mobile device 20 and therefore the subscriber identity module 10 are located in.
[0031] Alternatively the location determining device 16 can employ a position detection module (not shown). The position detection module can be integrated into the mobile device 20 and/or into the subscriber identity module 10. The position detection module is configured for the purpose of processing position data, in particular GPS and/or GLONASS data/information. With the help of these data or information, a location of the subscriber identity module 10 can be determined and therefore the country which the subscriber identity module is located in.
[0032] The location determining device 16 can have a device which can recognize a false location information. In this manner it possible to recognize tampering with the subscriber identity module 10 or the location determining device 16.
[0033] In dependence on the country which the subscriber identity module 10 is located in, certain functions of the subscriber identity module can, for example, be impermissible. The subscriber identity module 10 makes at least a part of the functions available in a restricted manner or not at all in dependence on the determined location, in particular the determined country.
[0034] For example, some countries require that a particularly strong encryption or a particularly weak encryption is used there for data transmitted with the subscriber identity module to 10. Alternatively, in dependence on the location, licenses for an application could operate only with a restricted range of functions or the application could be not available at all. For example, a payment application or a banking application can function only in certain countries. In this manner, it is advantageously possible to admit the access to a payment application and/or banking application only in “secure” countries. It is thereby possible that in the storage 14 of the subscriber identity module there is deposited which functions are permissible in a country (whitelist) or which functions are impermissible in a country (blacklist).
[0035] The range of functions permissible in a certain country can further also depend on the mobile network operator (MNO) which the subscriber identity module 10 has set up a connection with. In dependence on the mobile radio network or the mobile network operator which the subscriber identity module 10 is connected to, at least a part of the above-mentioned functions can be made available in a restricted manner or not at all.
[0036] According to the invention, an application is further provided, which is deposited in the storage 14 of the subscriber identity module 10, which carries out the check at which location the subscriber identity module 10 is located. In dependence on the determined location, the application can restrict a part of the functions or not make them available.