DE10319317A1 - Method for installing or uninstalling a program code in a subscriber station of a radio communication system and subscriber station - Google Patents

Abstract

In a method for installing or uninstalling a program code (PR) in a subscriber station (UE) of a radio communication system, the subscriber station (UE) receives a request (AUF1, AUF2) to install or uninstall the program code (PR) from a request unit (AF1, AF2) , an authorization of the request unit (AF1, AF2) for the request (AUF1, AUF2) for installation or deinstallation of the program code (PR) is checked in the subscriber station (UE) and the installation or deinstallation takes place only if the check reveals that the The requesting unit (AF1, AF2) is authorized to request (AUF1, AUF2) to install or uninstall the program code (PR).

Description

The The invention relates to a method for installation or deinstallation a program code in a subscriber station of a radio communication system as well as a corresponding subscriber station.

A common cell phone station is performed using software, generally program codes, controlled. The software is usually through the mobile station is loaded, installed and executed there different functionalities in to ensure the mobile station.

So the mobile station is, for example, software in their Radio properties (for example the frequency bands to be used, the transmission power to be used or modulation methods to be used) or other properties controlled. These include the Example of the type of signaling, different strategies for frequency selection or different offered, that is provided Services.

Around to update the software or to get software up for the first time to charge, install and run the mobile station it requires the software, for example, from a server computer to transmit to the mobile station.

Consequently can by loading and then installing of appropriate software, the functionality of a mobile radio station, in general a communication terminal, deliberately changed or be expanded.

Around manipulation of the mobile station by unauthorized third parties to prevent is to ensure that the mobile station only accepts software installed and execute, that of a reliable Provider comes and for which ensures is that the software has not been modified.

In In this context it must be taken into account that software about any unsecured channels, especially about a radio channel to which the mobile station can be transmitted. So can for example software from a personal computer, general accessible Computer installed at an airport or a train station, for example is, or another mobile station, for example via a Air interface, that is, via a Radio connection, or wired via a connection cable become.

On Process for reliable Deploying software should advantageously not be special Assumptions about the type of distribution may depend on software.

To the Guarantee of integrity and reliable proof of the origin of software, it is known Software using the principle of asymmetric encryption digitally with the secret key signed by the software provider.

In In this context it is known to have digitally signed JAR files at JAVA to be used which are also part of MExE (Mobile Station Application Execution Environment), an execution environment for applications on a mobile station, or used on the Internet used techniques such as the so-called Microsoft Authenticode and use Netscape Object Signing.

at These known methods give the software a digital signature and possibly other data used to verify the digital signature are added. A digital signature uses the principle of asymmetrical Cryptography, where a private key and a corresponding public one Key, which together form an asymmetric key pair become.

Just The holder of a private cryptographic key can also have a valid digital one Generate signature, however anyone who belongs to that particular private cryptographic key matching public cryptographic key knows, check the signature.

On Certificate of the respective public cryptographic key is used to create a link between the public cryptographic key and the name of the person or organization to whom the public key heard, sure to certify. This ensures that the used one key pair from the respective private cryptographic key and public cryptographic key key reliable is.

The Use of signed software ensures that the software unchanged was received and that only software from appropriately authorized Manufacturers is used. However, it is not guaranteed that only that software is installed within a cellular network or is changed, the requirements set by the operator of the mobile network, is particularly compatible with the radio conditions.

The The invention is therefore based on the object of an improved method for installing or uninstalling software in a mobile radio station specify to ensure that the mobile station is compatible with the requirements of the current mobile network.

This The problem is solved with the method and the subscriber station according to the independent claims.

advantageous Training and further developments of the invention are the subject of the dependent claims.

According to the inventive method for Installation or deinstallation of a program code in a subscriber station a radio communication system, the subscriber station receives a request to install or uninstall the program code from a Request unit, an authorization in the subscriber station the prompt unit to prompt for installation or Uninstalling the program code checks and the installation takes place or uninstallation only if the verification reveals that the authorization the prompt unit to prompt for installation or There is uninstallation of the program code. The invention enables that for each subscriber station and each radio communication system individually It can be determined which call units are authorized to install or uninstall a program code prompt, d. H. the installation or deinstallation of the program code initiate. This way ensure that not unauthorized, d. H. for example by the operator of a radio communication system unwanted, program codes in subscriber stations installed or uninstalled. Also program codes, for example were authenticated by a digital signature and their installation is possible in principle on the subscriber station, the functionality change the subscriber station so that the subscriber station in the current radio communication system no longer works and / or proper operation others Subscriber stations are interfering. The invention makes it possible also control the installation of authenticated program codes, d. H. in particular, the installation of in the current radio communication system undesirable Program codes are prevented.

