WO2012139623A1 - Mobile terminal multiple network registration - Google Patents

Mobile terminal multiple network registration Download PDF

Info

Publication number
WO2012139623A1
WO2012139623A1 PCT/EP2011/055584 EP2011055584W WO2012139623A1 WO 2012139623 A1 WO2012139623 A1 WO 2012139623A1 EP 2011055584 W EP2011055584 W EP 2011055584W WO 2012139623 A1 WO2012139623 A1 WO 2012139623A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile device
registration
application
data
application server
Prior art date
Application number
PCT/EP2011/055584
Other languages
French (fr)
Inventor
Jürgen LERZER
Original Assignee
Telefonaktiebolaget L M Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget L M Ericsson (Publ) filed Critical Telefonaktiebolaget L M Ericsson (Publ)
Priority to PCT/EP2011/055584 priority Critical patent/WO2012139623A1/en
Publication of WO2012139623A1 publication Critical patent/WO2012139623A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/45Security arrangements using identity modules using multiple identity modules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W60/00Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration

Definitions

  • the invention relates to a remote subscriber registration application and in particular to a method of operating a mobile device, a method of operating an application server, a mobile device, an application server, a program element, and a computer-readable medium.
  • SIM Subscriber Identity Module
  • a smart card may be a SIM card supporting a SIM application or may be a Universal Integrated Circuit Card (UICC) supporting a SIM or a Universal Subscriber Identity Module (USIM) application.
  • UICC Universal Integrated Circuit Card
  • USIM Universal Subscriber Identity Module
  • the user of the mobile device may use each of the two subscriber identity module applications at the same time for communicating, for example for transferring voice data via two different telephone numbers or for transferring voice data and for downloading media data from an Internet Protocol (IP) communication server at the same time.
  • IP Internet Protocol
  • dual-SIM mobile devices are manufactured by Samsung or Nokia, and are known as "SGH-D980 dual" or "C2-00", respectively.
  • dual-subscriber identity module mobile devices may comprise a large size and, thus, may be difficult to handle by a user of the mobile device. Further, manufacturing costs of such a mobile device may be high.
  • the user of the dual-SIM mobile device may roam into foreign countries, the user may have to obtain another SIM card or another UICC to be registered in the (home) communication network of the foreign country, in order to obtain services in this communication network at reasonable rates.
  • a usage of the mobile device may be inconvenient for the user of the mobile device.
  • dual-SIM mobile devices are limited to two telephone numbers via which the user of the mobile device may be reachable.
  • the user of the mobile device may have to manu- ally exchange one of the subscriber identity module smart cards for obtaining a further telephone number.
  • the object defined above is solved by a method of operating a mobile device, a method of operating an application server, a mobile device, an application server, a program element, and a computer-readable medium.
  • a method of operating a mobile device is provided.
  • the mobile device is communicatively connected to a subscriber identity module comprising first unique subscriber data associated with a subscriber on the mobile device.
  • the subscriber identity module might comprise a processor for generating first registration data to be used for a first registration to a registration server of a communication network such that the mobile device is able to communicate (e.g. by establishing a circuit switched or packet switched connection) to an application server via the communication network.
  • the method comprises communicating to the application server to access second subscriber data to be used for a second registration.
  • the application server keeps stored (or has access to a storage device keeping stored) second unique registration data associated to the subscriber and/or the mobile device. Upon a request of the mobile device, that application server generates the second registration data from the second unique subscriber data to be transmitted to the mobile device.
  • a method of operating an application server is provided.
  • the method is executed by the application server, and comprises establishing a connection to the mobile device via the communication network.
  • the mobile device is communicatively coupled to a subscriber identity module application comprising the first unique subscriber data associated with the subscriber of the mobile device and to be used for a first registration to a registration server of the communication network.
  • the method com- prises providing second registration data being based on the second unique subscriber data to be used for a second registration on the mobile device.
  • a mobile device is provided.
  • the mobile device is communicatively coupled to a subscriber identity module application comprising first unique subscriber data associated with a subscriber on the mobile device and to be used for a first registration to a registration server of a communication network.
  • the mo- bile device comprises an accessing unit configured for accessing the first registration data from the subscriber identity module application, and a registration unit configured for registering to the registration server using the first registration data.
  • the mobile device comprises an establishing unit configured for establishing a connection to an application server comprising second unique subscriber data via the communication network.
  • the accessing unit is con- figured for accessing the second registration data of the application server to be used for a second registration.
  • an application server is provided for performing the method described above.
  • a program element when being executed by a processor, is configured to carry out or control a method of operating a mobile device and/or a method of operating an application server as described above.
  • a computer-readable medium In the computer-readable medium, a computer program for operating a mobile device and/or for operating an application server is stored.
  • the computer program when being executed by a processor, is configured to carry out or control a method of operating a mobile device and/or a method of operating an application server as described above.
  • the terminology used in the application may be regarded as not limiting the scope of the invention, and the described methods, the described mobile device, the described application server, the described computer program, and the described computer-readable medium may be applicable to various telecommunications standards, for example Global System for Mobile Communications (GSM), Universal Mobile Telecommunications System (UMTS), Long-Term Evolution (LTE), and Code Division Multiple Access (CDMA).
  • GSM Global System for Mobile Communications
  • UMTS Universal Mobile Telecommunications System
  • LTE Long-Term Evolution
  • CDMA Code Division Multiple Access
  • the term “mobile device” may comprise the term “mobile station” conventionally used in GSM, but may also comprise the term “user equipment” conventionally used in UMTS / LTE.
  • registration data may particularly denote data which is needed for registering to a registration server.
  • the registration data may comprise unique subscriber data and dynamic data, for example, authentication data, ciphering keys, temporary mobile subscriber identities and network specific settings like preferred PLMN lists.
  • the registration The term "unique subscriber data" may particularly denote data associated with a subscriber which may exist only once.
  • the unique subscriber data may comprise, for example, information related to a kind of services to which the subscriber may have subscribed or network information of the communication network providing the services.
  • the unique subscriber data and the registration data might be similar or partly similar.
  • the regis- tration data is generated by means of the unique subscriber data such that security sensitive data of the subscriber data is kept within the server and needs not (entirely) to be transmitted over the network.
  • the term "registering to a registration server” may particularly denote a procedure, via which the mobile device may enroll to a home communication network, and may afterwards be ready-to-receive and may send and/or receive data.
  • the registration sever may be configured as a Home Location Register (HLR) node.
  • HLR Home Location Register
  • subscriber may particularly denote an entity (which may be associated with one or more users) which may be engaged in a subscription with a service provider.
  • the subscriber may be allowed to subscribe and unsubscribe services, to register a user or a list of users au- thorized to use these services, and also to set limits which associated users may have for the available services.
  • subscription may particularly denote a commercial relationship between the subscriber and the service provider.
  • a mobile device is communicatively coupled to a subscriber identity module application, whereby the mobile device is entitled for communicating.
  • the mobile device accesses the first registration data associated with the subscriber identity module application, and registers to the registration server to attach in full service mode.
  • the mobile device may be associated with a first address.
  • the mobile device uses the subscriber identity module application to establish a connection to an application server located remotely from the mobile device to access second registration data. Subsequently, the mobile device may register such that the mobile device may be communicatively coupled in a full service mode via the second address.
  • the functionalities associated with the second unique subscriber data may be tunneled to the mobile device via the established connection generated by the subscriber identity module ap- plication such that the mobile device may be enabled to execute any network related services (for example, a circuit switched (CS) call or a packet switched (PS) call).
  • CS circuit switched
  • PS packet switched
  • the access of the second unique subscriber data by the mobile device for registering and/or for communicating is secured e.g. by providing a secure communication between the mobile device and the application server e.g. by means of an intrinsically secure connection (e.g. as ordinarily provided by mobile networks GSM) or by means of encryption.
  • an intrinsically secure connection e.g. as ordinarily provided by mobile networks GSM
  • encryption e.g. as ordinarily provided by mobile networks GSM
  • the second unique subscriber data is stored by the application server or accessible by that server.
  • the second unique subscriber data is not being downloaded to the mobile device itself, for example by duplicating the second unique subscriber data to a storage unit of the mobile device, but only data needed for the second registering.
  • the stored data is transmitted, but only data (e.g. digital key(s)) generated from the stored data.
  • any intercepted data might only be used one for an actual registering, thereby reducing a risk of interception of this data e.g. by an unauthorized user.
  • the communication with application server with respect to the unique subscriber data may be supervised e.g. by the application server itself or by any supervision node within the network. If e.g. any irregularity with respect to the second registration is detected, the registration might be denied, a connection/attachment might be shut down, or any appropriate action might be performed.
  • the second unique subscriber data is stored and/or managed by the application server or any device accessible by the application server.
  • the mobile device may need only one SIM module thus allowing to be designed in a small and cost- effective way despite being configured for dual communication. Further, the mobile device may be easily operable owing to its reduced size.
  • the mobile device may comprise dual access.
  • the mobile device may come along with an increased information availability of today.
  • the user may be communicatively coupled using first and second telephone numbers with a first telephone number being configured for private use and the second telephone number being configured for business use.
  • the first or second telephone number may also be used for internet browsing.
  • the mobile device and the subscriber identity module application may be communicatively coupled to one another in that a subscriber identity module application card on which the subscriber identity module application may be stored may be detachably accommodated in the mobile device.
  • the subscriber identity module application may be stored in an external storage unit, for example an external subscriber identity module card, which may be connected to the mobile device via Bluetooth or via a cable.
  • the method may further comprise registering to a registration server or to another registration server (for example another HLR node) of another communication network using the second unique subscriber data.
  • the another registration server may be located in a serving communication network of the mobile device which may be distinct from the (home) communication network comprising the registration server.
  • the subscriber on the mobile device may be registered to one communication network or two different communication networks via the subscriber identity module application and the second unique subscriber data.
  • the user of the mobile device may not need to obtain additional subscriber identity module cards on which a respective subscriber identity module application may be stored for communicating in the another communication network at reasonable rates.
  • the application server may be located in an internet protocol (based) network (for example, an Internet Protocol (IP) network) or in a core network of the communication network.
  • IP Internet Protocol
  • the internet protocol network may form part of the communication network or may be distinct from the communication network.
  • a communication network architecture to be provided by an operator may be designed in a flexible way concerning a location of the application server.
  • the server may be located in a radio access network of the communication network or the another communication network.
  • the method may further comprise subscribing to a second subscriber identity module application associated with the second unique subscriber data prior to the establishing of the connection, wherein received subscription information comprises an address of the second unique subscriber data, and optionally at least one of identification information of the second sub- scriber identity module application, security information for communicating with the application server, and security information for accessing the second unique subscriber data.
  • the second subscriber identity module application located in the application server may represent a complete application from a communication perspective point of view.
  • the subscriber identity module application associated with the first unique sub- scriber data may be considered as a first subscriber identity module application.
  • the network address of the second unique subscriber data may comprise, in a first option, a network address of a second subscriber identity module application associated with the second unique subscriber data or, in a second option, a network address of the application server in combination with a server-internal address of the second subscriber identity module application.
  • the network address of the second subscriber identity module application may comprise an Internet Protocol (IP) address or an internet domain name of the second subscriber identity module application in a case in which IP may be usable as transport protocol for transferring data.
  • IP Internet Protocol
  • the network address may comprise a Mobile Station Integrated Services Digital Network Number (MSISDN) which may be asso- ciated with or may belong to the second subscriber identity module application in a case in which Short Message Service (SMS) may be usable as the transport protocol.
  • MSISDN Mobile Station Integrated Services Digital Network Number
  • SMS Short Message Service
  • the address of the second unique subscriber data may comprise the IP address, the internet domain name, or the MSISDN as defined above and an additional identifier to address the second subscriber identity module application (for example a Universal Integrated Circuit Card Identification (UICC-ID) assigned to the second subscriber identity module application despite a missing existence of a physical card or an International Mobile Subscriber Identity (IMSI) of the second subscriber identity module application).
  • UICC-ID Universal Integrated Circuit Card Identification
  • IMSI International Mobile Subscriber Identity
  • the usage of an identifier distinct from the IMSI may be beneficial when addressing the second subscriber identity module application, since the IMSI may be conventionally used for identifying a subscriber on a mobile device towards the registration server.
  • the identification information of the second subscriber identity module application may comprise the IMSI or MSISDN.
  • the security information for communicating with the application server may comprise security keys regarding integrity protection and/or ciphering
  • the security in- formation for accessing the second unique subscriber data may comprise a Personal Identification Number (PIN) and a PIN Unlock Key (PUK).
  • PIN Personal Identification Number
  • PIN Unlock Key PIN Unlock Key
  • the received subscription information may be (particularly automatically or manually) stored in the mobile device such that a continuous use of the subscription information for accessing the second unique subscriber data may be guaranteed.
  • the mobile device may execute functionalities associated with the received subscription information, particularly in accordance with 3rd Generation Partnership Project (3rd GPP) Technical Specification (TS) 31.102.
  • the mobile device may transfer the PIN and/or the PUK entered by the user of the mobile device and information related to modifying, activating, or deactivating the PIN and/or the PUK to the second subscriber identity application.
  • 3rd GPP 3rd Generation Partnership Project
  • TS Technical Specification
  • the subscribing may comprise a user of the mobile device signing a contract with an operator (of the communication network or the another communication network) such that the user of the mobile device may be enabled to access a radio access network and/or one or more services provided by the network operator.
  • receiving the subscription information may comprise receiving (part of) the subscription information via a (printed or internet) form, via mail, via email, via SMS, and/or via an Over-The-Air (OTA) device management.
  • OTA Over-The-Air
  • the accessing of the second unique subscriber data may comprise accessing the second unique subscriber data for communicating with a peer end (particularly another mobile de- vice, a Public Land Mobile Network (PLMN) etc.).
  • the communication with the peer end may be based on using the subscriber identity module application for establishing a secured connection between the mobile device and the application server, and for accessing the second unique subscriber data which may be used for establishing a secured communication between the mobile device and the peer end.
  • a con- nection to the application server may have to been established.
  • the method may further comprise activating the second subscriber identity module application for the subscriber on the mobile device particularly during the subscribing or later during accessing the second unique subscriber data for communicating with the peer end.
  • the established connection may be secured, in a first option, by security procedures provided or implemented in the communication network using the first unique subscriber data.
  • security procedures may be based on (internet protocol security) procedures according to 3 GPP.
  • the established connection (particularly to the (second unique subscriber data of the) application server) may be secured, in a second option, by the security information for communicating with the application server received at subscription (particularly to the application server).
  • the established connection may be secured, in a third option, by security information exchanged between the mobile device and the application server when accessing the second unique subscriber data (particularly for the communicating with the peer end).
  • security information may be negotiated between the mobile device and the application server at a start of each connection when accessing the second unique subscriber data.
  • the second and third options may be based on internet protocol security procedures.
  • the procedures may comprise Internet Protocol Security (IP- Sec) procedures which may enable authenticating and encrypting each IP packet of a communication session between the mobile device and the application server.
  • IP- Sec Internet Protocol Security
  • respective security information for securing the established connection (for example a key) may be received at subscription and/or may be received prior to the communicating using the established connection.
  • IKE Internet Key Exchange
  • a respective communication protocol may be IP based.
  • network capacity for transmitting the security information may be saved.
  • a security level of the established connection may be enhanced, since the security information may be altered between two subsequent connections.
  • conventional internet protocol procedures may be used for securing the communication, thereby rendering development of new security mechanism to be superfluous.
  • the application server may be located in the core network of the communication network
  • the established connection may be secured by the security provided or implemented in this communication network using the first unique subscriber data (according to the described first option). Since the application server may be controlled by an operator of the communication network, the communication security provided by the first unique subscriber data may comprise a sufficient security level.
  • the internet protocol security procedures may be solemnly used for securing the established connection, in order to enhance the security of the connection link towards the internet protocol network.
  • a connection link of the established connection between the mobile device and the communication network may be secured by the security procedures provided in the communication network using the first unique subscriber data (according to the described first option), and a connection link of the established connection between the communication network and the application server in the internet protocol network may be secured by the internet protocol security procedures (according to the described second and/or third options).
  • a connection link of the established connection between the mobile device and the communication network may be secured by the security provided in the communication network using the first unique subscriber data (ac- cording to the described first option) and by the internet protocol security procedures (according to the described second and/or third options), and a connection link of the established connection between the communication network and the application server in the internet protocol network may be secured by the internet protocol security procedures (according to the described second and/or third options).
  • the established connection may be secured using a proprietary protocol, which may enhance the flexibility of designing security procedures regarding the established connection.
  • the method may further comprise (particularly in response to sending an connection establishment request) receiving connection identification information indicating an identification of the connection to be established or having been established in response to the accessing of the second unique subscriber data for the communicating with the peer end, whereby the received connection identification information may be used during the established connection for identifying purposes of the established connection to the mobile device and/or the application server.
  • the subscriber on the mobile device may identify himself to the second subscriber identity module application and/or the application server for using the second subscriber identity module application by means of a mobile device identity associated with the mobile device and to be used for accessing the second subscriber identity module application or by means of parameters to be derived from the mobile subscriber identity module applica- tion.
  • the IMSI of the subscription information received when subscribing to the second subscriber identity module application may be usable for enhancing the identification request trustability.
  • the method may further comprise resetting a connection configuration of the mobile device (for example, by resetting a Network Signaling (NS) stack unit of the mobile device) if the established connection to the application server may be disconnected or terminated such that such the mobile device may comprise a limited service mode regarding the second unique subscriber data associated with a second subscriber identity module application on the application server.
  • the resetting procedure by the mobile device in the case of the disconnection of the established connection may be similar to a resetting proce- dure by the mobile device in a case of a removal of subscriber identity module card associated with the first unique subscriber data from the mobile device.
  • a connection established to the second unique subscriber data on the application server may be also terminated.
  • the mobile device may then reset the connection configuration regarding the subscriber identity module application and/or the second unique subscriber data associated with a second subscriber identity module application.
  • the method may further comprise detecting a state of the established connection to the appli- cation server, thereby the mobile device being enabled to detect the established connection to be (temporarily) interrupted and/or to be disconnected and/or to detect the mobile device being not authenticated for use of the second unique subscriber data.
  • the detecting may comprise sending information to the application server and detecting response information sent by the application server.
  • the mobile device may assume the established connection to be still active.
  • the mobile device may assume the established connection to be disconnected. Accordingly, the mobile device may then execute steps as being described above in connection with the disconnecting of the connection.
  • the detecting as described above may be executed continuously and/or at regular time intervals during the established connection to the application server, similarly as may be known by testing a reachaliblty of a host on an Internet Protocol network using "ping".
  • the time intervals may be pre-determined, for example, by settings of the mobile device, or may be defined by the application server.
  • the detecting may comprise detecting a presence of lease time period information in the mobile device, which lease time period information may be received from the application server and may indicate a lease time period during which the mobile device may be enabled for using the active established connection for sending and receiving data.
  • the method may further comprise requesting from the application server to prolong the lease time period.
  • the mobile device may than execute steps as being described in connection with the disconnecting of the established connection.
  • the above described mechanism may be similarly embodied compared to a lease time mechanism associated with an assignment of a dynamic IP address to a computer by a Dynamic Host Configuration Server (DHCP) server.
  • DHCP Dynamic Host Configuration Server
  • the second unique subscriber data may be associated with a second subscriber identity mod- ule application, wherein the subscriber identity module application and/or the second subscriber identity module application may be configured as a Subscriber Identity Module (SIM) application, a Universal Subscriber Identity Module (USIM) application or a Code Division Multiple Access (CDMA) Subscriber Identity Module (CSIM) application.
  • SIM Subscriber Identity Module
  • USIM Universal Subscriber Identity Module
  • CDMA Code Division Multiple Access
  • CCM Subscriber Identity Module
  • the subscriber identity module application and/or the second subscriber identity module application may be stored on a SIM card supporting a SIM application or a Universal Integrated Circuit Card (UICC) supporting at least one of a SIM application, a USIM applica- tion, a CSIM application and optionally at least one of Universal SIM Application Toolkit (USAT), and an IP Multimedia Services Identity Module (ISIM) application.
  • SIM Subscriber Identity Module
  • UICC Universal Integrated Circuit Card