Is expedient it therefore that the review of the Authorization through authentication and / or authorization of the Request unit is carried out. It is determined whether it is in the requesting unit by one known to the subscriber station Request unit acts and / or whether this request unit via the has appropriate access rights to an installation or request uninstallation of the program code.

meaningful Hanging way the access rights of a request unit depend on the functionality of the subscriber station influenced during installation or deinstallation, d. H. to be changed. Access to a functionality that is the radio transmission method the subscriber station changed, for example, if only prompt units are granted, that can be assigned to the current radio communication system or one appropriate authorization for own this radio communication system. It is therefore an advantage when reviewing the Authorization taken into account what functionality installation or deinstallation of the program code would affect.

In A preferred embodiment of the invention is installed advantageously only if an additional check of the program code thereof authenticity and integrity approved. An installation of program codes that are not from the manufacturer of the Subscriber station or another authorized manufacturer and / or by a state communications authority for the subscriber station and / or the country in question must not have been approved because otherwise the subscriber station will not function properly can be ensured. For this purpose the program code from the manufacturer and / or from a government agency, for example digitally signed. Using the digital signature, the program code authenticated and its integrity checked. Furthermore, through an encrypted transmission of the program code also its confidentiality, d. H. protection against eavesdropping is guaranteed become.

A Another embodiment of the invention has the advantage that during the Installation of the program code Permissions for a later change or deinstallation the program code. For example, through the transmission a corresponding parameter together with the program code can thus already during the access rights to the program code during installation become.

One embodiment provides that the program code is stored in the subscriber station before the authorization is checked. This has the advantage that the program code is also stored in the subscriber station if the authorization check is negative. The program code must then, for example, when the installation prompts again another request unit cannot be transferred, but can be installed immediately after a positive check of the request. Of course, only program codes that can be authenticated and whose integrity has been checked are saved.

A alternative embodiment provides that the program code only after reviewing the Authorization is loaded into the subscriber station. A connection resource between the subscriber station and one that provides the program code Unit, for example a corresponding server computer or the requesting unit, is only with data bits of the program code if this is actually the case to be installed.

Which of the latter two configurations can be used, for example, by the user of the subscriber station set or from the radio communication system be specified.

advantageously, the request unit is arranged in the subscriber station and is by a user or on the subscriber station running program controlled. The user of the subscriber station can do so by pressing corresponding buttons on his control panel or by voice control generate corresponding control signals that the request unit prompt for installation or deinstallation. One that operates on the subscriber station acts in the same way Program that wants to install updates, for example.

In an alternative embodiment, the request unit is outside the subscriber station and is arranged by an administrator or controlled a program running in the radio communication system. In this way, on the initiative of the current radio communication system Installation or deinstallation of program codes requested be used to operate the subscriber station in this radio communication system needed become.

The Subscriber station has all the means necessary to carry out the inventive method needed become.

The The invention is explained in more detail below with reference to the figure; which is an embodiment of a radio communication system according to the invention with a subscriber station and a base station.

A Subscriber station is any station that can receive signals. A mobile subscriber station is considered below. A mobile subscriber station is, for example, a cell phone or a portable device for the transmission of image and / or Sound data, for fax, short message service SMS and email sending and for internet access. It is therefore a general transmitter and / or receiver unit of a radio communication system.

The The invention can be advantageous in any radio communication system be used. Arbitrary systems are among radio communication systems to understand in which a data transmission between stations over a Radio interface takes place. Data transmission can be both bidirectional as well as unidirectional. Radio communication systems are in particular any mobile radio systems, for example according to GSM (Global System for Mobile Communication), UMTS (Universal Mobile Telecommunication system) standard or also ad hoc networks. Also future Fourth generation mobile radio systems, for example, are said to be among Radio communication systems can be understood.

in the The following is the invention using the example of a mobile radio system described according to the UMTS standard, but without being limited to it.

In 1 a subscriber station UE and a base station NodeB of a mobile radio network are shown schematically. The subscriber station UE has a transmitting and receiving unit SE with which it can receive and send user data and control data via an air interface. The subscriber station UE receives a program code PR from the base station NodeB which is to be installed in the subscriber station UE and stores the program code PR in a memory SP. The transmission of the program code PR is requested, for example, by a request unit AF1 of the subscriber station UE or takes place on request by a request unit AF2 of the base station NodeB. Such a request for the reception and subsequent installation of the program code PR can of course also be made by a request unit (not shown) of a radio access controller (RNC) or a core network. A request unit can generally be located in any device and can also be connected to the subscriber station UE via a cable connection or an infrared interface.