  • USAT Universal SIM Application Toolkit
  • ISIM IP Multimedia Services Identity Module
  • communication between the application server and the mobile device may be based on a transport protocol, for example Transmission Control Protocol (TCP) / Internet Protocol (IP), a Short Message Service (SMS) compatible protocol or a Non Access Stratum (NAS) compatible protocol.
  • TCP Transmission Control Protocol
  • IP Internet Protocol
  • SMS Short Message Service
  • NAS Non Access Stratum
  • the second unique subscriber data of the second subscriber identity module application may be accessed for registration and/or communication with a peer end by another mobile device (or a plurality of another mobile devices) simultaneously to the accessing by the mobile device.
  • the connection identification may be usable by the application server to identify the established connections to the different mobile devices, in order to associate signaling data and/or payload data transmitted during the connections with the concerned mobile device.
  • the application server may comprise at least another unique subscriber data as- sociated with at least another subscriber identity module application to be used for at least another registration.
  • the mobile device may communicate with a peer end using the subscriber identity module application of the mobile device, and the at least two further unique subscriber identity module applications located on the application server.
  • the method may further comprise addressing the mobile device by the application server (particularly via the communication network) using an address of the mobile device to be provided by the mobile device at a start of the communication to be established with the application server.
  • the addressing may be accomplished by using an address derived from parameters of the subscriber identity module application, for example the MSISDN.
  • the establishing unit may be configured as a radio subsystem configured for providing access between the mobile device and a radio access network of the communication network.
  • the mobile device may further comprise another establishing unit configured for establishing another connection to the application server comprising the second unique subscriber data for communicating with a peer end.
  • the another establishing unit may be configured as another radio subsystem usable for providing access between the radio access network of the communication system or another radio access network and the mobile device.
  • the radio access network and/or the another radio access network may be configured as GSM Enhanced Data Rates for GSM Evolution (EDGE) Radio Access Network (GERAN), UMTS Terrestrial Radio Access Network (UTRAN), Evolved-UTRAN (E- UTRAN) or Code Division Multiple Access (CDMA) network.
  • EDGE Enhanced Data Rates for GSM Evolution
  • GERAN UMTS Terrestrial Radio Access Network
  • UTRAN UMTS Terrestrial Radio Access Network
  • E- UTRAN Evolved-UTRAN
  • CDMA Code Division Multiple Access
  • Fig. 1 is a block diagram illustrating a communication system comprising a mobile device and an application server according to exemplary embodiments of the invention.
  • Fig. 2 is a flow chart illustrating a method of operating the mobile device in Fig. 1 according to an exemplary embodiment of the invention.
  • Fig. 3 is a block diagram illustrating a mobile device according to another exemplary em- bodiment of the invention.
  • Fig. 4 is a block diagram illustrating an application server according to another exemplary embodiment of the invention.
  • the communication system 100 comprises the mobile device 102, and the application server 104.
  • the mobile device 102 and the application server 104 are communicatively coupled to one another via an IP network 106 and a LTE based communication network 108 comprising first and second radio access networks 1 10, 1 12 and a core network 114.
  • the first radio access network is configured as a GERAN network
  • the second radio access network 112 is configured as an E-UTRAN network.
  • the application server 104 is located in the IP network 106, and comprises a remote USIM access protocol unit 116 configured for providing access between the mobile device 102 and a remote USIM application 118 located in a storage unit of the application server 104.
  • the re- mote USIM protocol unit 1 16 implements procedures for terminating a connection between the mobile device 102 and the application server 104, wherein an initiation of the termination may be executed by the mobile device 102 or the application server.
  • the application server 104 comprises further USIM applications 119 which are also located in the storage unit.
  • the mobile device 102 comprises first and second establishing units 120, 122 each of which being configured as a radio subsystem.
  • the mobile device 102 comprises first and second digital baseband subsystems 124, 126 with the first digital baseband subsystem 124 being communicatively coupled to the first radio subsystem 120 and the second digital baseband subsystem 126 being communica- tively coupled to the second radio subsystem 122.
  • the mobile device 102 also comprises an UICC 128 being detachably accommodated in the mobile device 102.
  • the mobile device 102 comprises a power management unit 129 configured for controlling a power supply towards the first and second radio access subsystems 120, 122, the first and second digital baseband subsystems 124, 126, and the UICC 128.
  • the radio subsystems 120, 122 are configured for operating in accordance with a first layer of a seven layered Open Systems Interconnection (OSI) communication model.
  • each of the radio subsystems 120, 122 comprises a radio transceiver unit and a radio frequency (RF) front end unit.
  • Each of the RF front end unit comprises at least one antenna, as indicated in Fig. 1 as a solidly sketched antenna.
  • at least one of the RF front end units may comprise a plurality of antennas.
  • a number of antennas may depend on a type of a radio access interface of the first and second radio access networks 110, 112 and radio access capa- bilities of the mobile device 102.
  • the further antennas of the first and second radio subsystems 120, 122 are indicated in Fig. 1 in a dashed way.
  • the UICC 128 comprises a storage unit in which an USIM application 130 and associated unique subscriber data are stored. Further, further applications 132 including unique subscription data thereof are stored in the storage unit of the UICC 128.
  • One of the further applica- tions 132 is configured as Universal SIM application tool kit (US AT), and another one of the further applications 132 is configured as IP Multimedia Services Identity Module (ISIM) application.
  • US AT Universal SIM application tool kit
  • ISIM IP Multimedia Services Identity Module
  • the first digital baseband subsystem 124 comprises a first network signaling NS stack unit 134, a first USIM interface unit 136, a UICC driver unit 138, an USIM user interface unit 140, and a transport protocol unit 142.
  • the first NS stack unit 134 is communicatively coupled to the first radio subsystem 120, to the USIM interface unit 136 and to the transport protocol unit 140 (as indicated by double-side ended arrows).
  • the UICC 128 is communicatively coupled to the USIM interface unit 136 via the UICC driver unit 138, and the USIM interface unit 136 is communicatively coupled to the USIM user interface unit 140.
  • the NS stack unit 134 implements the first layer and second and third layers of the OSI communication model for providing a first radio access of the mobile device 102.
  • This implementation may be realized in hardware and in software or may be realized in software only.
  • An interface of the first NS stack unit 134 is configured for transmitting payload data and signaling data via the first radio subsystem 120, in order to communicate with and to con- trol the first radio access network 1 10.
  • the NS stack unit 134 comprises an internal control interface and at least one of a packet switched data interface, a circuit switched data interface, and a messaging interface usable towards the first radio subsystem 120 for communication.
  • the NS Stack unit 134 is configured for resetting all network connections to the communication system 100 in a case of a removal of the UICC 128 from the mobile de- vice 102 and/or in a case of a disconnection of the mobile device 102 from the remote USIM application 118 on the application server 104. Accordingly, the mobile device 102 comprises a limited service mode regarding the USIM application 130 and/or the remote USIM applica- tion 118 subsequent to the resetting.
  • the NS stack unit 134 is configured for detecting a state of an established connection to the remote USIM application 118 by the mobile device 102 sending messages to and receiving messages from the application server 104 and/or by detecting valid lease time information to be present in the mobile device 102 and accordingly implying the established connection to be active.
  • the first USIM interface unit 136 is configured for providing an interface between the NS stack unit 134 and the UICC 128 according to 3rd GPP TS 31.102 such that the NS stack unit 134 is enabled to access parameters of the USIM application 130 required for operating on the first radio access network 1 10. Further, the first USIM interface unit 136 is configured for passing a PIN and/or a PUK from the USIM user interface 140 to the UICC 128 and/or is configured for executing a modification, activating and/or deactivation of the PIN.
  • the UICC driver unit 138 is configured for converting a software based access of the USIM user interface unit 140 and the NS stack unit 134 towards the USIM application 130 into a hardware based access towards the USIM application 130.
  • the USIM user interface unit 140 provides a user interface to the USIM application 130 of the UICC 128, for example for enabling a user of the mobile device 102 to enter the PIN and/or the PUK associated with the USIM application 130 and/or to input information related to a modification, activation and/or deactivation of the PIN.
  • the USIM user interface unit 140 is configured for handling several USIM applications at the same time and thus provides in- terfaces to respective USIM interface units 136 associated with those several USIM applications 130.
  • the USIM user interface unit 140 is configured as an application implementing the above described user interface.
  • the USIM user interface unit 140 may be an internal or external application programming interface (API) layer for providing access to the USIM application 130.
  • API application programming interface
  • the second digital baseband subsystem 126 comprises a second NS stack unit 144, a second USIM interface unit 146, and a remote USIM access protocol unit 148.
  • the second NS stack unit 144 is communicatively coupled to the second radio subsystem 122 and to the second USIM interface unit 146.
  • the second USIM interface unit 146 is communicatively coupled to the USIM user interface unit 140 and to the remote USIM access protocol unit 148.
  • the transport protocol unit 142 and the remote USIM access protocol unit 148 are also communicatively coupled to one another.
  • the second NS stack unit 144 is similarly configured as the first NS stack unit 134
  • the second USIM interface unit 146 is similarly configured as the first USIM interface unit 136.
  • the USIM access protocol unit 148 implements protocol procedures configured for exchanging USIM access messages between the mobile device 102 and the USIM application server 104.
  • the USIM access protocol unit 148 further comprises a respective interface towards a transport protocol layer of the first digital baseband subsystem 124 such that the remote USIM access protocol unit 148 is configured for transmitting and receiving USIM access messages.
  • the transport protocol unit 142 of the first digital baseband subsystem 124 implements trans- port protocol procedures to be used for transferring USIM access messages between the remote USIM access protocol unit 148 of the second digital baseband subsystem 126 and the USIM access protocol unit 116 of the USIM application server 104 and between the USIM application 130 and the USIM access protocol unit 116 of the USIM application server 104.
  • the used protocol is configured as TCP/IP.
  • the mobile device 102 may comprise only one radio subsystem having one or two antennas to be used for communicating with the first and second radio access networks 1 10, 1 12.
  • a subscriber on the mobile device 102 may be communicatively coupled by means of the first and second USIM applications 130, 118.
  • the mobile device 102 may comprise one digital baseband subsystem instead of the first and second digital baseband subsystems 124, 126 which may comprise the first and second NS stack unit 134, 144.
  • the mobile device 102 may comprise one NS stack unit instead of the first and second NS stack unit 134, 144, in order to handle different subscriptions and different connections to one or more mobile networks.
  • the first and second NS stack units 134, 144 may use shared software and/or hardware resources for the connection towards the first and second radio access networks 110, 112.
  • the communication system 100 further comprises another mobile device 260 being identically designed compared to the mobile device 102, and first and second Home Location Register (HLR) nodes 262, 264.
  • the first HLR node 262 is located in the core network 114 of the LTE communication network 108, and the second HLR node 264 is located in another core network of another IP multimedia subsystem (IMS) based communication network.
  • IMS IP multimedia subsystem
  • a first step 265 the mobile device 102 accesses the USIM application 130 of the UICC 128.
  • the mobile device 102 registers to the HLR node 262 using the USIM application 130 of the UICC 128.
  • the mobile device 102 subscribes to the remote USIM application 1 18 stored in the application server 104, and accordingly receives respective subscription information.
  • This subscription information comprises the IP address of the remote USIM application 118, the IMSI associated with the remote USIM application 118, security information for protecting a communication with the application server 104, the MSISDN associated with the remote USIM application 118, a PIN associated with the remote USIM application 1 18, and a PUK associated with the remote USIM application 1 18.
  • the PIN and PUK are to be used by the subscriber on the mobile device 102, in order to authenti- cate himself to the remote USIM application 118 located on the application server 104.
  • the mobile device 102 establishes a connection to the application server 104 in a step 270, in order to access unique subscriber data associated with the remote USIM application 118 of the application server 104.
  • the application server 104 sends lease time period information to the mobile device 102 such that the mobile device 102 is informed about the time period during which the mobile device 102 is enabled for accessing and using the remote USIM application 118 on the application server 104.
  • the mobile device 102 does not execute a detection of the state of the established connection to the application server 102 during this time period in terms of regularly sending messages to the application server 104 and detecting respective response messages, since the mobile device 102 then assumes the established connection to the application server 104 to be active during the lease time period.
  • the mobile device 102 accesses the unique subscriber data associated with the remote USIM application 118 of the application server 104.
  • the application server 104 provides the access to the unique subscriber data associated with the remote USIM appli- cation 118.
  • the latter is accomplished by the subscriber on the mobile deice 102 entering the PIN associated with the remote USIM application 1 18 of the application server, in order to authenticate himself to the remote USIM application 108 and unlock the remote USIM appli- cation 118.
  • the mobile device 102 registers to the HLR node 264 of the another core network of the another IMS based communication system using the accessed unique subscriber data of the remote USIM application 118.
  • the arrow 274a indicates the mobile device 102 using the unique subscriber data of the remote USIM application 128, while the arrow 274b indicates communication between the mobile device 102 and the HLR 262 during the registration procedure.
  • the mobile device 102 After having registered to the HLR node 264, the mobile device 102 interrupts the established connection to the application server 104 in a step 276. Alternatively, the application server 104 requests to interrupt the connection. During this interrupted state, the established connec- tion is active but not ready for being used for transmitting data.
  • communicating with the remote USIM application 118 by the mobile device 102 for communicating with the mobile device 260 using the remote USIM application 1 18 will be explained. It is noted that the communicating will take place at a later time compared to the communicating for registering to the HLR node 264 described above. Alternatively, the described communicating will take place immediately subsequent to the communicating for registering to the HLR node 262 described above. In this case, the interruption of the established connection (step 276) and the re-establishment of the connection to be described in the following may not take place, and the method may proceed with a connection establishment to the another mobile device 260.
  • the mobile device 102 accesses the USIM application 130 stored on the UICC 128.
  • the mobile device 102 sends to the USIM application server 104 a request requesting to re-establish the connection with the remote USIM application 1 18 of the application server 104 using the unique subscriber data associated with the USIM application 130 of the UICC 128 for connection re-establishment.
  • the application server 104 re-establishes in a step 280 the connection to the mobile device 102.
  • the mobile device 102 accesses the unique subscriber data associated with the remote USIM application 118 of the application server 104 which, in turn, provides the access to the unique subscriber data associated with the remote USIM application 1 18.
  • the mobile device 102 sends connection identification information indicating the identification of the established connection to the mobile device 102. This connection information is used by the mobile device 102 and the application server 104 during the established connection for identifying the established connection when transmitting data between one another. It is noted that such connection identification may be also sent subsequent to the steps 270, 271 or 272.
  • a connection between the mobile device 102 and the another mobile device 260 is established using the remote USIM application 118.
  • the mobile device 102 sends a request requesting to establish a connection with the another mobile device 260 to a respective node of the core network 1 14 of the LTE network 108 in which the mobile device 102 resides.
  • the request is negotiated between the core network 1 14 and the another IMS based network in which the mobile device 260 resides.
  • the IMS based network establishes then the connection between the mobile devices 102 and 260.
  • the mobile device 102 may receive a call from a yet another mobile device, may accept the call, and may communicate with the yet another mobile device using the first USIM application 130 of the UICC 128.
  • the mobile device 102 may download media data from an internet server located in the IP network 106 using the USIM application 130 of the UICC 128 during the established connection in the step 286.
  • the mobile device 102 sends a request requesting to terminate the established connection with the another mobile device 260 to the core network 114.
  • the request is negotiated between the core network 114 and the another IMS based network, and the another IMS based network terminates the connection between the mobile devices 102, 260.
  • the mobile device 102 sends to the USIM application server 104 a request requesting to interrupt the established connection to the application server 104.
  • the application server 104 then interrupts the established connection in a step 290 by sending respective information to the mobile device 102.
  • the established connection to the application server 103 is still active but may have to be re-established for being used for transmitting data.
  • the mobile device 102 detects an elapse of the assigned lease time period. However, the mobile device 102 does not request from the application server 104 a prolongation of the lease time period.
  • the mobile device 102 executes a resetting of the NS stack unit 144, in order to implicitly terminate all connections to the another IMS based network.
  • the mobile device 102 comprises a limited service mode regarding the remote USIM application 1 18, which mode is similar as compared to the UICC 128 being removed from the mobile device 102.
  • the user of the mobile device 102 may detach the UICC 128 from the mobile device 102, whereby the mobile device 102 may have limited access to the communication system 100 and may be in a limited service mode regarding the USIM application 128.
  • the NS stack unit 234 is also reset.
  • the mobile device 102 may merely be configured for issuing emergency calls to the communication system 100 for assistance and for communicating with the application server 104.
  • the mobile device 102 may establish a connection to the application server 102, as is described with reference to the steps 270, 278, 280, however, without using the USIM application 130 and registering to the HLR 262.
  • the mobile device 102 may access the remote USIM application 118 located on the application server 104, may register to the HLR 262 or 264, and may attach to the communication system 100 in a full service mode.
  • the mobile device 102 may access the remote USIM application 118 located on the application server 104, may register to the HLR 262 or 264, and may attach to the communication system 100 in a full service mode.
  • the above described embodiments, measures, technical effects, and advantages regarding the second unique subscriber data associated with the remote USIM application 118 may also apply to this embodiment.
  • the mobile device 302 is communicatively coupled to a subscriber identity module application comprising first unique subscriber data associated with a subscriber on the mobile device and to be used for a first registration to a registration server of a communication network.
  • the mobile device 302 comprises an accessing unit configured for accessing the first unique subscriber data of the subscriber identity module application, a registration unit configured for registering to the registration server using the first unique subscriber data, and an establishing unit configured for establishing a connection to an application server comprising second unique subscriber data via the communication network.
  • the accessing unit is configured for accessing the second unique subscriber data of the application server to be used for a second registration.
  • the mobile device 302 may comprise another accessing unit.
  • the accessing unit, the establishing unit, and the registration unit are integrally formed, and form part of or collaborate with a sending unit TU1 configured for sending information related to a method of operating the mobile device 302 as described above, a receiving unit RU1 configured for receiving information related to the method of operating the mobile device 302 as described above, and a processing unit PUl configured for processing information related to the method of operating the mobile device 302 as described above.
  • a sending unit TU1 configured for sending information related to a method of operating the mobile device 302 as described above
  • a receiving unit RU1 configured for receiving information related to the method of operating the mobile device 302 as described above
  • a processing unit PUl configured for processing information related to the method of operating the mobile device 302 as described above.
  • at least two of the accessing unit, the establishing unit, and the registration unit may be embodied as separate units and/or form part or collaborate with the sending unit TUl, the receiving unit TUl and/or the processing unit PUl .
  • the mobile device 302 comprises a storage unit SUl configured for storing informa- tion related to the method operating the mobile device 302 as described above. At least two of the sending unit TUl, the receiving unit RUl , the processing unit PUl, and the storage unit SUl may be comprised in one unit.
  • the mobile device 302 is configured for executing the method of operating the mobile device 302 as described above, and may comprise respective functionalities executed by respective units which may form part of or may collaborate with at least one of the sending unit TUl, the receiving unit RUl , the processing unit PUl, and the storage unit SUl .
  • the mobile device 302 may further comprise another establishing unit configured for establishing another connection to the application server comprising the second unique subscriber data for communicating with a peer end.
  • the another establishing unit may also form part of the send- ing unit TUl , the receiving unit RUl , and the processing unit PUl .
  • the receiving unit RUl and the sending unit TUl may be comprised in a radio subsystem.
  • the processing unit PUl may comprise a digital baseband subsystem.
  • association between the functionally based units, namely the accessing, establishing and registration units, and the logically physical units TUl , RUl, PUl, SUl of the mobile device 302 may be suitably defined by, for example, a message exchange direction between the respective functionally based unit and a communication partner of the unit.
  • association between the logically physical units TUl, RUl, PUl, SUl of the mobile device 302 and the actually physical units of the mobile device 302 which are described in association with Fig. 1 may be suitably defined according to the functionalities provided by the actually physical units of the mobile device 302.
  • the application server 404 comprises an establishing unit configured for establishing a connection to a mobile device via a communication network.
  • the mobile device is communicatively coupled to a subscriber identity module application comprising first unique subscriber data associated with a subscriber on the mobile device and to be used for a first registration to a registration server of the communication network.
  • the application server 404 also comprises a providing unit configured for providing access to sec- ond unique subscriber data of the application server 404.
  • the second unique subscriber data are to be used for a second registration on the mobile device.
  • the establishing unit and the providing unit form part of or collaborate with a sending unit TU2 configured for sending information related to a method of operating the application server 404 as described above, a receiving unit RU2 configured for receiving information related to the method of operating the application server 404 as described above, and a processing unit PU2 configured for processing information related to the method of operating the application server 404 as described above.
  • the establishing unit and the providing unit may be embodied as separate units and/or form part of or collaborate with the sending unit TUl, the receiving unit TU2 and/or the processing unit PUl .
  • the application server 404 comprises a storage unit SU2 configured for storing information related to the method of operating the application server 404 as described above.
  • the subscriber identity module application may be stored in the storage unit SU2.
  • the providing unit may comprise a subscriber identity module access protocol unit.
  • the receiving unit RU2, the sending unit TU2, the processing unit PU2, and the storage unit SU2 may be embodied in respective actually physical units, for example, the protocol unit 116 described in Fig. 1.
  • association between the functionally based units, the logically physical units TU2, RU2, PU2, SU2 of the application server 404, and the actually physical units of the application server 102, 302 may be similarly defined as described above in association with the mobile devices 102, 302.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method of operating a mobile device is described. The mobile device (102) is communicatively coupled to a subscriber identity module application comprising first unique subscriber data associated with a subscriber on the mobile device (102) and to be used for a first registration to a registration server (262) of a communication network. The method is executed by the mobile device (102), and comprises accessing (265) first registration data based on the first unique subscriber data of the subscriber identity module application, and registering(266) to the registration server (262) using the first unique subscriber data. In order to provide dual access, the method comprises establishing (270, 278, 280) a connection to an application server (104) comprising second unique subscriber data via the communication network, and accessing (272, 282) second registration data based on the second unique subscriber data to be used for a second registration.