The program code PR is a software that the functionality of the subscriber station UE to the requirements of Funkkom communication system. The program code PR specifies, for example, the radio transmission method to be used (e.g. GSM, HSCSD [High Speed Cicuit Switched Data], GPRS [General Packet Radio Service], UMTS-TDD [UMTS-Time Division Duplex], UMTS-FDD [UMTS- Frequency Division Duplex], D-AMPS [Digital-Advanced Mobile Phone Service], PDC [Personal Digital Cellular], TD-SCDMA [Time Division-Synchronous Code Division Multiple Access], WLAN [Wireless Local Area Network, 802.11ah], DECT [Digital Enhanced Cordless Telecommunications], Hiperlan, Hiperlan / 2, Bluetooth), communication protocols (e.g. IP [Internet Protocol], TCP [Transmission Control Protocol], UDP [User Datagram protocol], SCTP [Stream Control Transmission protocol], SIP [Session Initiation Protocol], SMTP [Simple Mail Transfer Protocol]) or voice, audio, image and video coding methods.

Of course you can the program code PR is also an application program or to act a game.

The Subscriber station UE receives with the program code PR a request AUF2, the program code Install PR in the subscriber station UE. This request AUF2 is received by the transmitting and receiving unit SE and sent to a Installation and deinstallation unit I / D forwarded. In The installation and deinstallation unit I / D is authenticated the request unit AF2 of the base station NodeB. To this end has the subscriber station UE, for example, via a table from which you can see can know which call units it knows. Is a request unit unknown, the installation of the program code PR is refused. The request unit is preferably authenticated AF2 of the base station NodeB, however, before the transmission of the program code PR. The program code PR is only transmitted in this case if the authentication was successful. Of course you can the request unit AF2 of the base station NodeB also for installation from other program codes that are already at earlier times transmitted to the subscriber station and were stored in the memory SP.

To the successful authentication of the request unit AF2 Base station NodeB is an authorization of the request unit AF2 of the base station NodeB. For example, using a table it is checked whether the Prompt unit AF2 is authorized to install the Request program codes PR. This can also be taken into account by whom the prompting unit is controlled at this time becomes. A distinction is made, for example, between an administrator of the radio communication system and a program in the radio communication system expires. If there is an authorization, the program code PR, if it does not yet exist in the memory SP, in the subscriber station UE loaded and installed.

at the authorization of the request unit AF2 of the base station NodeB is also checking which ones functionality would be influenced by the program code PR during an installation. These it is, for example, a radio transmission method an installation is only authorized if the prompting unit AF2 by an administrator of the radio communication system or one with the appropriate authorization, in the radio communication system running program is controlled. This ensures that only radio transmission procedures be installed in the subscriber station UE that are compatible with the radio communication system. It is therefore particularly advantageous if a parameter is already specified or coded in the program code PR which can be seen which prompt units for installation may request or by whom the corresponding request unit during the Prompt can be controlled.

Becomes the request unit AF2 is controlled, for example, by a program, that is not assigned to the operator of the radio communication system the requesting unit AF2 is not authorized, if this program wants to install a program code that the radio transmission method concerns. The installation of application software or a game on the other hand, authorization is granted, provided that this does not affect the radio communication system can be taken.

at a parameter is set for the installation of the program code PR, which specifies which request units modify the program code PR and / or uninstall. The program code can therefore not be from an unauthorized entity modified or uninstalled.

Lies a prompt on the installation and deinstallation unit I / D to uninstall the program code PR, as described above Authentication and authorization of the corresponding request unit carried out. Uninstalling is only possible if this process is successful.

For an installation of program codes, it is also necessary that only program codes that are compatible with the subscriber station are installed. Therefore, only program codes PR that have been authenticated and whose integrity has been checked are loaded into the memory SP. For authentication and to ensure the integrity, for example, program codes can be digitally signed by the manufacturer of the subscriber station UE or other authorized manufacturers and / or a corresponding state communications authority. In order to additionally protect the confidentiality of stored or to be installed program codes, ie to ensure protection against eavesdropping by unauthorized third parties, program codes can be received in encrypted form. For example, one of the following methods can be used: SSL (Secure Socket Layer), TLS (Transport Layer Security), IPsec (IP security protocol), WEP (Wired Equivalent Privacy), WPA (Wi-Fi [Wireless Fidelity] Protected Access) , TKIP (Temporal Key Integrity Protocol), CCMP (Counter-Mode / CBC-MAC [Cipher Block Chaining - Message Authentication Code] Protocol), or PKCS # 7 (Public-Key Cryptography Standards # 7) Cryptographic Message Syntax, digital envelope.

Just appropriately authenticated and checked for integrity program codes are installed in the subscriber station UE, provided that the Request unit AF2 of the base station NodeB is authenticated accordingly and / or has been authorized. Both the network operator and the Users of the subscriber station UE thus have the certainty that no manipulations at the subscriber station UE and therefore also on functionality of the radio communication system can be made.