Description

Mobile Terminal Multiple Network Registration
Technical field
The invention relates to a remote subscriber registration application and in particular to a method of operating a mobile device, a method of operating an application server, a mobile device, an application server, a program element, and a computer-readable medium.
Background
Conventional dual-Subscriber Identity Module (SIM) mobile devices accommodate two de- tachably accommodatable subscriber identity module smart cards each of which supporting a respective subscriber identity module application such that a user of the mobile device may utilize these two subscriber identity module applications for communicating. For example, such a smart card may be a SIM card supporting a SIM application or may be a Universal Integrated Circuit Card (UICC) supporting a SIM or a Universal Subscriber Identity Module (USIM) application. In a case in which the mobile device may support two radio access units for sending and receiving data, the user of the mobile device may use each of the two subscriber identity module applications at the same time for communicating, for example for transferring voice data via two different telephone numbers or for transferring voice data and for downloading media data from an Internet Protocol (IP) communication server at the same time. For example, such dual-SIM mobile devices are manufactured by Samsung or Nokia, and are known as "SGH-D980 dual" or "C2-00", respectively.
However, such dual-subscriber identity module mobile devices may comprise a large size and, thus, may be difficult to handle by a user of the mobile device. Further, manufacturing costs of such a mobile device may be high.
In a case in which the user of the dual-SIM mobile device may roam into foreign countries, the user may have to obtain another SIM card or another UICC to be registered in the (home) communication network of the foreign country, in order to obtain services in this communication network at reasonable rates. Thus, a usage of the mobile device may be inconvenient for the user of the mobile device.
Further, dual-SIM mobile devices are limited to two telephone numbers via which the user of the mobile device may be reachable. Thus, the user of the mobile device may have to manu- ally exchange one of the subscriber identity module smart cards for obtaining a further telephone number.
Summary
It is an object of the invention to provide a handy and easily operable mobile device which may be communicatively coupled via a plurality of subscriber identity module applications for a secure communication.
The object defined above is solved by a method of operating a mobile device, a method of operating an application server, a mobile device, an application server, a program element, and a computer-readable medium.
According to an exemplary aspect of the invention, a method of operating a mobile device is provided. The mobile device is communicatively connected to a subscriber identity module comprising first unique subscriber data associated with a subscriber on the mobile device. The subscriber identity module might comprise a processor for generating first registration data to be used for a first registration to a registration server of a communication network such that the mobile device is able to communicate (e.g. by establishing a circuit switched or packet switched connection) to an application server via the communication network. The method comprises communicating to the application server to access second subscriber data to be used for a second registration.
According to embodiments, the application server keeps stored (or has access to a storage device keeping stored) second unique registration data associated to the subscriber and/or the mobile device. Upon a request of the mobile device, that application server generates the second registration data from the second unique subscriber data to be transmitted to the mobile device.
According to another exemplary aspect of the invention, a method of operating an application server is provided. The method is executed by the application server, and comprises establishing a connection to the mobile device via the communication network. The mobile device is communicatively coupled to a subscriber identity module application comprising the first unique subscriber data associated with the subscriber of the mobile device and to be used for a first registration to a registration server of the communication network. The method com- prises providing second registration data being based on the second unique subscriber data to be used for a second registration on the mobile device. According to another exemplary aspect of the invention, a mobile device is provided. The mobile device is communicatively coupled to a subscriber identity module application comprising first unique subscriber data associated with a subscriber on the mobile device and to be used for a first registration to a registration server of a communication network. The mo- bile device comprises an accessing unit configured for accessing the first registration data from the subscriber identity module application, and a registration unit configured for registering to the registration server using the first registration data. The mobile device comprises an establishing unit configured for establishing a connection to an application server comprising second unique subscriber data via the communication network. The accessing unit is con- figured for accessing the second registration data of the application server to be used for a second registration.
According to another exemplary aspect of the invention, an application server is provided for performing the method described above.
According to another exemplary aspect of the invention, a program element is provided. The program element, when being executed by a processor, is configured to carry out or control a method of operating a mobile device and/or a method of operating an application server as described above.
According to another exemplary aspect of the invention, a computer-readable medium is provided. In the computer-readable medium, a computer program for operating a mobile device and/or for operating an application server is stored. The computer program, when being executed by a processor, is configured to carry out or control a method of operating a mobile device and/or a method of operating an application server as described above.
Within the context of the present application, the terminology used in the application may be regarded as not limiting the scope of the invention, and the described methods, the described mobile device, the described application server, the described computer program, and the described computer-readable medium may be applicable to various telecommunications standards, for example Global System for Mobile Communications (GSM), Universal Mobile Telecommunications System (UMTS), Long-Term Evolution (LTE), and Code Division Multiple Access (CDMA). For example, the term "mobile device" may comprise the term "mobile station" conventionally used in GSM, but may also comprise the term "user equipment" conventionally used in UMTS / LTE. The term "registration data" may particularly denote data which is needed for registering to a registration server. In particular, the registration data may comprise unique subscriber data and dynamic data, for example, authentication data, ciphering keys, temporary mobile subscriber identities and network specific settings like preferred PLMN lists. The registration The term "unique subscriber data" may particularly denote data associated with a subscriber which may exist only once. In particular, the unique subscriber data may comprise, for example, information related to a kind of services to which the subscriber may have subscribed or network information of the communication network providing the services. The unique subscriber data and the registration data might be similar or partly similar. Preferably, the regis- tration data is generated by means of the unique subscriber data such that security sensitive data of the subscriber data is kept within the server and needs not (entirely) to be transmitted over the network.
The term "registering to a registration server" may particularly denote a procedure, via which the mobile device may enroll to a home communication network, and may afterwards be ready-to-receive and may send and/or receive data. In particular, the registration sever may be configured as a Home Location Register (HLR) node.
The term "subscriber" may particularly denote an entity (which may be associated with one or more users) which may be engaged in a subscription with a service provider. The subscriber may be allowed to subscribe and unsubscribe services, to register a user or a list of users au- thorized to use these services, and also to set limits which associated users may have for the available services. Here, the term "subscription" may particularly denote a commercial relationship between the subscriber and the service provider.
In particular, the terms "subscriber" and "user" may be used in the present application in an exchangeable way.
According to exemplary aspects of the invention, a mobile device is communicatively coupled to a subscriber identity module application, whereby the mobile device is entitled for communicating. To this end, the mobile device accesses the first registration data associated with the subscriber identity module application, and registers to the registration server to attach in full service mode. Here, the mobile device may be associated with a first address. In order to be reachable via a second address, the mobile device uses the subscriber identity module application to establish a connection to an application server located remotely from the mobile device to access second registration data. Subsequently, the mobile device may register such that the mobile device may be communicatively coupled in a full service mode via the second address.
The functionalities associated with the second unique subscriber data may be tunneled to the mobile device via the established connection generated by the subscriber identity module ap- plication such that the mobile device may be enabled to execute any network related services (for example, a circuit switched (CS) call or a packet switched (PS) call).
According to embodiments of the invention the access of the second unique subscriber data by the mobile device for registering and/or for communicating is secured e.g. by providing a secure communication between the mobile device and the application server e.g. by means of an intrinsically secure connection (e.g. as ordinarily provided by mobile networks GSM) or by means of encryption. Thus, a misusage of the second unique subscriber data may be prevented.
According to embodiments of the invention, the second unique subscriber data is stored by the application server or accessible by that server. The second unique subscriber data is not being downloaded to the mobile device itself, for example by duplicating the second unique subscriber data to a storage unit of the mobile device, but only data needed for the second registering. In other words, not the stored data is transmitted, but only data (e.g. digital key(s)) generated from the stored data. Thus, any intercepted data might only be used one for an actual registering, thereby reducing a risk of interception of this data e.g. by an unauthorized user. In order to further reduce the risk of misuse of this data, the communication with application server with respect to the unique subscriber data may be supervised e.g. by the application server itself or by any supervision node within the network. If e.g. any irregularity with respect to the second registration is detected, the registration might be denied, a connection/attachment might be shut down, or any appropriate action might be performed.
According to the above embodiment, the second unique subscriber data is stored and/or managed by the application server or any device accessible by the application server. The mobile device may need only one SIM module thus allowing to be designed in a small and cost- effective way despite being configured for dual communication. Further, the mobile device may be easily operable owing to its reduced size.
In particular, the mobile device may comprise dual access. Thus, the mobile device may come along with an increased information availability of today. For example, the user may be communicatively coupled using first and second telephone numbers with a first telephone number being configured for private use and the second telephone number being configured for business use. The first or second telephone number may also be used for internet browsing.
Next, further exemplary aspects of the method of operating a mobile device will be explained. However, these embodiments also apply to the method of operating an application server, the mobile device, the application server, the program element, and the computer-readable medium.
In particular, the mobile device and the subscriber identity module application may be communicatively coupled to one another in that a subscriber identity module application card on which the subscriber identity module application may be stored may be detachably accommodated in the mobile device. Alternatively, the subscriber identity module application may be stored in an external storage unit, for example an external subscriber identity module card, which may be connected to the mobile device via Bluetooth or via a cable.
The method may further comprise registering to a registration server or to another registration server (for example another HLR node) of another communication network using the second unique subscriber data. In particular, the another registration server may be located in a serving communication network of the mobile device which may be distinct from the (home) communication network comprising the registration server. Thus, the subscriber on the mobile device may be registered to one communication network or two different communication networks via the subscriber identity module application and the second unique subscriber data. In particular, in the latter case, the user of the mobile device may not need to obtain additional subscriber identity module cards on which a respective subscriber identity module application may be stored for communicating in the another communication network at reasonable rates.
The application server may be located in an internet protocol (based) network (for example, an Internet Protocol (IP) network) or in a core network of the communication network. In particular, the internet protocol network may form part of the communication network or may be distinct from the communication network. Accordingly, a communication network architecture to be provided by an operator may be designed in a flexible way concerning a location of the application server. Alternately, the server may be located in a radio access network of the communication network or the another communication network. The method may further comprise subscribing to a second subscriber identity module application associated with the second unique subscriber data prior to the establishing of the connection, wherein received subscription information comprises an address of the second unique subscriber data, and optionally at least one of identification information of the second sub- scriber identity module application, security information for communicating with the application server, and security information for accessing the second unique subscriber data. Thus, the second subscriber identity module application located in the application server may represent a complete application from a communication perspective point of view.
In particular, the subscriber identity module application associated with the first unique sub- scriber data may be considered as a first subscriber identity module application.
In particular, the network address of the second unique subscriber data may comprise, in a first option, a network address of a second subscriber identity module application associated with the second unique subscriber data or, in a second option, a network address of the application server in combination with a server-internal address of the second subscriber identity module application. For example, the network address of the second subscriber identity module application may comprise an Internet Protocol (IP) address or an internet domain name of the second subscriber identity module application in a case in which IP may be usable as transport protocol for transferring data. Alternatively, the network address may comprise a Mobile Station Integrated Services Digital Network Number (MSISDN) which may be asso- ciated with or may belong to the second subscriber identity module application in a case in which Short Message Service (SMS) may be usable as the transport protocol. In particular, in the second option, the address of the second unique subscriber data may comprise the IP address, the internet domain name, or the MSISDN as defined above and an additional identifier to address the second subscriber identity module application (for example a Universal Integrated Circuit Card Identification (UICC-ID) assigned to the second subscriber identity module application despite a missing existence of a physical card or an International Mobile Subscriber Identity (IMSI) of the second subscriber identity module application). In particular, from a security point of view, the usage of an identifier distinct from the IMSI may be beneficial when addressing the second subscriber identity module application, since the IMSI may be conventionally used for identifying a subscriber on a mobile device towards the registration server. In particular, the identification information of the second subscriber identity module application may comprise the IMSI or MSISDN.
In particular, the security information for communicating with the application server may comprise security keys regarding integrity protection and/or ciphering, and the security in- formation for accessing the second unique subscriber data may comprise a Personal Identification Number (PIN) and a PIN Unlock Key (PUK).
In particular, the received subscription information may be (particularly automatically or manually) stored in the mobile device such that a continuous use of the subscription information for accessing the second unique subscriber data may be guaranteed.
In particular, the mobile device may execute functionalities associated with the received subscription information, particularly in accordance with 3rd Generation Partnership Project (3rd GPP) Technical Specification (TS) 31.102. For example, the mobile device may transfer the PIN and/or the PUK entered by the user of the mobile device and information related to modifying, activating, or deactivating the PIN and/or the PUK to the second subscriber identity application.
In particular, the subscribing may comprise a user of the mobile device signing a contract with an operator (of the communication network or the another communication network) such that the user of the mobile device may be enabled to access a radio access network and/or one or more services provided by the network operator. In particular, receiving the subscription information may comprise receiving (part of) the subscription information via a (printed or internet) form, via mail, via email, via SMS, and/or via an Over-The-Air (OTA) device management.
The accessing of the second unique subscriber data may comprise accessing the second unique subscriber data for communicating with a peer end (particularly another mobile de- vice, a Public Land Mobile Network (PLMN) etc.). Accordingly, the communication with the peer end may be based on using the subscriber identity module application for establishing a secured connection between the mobile device and the application server, and for accessing the second unique subscriber data which may be used for establishing a secured communication between the mobile device and the peer end. In particular, prior to the accessing, a con- nection to the application server may have to been established. In particular, the method may further comprise activating the second subscriber identity module application for the subscriber on the mobile device particularly during the subscribing or later during accessing the second unique subscriber data for communicating with the peer end.
The established connection may be secured, in a first option, by security procedures provided or implemented in the communication network using the first unique subscriber data. Such security procedures may be based on (internet protocol security) procedures according to 3 GPP.
Additionally or alternatively to the first option, the established connection (particularly to the (second unique subscriber data of the) application server) may be secured, in a second option, by the security information for communicating with the application server received at subscription (particularly to the application server).
Additionally or alternatively to the first and/or second options, the established connection may be secured, in a third option, by security information exchanged between the mobile device and the application server when accessing the second unique subscriber data (particularly for the communicating with the peer end). In particular, the security information may be negotiated between the mobile device and the application server at a start of each connection when accessing the second unique subscriber data.
In particular, the second and third options may be based on internet protocol security procedures. For both of these options, the procedures may comprise Internet Protocol Security (IP- Sec) procedures which may enable authenticating and encrypting each IP packet of a communication session between the mobile device and the application server. In particular, respective security information for securing the established connection (for example a key) may be received at subscription and/or may be received prior to the communicating using the established connection. In particular, an Internet Key Exchange (IKE) protocol may be used for key managing between the mobile device and the application server. Here, a respective communication protocol may be IP based.
Thus, in the second option, network capacity for transmitting the security information may be saved. In the third option, a security level of the established connection may be enhanced, since the security information may be altered between two subsequent connections. Further, conventional internet protocol procedures may be used for securing the communication, thereby rendering development of new security mechanism to be superfluous. In particular, in a case in which the application server may be located in the core network of the communication network, the established connection may be secured by the security provided or implemented in this communication network using the first unique subscriber data (according to the described first option). Since the application server may be controlled by an operator of the communication network, the communication security provided by the first unique subscriber data may comprise a sufficient security level.
In particular, in a case in which the application server may be located in the internet protocol network (particularly being distinct from the communication network), the internet protocol security procedures (according to the described second and/or third options) may be solemnly used for securing the established connection, in order to enhance the security of the connection link towards the internet protocol network. Alternatively, a connection link of the established connection between the mobile device and the communication network may be secured by the security procedures provided in the communication network using the first unique subscriber data (according to the described first option), and a connection link of the established connection between the communication network and the application server in the internet protocol network may be secured by the internet protocol security procedures (according to the described second and/or third options). Alternatively, a connection link of the established connection between the mobile device and the communication network may be secured by the security provided in the communication network using the first unique subscriber data (ac- cording to the described first option) and by the internet protocol security procedures (according to the described second and/or third options), and a connection link of the established connection between the communication network and the application server in the internet protocol network may be secured by the internet protocol security procedures (according to the described second and/or third options).
Additionally or alternatively, in particular, the established connection may be secured using a proprietary protocol, which may enhance the flexibility of designing security procedures regarding the established connection.
In particular, the above described measures regarding the security of the established connection may similarly apply to a connection establishment.
The method may further comprise (particularly in response to sending an connection establishment request) receiving connection identification information indicating an identification of the connection to be established or having been established in response to the accessing of the second unique subscriber data for the communicating with the peer end, whereby the received connection identification information may be used during the established connection for identifying purposes of the established connection to the mobile device and/or the application server.
In particular, the subscriber on the mobile device may identify himself to the second subscriber identity module application and/or the application server for using the second subscriber identity module application by means of a mobile device identity associated with the mobile device and to be used for accessing the second subscriber identity module application or by means of parameters to be derived from the mobile subscriber identity module applica- tion. Additionally or alternatively, the IMSI of the subscription information received when subscribing to the second subscriber identity module application may be usable for enhancing the identification request trustability.
In particular, the method may further comprise resetting a connection configuration of the mobile device (for example, by resetting a Network Signaling (NS) stack unit of the mobile device) if the established connection to the application server may be disconnected or terminated such that such the mobile device may comprise a limited service mode regarding the second unique subscriber data associated with a second subscriber identity module application on the application server. In particular, the resetting procedure by the mobile device in the case of the disconnection of the established connection may be similar to a resetting proce- dure by the mobile device in a case of a removal of subscriber identity module card associated with the first unique subscriber data from the mobile device.
In particular, in a case in which the communicative coupling between the mobile device and the subscriber identity module application may be terminated (for example by detaching a subscriber identity module card associated with the subscriber identity module application), a connection established to the second unique subscriber data on the application server may be also terminated. In particular, the mobile device may then reset the connection configuration regarding the subscriber identity module application and/or the second unique subscriber data associated with a second subscriber identity module application.
The method may further comprise detecting a state of the established connection to the appli- cation server, thereby the mobile device being enabled to detect the established connection to be (temporarily) interrupted and/or to be disconnected and/or to detect the mobile device being not authenticated for use of the second unique subscriber data. In particular, the detecting may comprise sending information to the application server and detecting response information sent by the application server. In particular, in a case in which the response information may be received by the mobile device, the mobile device may assume the established connection to be still active. In particular, on the contrary when the in- formation may not be received by the mobile device, the mobile device may assume the established connection to be disconnected. Accordingly, the mobile device may then execute steps as being described above in connection with the disconnecting of the connection.
In particular, the detecting as described above may be executed continuously and/or at regular time intervals during the established connection to the application server, similarly as may be known by testing a reachaliblty of a host on an Internet Protocol network using "ping". In particular, the time intervals may be pre-determined, for example, by settings of the mobile device, or may be defined by the application server.
Additionally or alternatively, in particular, the detecting may comprise detecting a presence of lease time period information in the mobile device, which lease time period information may be received from the application server and may indicate a lease time period during which the mobile device may be enabled for using the active established connection for sending and receiving data. In particular, the method may further comprise requesting from the application server to prolong the lease time period. In particular, in case of the application server notifying the mobile device of a rejection of the prolonging request, the mobile device may than execute steps as being described in connection with the disconnecting of the established connection. In particular, the above described mechanism may be similarly embodied compared to a lease time mechanism associated with an assignment of a dynamic IP address to a computer by a Dynamic Host Configuration Server (DHCP) server.
The second unique subscriber data may be associated with a second subscriber identity mod- ule application, wherein the subscriber identity module application and/or the second subscriber identity module application may be configured as a Subscriber Identity Module (SIM) application, a Universal Subscriber Identity Module (USIM) application or a Code Division Multiple Access (CDMA) Subscriber Identity Module (CSIM) application.
In particular, the subscriber identity module application and/or the second subscriber identity module application may be stored on a SIM card supporting a SIM application or a Universal Integrated Circuit Card (UICC) supporting at least one of a SIM application, a USIM applica- tion, a CSIM application and optionally at least one of Universal SIM Application Toolkit (USAT), and an IP Multimedia Services Identity Module (ISIM) application.
In particular, communication between the application server and the mobile device may be based on a transport protocol, for example Transmission Control Protocol (TCP) / Internet Protocol (IP), a Short Message Service (SMS) compatible protocol or a Non Access Stratum (NAS) compatible protocol.
In particular, the second unique subscriber data of the second subscriber identity module application may be accessed for registration and/or communication with a peer end by another mobile device (or a plurality of another mobile devices) simultaneously to the accessing by the mobile device. In particular, the connection identification may be usable by the application server to identify the established connections to the different mobile devices, in order to associate signaling data and/or payload data transmitted during the connections with the concerned mobile device.
In particular, the application server may comprise at least another unique subscriber data as- sociated with at least another subscriber identity module application to be used for at least another registration. Thus, the mobile device may communicate with a peer end using the subscriber identity module application of the mobile device, and the at least two further unique subscriber identity module applications located on the application server. The above described embodiments, technical effects and advantages may also apply to the at least an- other unique subscriber data.
Next, further exemplary embodiments of the method of operating an application server will be explained. However, these embodiments also apply to the method of operating a mobile device, the mobile device, the application server, the program element, and the computer- readable medium.
In particular, the method may further comprise addressing the mobile device by the application server (particularly via the communication network) using an address of the mobile device to be provided by the mobile device at a start of the communication to be established with the application server. Alternatively or additionally, the addressing may be accomplished by using an address derived from parameters of the subscriber identity module application, for example the MSISDN. Next, further exemplary embodiments of the mobile device will be explained. However, these embodiments also apply to the method of operating a mobile device, the method of operating an application server, the application server, the program element, and the computer-readable medium.
In particular, the establishing unit may be configured as a radio subsystem configured for providing access between the mobile device and a radio access network of the communication network.
The mobile device may further comprise another establishing unit configured for establishing another connection to the application server comprising the second unique subscriber data for communicating with a peer end. In particular, the another establishing unit may be configured as another radio subsystem usable for providing access between the radio access network of the communication system or another radio access network and the mobile device.
In particular, the radio access network and/or the another radio access network may be configured as GSM Enhanced Data Rates for GSM Evolution (EDGE) Radio Access Network (GERAN), UMTS Terrestrial Radio Access Network (UTRAN), Evolved-UTRAN (E- UTRAN) or Code Division Multiple Access (CDMA) network.
Brief description of the drawings
The invention will be described in more detail hereinafter with reference to examples of embodiment, but to which the invention is not limited.
Fig. 1 is a block diagram illustrating a communication system comprising a mobile device and an application server according to exemplary embodiments of the invention.
Fig. 2 is a flow chart illustrating a method of operating the mobile device in Fig. 1 according to an exemplary embodiment of the invention.
Fig. 3 is a block diagram illustrating a mobile device according to another exemplary em- bodiment of the invention.
Fig. 4 is a block diagram illustrating an application server according to another exemplary embodiment of the invention.
Detailed description The illustration in the drawing is schematic. It is noted that in different figures, similar or identical elements are provided with the same reference signs or with reference signs which are different from the corresponding reference signs only within the first digit.
Referring to Fig. 1 , a communication system 100 for operating a dual-USIM mobile device 102 and an USIM application server 104 according to an exemplary embodiment of the invention will be explained. The communication system 100 comprises the mobile device 102, and the application server 104. The mobile device 102 and the application server 104 are communicatively coupled to one another via an IP network 106 and a LTE based communication network 108 comprising first and second radio access networks 1 10, 1 12 and a core network 114. The first radio access network is configured as a GERAN network, and the second radio access network 112 is configured as an E-UTRAN network.
The application server 104 is located in the IP network 106, and comprises a remote USIM access protocol unit 116 configured for providing access between the mobile device 102 and a remote USIM application 118 located in a storage unit of the application server 104. The re- mote USIM protocol unit 1 16 implements procedures for terminating a connection between the mobile device 102 and the application server 104, wherein an initiation of the termination may be executed by the mobile device 102 or the application server. Further, the application server 104 comprises further USIM applications 119 which are also located in the storage unit. In order to provide access to the communication system 100, the mobile device 102 comprises first and second establishing units 120, 122 each of which being configured as a radio subsystem. Further, the mobile device 102 comprises first and second digital baseband subsystems 124, 126 with the first digital baseband subsystem 124 being communicatively coupled to the first radio subsystem 120 and the second digital baseband subsystem 126 being communica- tively coupled to the second radio subsystem 122. The mobile device 102 also comprises an UICC 128 being detachably accommodated in the mobile device 102. Further, the mobile device 102 comprises a power management unit 129 configured for controlling a power supply towards the first and second radio access subsystems 120, 122, the first and second digital baseband subsystems 124, 126, and the UICC 128.
The radio subsystems 120, 122 are configured for operating in accordance with a first layer of a seven layered Open Systems Interconnection (OSI) communication model. To this end, each of the radio subsystems 120, 122 comprises a radio transceiver unit and a radio frequency (RF) front end unit. Each of the RF front end unit comprises at least one antenna, as indicated in Fig. 1 as a solidly sketched antenna. Alternatively, at least one of the RF front end units may comprise a plurality of antennas. A number of antennas may depend on a type of a radio access interface of the first and second radio access networks 110, 112 and radio access capa- bilities of the mobile device 102. The further antennas of the first and second radio subsystems 120, 122 are indicated in Fig. 1 in a dashed way.
The UICC 128 comprises a storage unit in which an USIM application 130 and associated unique subscriber data are stored. Further, further applications 132 including unique subscription data thereof are stored in the storage unit of the UICC 128. One of the further applica- tions 132 is configured as Universal SIM application tool kit (US AT), and another one of the further applications 132 is configured as IP Multimedia Services Identity Module (ISIM) application.
The first digital baseband subsystem 124 comprises a first network signaling NS stack unit 134, a first USIM interface unit 136, a UICC driver unit 138, an USIM user interface unit 140, and a transport protocol unit 142. The first NS stack unit 134 is communicatively coupled to the first radio subsystem 120, to the USIM interface unit 136 and to the transport protocol unit 140 (as indicated by double-side ended arrows). The UICC 128 is communicatively coupled to the USIM interface unit 136 via the UICC driver unit 138, and the USIM interface unit 136 is communicatively coupled to the USIM user interface unit 140.
The NS stack unit 134 implements the first layer and second and third layers of the OSI communication model for providing a first radio access of the mobile device 102. This implementation may be realized in hardware and in software or may be realized in software only. An interface of the first NS stack unit 134 is configured for transmitting payload data and signaling data via the first radio subsystem 120, in order to communicate with and to con- trol the first radio access network 1 10. Further, the NS stack unit 134 comprises an internal control interface and at least one of a packet switched data interface, a circuit switched data interface, and a messaging interface usable towards the first radio subsystem 120 for communication. Further, the NS Stack unit 134 is configured for resetting all network connections to the communication system 100 in a case of a removal of the UICC 128 from the mobile de- vice 102 and/or in a case of a disconnection of the mobile device 102 from the remote USIM application 118 on the application server 104. Accordingly, the mobile device 102 comprises a limited service mode regarding the USIM application 130 and/or the remote USIM applica- tion 118 subsequent to the resetting. Further, the NS stack unit 134 is configured for detecting a state of an established connection to the remote USIM application 118 by the mobile device 102 sending messages to and receiving messages from the application server 104 and/or by detecting valid lease time information to be present in the mobile device 102 and accordingly implying the established connection to be active.