In a second embodiment there is a request AUF1 to install the program code PR by the request unit AF1 of the subscriber station UE. This request unit AF1 is used by a user of the subscriber station UE or a program that runs on the subscriber station UE controlled. The user of the subscriber station can, for example, by pressing the appropriate button Buttons on its control panel or by voice control corresponding control signals generate the request unit AF1 to request Have the PR program code installed or uninstalled. The process that takes place at the subscriber station acts in the same way Program. Authentication and authorization of the request unit AF1 of the subscriber station UE and the program code PR is carried out as already described above.

In this embodiment the requesting unit AF1 of the subscriber station is not authorized UE if the program code PR would change the radio transmission method. Thereby it is ensured that no such program code PR is loaded or installed without the operator of the radio communication system prompts. Is the program code PR, for example by a earlier Loading, already in the SP memory, becomes an installation in this way of the program code PR prevented, since this may not be compatible with the radio transmission method actually required would. This is makes sense since it is a program code that has already been saved PR can also be a program code that the subscriber station UE during operating in another radio communication system, that on a different transmission technique based. If the program code PR is to be installed anyway, for example, because the user of the subscriber station is safe too believes that this installation is necessary, this must be the first Network operators for example a corresponding radio message can be reported. The network operator or a corresponding program then checks the installation request and may request installation yourself via the Request unit AF2 of the base station NodeB.

Information, those for authentication and / or authorization of a request unit AF1, AF2 or to check one Program codes PR, for example a digital signature, are required, are preferably stored on a security module. The security module is for example a SIM (Subscriber Identity Module) or a USIM (Universal Subscriber Identity Module). Of course they can Information also in any memory of the subscriber station UE can be saved. Another advantage is the information those for authentication and / or authorization of a request unit AF1, AF2 needed will be saved on the security module while the information for checking a digital signature in one from the manufacturer of the subscriber station UE built-in and controlled memory are stored. information For authentication and / or authorization, network operators can easily can be determined and controlled and can be transferred accordingly Control signals from the network operator to the subscriber station UE too after inserting the security module in the user station UE changed become. Information on the digital signature of the program code will be provided advantageously only from the manufacturer of the subscriber station in the stored or changed the corresponding memory. The manufacturer of the subscriber station UE thus checks which program codes are used for installation may be used in the subscriber station UE.

The invention makes it possible to install only those program codes PR in the subscriber station UE that work in the radio communication system currently used or are provided for installation by the network operator. On this can in particular prevent program codes PR already stored in the subscriber station UE from being installed, although they are not intended for the radio communication system currently in use.

Claims (10)

Procedure to install or uninstall a Program codes (PR) in a subscriber station (UE) of a radio communication system, in which - the Subscriber station (UE) a request (AUF1, AUF2) for installation or deinstallation of the program code (PR) from a request unit (AF1, AF2) receives - in the Subscriber station (UE) an authorization of the request unit (AF1, AF2) to prompt (AUF1, AUF2) for installation or deinstallation the program code (PR) is checked - and the Installation or deinstallation only takes place if the check shows that the authorization of the request unit (AF1, AF2) for the request (AUF1, AUF2) to install or uninstall the program code (PR) is present. The method of claim 1, wherein the review of the Authorization through authentication and / or authorization of the Request unit (AF1, AF2) takes place. Method according to one of the preceding claims, which the review of the Authorization taken into account what functionality installation or deinstallation of the subscriber station (UE) of the program code (PR). Method according to one of the preceding claims, which is only installed if an additional check of the Program codes (PR) whose authenticity and integrity are confirmed. Method according to one of the preceding claims, the while the installation of the program code (PR) permissions for a later change or uninstall the program code (PR). Method according to one of the preceding claims, which the program code (PR) before checking the authorization in the Subscriber station (UE) is stored. Method according to one of claims 1 to 5, wherein the program code (PR) after reviewing the Authorization is loaded into the subscriber station (UE). Method according to one of the preceding claims, the request unit (AF1) in the subscriber station (UE) is arranged and by a user or on the subscriber station (PR) running program is controlled. Method according to one of claims 1 to 7, wherein the request unit (AF2) outside the Subscriber station (UE) is arranged and by an administrator or controlled a program running in the radio communication system becomes. Subscriber station (UE) for a radio communication system - by means (I / D) to receive a request (AUF1, AUF2) for installation or uninstalling a program code (PR) from a request unit (AF1, AF2), - With Means (I / D) for checking a Authorization of the request unit (AF1, AF2) for installation or Uninstalling the program code (PR) - And with means (I / D) for execution installation or deinstallation only if the check shows that the authorization of the request unit (AF1, AF2) for the request (AUF1, AUF2) to install or uninstall the program code (PR) is present.