The first USIM interface unit 136 is configured for providing an interface between the NS stack unit 134 and the UICC 128 according to 3rd GPP TS 31.102 such that the NS stack unit 134 is enabled to access parameters of the USIM application 130 required for operating on the first radio access network 1 10. Further, the first USIM interface unit 136 is configured for passing a PIN and/or a PUK from the USIM user interface 140 to the UICC 128 and/or is configured for executing a modification, activating and/or deactivation of the PIN.
The UICC driver unit 138 is configured for converting a software based access of the USIM user interface unit 140 and the NS stack unit 134 towards the USIM application 130 into a hardware based access towards the USIM application 130.
The USIM user interface unit 140 provides a user interface to the USIM application 130 of the UICC 128, for example for enabling a user of the mobile device 102 to enter the PIN and/or the PUK associated with the USIM application 130 and/or to input information related to a modification, activation and/or deactivation of the PIN. The USIM user interface unit 140 is configured for handling several USIM applications at the same time and thus provides in- terfaces to respective USIM interface units 136 associated with those several USIM applications 130. Further, the USIM user interface unit 140 is configured as an application implementing the above described user interface. Alternatively, the USIM user interface unit 140 may be an internal or external application programming interface (API) layer for providing access to the USIM application 130.
The second digital baseband subsystem 126 comprises a second NS stack unit 144, a second USIM interface unit 146, and a remote USIM access protocol unit 148. The second NS stack unit 144 is communicatively coupled to the second radio subsystem 122 and to the second USIM interface unit 146. Further, the second USIM interface unit 146 is communicatively coupled to the USIM user interface unit 140 and to the remote USIM access protocol unit 148. The transport protocol unit 142 and the remote USIM access protocol unit 148 are also communicatively coupled to one another. The second NS stack unit 144 is similarly configured as the first NS stack unit 134, and the second USIM interface unit 146 is similarly configured as the first USIM interface unit 136.
The USIM access protocol unit 148 implements protocol procedures configured for exchanging USIM access messages between the mobile device 102 and the USIM application server 104. The USIM access protocol unit 148 further comprises a respective interface towards a transport protocol layer of the first digital baseband subsystem 124 such that the remote USIM access protocol unit 148 is configured for transmitting and receiving USIM access messages.
The transport protocol unit 142 of the first digital baseband subsystem 124 implements trans- port protocol procedures to be used for transferring USIM access messages between the remote USIM access protocol unit 148 of the second digital baseband subsystem 126 and the USIM access protocol unit 116 of the USIM application server 104 and between the USIM application 130 and the USIM access protocol unit 116 of the USIM application server 104. The used protocol is configured as TCP/IP.
Alternatively, the mobile device 102 may comprise only one radio subsystem having one or two antennas to be used for communicating with the first and second radio access networks 1 10, 1 12. Thus, a subscriber on the mobile device 102 may be communicatively coupled by means of the first and second USIM applications 130, 118.
Further, the mobile device 102 may comprise one digital baseband subsystem instead of the first and second digital baseband subsystems 124, 126 which may comprise the first and second NS stack unit 134, 144.
Further, the mobile device 102 may comprise one NS stack unit instead of the first and second NS stack unit 134, 144, in order to handle different subscriptions and different connections to one or more mobile networks. Alternatively, the first and second NS stack units 134, 144 may use shared software and/or hardware resources for the connection towards the first and second radio access networks 110, 112.
Referring to Fig. 2, a method of operating the mobile device 102 and the USIM application server 104 according to exemplary aspects of the invention will be described. For explanation purposes, the communication system 100 further comprises another mobile device 260 being identically designed compared to the mobile device 102, and first and second Home Location Register (HLR) nodes 262, 264. The first HLR node 262 is located in the core network 114 of the LTE communication network 108, and the second HLR node 264 is located in another core network of another IP multimedia subsystem (IMS) based communication network.
In the following, communicating with the remote USIM application 118 by the mobile device 102 for registering to the HLR node 264 will be explained.
In a first step 265, the mobile device 102 accesses the USIM application 130 of the UICC 128. In a step 266, the mobile device 102 registers to the HLR node 262 using the USIM application 130 of the UICC 128. Next, in a step 268, the mobile device 102 subscribes to the remote USIM application 1 18 stored in the application server 104, and accordingly receives respective subscription information. This subscription information comprises the IP address of the remote USIM application 118, the IMSI associated with the remote USIM application 118, security information for protecting a communication with the application server 104, the MSISDN associated with the remote USIM application 118, a PIN associated with the remote USIM application 1 18, and a PUK associated with the remote USIM application 1 18. The PIN and PUK are to be used by the subscriber on the mobile device 102, in order to authenti- cate himself to the remote USIM application 118 located on the application server 104.
Next, the mobile device 102 establishes a connection to the application server 104 in a step 270, in order to access unique subscriber data associated with the remote USIM application 118 of the application server 104. Next, in a step 271 , the application server 104 sends lease time period information to the mobile device 102 such that the mobile device 102 is informed about the time period during which the mobile device 102 is enabled for accessing and using the remote USIM application 118 on the application server 104. Accordingly, the mobile device 102 does not execute a detection of the state of the established connection to the application server 102 during this time period in terms of regularly sending messages to the application server 104 and detecting respective response messages, since the mobile device 102 then assumes the established connection to the application server 104 to be active during the lease time period.
Next, in a step 272, the mobile device 102 accesses the unique subscriber data associated with the remote USIM application 118 of the application server 104. In turn, the application server 104 provides the access to the unique subscriber data associated with the remote USIM appli- cation 118. The latter is accomplished by the subscriber on the mobile deice 102 entering the PIN associated with the remote USIM application 1 18 of the application server, in order to authenticate himself to the remote USIM application 108 and unlock the remote USIM appli- cation 118. Next, in a step 274, indicated by arrows 274a, b, the mobile device 102 registers to the HLR node 264 of the another core network of the another IMS based communication system using the accessed unique subscriber data of the remote USIM application 118. The arrow 274a indicates the mobile device 102 using the unique subscriber data of the remote USIM application 128, while the arrow 274b indicates communication between the mobile device 102 and the HLR 262 during the registration procedure.
After having registered to the HLR node 264, the mobile device 102 interrupts the established connection to the application server 104 in a step 276. Alternatively, the application server 104 requests to interrupt the connection. During this interrupted state, the established connec- tion is active but not ready for being used for transmitting data.
In the following, communicating with the remote USIM application 118 by the mobile device 102 for communicating with the mobile device 260 using the remote USIM application 1 18 will be explained. It is noted that the communicating will take place at a later time compared to the communicating for registering to the HLR node 264 described above. Alternatively, the described communicating will take place immediately subsequent to the communicating for registering to the HLR node 262 described above. In this case, the interruption of the established connection (step 276) and the re-establishment of the connection to be described in the following may not take place, and the method may proceed with a connection establishment to the another mobile device 260.
In a step 277, the mobile device 102 accesses the USIM application 130 stored on the UICC 128. In a step 278, the mobile device 102 sends to the USIM application server 104 a request requesting to re-establish the connection with the remote USIM application 1 18 of the application server 104 using the unique subscriber data associated with the USIM application 130 of the UICC 128 for connection re-establishment. Upon receipt of the request, the application server 104 re-establishes in a step 280 the connection to the mobile device 102. In a subsequent step 282, the mobile device 102 accesses the unique subscriber data associated with the remote USIM application 118 of the application server 104 which, in turn, provides the access to the unique subscriber data associated with the remote USIM application 1 18. Next, in a step 284, the mobile device 102 sends connection identification information indicating the identification of the established connection to the mobile device 102. This connection information is used by the mobile device 102 and the application server 104 during the established connection for identifying the established connection when transmitting data between one another. It is noted that such connection identification may be also sent subsequent to the steps 270, 271 or 272.
In a step 286, a connection between the mobile device 102 and the another mobile device 260 is established using the remote USIM application 118. To this end, the mobile device 102 sends a request requesting to establish a connection with the another mobile device 260 to a respective node of the core network 1 14 of the LTE network 108 in which the mobile device 102 resides. The request is negotiated between the core network 1 14 and the another IMS based network in which the mobile device 260 resides. The IMS based network establishes then the connection between the mobile devices 102 and 260.
During the established connection between the mobile device 102 and the another mobile device 260, the mobile device 102 may receive a call from a yet another mobile device, may accept the call, and may communicate with the yet another mobile device using the first USIM application 130 of the UICC 128. Alternatively, the mobile device 102 may download media data from an internet server located in the IP network 106 using the USIM application 130 of the UICC 128 during the established connection in the step 286.
After some time, the mobile device 102 sends a request requesting to terminate the established connection with the another mobile device 260 to the core network 114. The request is negotiated between the core network 114 and the another IMS based network, and the another IMS based network terminates the connection between the mobile devices 102, 260.
In a step 288, the mobile device 102 sends to the USIM application server 104 a request requesting to interrupt the established connection to the application server 104. The application server 104 then interrupts the established connection in a step 290 by sending respective information to the mobile device 102. Hence, the established connection to the application server 103 is still active but may have to be re-established for being used for transmitting data.
Next, in a step 292, the mobile device 102 detects an elapse of the assigned lease time period. However, the mobile device 102 does not request from the application server 104 a prolongation of the lease time period. Next, in a step 294, the mobile device 102 executes a resetting of the NS stack unit 144, in order to implicitly terminate all connections to the another IMS based network. Hence, the mobile device 102 comprises a limited service mode regarding the remote USIM application 1 18, which mode is similar as compared to the UICC 128 being removed from the mobile device 102. Further, the user of the mobile device 102 may detach the UICC 128 from the mobile device 102, whereby the mobile device 102 may have limited access to the communication system 100 and may be in a limited service mode regarding the USIM application 128. Here, the NS stack unit 234 is also reset. In this state, the mobile device 102 may merely be configured for issuing emergency calls to the communication system 100 for assistance and for communicating with the application server 104. Thus, instead of the method described with reference to Fig. 2, the mobile device 102 may establish a connection to the application server 102, as is described with reference to the steps 270, 278, 280, however, without using the USIM application 130 and registering to the HLR 262. Afterwards, the mobile device 102 may access the remote USIM application 118 located on the application server 104, may register to the HLR 262 or 264, and may attach to the communication system 100 in a full service mode. The above described embodiments, measures, technical effects, and advantages regarding the second unique subscriber data associated with the remote USIM application 118 may also apply to this embodiment.
Referring to Fig. 3, a mobile device 302 according to another exemplary embodiment of the invention will be explained. The mobile device 302 is communicatively coupled to a subscriber identity module application comprising first unique subscriber data associated with a subscriber on the mobile device and to be used for a first registration to a registration server of a communication network. The mobile device 302 comprises an accessing unit configured for accessing the first unique subscriber data of the subscriber identity module application, a registration unit configured for registering to the registration server using the first unique subscriber data, and an establishing unit configured for establishing a connection to an application server comprising second unique subscriber data via the communication network. The accessing unit is configured for accessing the second unique subscriber data of the application server to be used for a second registration. Alternatively, the mobile device 302 may comprise another accessing unit.
The accessing unit, the establishing unit, and the registration unit are integrally formed, and form part of or collaborate with a sending unit TU1 configured for sending information related to a method of operating the mobile device 302 as described above, a receiving unit RU1 configured for receiving information related to the method of operating the mobile device 302 as described above, and a processing unit PUl configured for processing information related to the method of operating the mobile device 302 as described above. Alternatively, at least two of the accessing unit, the establishing unit, and the registration unit may be embodied as separate units and/or form part or collaborate with the sending unit TUl, the receiving unit TUl and/or the processing unit PUl .
Further, the mobile device 302 comprises a storage unit SUl configured for storing informa- tion related to the method operating the mobile device 302 as described above. At least two of the sending unit TUl, the receiving unit RUl , the processing unit PUl, and the storage unit SUl may be comprised in one unit.
The mobile device 302 is configured for executing the method of operating the mobile device 302 as described above, and may comprise respective functionalities executed by respective units which may form part of or may collaborate with at least one of the sending unit TUl, the receiving unit RUl , the processing unit PUl, and the storage unit SUl . In particular, the mobile device 302 may further comprise another establishing unit configured for establishing another connection to the application server comprising the second unique subscriber data for communicating with a peer end. The another establishing unit may also form part of the send- ing unit TUl , the receiving unit RUl , and the processing unit PUl .
The receiving unit RUl and the sending unit TUl may be comprised in a radio subsystem. The processing unit PUl may comprise a digital baseband subsystem.
It is noted that the association between the functionally based units, namely the accessing, establishing and registration units, and the logically physical units TUl , RUl, PUl, SUl of the mobile device 302 may be suitably defined by, for example, a message exchange direction between the respective functionally based unit and a communication partner of the unit. Further, the association between the logically physical units TUl, RUl, PUl, SUl of the mobile device 302 and the actually physical units of the mobile device 302 which are described in association with Fig. 1 may be suitably defined according to the functionalities provided by the actually physical units of the mobile device 302.
Referring to Fig. 4, an application server 404 according to another exemplary embodiment of the invention will be explained. The application server 404 comprises an establishing unit configured for establishing a connection to a mobile device via a communication network. The mobile device is communicatively coupled to a subscriber identity module application comprising first unique subscriber data associated with a subscriber on the mobile device and to be used for a first registration to a registration server of the communication network. The application server 404 also comprises a providing unit configured for providing access to sec- ond unique subscriber data of the application server 404. The second unique subscriber data are to be used for a second registration on the mobile device.
The establishing unit and the providing unit form part of or collaborate with a sending unit TU2 configured for sending information related to a method of operating the application server 404 as described above, a receiving unit RU2 configured for receiving information related to the method of operating the application server 404 as described above, and a processing unit PU2 configured for processing information related to the method of operating the application server 404 as described above. Alternatively, the establishing unit and the providing unit may be embodied as separate units and/or form part of or collaborate with the sending unit TUl, the receiving unit TU2 and/or the processing unit PUl . Further, the application server 404 comprises a storage unit SU2 configured for storing information related to the method of operating the application server 404 as described above. The subscriber identity module application may be stored in the storage unit SU2.
The providing unit may comprise a subscriber identity module access protocol unit.
The receiving unit RU2, the sending unit TU2, the processing unit PU2, and the storage unit SU2 may be embodied in respective actually physical units, for example, the protocol unit 116 described in Fig. 1.
It is noted that the association between the functionally based units, the logically physical units TU2, RU2, PU2, SU2 of the application server 404, and the actually physical units of the application server 102, 302 may be similarly defined as described above in association with the mobile devices 102, 302.

Claims

1. A method of operating a mobile device (102, 302), wherein the mobile device (102, 302) is communicatively coupled to a subscriber identity module application (130) comprising first unique subscriber data associated with a subscriber on the mobile device (102, 302) and to be used for a first registration to a registration server (262) of a communication network (108), the method being executed by the mobile device (102, 302), the method comprising:
accessing (265) from the subscriber identity module application (130) first registration data derived from the first unique subscriber data,
registering (266) to the registration server (262) using the first registration data, establishing (270, 278, 280) a connection to an application server (104, 404) comprising second unique subscriber data via the communication network (108), and
accessing (272, 282) from the application server (104, 404) second registration data derived from the second unique subscriber data to be used for a second registration.
2. The method according to claim 1, the method further comprising registering (274) to the same registration server (262) or to another registration server (264) associated to another communication network using the second registration data.
3. The method according to anyone of the preceding claims, wherein the application server (104, 404) is an internet protocol network server (106) or a core communication network server (108).
4. The method according to anyone of the preceding claims, further comprising:
subscribing (268) to a second subscriber identity module application associated with the second unique subscriber data prior to the establishing (270) the connection, wherein received subscription information comprises an identification, e.g. an address, associated to the second unique subscriber data, and optionally at least one of identification information of the second subscriber identity module application, security information for communicating with the application server (104, 404), and security information for accessing the second registration data.
5. The method according to anyone of the preceding claims, wherein the connection to the registration server is secured in order to prevent from a fraudulent use of the registration data.
6. The method according the preceding claim, wherein the connection is secured by at least one of security procedures provided in the communication network (108), coding or encryption based on security information for communicating with the application server (104, 404) received prior to the communication, and security information exchanged between the mobile device (102, 302) and the application server (104, 404) in a context of accessing (282) the second registration data.
7. The method according to claim 5 or 6, the method further comprising receiving (280) connection identification information indicating an identification of the connection to be established in response to the accessing (282) of the second registration data.
8. The method according to anyone of the preceding claims, further comprising detecting a state of the established connection to the application server (104).
9. The method according to anyone of the preceding claims, wherein the second registra- tion data is associated with a second subscriber identity module application, wherein the subscriber identity module application (130) and/or the second subscriber identity module application (118) are configured as a Subscriber Identity Module application, a Universal Subscriber Identity Module application or a Code Division Multiple Access Subscriber Identity Module application.
10. A method of operating an application server (104, 404), the method being executed by the application server (104, 404), the method comprising:
establishing (270, 280) a connection to a mobile device (102, 302) via a communication network (108), wherein the mobile device (102, 302) is communicatively cou- pled to a subscriber identity module application (130) comprising first unique subscriber data associated with a subscriber of the mobile device (102, 302) and to be used for a first registration to a registration server (262) of the communication network (108), and providing (272, 282) access to second registration data derived from the second unique subscriber data, to be used for a second registration on the mobile device (102, 302).
11. A mobile device (102, 302), wherein the mobile device (102, 302) is communicatively coupled to a subscriber identity module application (130) comprising first unique subscriber data associated with a subscriber on the mobile device (102, 302) and to be used for a first registration to a registration server (262) of a communication network (108), the mobile device (302) comprising:
an accessing function configured for accessing from the subscriber identity module application (130) first registration data,
a registration function configured for registering to the registration server (262) using the first registration data,
an establishing function configured for establishing a connection to an application server (104, 404) comprising second unique subscriber data via the communication network (108),
wherein the accessing function is configured for accessing from the application server (104, 404) second registration data derived from the second unique subscriber data to be used for a second registration.
12. The mobile device (302) according to claim 11, further comprising another establishing function configured for establishing another connection to the application server (104, 404) comprising the second unique subscriber data.
13. An application server (104, 404), the application server (404) comprising:
an establishing function configured for establishing a connection to a mobile device (102, 302) via a communication network (108), wherein the mobile device (102, 302) is communicatively coupled to a subscriber identity module application (130) comprising first unique subscriber data associated with a subscriber on the mobile device (102, 302) and a generation function to generate fist registration data from the first unique subscriber data to be used for a first registration to a registration server (262) of the communication network (108), and a provision function configured for providing the second registration data generated from the second unique subscriber data, to be used for a second registration on the mobile device (102, 302).
14. A program element, which program element, when being executed by a processor, is configured to carry out or control a method of operating a mobile device (102, 302) and/or a method of operating an application server (104, 404) according to anyone of claims 1 to 10.
15. A computer-readable medium, in which a computer program for operating a mobile device (102, 302) and/or for operating an application server (104, 404) is stored, which computer program, when being executed by a processor, is configured to carry out or control a method of operating a mobile device (102, 302) and/or a method of operating an application server (104, 404) according to anyone of claims 1 to 10.
PCT/EP2011/055584 2011-04-11 2011-04-11 Mobile terminal multiple network registration WO2012139623A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2011/055584 WO2012139623A1 (en) 2011-04-11 2011-04-11 Mobile terminal multiple network registration

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2011/055584 WO2012139623A1 (en) 2011-04-11 2011-04-11 Mobile terminal multiple network registration

Publications (1)

Publication Number Publication Date
WO2012139623A1 true WO2012139623A1 (en) 2012-10-18

Family

ID=44625747

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2011/055584 WO2012139623A1 (en) 2011-04-11 2011-04-11 Mobile terminal multiple network registration

Country Status (1)

Country Link
WO (1) WO2012139623A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2773140A1 (en) * 2013-02-27 2014-09-03 Nomad Spectrum Limited Authentication of a device on a vehicle using virtual SIM
WO2015054206A1 (en) 2013-10-10 2015-04-16 Jvl Ventures, Llc Systems, methods, and computer program products for managing communications
CN106413036A (en) * 2016-10-31 2017-02-15 华为技术有限公司 Network access processing method and terminal device
EP3328135A1 (en) * 2016-11-29 2018-05-30 Swisscom AG Simultaneous operator domain attachment of a communication terminal

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1337119A1 (en) * 2002-02-19 2003-08-20 Alcatel Network server for storage of SIM data
WO2004082314A2 (en) * 2003-03-12 2004-09-23 Teles Ag Informationstechnologien Method for making available a plug-in card equipped with an identification to a mobile radio terminal
EP2076071A1 (en) * 2007-12-24 2009-07-01 Qualcomm Incorporated Virtual SIM card for mobile handsets

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1337119A1 (en) * 2002-02-19 2003-08-20 Alcatel Network server for storage of SIM data
WO2004082314A2 (en) * 2003-03-12 2004-09-23 Teles Ag Informationstechnologien Method for making available a plug-in card equipped with an identification to a mobile radio terminal
EP2076071A1 (en) * 2007-12-24 2009-07-01 Qualcomm Incorporated Virtual SIM card for mobile handsets

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2773140A1 (en) * 2013-02-27 2014-09-03 Nomad Spectrum Limited Authentication of a device on a vehicle using virtual SIM
US9578501B2 (en) 2013-02-27 2017-02-21 Nomad Spectrum Limited Communications method
GB2511301B (en) * 2013-02-27 2019-11-20 Nomad Spectrum Ltd Providing wireless connectivity to a vehicle
WO2015054206A1 (en) 2013-10-10 2015-04-16 Jvl Ventures, Llc Systems, methods, and computer program products for managing communications
EP3055978A4 (en) * 2013-10-10 2017-06-28 Google, Inc. Systems, methods, and computer program products for managing communications
CN106413036A (en) * 2016-10-31 2017-02-15 华为技术有限公司 Network access processing method and terminal device
CN106413036B (en) * 2016-10-31 2020-03-20 华为技术有限公司 Network access processing method and terminal equipment
EP3328135A1 (en) * 2016-11-29 2018-05-30 Swisscom AG Simultaneous operator domain attachment of a communication terminal

Similar Documents

Publication Publication Date Title
US11974358B2 (en) Method for transmitting an existing subscription profile from a MNO to a secure element, corresponding servers and secure element
KR102406757B1 (en) A method of provisioning a subscriber profile for a secure module
EP2448298B1 (en) Method and system for changing selected home operator of machine to machine equipment
KR101167781B1 (en) System and method for authenticating a context transfer
US10721616B2 (en) Subscription information download method, related device, and system
EP3041164A1 (en) Member profile transfer method, member profile transfer system, and user device
CN100459799C (en) Control system and control method for terminal to use network
AU2018265334B2 (en) Selection of IP version
US10826945B1 (en) Apparatuses, methods and systems of network connectivity management for secure access
CN103354640A (en) Authenticating a wireless device in a visited network
EP2466759B1 (en) Method and system for changing a selected home operator of a machine to machine equipment
CN106465461B (en) Method and apparatus for selective communication service in a communication system
EP2824945A1 (en) Sim proxy module for roaming in a mobile network
EP1208714B1 (en) Utilization of subscriber data in a telecommunication system
WO2012139623A1 (en) Mobile terminal multiple network registration
EP2865210A1 (en) Device to machine communications
WO2011029296A1 (en) System and method for providing machine-to-machine equipment with machine communication identity module
JP6445185B2 (en) Method and chip for detecting damage of at least one setting parameter
KR102330748B1 (en) Hosting Device for Treating Overseas Message Receiving like Domestic Messaging
WO2013109619A1 (en) System and method for disabling cdma network services for unauthorized mobile devices
WO2019042542A1 (en) Handling of shared device registration
CN117768871A (en) Communication method and device
EP4013093A1 (en) Communication method and related devices
CN102780996B (en) Data unloading method, user equipment, peer node and data unloading system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11713287

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11713287

Country of ref document: EP

Kind code of ref document: A1